Categories
Daily Compliance News

May 3, 2022 the Fat Leonard Trial to Resume Edition


In today’s edition of Daily Compliance News:

  • Fat Leonard Trial to resume. (KPBS)
  • Tensions at Google over AI and ethics. (NYT)
  • EU hits Apple on antitrust concerns. (WaPo)
  • Do banks lack basic risk management controls? (Reuters)
Categories
Daily Compliance News

February 3, 2022 the Opinion Release Edition


In today’s edition of Daily Compliance News:

Categories
Blog

Utilizing Machine Learning and AI in Your GRC Practice

I recently had the chance to visit with Andrew Robinson to discuss utilizing ML and AI into your GRC practice for a sponsored podcast.  Robinson is the co-founder and Chief Information Security Officer at 6clicks. You can check out Robinson’s podcast episode here.
We began with the very basic proposition that many compliance professionals and others are scared by AI in the GRC space. Robinson believes it is based on the fear of the unknown, both to many inside and outside of GRC. Yet, increasingly GRC professionals see how AI and ML can be used within reg tech, technology companies, as well as in the compliance space to move forward through taking advantage of natural language processing. Robinson explained this is a component of ML that can help understand text. There is a lot of text in the world of compliance. When you can then overlay an AI component on all the standards, laws, and regulations any multi-national organization must follow, you begin to see the power of such a tool.
We next turned to dealing with compliance across multiple jurisdictions. For GRC professionals working internationally, Robinson said they must “maintain mappings or what you commonly call in the US ‘crosswalks of compliance’ frameworks.” He went on to explain these frameworks are “useful because it can allow a consultant to help a client understand how they might stack up against a particular standard. Robinson provided the example that if an organization is already complying with ISO 27,001, through these mappings, it might be able to give them an idea about what that level of compliance they have through the lens of a different framework or standard that may be relevant like the NIST cybersecurity framework.”
Yet the 6clicks approach is much more than a regulatory approach. It is a business centered approach which provides discreet business advantages. Indeed, this is one of the reasons I find the 6clicks approach so exciting as it creates a business advantage by performing quality GRC. These tools increase efficiency and profitability. Robinson went further noting, that “we come out with a public estimate of 10 times saving in using machine learning to assist with building up GRC mapping.” That is some serious productivity savings and increase.
However, this productivity increase and potential cost saving does not remove the human element. This final concept is critical in moving forward. Robinson said, “I’m of the view that humans have a very important role to play. This role is supervising the machine learning models to make sure that what they are producing and the results that they are coming out with are accurate and reliable.” If they are using spreadsheets and word documents; they should, come to terms with the fact that companies and clients no longer want spreadsheets and word documents as a deliverable. GRC professionals and consultants need to need to start using similar tools and improving the way that they service their clients. Clients, both in-house and external, are starting to demand and look for this approach. Robinson noted, “the reality is that if you are doing anything else it will be seen as subpar, and no one wants to be delivering sort of subpar products. I look for a solution that can meet your customer expectations and help you deliver your services long into the future.”
We concluded by looking at GRC tools with ML and AI at a strategic level, at the senior executive level and even at the Board of Director level. Robinson feels that management at this level “understands the benefits because they understand the problem.” Their goals are to simplify compliance while understanding risk exposure. From this point, management can move to create a risk-based solution. Robinson believes, these are the types of “business problems that executives are dealing with on a daily basis. Having awareness of the machine learning model can help them navigate that complexity.” From where I sit, when you can take a tool that improves business process efficiency and use it to increase profitability through more effectual risk management it is a win for everyone.
For more information on 6clicks, check out their website here.

Categories
Compliance Into the Weeds

Compliance and AI


Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. This week Matt and Tom take a deep dive into the issue of compliance and artificial intelligence. Some of the issues we consider are:

  • What are the AI risks for compliance?
  • What guidance does the COSO Framework provide?
  • What are some of the top areas of AI failure?
  • Are we governing AI in the right manner?
  • What about the audit of AI tools?
  • Compliance, governance, ethics and AI.

 Resources
Matt in Radical Compliance
Thoughts on AI From the Audit Perspective
Grappling With Artificial Intelligence
 Tom in the FCPA Compliance and Ethics Blog
Compliance Communications: Using an AI Marketing Strategy – Part 1
Compliance Communications: Using an AI Marketing Strategy – Part 2

Categories
Life with GDPR

Jonathan’s Favorite Enforcement Action

In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. In this episode we take up Jonathan’s (current) favorite GDPR enforcement action, involving the food deliver services Deliveroo and Foodinho, who ran afoul of the Italian data protection authority.

Some of the questions we consider include:

  1. What are the facts of the enforcement actions?
  2. What do these cases tell us about the use of AI and data privacy?
  3. What lessons can companies that use algorithmic management of staff learn?

Resources
Check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Categories
The Ethics Movement

Converge21-Philip Winterburn on Digital Ethics: AI, Privacy and More


CONVERGE is in its 6th year of bringing together the world’s leading companies for 2 days of dynamic speakers, thought-provoking breakout sessions, and opportunities to connect with like-minded professionals. This year the conference has gone virtual. You will leave the conference with new resources and best practices allowing you to continue the hard work of driving ethics to the center of your business. In today’s episode I visit with Philip Winterburn. We visit about his presentation at Converge21 on Digital Ethics: AI, Privacy and More.
A successful whistleblowing program doesn’t start with installing a helpline–it starts with fostering an environment that protects whistleblowers, makes them feel supported, and makes clear the value they bring to the business. So how do you build that “speak-up culture?” Join this session to hear from a panel of practitioners who manage whistleblowing programs and whistleblower advocates who’ll share their insights, experiences, and challenges they’ve faced.
For more information and , go to Converge21.

Categories
Great Women in Compliance

Colleen Dorsey: Using AI and Machine Learning in Compliance

Welcome to the Great Women in Compliance Podcast, co-hosted by Lisa Fine and Mary Shirley.

Colleen Dorsey, our Great Woman in Compliance of the week, is well known for influencing Compliance careers early – she leads the University of St Thomas Compliance programming, preparing our Compliance Officers of tomorrow. Get a behind the scenes look into the evolution of Compliance education at the tertiary level.

 Also in this episode Colleen gives the GWIC listenership a run down on using Artificial Intelligence and Machine Learning in Compliance programs. In Compliance, as with everything else, it’s important to keep up with new developments and tools that can help us achieve our goals more accurately and more efficiently. Those who don’t keep up will most certainly get left behind. Fortunately Great Women in Compliance listeners are invested in their own professional development and keep up with the wealth of information provided by GWIC guests. Colleen gives basic understanding to lay the foundation of what AI and Machine Learning are and explains how these tools can be used to benefit Compliance programs, using a real life example and what the future might hold for these areas.

Finally Colleen shares some of her wisdom surrounding self-awareness – you cannot improve yourself unless you know what you’re working with and where your gaps are so it’s important to be honest with yourself and be able to self-reflect objectively – with the help of others where necessary.  Mary weighs in with some sound practical advice from Organizational Psychologist Adam Grant with a tip to make soliciting feedback easier for yourself and those around you.

Corporate Compliance Insights is a much appreciated sponsor and supporter of GWIC, including affiliate organization CCI Press publishing the related book; “Sending the Elevator Back Down, What We’ve Learned from Great Women in Compliance” (CCI Press, 2020). Thank you to all those who have taken the time to rate the GWIC podcast and book, it’s much appreciated.

If you’ve already read the booked and liked it, will you help out other women to make the decision to leverage off the tips and advice given by rating the book and giving it a glowing review on Amazon?

As always, we are so grateful for all of your support and if you have any feedback or suggestions for our 2021 line up or would just like to reach out and say hello, we always welcome hearing from our listeners.

You can subscribe to the Great Women in Compliance podcast on any podcast player by searching for it and we welcome new subscribers to our podcast.

Join the Great Women in Compliance community on LinkedIn here.

Categories
Blog

Compliance Communications: Using an AI Marketing Strategy – Part 2

Compliance Communications Using an AI Marketing Strategy – Part 2Over a couple of blog posts, I am exploring topics raised in a recent Harvard Business Review (HBR) article, entitled “How to Design an AI Marketing Strategy: What the technology can do today—and what’s next”, by Thomas H. Davenport, Abhijit Guha, and Dhruv Grewal where the authors focus on the use of Artificial Intelligence (AI) in marketing. I believe their work could be adapted for the compliance professional. Yesterday, I used the article as a jumping off point about how Chief Compliance Officers (CCOs) and compliance professionals can use AI for internal compliance communications and communications with key stakeholders outside your organization that you need to work with on compliance, such as third-party agents and vendors in the Supply Chain. Today I want to consider the framework that a compliance professional can implement to use these tools effectively for both internal and external marketing of a corporate compliance program.
The authors posit that AI can be categorized according to two dimensions: intelligence level and stand-alone or integrated platforms. Further, the intelligence level can be broken down into two subgroups: task automation and machine learning. Task automation performs “repetitive, structured tasks that require relatively low levels of intelligence.” They bring a level of ease as they are “designed to follow a set of rules or execute a predetermined sequence of operations based on a given input” However, such tools cannot handle complex problems such as nuanced employee requests for information. Chatbots fall into this category.  Such tools can provide basic assistance to employees during basic interactions, moving employees down a defined decision tree, but cannot ascertain intent, offer customized responses, or learn from interactions over time.
With machine learning, “algorithms are trained using large quantities of data to make relatively complex predictions and decisions.” Such algorithms can decipher text, segment issues, and anticipate how employees will respond to various initiatives. Moreover, machine learning can drive programmatic decision-making in a compliance program for employees through a “customer relationship management system”. The next step is what the authors term the “more sophisticated variant, deep learning, are the hottest technologies in AI and are rapidly becoming powerful tools in marketing.” That said, it’s important to clarify that existing machine-learning applications still just perform narrow tasks and need to be trained using voluminous amounts of data.
Stand-alone applications are “best understood as clearly demarcated, or isolated, AI programs.” Conversely, integrated applications are embedded within existing systems and such AI applications are often less visible than stand-alone ones. This allows employees to be delivered a more sophisticated solution for the Quote To Cash (QTC) or Procure To Pay (P2P) processes. With a stand-alone system, employees need to go to a dedicated app and request suggestions. It appears that compliance professionals will “see the greatest value by pursuing integrated machine-learning applications, though simple rule-based and task-automation systems can enhance highly structured processes and offer reasonable potential” for not simply more efficient compliance processes but for commercial returns.
For corporate compliance professionals with limited AI experience, perhaps the “way to begin is by building or buying simple rule-based applications.” You can start with “crawl-walk-run” approach. Once a compliance function acquires basic AI skills and an abundance of data, you can start moving from task automation to machine learning. Moreover, new sources of data, “such as internal transactions, outside suppliers, and even potential acquisitions”, are something compliance functions should have access to, since most AI applications, particularly machine learning, require vast amounts of high-quality data. Once again this is precisely what the Department of Justice (DOJ) specified in the 2020 Update to the Evaluation of Corporate Compliance Programs when it mandated that compliance have access to all corporate data even when siloed.
There are challenges in implementing an AI tool for communications as “implementing even the simplest AI applications can present difficulties. Stand-alone task-automation AI, despite its lower technical sophistication, can still be hard to configure for specific workflows and requires companies to acquire suitable AI skills.” It will also require “careful integration of human and machine tasks so that the AI augments people’s skills and isn’t deployed in ways that create problems.” The bottom line is that while AI holds enormous promise, for compliance professionals for a variety of uses, it still accomplishes only narrow tasks.
But it will be a journey for compliance. The compliance function “and the organizations that support it, IT in particular, will need to pay long-term attention to building AI capabilities and addressing any potential risks.” Yet compliance professionals cans start developing a strategy today to take advantage of AI’s current functionality and its likely future. Compliance communications to both internal and external stakeholders is certainly one use that should be on your horizon. When we receive the next iteration of the Evaluation of Corporate Compliance programs you may well see AI specifically called out as a tool, the DOJ may expect multi-national companies to have AI in place and be using for a variety of compliance activities.

Categories
Blog

Compliance Communications: Using an AI Marketing Strategy – Part 1

Compliance Communications Using an AI Marketing Strategy – Part 1Many Chief Compliance Officers (CCOs) are still challenged by the concept of internal marketing for a compliance program. Indeed folks like Ronnie Feldman, founder of L&E Creative, and Ricardo Pellafone, founder of Broadcat, are on a mission to move the compliance profession away from rote, boring and frankly useless training and communications tools. I was therefore intrigued by a Harvard Business Review (HBR) article, entitled “How to Design an AI Marketing Strategy: What the technology can do today—and what’s next”, by Thomas H. Davenport, Abhijit Guha, and Dhruv Grewal where the authors focus on the use of Artificial Intelligence (AI) in marketing. I was interested in how their work could be adapted for the compliance professional. Over the next couple of blog posts, I will be using this article as a jumping off point about how CCOs and compliance professionals can use AI for internal compliance communications and communications with key stakeholders outside your organization that you need to work with on compliance, such as third-party agents and vendors in the Supply Chain.
The authors posit that in order to realize AI’s giant potential, marketers (or CCOs) need to have a good grasp of the various kinds of applications available and how they may evolve. They categorize AI along two dimensions: the first is the intelligence level and whether it stands alone or is part of a broader platform. Simple stand-alone task-automation apps are a good place to start. The second is the advanced level, which integrates applications that incorporate machine learning and have the greatest potential to create value.
Compliance marketing has a huge amount to gain from the use of AI. This is because a marketer’s core activities are to understand customer needs, matching them to products and services, and persuading people to utilize those products or services. These are all capabilities that AI can dramatically enhance. The only difference for the compliance professional is that your customers are your employees and third parties to your organization that need compliance communications.
The authors note that AI has made inroads in marketing, and they well expect it to take on larger and larger roles across the function in the coming years. With the enormous potential of AI, it is important for all compliance professionals to understand the types of marketing AI applications available today and how they may evolve. One of the key changes for compliance coming out of the Covid-19 pandemic has been the use of data. This same use of data can be applied to internal and stakeholder communications for your compliance program through AI strategies such as Robotic Process Automation (RPA).
Many corporate compliance functions now use AI to handle narrow tasks, assist with broad tasks, like enhancing the accuracy of predictions, and augment human efforts in structured tasks, such as customer service from the compliance function. There are multiple examples of current uses of AI by compliance. Some of these include:

  • Chatbots for employee support,
  • Inbound call analysis and routing, and employee comments and email analysis, classification, and response,
  • Marketing campaign automation,
  • Social-media planning and execution,
  • Social-media sentiment analysis,
  • Web analytics narrative generation,
  • Website operation and optimization.

However, you can use AI in marketing for a wider variety of the employee lifecycle. When potential employees are in the pre-hire “consideration” phase and researching your organization, AI can help guide their search and this task. After hiring, AI-enabled bots can help compliance professionals understand employees’ compliance needs, increase their compliance engagement in a search, nudge them in a desired direction, and if needed, connect them to a compliance professional by chat, phone, video, or even “cobrowsing”—allowing a compliance professional to help an employee navigate a shared screen. Does that sound like marketing? You bet it does and that is why every CCO and compliance professional needs to learn to think like a marketer.
AI can streamline the compliance process by using extremely detailed data on employees, including real-time geolocation data, job duties, sales information from platforms, such as Salesforce, and other information to create highly personalized compliance offerings. But this is not a one-time communication. As an employee moves through the sales cycle with a customer, AI can reduce the likelihood that the employee will abandon their compliance focus by not simply reading updated communications. AI can synthesize additional information as an employee moves through the sales lifecycle (i.e., Quote To Cash) or on the vendor side of things (i.e., Procure To Pay).
After the sales cycle is concluded or after a new third-party sales agent is contracted, AI-enabled agents can be available 24/7 to triage employees’ requests—and are able to deal with fluctuating volumes of service requests and inquiries. They can handle simple queries can escalate more-complex issues to a compliance professional. In some cases, AI assists compliance professional by analyzing employees’ tone and suggesting differential responses, coaching compliance professionals about how best to satisfy employees’ needs or suggesting intervention.
If all of this sounds like a brave new world of compliance; it is. But that world is here now, and it is in marketing. These new concepts for compliance demonstrate the speed at which compliance is evolving and how data collection (continuous monitoring) and its use (continuous improvement) is required. Now does that sound familiar? Of course it does, as that is precisely what the Department of Justice (DOJ) set forth in the 2020 Update to the Evaluation of Corporate Compliance Programs.
Join us on Wednesday where I look at the authors’ framework for implementing the use of AI in compliance marketing.
 

Categories
Uncovering Hidden Risks

Uncovering Hidden Risks – Episode 1: Artificial Intelligence Hunts For Insider Risks

In this podcast we explore how new advances in artificial intelligence and machine learning take on the challenge of hunting for insider risks within your organization. Insider risks aren’t easy to find, however, with its ability to leverage the power of machine learning, artificial intelligence can uncover hidden risks that would otherwise be impossible to find.
Listen to the episode now: 

Welcome to Uncovering Hidden Risks, a broader set of podcasts focused on identifying the various risks organizations face as they navigate the internal and external requirements they must comply with. We’ll take you through a journey on insider risks to uncover some of the hidden security threats that Microsoft and organizations across the world are facing. We will bring to surface some best-in-class technology and processes to help you protect your organization and employees from risks from trusted insiders. All in an open discussion with topnotch industry experts!
Learn More
Subscribe on: Apple Podcasts, Stitcher, Spotify, Google Podcasts, Deezer, TuneIn