AI in RegTech: Transforming Banking Compliance
AI holds immense promise for revolutionizing banking by addressing compliance challenges. Large Natural Language Processing (NLP) models could streamline tasks for compliance officers, engineers, and board members, automating regulatory reporting and enhancing scalability in monitoring systems.
2024-04-25
Alexander Makarov, Technical Product Owner
Cosmo Kramer famously stated, "Without rules, there’s chaos." However, it is precisely these rules—or regulations—that often hinder rapid innovation. Every banking institution experiences the burden imposed by regulatory compliance and audits. As is widely acknowledged, regulatory compliance represents a significant, intricate, and costly challenge, amounting to billions of dollars.
To mitigate the effects of regulations, the banking sector and the broader financial services industry (FSI) are increasingly embracing regulatory technology (RegTech), especially wide scale implementation of artificial intelligence (AI). They are exploring how these technologies can enhance efficiency and streamline compliance processes, adopting the mindset of nimble FinTech competitors.
Exploring the known
Every year at a frequent cadence, banks must respond to an external regulatory body's request for information (RFI). Once the request is received, a project manager or a banking compliance officer who is in charge of responding to RFI reaches out to engineering teams to provide evidence that the regulatory framework followed. The engineers usually have difficulties answering the questions and, quite possibly, do not prioritize this work as it’s not their core responsibility. Closer to the deadline, panic sets in and there is a mad dash to respond to the RFI. Sound familiar?
Entering a new country for a financial institution is even more troublesome in terms of financial regulations. The process for financial institutions in a new region is a frustrating stop-and-wait cycle. You've seen this time and time again. First, the compliance team is supposed to discover a relevant regulatory document, which may be written in a different language. The compliance team reads the document, generates an opinion, and derives a set of controls from it. This process is months long, only for the controls to be restatements of obligations with no actionable path forward. The technical team responds to the controls saying they cannot interpret the goals, and then everyone ends up back at square one.
How AI simplifies regulatory compliance
In recent years, large language models (LLM) have gained significant competency in natural language processing. Consequently, LLMs are the key to simplifying compliance and eliminating the multiplicity of opinions.
The modern models will significantly simplify a banking compliance officer’s job. The comprehension level of the language models allows the compliance officer to only review the model’s output and accept or amend the model’s interpretation of the document. With the evolution of the multilingual model, the importance of compliance document language will gradually deteriorate. In turn, the engineering teams will seamlessly interact with the compliance model to understand exactly what they need to do to meet the financial regulatory obligations in the context of their system.
Elaborating more on this point, the regulatory obligations usually apply to the whole enterprise. On the other hand, it’s very difficult for an engineering team to understand what exact obligations are applicable to their IT system. The regulatory document might have statements about an ATM that aren’t applicable to a chatbot. The applicability problem can be addressed by the AI system that is aware of the application’s business context and deployment model.
Another important piece of regulatory compliance is various training: security awareness, anti-money laundering (AML), workplace harassment and discrimination, financial compliance, environmental compliance, and many more. Traditionally, these training sessions are very basic, unmemorable, and, frankly speaking, boring. With the comprehensive AI system, it will be possible to drastically increase the efficiency of the training programs. The AI advancements will allow organizations to cater training programs for an individual employee, but also customize assessments to focus on an employee's weak points.
Lastly, AI adoption should significantly simplify the regulatory reporting process. Currently, it takes days to weeks to produce the granularity needed for an effective regulatory report. Generating a response to an RFI is very manual and susceptible to human error. Once the AI system is aware of the existing processes, business context, exposed geography, and produced evidence, automation will reduce the response time to RFI from weeks to minutes.
AI adoption challenges in RegTech
AI does not come without its own challenges. There’s no easy button to press when it comes to the adoption and implementation of AI in a regulatory environment. You need to consider the following challenges:
Data residency
Your organization will need to host and train an enterprise model in-house with limited egress exposure.
Data quality
Your organization’s AI strategy should be an extension of its data strategy with a focus on data cleaning and refinement. To achieve high-quality models, your organization should focus on building a robust, fine-tuned pipeline with a continuous feedback loop.
Integration with existing systems
Most financial institutions run hundreds of legacy systems built in the early IT era. Integrating these systems may pose a serious technical challenge.
Ethical and regulatory concerns
As we recently saw with the latest scandal with Gemini, it became obvious that AI systems can inadvertently perpetuate biases present in training data or algorithms. Organizations need to address ethical considerations and implement measures to mitigate bias throughout the AI development lifecycle.
Security risks
The enterprise in heavily regulated industries often deals with sensitive user data. Governance around personal data will be crucial to ensure it isn’t used to train enterprise-wide models.
Cost and ROI
It is estimated that the cost of training a ChatGPT 3.5 is about 4.6 million per iteration and about half a billion dollars per year to run it continuously. The private instance for the enterprise will be cheaper, but it will still be a substantial cost.
Interpretability and trust
AI model training is art, and often impossible to understand why a certain result has been produced. In the long run, the lack of understanding will create a “magical” aura around the model and may cause people to question the produced results.
The lack of trained data scientists
Data scientists currently are a very scarce commodity. The majority of data engineers are employed by big tech companies and are valued the most. To address the challenge, the enterprise should either offer competitive packages or train its own pool of data engineers.
Cultural resistance and organizational alignment
Lastly, people are scared that AI (cloud, blockchain, robotics, conveyor belt) will replace them and steal their jobs. Consequently, the adoption of AI will face resistance from certain social groups in the enterprise.
Moving to AI
AI has great potential to be a game changer and will provide significant innovation potential for the banking industry. If enterprises in heavily regulated industry are able to overcome the highlighted challenges, the adoption of large natural language process (NLP) models will significantly simplify the lives of compliance officers, engineers, and the board of directors.
Compliance officers can focus on refining and reengineering organizational processes instead of chasing the engineering team to submit compliance evidence. Routine and boring regulatory reporting will be fully automated through AI awareness of the organization, regulatory exposure, knowledge of engineering best practices, and the source of evidence. The cherry on top of the pie is achieving scalability with continuous compliance when AI algorithms are integrated into the enterprise’s monitoring systems.
The engineers will no longer ask, “What does this weird guy from compliance want from us?” And the board of directors will stop worrying about being fined or stopped from business expansion. AI will offer an easy way to understand the enterprise's compliance posture, quickly identifying existing violations and even suggesting a way to address them.