Tag: GenAI

Categories
Blog

Embracing AI-Driven Behavioral Analytics in Compliance

Traditional compliance tools, like annual surveys and periodic audits, are no longer sufficient to safeguard ethical culture. Instead, organizations are increasingly turning to AI-driven behavioral analytics to capture the dynamic pulse of their workforce in real-time. This cutting-edge approach, detailed in the attached article on behavioral analytics for culture assessment, enables proactive risk management and redefines how compliance professionals support and safeguard corporate integrity. In this post, I will share five essential lessons for compliance professionals and a detailed case study on how Starling (Starling Trust Sciences) is leveraging these technologies to revolutionize culture assessment and ethical oversight.

Key Lessons for Compliance

1. Leverage Continuous, Data-Driven Insights

One of the most compelling advantages of AI-driven behavioral analytics is its ability to deliver continuous, real-time insights into organizational culture. Traditional compliance methods, relying on infrequent surveys or sporadic focus groups, capture only snapshots of employee sentiment. In contrast, modern AI tools sift through vast amounts of employee data, including internal communications, collaboration patterns, and HR metrics, to detect trends and anomalies before they escalate into compliance crises.

By integrating continuous monitoring into your compliance program, you can identify red flags such as unusual communication patterns, increased negative sentiment, or emerging silos in employee interactions. This real-time data enables you to proactively address areas of concern, such as potential ethical lapses, rising stress levels, or breakdowns in the speak-up culture, thereby preventing minor issues from snowballing into major scandals.

Moreover, continuous monitoring empowers compliance professionals to shift their focus from reactive investigations to strategic interventions. When your dashboard is always up to date with actionable insights, you can pinpoint when a potential risk emerges and respond swiftly with targeted training, leadership coaching, or even process redesign. Integrating these analytics with existing risk management and incident response protocols is key to ensuring no warning signal goes unheeded.

2. Foster a Culture of Transparency and Trust

The successful implementation of AI-driven behavioral analytics hinges on transparency. Employees need to know that these tools aim not to spy on every conversation but to foster an environment of trust and accountability. Clear communication about what data is being collected, how it is used, and the safeguards to protect individual privacy is paramount.

Transparency builds trust, both internally and with regulators. When employees understand that the analytics are used solely to detect systemic issues (rather than to target individuals), they are more likely to embrace the technology. A well-communicated program that explains its benefits, such as early detection of ethical red flags and the potential for swift intervention, can turn skeptics into advocates. Employees who feel that their voice matters and that their company is genuinely invested in their well-being will likely contribute more positively to the corporate culture.

Fostering a culture of transparency involves a commitment to open dialogue. Regular training sessions, Q&A forums, and accessible dashboards help demystify the technology and make it a collaborative effort rather than a top-down surveillance tool. When the compliance function is seen as a partner rather than a policing arm, the overall ethical culture of the organization is strengthened.

3. Integrate AI with Human Expertise

Always remember the human in the loop. No matter how sophisticated an AI system becomes, it cannot, and should not, replace human judgment. AI-driven behavioral analytics is a powerful tool, but its effectiveness is maximized when paired with the expertise and intuition of seasoned compliance professionals. Human oversight is crucial for interpreting nuanced signals that an algorithm might otherwise misinterpret.

When AI flags a potential risk, it should be a starting point for further investigation rather than an automatic disciplinary trigger. Compliance teams must review flagged incidents in context, considering factors such as organizational changes, departmental dynamics, or external pressures that might influence employee behavior. This human-in-the-loop approach ensures that decisions are both data-informed and contextually grounded.

The bottom line is that AI should empower, not replace, compliance professionals’ critical thinking and ethical judgment. Combining the speed of machine learning with the discernment of human experts creates a compliance function that is both proactive and prudent.

4. Prioritize Data Quality and Integration

The effectiveness of AI-driven behavioral analytics is only as strong as the data it processes. For compliance professionals, ensuring high-quality, integrated data across the organization is a non-negotiable prerequisite for successful culture assessment. Fragmented, inconsistent, or siloed data can lead to inaccurate insights and misdirected interventions.

To maximize AI’s power, organizations must invest in robust data governance practices. These include standardizing data sources, cleaning and normalizing data, and integrating information from various channels, such as emails, chat logs, HR metrics, and employee surveys, into a unified platform. A centralized data repository streamlines analytics and provides a single source of truth supporting compliance and broader business decision-making.

Investing in data quality also means working closely with IT and data management teams. Compliance professionals should advocate for the necessary resources to build and maintain data pipelines that support continuous monitoring. This collaboration is essential for ensuring that the AI system receives timely, accurate, and relevant data that reflects the true state of your company’s culture.

5. Act on Insights with Strategic Interventions

Data-driven insights are only as valuable as the actions they inspire. The final and arguably most critical lesson for compliance professionals is ensuring that every insight gleaned from AI-driven behavioral analytics translates into strategic, timely interventions. The goal is not to monitor culture but to actively shape and improve it.

When analytics reveal emerging trends—such as increased negativity in internal communications or signs of disengagement within a particular team—it is imperative to move quickly. This means having a well-defined response plan in place: whether it’s targeted training sessions, leadership coaching, or structural adjustments within the affected department, the response should be proportional to the risk identified. Timely interventions can prevent small issues from snowballing into systemic cultural weaknesses that compromise compliance and organizational integrity.

By turning data into decisive action, compliance professionals can prevent misconduct and reinforce a culture where ethical behavior is recognized, nurtured, and rewarded. In doing so, the compliance function becomes a true strategic partner that drives sustainable growth and long-term trust within the organization.

The Future is Now: Starling Trust Sciences

Starling Trust Sciences is a pioneer in predictive analytics for culture assessment. It has redefined how organizations monitor and enhance their ethical culture. Starling’s platform analyzes digital traces, specifically metadata from employee communications, without intruding on the content. This innovative approach preserves employee privacy while providing invaluable insights into behavioral patterns and culture.

At its core, Starling leverages AI to map out organizational communication networks. By examining factors such as frequency, timing, and the structural patterns of interactions, the platform generates quantifiable indicators of engagement, trust, and even potential misconduct risk. For instance, if a team begins exhibiting unusually siloed communication or informal channels become overly dominant, Starling’s system flags these as early warning signs that something may be amiss.

One large financial institution, for example, integrated Starling’s analytics into its compliance program to monitor high-risk departments. The platform identified areas where communication breakdowns occurred—a common precursor to ethical lapses and regulatory breaches. Managers were alerted to these trends well before any formal complaint or misconduct report was filed. This proactive approach allowed the institution to implement targeted interventions, such as team-building workshops and leadership coaching, ultimately strengthening the organization’s ethical culture.

Moreover, Starling’s emphasis on predictive analytics meant that the platform wasn’t just reacting to historical data but actively forecasting potential risks. Starling’s AI model provided a risk score for different teams by correlating communication patterns with past misconduct incidents. Compliance professionals used these scores to prioritize investigations and focus their resources on the areas with the highest likelihood of non-compliance. The result was a dramatic improvement in early detection and reduced compliance incidents across the board.

Starling’s case exemplifies how advanced analytics can serve as both an early warning system and a strategic tool. By blending technological precision with human judgment, organizations can create a compliance function that is agile, proactive, and deeply integrated into the fabric of the company’s culture. Starling’s approach underscores the future of compliance: one where data-driven insights pave the way for continuous improvement, ethical leadership, and, ultimately, a more resilient organization.

AI-driven behavioral analytics is not merely a technological upgrade. Instead, it is a paradigm shift for compliance professionals. By leveraging continuous insights, fostering transparency, integrating human expertise, ensuring data quality, and acting decisively on data, compliance teams can transform their roles from reactive enforcers to strategic partners in building an ethical, resilient culture. Starling’s success story is just one example of how these advanced tools can empower organizations to stay ahead of emerging risks and cultivate a culture embodying compliance excellence.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Embracing AI-Driven Behavioral Analytics in Compliance

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we leverage GenAI to revolutionize culture assessment and ethical oversight.

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Embedded Compliance

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we look at how AI can help deliver a more robust compliance regime directly to business operations through embedded compliance.

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Categories
Blog

Embedded Compliance in Business Processes: Integrating Compliance into the Workflow

We continue explaining how compliance professionals can ‘up their game’ in this new environment under the Trump Administration. Today, I want to consider “embedded compliance,” which integrates compliance checks and controls directly into business processes rather than treating compliance as a separate, after-the-fact function. Embedded compliance means compliance is built into everyday workflows, providing instant, in-process guidance on regulatory requirements.

Rather than retrofitting compliance controls onto existing systems and processes as an afterthought, organizations should proactively integrate compliance measures into the initial design phase of their operational structures. This approach ensures that compliance is inherently woven into the fabric of everyday operations, significantly reducing the risk of regulatory breaches and costly remediation efforts. For instance, when developing new customer onboarding processes, embedding compliance checks such as Know Your Customer (KYC), consent capture, and identity verification into each operational step can prevent compliance gaps that could lead to significant issues later.

Successful compliance by design necessitates close collaboration among compliance officers and teams from IT, product development, and operations. Forming cross-functional working groups where compliance requirements are translated into technical specifications or user stories ensures compliance is integral from the outset. This proactive collaboration creates robust compliance frameworks and establishes a culture where compliance is seen as a fundamental operational requirement rather than an obstacle.

The Role of API-Driven Solutions in Compliance

In addition to proactive integration, organizations should leverage modern technologies like Application Programming Interfaces (APIs) and automation to enhance compliance processes. Traditional manual compliance procedures, which often involve repetitive and time-consuming tasks such as cross-referencing data entries, spreadsheet maintenance, and generating reports, are inefficient and prone to error. By identifying routine compliance activities that consume significant human resources, organizations can implement automation solutions or APIs to streamline these processes, significantly improving efficiency and accuracy. For example, automating the review of employee travel requests against company policy can flag exceptions for human review, freeing up compliance teams to focus on more strategic initiatives. Compliance professionals should thus cultivate an understanding of these tools and collaborate closely with IT departments to ensure effective integration and optimal utilization of automation technologies.

Quality of Data

The effectiveness of embedded compliance heavily depends on the quality and consistency of the data feeding these systems. Ensuring data accuracy and breaking down data silos is critical to the success of compliance initiatives. AI-driven compliance systems are sensitive to data quality, as inaccuracies or inconsistencies can lead to significant compliance oversights or many false positives, undermining trust in these systems. Compliance professionals must champion data integrity by working closely with data management teams to identify and rectify any data gaps or inconsistencies. Efforts should be directed towards establishing a centralized repository of compliance data—a single source of truth that integrates data from various systems such as CRM, ERP, and trading platforms. This merged approach enhances data quality, facilitates comprehensive compliance monitoring, and ensures robust oversight.

Risk-Based 

When implementing embedded compliance, particularly those AI-driven solutions, organizations should adopt a risk-based approach, initially targeting high-risk areas. Not all processes within an organization carry the same level of compliance risk, making it prudent to prioritize areas with the greatest potential impact or likelihood of regulatory violations. For example, financial reporting or transactions with significant regulatory oversight might warrant immediate and thorough automation of compliance checks. Focusing first on clear, rule-based automation within high-risk domains allows organizations to achieve quick, demonstrable successes. These early wins build organizational confidence in embedded compliance solutions and help secure stakeholder buy-in for broader compliance initiatives. Once effectiveness is established in critical areas, the organization can gradually expand embedded compliance measures to include other processes, potentially incorporating more sophisticated AI models.

Transparency

Transparency and explainability are other essential aspects of embedding compliance, especially when using AI and automated systems. Regulators and stakeholders increasingly require clear explanations of compliance-related decisions, particularly for significant regulatory or financial decisions. Organizations must choose or design compliance systems that offer clear, understandable rationales for their decisions. Favoring rule-based compliance engines or explainable AI models ensures organizations can easily document and justify their compliance processes to regulatory authorities. Maintaining comprehensive documentation on these systems’ logic, rules, thresholds, and periodic performance reviews is critical to building trust and ensuring accountability. Treating automated compliance systems with the same scrutiny as human compliance staff ensures robust oversight and early detection of systematic issues, such as unintended biases or data anomalies.

Embedding compliance into business processes from the outset, leveraging APIs and automation, ensuring data quality, adopting a risk-based approach, and prioritizing transparency and explainability are fundamental strategies for enhancing organizational compliance capabilities. By proactively integrating compliance measures into operational frameworks, organizations can significantly mitigate regulatory risks, streamline operations, and foster a compliance-driven organizational culture. Compliance professionals, therefore, play a pivotal role in orchestrating these initiatives, ensuring continuous improvement and adaptability in an ever-evolving regulatory landscape.

Key Lessons for Compliance Professionals

1. Embed Compliance Proactively into Processes

Compliance should never be an afterthought. Pfizer’s proactive model teaches us the value of embedding compliance from the ground up. Companies can prevent compliance breaches at their source by incorporating compliance checkpoints directly within operational processes—such as patient feedback analysis and adverse event tracking. This proactive stance mitigates risk and streamlines operations by addressing potential issues in real time rather than post-event. Compliance professionals must advocate for integration at the earliest stage of business process design, underscoring that compliance by design significantly reduces risks and enhances operational integrity.

2. Leverage AI and Predictive Analytics

The Pfizer model underscores the importance of utilizing AI and predictive analytics to anticipate compliance issues before they materialize. AI-driven systems enable compliance teams to quickly sift through vast datasets, identifying patterns or anomalies that could signal emerging risks. Compliance officers must familiarize themselves with emerging technologies, ensuring they can effectively collaborate with IT and analytics teams to fine-tune predictive models, thus maximizing compliance effectiveness while efficiently managing resource allocation.

3. Continuous, Real-Time Monitoring

Real-time compliance monitoring is no longer optional; it is a necessity. Pfizer’s continuous monitoring systems allow immediate visibility into compliance status, empowering proactive risk mitigation. Compliance professionals must advocate for adopting real-time systems within their organizations, positioning continuous compliance as essential to operational health. By moving beyond periodic audits toward continuous assurance, compliance teams can maintain a dynamic risk posture, adapting swiftly to regulatory changes and business evolution.

4. Foster a Data-Driven Compliance Culture

Data is foundational to embedded compliance, as Pfizer effectively shows. Ensuring data integrity, eliminating silos, and fostering a culture of data-driven decision-making are crucial. Compliance officers should prioritize creating centralized data repositories and robust governance structures, emphasizing high-quality, accurate data as the backbone of compliance monitoring. Promoting a data-literate culture within the organization ensures that all employees understand their role in maintaining compliance and proactively engaging with compliance measures embedded in their daily tasks.

5. Prepare for Regulatory Collaboration

Pfizer’s proactive approach facilitates transparent and efficient communication with regulators, demonstrating the effectiveness of embedded compliance. Regulatory relationships are shifting toward collaboration and real-time interaction, moving beyond traditional periodic reporting. Compliance professionals should expect this shift and prepare their organizations for real-time data sharing and transparency. Developing standardized reporting mechanisms and maintaining continuous readiness positions organizations to navigate the evolving regulatory landscape effectively, fostering trust and confidence with regulatory bodies.

The Future is Now: Pfizer and Pharmacovigilance

Pfizer, a pharmaceutical giant, faces stringent regulatory requirements for drug safety, quality assurance, and pharmacovigilance governed by entities such as the FDA and EMA. To meet these challenges, Pfizer leverages advanced artificial intelligence (AI) and predictive analytics, integrating compliance into every drug development and monitoring stage. Through predictive models, Pfizer proactively identifies potential compliance risks by analyzing diverse data streams, including clinical trial outcomes, patient feedback, and adverse event reports. This early identification allows Pfizer to intervene proactively, addressing potential safety concerns or regulatory issues before they escalate into significant problems. The embedded compliance approach has enabled Pfizer to achieve a real-time, continuous monitoring system that safeguards patient health and enhances operational efficiency and regulatory adherence. By systematically embedding these AI-driven analytics into their core operational frameworks, Pfizer shows a robust commitment to compliance, excellence, and regulatory transparency.

The Pfizer case study provides a roadmap for embedding compliance into business processes. Compliance professionals who adopt these lessons will enhance their organizations’ regulatory standing and contribute significantly to operational efficiency and strategic business outcomes.

Embedding compliance into business processes from the outset, leveraging APIs and automation, ensuring data quality, adopting a risk-based approach, and prioritizing transparency and explainability are fundamental strategies for enhancing organizational compliance capabilities. By proactively integrating compliance measures into operational frameworks, organizations can significantly mitigate regulatory risks, streamline operations, and foster a compliance-driven organizational culture. Compliance professionals, therefore, play a pivotal role in orchestrating these initiatives, ensuring continuous improvement and adaptability in an ever-evolving regulatory landscape.

By adopting these strategic approaches exemplified by Pfizer’s proactive and predictive compliance practices, organizations can effectively navigate complex regulatory environments, safeguard operational integrity, and achieve sustained business success.

Categories
Daily Compliance News

Daily Compliance News: February 27, 2025, The Enemy of the West Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News—all from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • CFTC to give credit for self-disclosure. (WSJ)
  • The US is now the enemy of the West. (FT)
  • GenAI in the legal industry. (Reuters)
  • AI-powered RegTech. (PYMNTS)

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Check out the FCPA Survival Guide on Amazon.com.

Categories
Everything Compliance

Everything Compliance: Episode 150, The Musk On Edition

Welcome to this edition of the award-winning Everything Compliance. In this episode, Matt Kelly, Jonathan Armstrong, Jonathan Marks, Karen Woody, and Karen Moore join the full gang to examine various issues for compliance professionals under the incoming administration.

  1. Jonathan Armstrong looks at the car crash coming for DeepSeek in the EU. He shouts out to Peter Mandelson, the new UK Ambassador to the United States.
  2. Karen Moore looks at the reframing of DEI. She shouts out about the film on September 5.
  3. Matt Kelly considers the Bondi Memo on changes in DOJ enforcement focus and mentions Alexei Navalny’s memoir.
  4. Karen Woody examines the new SEC Crypto Taskforce and mentions the award-winning play Hadestown.
  5. Jonathan Marks provides a tutorial on the role of internal audit on export controls. He also shouts out to his hometown team, the Philadelphia Eagles (now the Super Bowl-winning Philadelphia Eagles).
  6. Tom Fox shouts out to (conspiracy) Bill Simmons for opining that the Dallas Maverick’s trade of Luka Doncic was a ploy to force the state of Texas to allow gambling in this state.

The members of Everything Compliance are:

The host and producer, rantor (and sometime panelist) of Everything Compliance is Tom Fox, the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the award-winning Compliance Podcast Network.

For more information on the Ethico Toolkit for Middle Managers, available at no charge, by clicking here.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Using GenAI to Make Small Transformations

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we review how to begin using AI to make small transformations and build up to larger ones.

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Categories
All Things Investigations

All Things Investigations – DeepSeek’s AI Revolution: Implications for Compliance and Security

Welcome to the Hughes Hubbard Anti-Corruption & Internal Investigations Practice Group’s podcast, All Things Investigation. In this podcast, host Tom Fox is joined by HHR Partner Mike Huneke and Brent Carlson from the Berkeley Research Group.

Brent Carlson and Mike Huneke review the recent DeepSeek AI announcement, which has stirred significant debate in the business and compliance sectors. Brent views this development as a “Sputnik moment” in the technology space, highlighting both the exciting potential and the profound implications for national security and corporate strategy, particularly due to the dual-use nature of AI technologies. On the other hand, Mike has expressed concern over the contentious debates surrounding export controls, emphasizing the necessity for robust compliance frameworks to mitigate liability risks and adapt to the evolving AI landscape. Together, they stress the importance of incorporating high probability standards and reliable inputs into compliance programs to effectively navigate the complex challenges of advanced AI technologies like DeepSeek, ensuring corporate citizenship and strategic advantage in this new era.

Key highlights:

  • Groundbreaking AI Progress Raises National Security Concerns
  • AI Market Disruption by DeepSeek Technology
  • High Probability Standard in Export Control Compliance
  • Subjective Judgment in Compliance Risk Assessment Framework
  • Red Flag Detection with Data Analytics Tools

Resources:

Hughes Hubbard & Reed website

Brent Carlson on LinkedIn

A Fresh Look at US Export Controls and Sanctions

DeepSeek Finds US Export Controls at a New ‘Sputnik Moment’ in Bloomberg Law

Categories
Blog

Using GenAI to Make Small Transformations

A recent article entitled Generate Value From GenAI With ‘Small t’ Transformations by Melissa Webster and George Westerman caught my attention. The authors posited that business leaders get real value from large language models by working their way up the risk slope and building the foundation for larger future transformations. However, they came up with an interesting strategy to test their question. They wrote, “As business strategists, we wanted to see what generative AI could add to our work. We explored this question through experiments on different aspects of the strategy creation process. In each experiment, we put a realistic strategy question to ChatGPT, followed by a lengthy back-and-forth to refine the initial responses. The intention was to understand how the tool can support ideation, experimentation, evaluation, and the building of stories—and where it falls.”

Basically, they used ChatGPT and generative AI (GenAI) to create and refine the strategy. I found this approach very interesting for the compliance professional. From this approach, they learned lessons in three uses applicable to the compliance professional.

  1. GenAI in Tasks That Are Common to Individuals in Many Roles
  2. Specialized GenAI for Compliance Professionals
  3. Enhancing the UX

Common Tasks. Compliance professionals can use large language models (LLMs) in ways that are useful to many compliance roles, such as writing, synthesizing information, generating imagery, and documenting meetings. GenAI’s near-ubiquitous nature can have a real impact on your compliance function. You can buy or create integrated tool sets that link generative AI to other functions that compliance professionals typically perform. Benefits vary by use and user, with individual initiative-taking and prompting skills influencing the value they derive.

Consider adding compliance-specific intelligence by training models on terminology and information that are proprietary to the company. For example, the authors point to the “Global consulting firm McKinsey built Lilli, [which built] a platform that links generative AI to its intellectual property from over 40 internal sources. The effort involved significant technical hurdles; for example, the tool needed to be changed to read PowerPoint slides, one of the company’s main ways of communicating project information, but the platform is providing value. For instance, if a consultant has a question about green energy business models in less-developed economies, Lilli can quickly find and synthesize information from projects that have already studied the problem somewhere in the world. McKinsey has reported that the platform’s capabilities and robust employee education led to about 75% of employees actively using Lilli in less than a year, time savings of up to 30%, and substantially improved quality.”

McKinsey is not alone in developing these specialized models for the general workforce. The same approach would work for a compliance function.

Specialized GenAI for Compliance. In this category, the authors say that “companies working their way up the risk slope are developing generative AI capabilities to improve productivity and quality in specific job roles or business processes. There is less tolerance for unacceptable output here.” These GenAI resolutions “typically maintain a human in the loop, where employees interact with the tools and review the outputs rather than allowing the GenAI tools to make decisions or produce outputs automatically.” Moreover, such outputs would seem directly suited for the compliance function.

In the space adjacent to compliance, the world of corporate finance, the authors found that “finance teams are relatively late adopters of new technologies, with CFOs citing technology gaps, data concerns, and competing priorities as reasons for that lag.” What does that sound like? Many legally trained corporate compliance officers.

The authors cited, “One international energy company we studied created a tool using a mix of GenAI, traditional AI, and other algorithms to suggest mitigations or help rewrite an audit report. Other companies use generative AI to assist in drafting reports for audits or regulatory compliance. At Amazon, the finance function uses rules-based AI, machine learning, and LLMs to address tasks in fraud detection, contract review, financial forecasting, personal productivity, interpretation of rules and regulations, and tax-related work.” Such a tool could move compliance professionals from repetitive tasks to focus more on work involving critical thinking.

Enhancing the UX. The next step for GenAI in compliance is with its customers, i.e., corporate employees. Just as GenAI is transforming traditional customer service and retail engagement, it can do so for interactions by compliance and employees. Unlike traditional phone menus or robotic process automation (RPA) chatbots, GenAI enables dynamic, multilingual responses, enhancing customer experience while optimizing operational efficiency. Take the example of John Hancock, which has implemented AI-driven chatbots to manage routine inquiries, allowing human agents to focus on more complex customer needs. This shift improves response times, reduces costs, and increases employee efficiency. Now, apply that strategy to your employees.

Beyond text-based interactions, GenAI is expanding into voice-based customer engagement. Companies like Starbucks, Domino’s, CVS, and major banks are integrating AI-driven voice assistants with future applications that will likely include video-based interactions. Compliance can also use all of these strategies.

By pursuing small-t transformation, often with a human in the loop, as they build capabilities, your compliance team can enable the development of applications with higher value and risk. The authors list several actions a Chief Compliance Officer (CC) can take to generate transformation with generative AI.

  1. Identify key pioneers in your organization and develop your messaging. With generative AI, innovation often comes from “cyborgs”—early adopters who integrate the technology into their work and are motivated to use it to solve a problem for themselves or their customers. Use them to communicate your innovation vision.
  2. Assess your company’s current position on the risk slope. What are you already doing, and what would be the next level of complexity and reward? Look at opportunities in individual productivity, role-specific enhancements, and innovations in product or customer engagement.
  3. Consider scalability. The authors noted, “According to the head of AI at a large bank we spoke with, “the more stuff you do, the more stuff you find to do.”
  4. Secure management buy-in. Small-t innovations can help to make the value story real and make the case for investments that can reduce the perceived risk of larger opportunities.
  5. Investigate foundational investments. Some of the boldest use cases will require extensive investment in data cleansing, model training, and integration before they can be ready for a real-world test.
  6. Maintain a long-term perspective. “The transformative cases take longer to build the business case, test the models, change behaviors, etc.,” said Chris Bedi, chief customer officer at software company ServiceNow. “The challenge is not only technical but also leaders taking time to reimagine their future with big ideas.”

The bottom line is that while productivity gains are the expected and common benefits of applying GenAI to specialized roles and tasks in compliance, the technology’s true impact extends further. GenAI is fundamentally transforming what compliance professionals can achieve. GenAI is enabling innovations and reshaping traditional compliance processes by enhancing efficiency and expanding the realm of possibilities within various functions.