In today’s rapidly evolving regulatory landscape, the integration of Artificial Intelligence (AI) into your compliance function is not just a trend—it’s a necessity. As compliance professionals, we are tasked with navigating increasingly complex regulations, managing vast amounts of data, and ensuring that our organizations adhere to stringent ethical standards. AI offers powerful tools to enhance our capabilities, from automating routine tasks to identifying potential risks before they escalate. However, with these advancements come new challenges and responsibilities. This white paper explores the pivotal role AI plays in shaping the future of compliance, offering insights into its benefits, potential pitfalls, and the ethical considerations we must address to harness its full potential responsibly.
I. Transforming Risk Management
Generative AI is being utilized to create comprehension-based testing automatically. This innovation significantly reduces the time required for compliance-focused training, transforming a process that once took hours into a task completed in minutes. This
approach resonates with the broader compliance community, where efficiency and accuracy are paramount. By automating the generation of training materials, AI can assist in ensuring that employees are adequately trained on your internal policies and procedures, thereby helping your organization to maintain compliance with regulatory standards.
For me, perhaps one of the most exciting promises of AI will be the shift from reactive to predictive and then preventative compliance. Traditionally, risk management has focused on identifying and correcting issues after they occur. However, AI offers the potential to predict and prevent problems before they arise. By analyzing vast amounts of data, AI can identify patterns and anomalies, allowing organizations to address potential issues proactively.
This predictive capability is particularly valuable in the life sciences industry, where the stakes are high. Ensuring the highest quality products can have a direct impact on patient safety and regulatory compliance. Leveraging AI to predict and prevent quality issues represents a transformative shift in how compliance is managed.
When implementing AI in compliance, you should take a risk-based approach. This involves starting with low-risk applications of AI to gain confidence in the technology before moving on to more critical areas. For instance, generating training exams is a low-risk application that can still deliver significant benefits. As organizations become more comfortable with AI, they can explore its use in more complex and higher-risk areas.
This cautious approach aligns with the principles of compliance, where assessing and managing risk is a fundamental aspect of the profession. By gradually incorporating AI, organizations can mitigate potential risks while harnessing the technology’s power to enhance compliance processes.
While AI offers tremendous potential, we both stressed the importance of the “Human in the Loop” approach. AI can provide valuable insights and automate processes, but human oversight remains crucial. This is particularly important in life sciences, where the consequences of errors can be severe. Ensuring that humans review and validate AI-generated outputs helps maintain the accuracy and reliability of compliance efforts. THis ’Human in the Loop’ reflects a balanced approach to AI integration. By combining the strengths of AI with human expertise, organizations can achieve a more robust and effective compliance framework.
Lowe shared his vision for the future of AI in compliance. He envisions a world where AI becomes an integral part of software applications, transforming how professionals interact with technology. Instead of navigating complex interfaces, users will engage with AI-driven chatbots that provide instant answers and guidance. This shift will enable compliance professionals to access the information they need more efficiently and effectively. Clearly, AI has the potential to identify gaps in compliance frameworks and suggest appropriate controls. This capability can significantly enhance the effectiveness of compliance programs by ensuring that organizations are always prepared for audits and regulatory scrutiny.
As AI continues to evolve, collaboration within the industry will be essential. Lowe mentioned initiatives like the Convention for Healthcare AI, where industry players and regulators come together to discuss the ethical implications and best practices for AI use. Such collaborations are vital to ensure that AI is leveraged responsibly and ethically, particularly in industries like life sciences where the impact on human health is significant.
#AI has transformative potential for compliance. By automating routine tasks, shifting from reactive to predictive compliance, and adopting a risk-based approach, AI can significantly enhance the efficiency and effectiveness of compliance programs. However, the human element remains crucial to ensuring accuracy and reliability. As the industry continues to explore and embrace AI, collaboration and ethical considerations will play a vital role in shaping the future of compliance. By harnessing the power of AI, organizations can stay ahead of regulatory requirements, improve product quality, and ultimately protect patient safety. The journey towards AI-driven compliance is just beginning, and the possibilities are both exciting and profound.
II. A Comprehensive Governance Approach
As AI systems become increasingly integrated into compliance, the need for comprehensive governance structures to ensure compliance, ethical alignment, and trustworthiness has become paramount. We next consider the critical areas of compliance governance and ethics governance and present a holistic approach to mitigating the risks associated these issues.
A. MIA AI Governance: The Problems
Missing compliance governance can have far-reaching consequences, undermining the integrity of an entire AI-driven initiative. Businesses must ensure alignment with enterprise-wide governance, compliance, and control (GRC) frameworks. This includes aligning with model risk management practices and embedding a robust set of compliance checks throughout the AI model lifecycle. By promoting awareness of how the AI model works at your organization, you can minimize information asymmetries between development teams, users, and target audiences, fostering a culture of transparency and accountability.
The lack of ethical governance can lead to misalignment with an organization’s values, brand identity, or social responsibility. The answer is that companies should develop comprehensive AI ethics governance methods, including defining ethical principles, establishing an AI ethics review board, and developing a compliance program that addresses ethical concerns. Adopting frameworks like Ethically Aligned AI Design (EAAID) can help integrate ethical considerations into the design process, while incorporating AI governance benchmarks that go beyond traditional measurements to encompass social and ethical accountability.
Another outcome of the lack of trustworthy or responsible AI governance can result in unintentional and significant damage. To address this, compliance professionals should help to develop responsible and trustworthy AI governance methods that augment enterprise-wide GRC structures. This can include establishing a committee, such as an AI Advancement Council or similar structure, in your company to oversee mission priorities and strategic AI advancement planning, collaborating with service line leaders and program offices to align with ethical AI guidelines and practices, and developing compliance programs to guide conformance with ethical AI principles and relevant legislation. Finally, implementing AI independent verification and validation processes can help identify and manage unintentional outcomes.
B. The Solution
By addressing the critical areas of compliance governance, ethics governance through a more holistic approach, businesses can create a comprehensive framework that mitigates the risks associated with the absence of these crucial elements. This full approach ensures that AI systems are not only compliant with relevant regulations and standards, but also aligned with your company’s values, ethical principles, and the pursuit of trustworthy and responsible AI. As the AI landscape continues to evolve, this comprehensive governance framework will be essential in navigating the complexities and safeguarding the integrity of AI-driven initiatives.
Here are some key steps compliance professionals and businesses can think through to facilitate AI governance in your company:
By doing these steps, businesses can set up a complete governance framework that covers the important areas of ethics, compliance, and reliance-related governance. This will allow them to use AI’s power while lowering the risks that come with it.
C. AI Governance Resources
There are several notable resources the compliance professional can tap into around this issue of AI governance practices. The Partnership on AI Partnership on AI is a multi-stakeholder coalition of leading technology companies, academic institutions, and nonprofit organizations. It has been at the forefront of developing best practices and guidelines for the responsible development and deployment of AI systems. It has published influential reports and frameworks, such as the Tenets of Responsible AI and the Model Cards for Model Reporting, which have been widely adopted across the industry.
The Algorithmic Justice League (ALJ) is a nonprofit organization dedicated to raising awareness about the social implications of AI and advocating for algorithmic justice. It has developed initiatives such as the Algorithmic Bias Bounty Program, which encourages researchers and developers to identify and report biases in AI systems. The AJL has been instrumental in highlighting the importance of addressing algorithmic bias and discrimination in AI.
IEEE Global Initiative on Ethics of Autonomous and Intelligent Systems is a multidisciplinary effort to develop standards, guidelines, and best practices for the ethical design, development, and deployment of autonomous and intelligent systems. It has produced key documents and reports, such as the Ethically Aligned Design framework, which provides guidance on incorporating ethical considerations into AI development.
The AI Ethics & Governance Roundtable is an initiative led by the University of Cambridge’s Leverhulme Centre for the Future of Intelligence. The roundtable brings together experts from industry, academia, and policymaking to discuss emerging issues, share best practices, and develop collaborative solutions for AI governance. The insights and recommendations from the roundtable have been influential in shaping AI governance frameworks and policies at the organizational and regulatory levels.
These examples demonstrate the power of industry collaboration in advancing AI governance practices. By pooling resources, expertise, and diverse perspectives, these initiatives have been able to develop comprehensive frameworks, guidelines, and standards that are being adopted across the AI ecosystem. The compliance professional should avail themselves of these resources to better prepare your company to take the next brave steps in the intersection of compliance, governance and AI.
III. Embracing AI-Powered Internal Controls
We will next take a deep dive into the key considerations and best practices for successfully leveraging AI to enhance an organization’s internal control framework. For this section, we are assisted by Jonathan Marks, a noted internal controls expert, to help explain how AI can supplement your internal controls and even be a part of your AI program for compliance going forward.
Let’s start with the basics, which is ‘what are internal controls?’ Jonathan Marks’ response, “Internal controls are the mechanisms, rules, and procedures implemented by an organization to ensure the integrity of financial and accounting information, promote accountability, and prevent fraud,” is still the best response I have ever heard. They encompass the entire control environment, including the attitude, awareness, and actions of management and others concerning the internal control system and its importance to the entity.”
Now consider that the foundation of any successful AI application lies in the quality and accessibility of data. Organizations must ensure that the data feeding into their AI systems is accurate, comprehensive, and serves as the definitive “single source of truth.” Failure to address data quality issues can lead to incorrect outputs that undermine the effectiveness of specific control mechanisms. Establishing robust data management practices, including data governance and integration, is crucial for unlocking the full potential of AI-powered internal controls. This is equally true for internal controls.
Effective implementation of AI-driven internal controls requires a skilled workforce. Companies must invest in developing internal capabilities to handle these advanced tools and accurately analyze the results. This may involve a combination of training existing employees, hiring specialized talent, and fostering a culture of continuous learning. Understanding the nuances of machine learning, natural language processing, and other AI techniques is essential for internal teams to leverage these technologies successfully. For the compliance professional, it may mean adding expertise or partnering with internal audit or your internal controls team to garner the talent needed to move to AI powered internal controls.
The integration of AI into internal controls raises important ethical considerations. It is imperative to acknowledge and address the inherent biases that can exist within certain AI algorithms. By creating AI systems that are open, fair, and responsible, organizations can preserve stakeholder trust and uphold the ethical norms of the organization. Incorporating ethical principles and bias mitigation strategies into the design and deployment of AI-powered internal controls is a critical step.
Successful implementation of AI-driven internal controls often requires close collaboration with technology providers. Companies and compliance professionals should seek out respected partners who can offer customized solutions that align with their specific internal requirements. These collaborations can provide continuous assistance as the intelligence and capabilities of the AI systems evolve over time. By fostering a collaborative environment, companies can ensure that the integration of AI into their internal control framework is seamless and effective.
A. Key Considerations for AI-Powered Internal Controls
There are a few key considerations for organizations to ensure the ethical deployment of AI-powered internal controls:
By addressing these key areas, organizations can work towards the ethical deployment of AI-powered internal controls and build trust with their employees. Ongoing collaboration with ethicists, legal experts, and other stakeholders can also help refine best practices in this rapidly evolving landscape. However, this remains an evolving and complex area that requires ongoing vigilance and adaptation.
B. Ethical AI Deployment
There are some examples of organizations that have successfully navigated the challenges of ethical AI deployment.
Microsoft has been faced with ensuring fairness and mitigating bias in AI systems. To meet this, the company developed a comprehensive Responsible AI Standard that outlines principles and practices for developing ethical AI.
IBM was challenged to achieve transparency and explainability in AI-powered decision-making. To meet this challenge, IBM has invested in explainable AI (XAI) technologies, such as its AI Explainability 360 toolkit. This enables developers to understand and interpret the inner workings of their AI models.
Google was confronted with privacy and security concerns in the use of employee data for AI development. Google has established a Responsible AI Principles framework that emphasizes data privacy and security, including the use of differential privacy and secure multi-party computation techniques.
Salesforce need to ensure alignment between AI-powered tools and the organization’s ethical values. It developed guidance through its AI Ethics & Humanism Council to provide guidance on the responsible development and use of AI across the company. This includes aligning AI systems with Salesforce’s core values.
Anthem need to gain employee trust and acceptance in the use of AI-powered internal controls. To do so, Anthem has implemented an “AI Ambassadors” program, where select employees are trained to help their colleagues understand and navigate the company’s AI-powered systems, fostering greater acceptance and trust.
These examples demonstrate how leading organizations have proactively addressed the ethical challenges of AI deployment through a combination of technical, policy, and organizational approaches. By prioritizing principles like fairness, transparency, privacy, and alignment with corporate values, these companies have made progress in ensuring the responsible and trustworthy use of AI within their organizations, particularly around AI-powered internal controls.
Both compliance professionals and internal audit professionals, must recognize the pivotal role that AI can play in enhancing the effectiveness of internal controls. By proactively exploring the incorporation of AI into their control mechanisms, organizations can gain a significant advantage in managing the complexities of modern enterprises and the ever-increasing data landscape. The deliberate integration of AI into internal controls will be a crucial factor in determining the success and resilience of an organization’s overall governance framework.
The integration of artificial intelligence into internal controls represents a transformative opportunity for organizations to strengthen their control environment and make more informed decisions. By addressing the key considerations of data quality, skill development, ethical considerations, and collaboration, compliance professionals can pave the way for a future where AI-powered internal controls become a cornerstone of effective corporate governance. I for one, am excited to see how this technology continues to evolve and reshape the way we approach internal control systems and your compliance program.
IV. Keeping Your AI-Powered Decisions Fair and Unbiased
As artificial intelligence (AI) becomes increasingly integrated into business operations and decision-making, ensuring the fairness and lack of bias in these AI systems is of paramount importance. This is especially critical for companies operating in highly regulated industries, where issues of bias and discrimination can lead to significant legal, financial, and reputational consequences. Implementing AI responsibly requires a multifaceted approach that goes beyond simply training the models on large datasets. Companies must proactively address the potential for bias at every stage of the AI lifecycle, from data collection and model development to deployment and ongoing monitoring.
Based upon what the Department of Justice (DOJ) said in the most recent Evaluation of Corporate Compliance Programs, a corporate compliance function is the keeper of both Institutional Justice and Institutional Fairness in every organization. I think this will require compliance to be on your organization’s forefront of making sure your AI-based decisions are fair and unbiased. What are some strategies a Chief Compliance Officer (CCO) or compliance professional employs to help make sure your AI-powered decisions remain fair and unbiased.
The old adage GIGO (garbage in, garbage out) applies equally to the data used to train AI models. If the underlying data contains inherent biases or lacks representation of certain demographic groups, the resulting models will inevitably reflect those biases. You should make a concerted effort to collect training data that is diverse, representative, and inclusive. Audit your datasets for potential skews or imbalances, and supplement them with additional data sources to address any gaps. Regularly review your data collection and curation processes to identify and mitigate biases.
The composition of your AI development teams can also have a significant impact on the fairness and inclusiveness of the resulting systems. Bring together individuals with diverse backgrounds, experiences, and perspectives to participate in every stage of the AI lifecycle. Having a multidisciplinary team that includes domain experts, data scientists, ethicists, and end-users can help surface blind spots, challenge assumptions, and introduce alternative viewpoints. This diversity helps ensure your AI systems are designed with inclusivity and fairness in mind from the outset.
You should employ comprehensive testing for bias, which is essential to identify and address issues before your AI systems are deployed. By Incorporating bias testing procedures into your model development lifecycle and then making iterative adjustments to address any issues identified. There are a variety of techniques and metrics a compliance professional can use to evaluate your models for potential biases:
As AI systems become more complex and more opaque, the need for transparency and explainability becomes increasingly important, especially in regulated industries. (Matt Kelly and I discussed this topic on Compliance into the Weeds.) You should work to implement explainable AI techniques that provide interpretable insights into how your models arrive at their decisions. By making the decision-making process more visible and understandable, explainable AI can help you identify potential sources of bias, validate the fairness of your models, and ensure compliance with regulatory requirements around algorithmic accountability.
As Jonathan Marks continually reminds us, corporations rise and fall on their government models and how they operate in practice. Compliance professionals need to be in the lead in cultivating a strong culture of AI governance within your organization, with clear policies, processes, and oversight mechanisms in place. This should include:
By embedding these governance practices into your organizational DNA, you can foster a sense of shared responsibility and proactively manage the risks associated with AI-powered decision-making.
As with all other areas of compliance, maintaining transparency and actively engaging with key stakeholders is essential for building trust and ensuring your AI initiatives align with societal values, your organization’s culture and overall stakeholder expectations. A CCO and compliance function can do so through a variety of ways:
By embracing a spirit of transparency and collaboration, CCOs and compliance professionals will not only help your company navigate the complex ethical landscape of AI, but also position your organization as a trusted, responsible leader in your industry. Similar to the management of third parties, ensuring the fairness and lack of bias in your AI-powered decisions is an ongoing process, not a one-time event. Your company should dedicate resources to continuously monitor the performance of your AI systems, identify any emerging issues or drift from your established standards, and make timely adjustments as needed. You must regularly review your fairness metrics, solicit feedback from stakeholders, and be prepared to retrain or fine-tune your models to maintain high levels of ethical and unbiased decision-making. Finally, fostering a culture of continuous improvement will help you stay ahead of the curve and demonstrate your commitment to responsible AI.
As AI becomes increasingly embedded in business operations, the stakes for ensuring fairness and mitigating bias have never been higher. By adopting a comprehensive, multifaceted approach to AI governance, your organization can harness the power of this transformative technology while upholding the principles of ethical and unbiased decision-making. The path to responsible AI may not be simple, but the benefits—in terms of trust, compliance, and long-term sustainability—are well worth the effort.
V. Continuous Monitoring of AI
Finally, we take a deep dive into continuously monitoring your AI. We begin this final Part 5 with some of the key challenges that organizations need to navigate to accomplish this task
You must have both data availability and high data quality. As we previously intoned, Garbage In, Garbage Out. Robust bias monitoring requires access to comprehensive, high-quality data that accurately reflects the real-world performance of your AI system. Acquiring and maintaining such datasets can be resource-intensive, especially as the scale and complexity of the AI system grows. But this is exactly what the DOJ expects from a corporate compliance function.
How have you determined your key performance indicators (KPIs) and interpretation? Selecting the appropriate fairness metrics to track and interpreting the results can be complex. Different KPIs may capture different aspects of bias, and there can be tradeoffs between them. Determining the right thresholds and interpreting the significance of observed disparities requires deep expertise.
Has your AI engaged in Model Drift or Concept Shift? Compliance professionals are aware of the dreaded ‘mission-creep’. Well, AI models can exhibit “drift” over time, where their performance and behavior gradually diverge from the original design and training. Additionally, the underlying data distributions and real-world conditions can change, leading to a “concept shift” that renders the AI’s outputs less reliable. Continuously monitoring for these issues and making timely adjustments is critical but challenging. Companies will need to establish clear decision-making frameworks and processes to address model drift and concept shift.
Obviously, operational complexity is a key issue in continuous monitoring of AI. Integrating continuous bias monitoring and mitigation into the AI system’s operational lifecycle can be logistically complex. This requires coordinating data collection, model retraining, and deployment across multiple teams and systems, while ensuring minimal service disruptions.
Everyone must buy-in, or in more traditional business-speak; there must be Organizational Alignment in place. Not surprisingly, it all starts with tone at the top. Your organization should start with fostering a culture of responsible AI development and deployment, with strong organizational alignment and leadership commitment. Maintaining a sustained focus on bias monitoring and mitigation requires buy-in and alignment across the organization, from executive leadership to individual contributors. Overcoming organizational silos, competing priorities, and resistance to change can be significant hurdles.
There are going to be evolving regulations and standards. The regulatory landscape governing the responsible use of AI is rapidly evolving, with new laws and industry guidelines emerging. Keeping pace with these changes and adapting internal processes accordingly can be an ongoing challenge. Staying informed about evolving regulations and industry standards and adapting internal processes accordingly will be mission-critical. This has already started in the EU, and at some point even the US will catch up.
The concept of AI explainability and interpretability will be critical going forward. As AI systems become more complex, the ability to provide clear, explainable rationales for their decisions and the observed biases becomes increasingly crucial. Enhancing the interpretability of these systems is essential for effective bias monitoring and mitigation. This will be enhanced by developing robust data management practices to ensure the availability and quality of data for bias monitoring. The bottom line is that companies should prioritize research and development to improve the explainability and interpretability of AI systems, enabling more effective bias monitoring and mitigation.
A financial commitment will be required as continuous monitoring for bias and other deficiencies and subsequent improvement will be resource-intensive, requiring dedicated personnel, infrastructure, and budget allocations. Investing in specialized expertise, both in-house and through external partnerships, to enhance the selection and interpretation of fairness metrics. Organizations must balance these needs against other business priorities and operational constraints. Companies must allocate the necessary resources, including dedicated personnel, infrastructure, and budget, to sustain continuous bias monitoring and adjustment efforts.
To overcome these challenges, organizations should adopt a comprehensive, well-resourced approach to AI governance and bias management. This includes developing robust data management practices, investing in specialized expertise, establishing clear decision-making frameworks, and fostering a culture of responsible AI development and deployment. Continuous monitoring and adjustment of AI systems for bias is a complex, ongoing endeavor, but it is a critical component of ensuring the ethical and equitable use of these powerful technologies. By proactively addressing the challenges, organizations can unlock the full potential of AI while upholding their commitment to fairness and non-discrimination.
By proactively addressing these challenges, organizations can unlock the full potential of AI while upholding their commitment to fairness and non-discrimination. Continuous monitoring and adjustment of AI systems for bias is a complex, ongoing endeavor, but it is a critical component of responsible AI development and deployment.
As the AI landscape continues to evolve, organizations that prioritize this crucial task will be well-positioned to navigate the ethical and regulatory landscape, build trust with their stakeholders, and drive sustainable innovation that benefits society as a whole.
We have explored the transformative role of AI in compliance, emphasizing its necessity in today’s complex regulatory environment. AI has the potential to revolutionize compliance functions by automating routine tasks, predicting and preventing risks, and enhancing overall efficiency. However, these advancements also introduce significant challenges, particularly in governance, ethics, and fairness.
Compliance professionals must adopt a cautious, risk-based approach to AI integration, ensuring that human oversight remains integral to the process. The paper provides insights into how AI can be leveraged to strengthen internal controls, maintain ethical standards, and address potential biases. By embedding robust AI governance and continuously monitoring AI systems, organizations can ensure they meet regulatory standards while fostering trust and accountability. The journey towards AI-driven compliance is just beginning, and this paper offers a roadmap for navigating the ethical and operational complexities that lie ahead.