AI is set to transform the way companies manage their key business functions – risk and compliance included, says Craig Adams. In this article he explores the opportunities and the challenges that need to be addressed by GRC teams.
With ChatGPT bursting onto the scene a few months ago and the recent announcement by BT that more than 10,000 of their employees will be replaced by Artificial Intelligence by the end of the decade, the rise of AI is set to transform the way companies manage their key business functions – risk and compliance included.
Be in no doubt, across many risk and compliance functions and processes, there is a huge opportunity to automate everyday tasks as well as gain new insights to understand the risk profile of contemporary organizations, individuals, and scenarios.
However, risk management and compliance functions are currently in the very early stages of AI integration. Indeed, in most organizations, risk professionals find themselves working hard to comprehend the full scope and implications of integrating AI into very well-established processes.
To make the most of AI’s potential, therefore, industry professionals need to look at both the opportunities and challenges if they are to blend the unique capabilities of human expertise and experience with the innovation delivered by AI. In fact, understanding the technology, its application, and the risks it poses is fundamental for risk managers before partial or full-scale deployment should be considered.
Harnessing AI automation and insight
In common with many industries, one of the major opportunities that AI presents for risk and compliance is in the automation of mundane and repetitive tasks. For instance, AI-driven customer service solutions have been shown not only to reduce operational costs but also to improve the quality of service. This explains why BT and other organizations are already putting plans in place to significantly increase investment in AI, not least because they expect to achieve significant efficiency gains and cost reductions. The same motivations apply across risk management and compliance.
Behind the customer service function, however, AI has the potential to provide invaluable insights into an organization’s risk profile by analysing vast amounts of data at a pace incomparable to human capabilities. For instance, AI can be applied to examine thousands of pages of regulations across multiple jurisdictions and recommend where applicable regulations apply. This capability has huge potential to reduce the workload of compliance officers, allowing them to allocate more time to training and strategic activities while also improving accuracy.
But, to sound a note of caution that risk professionals should always have front of mind, AI systems are highly dependent on the quality of data they process. Incorrect or biased data can easily lead to poor outcomes. In a risk management context, if AI relies on flawed data, it might fail to identify critical risks or comply with relevant regulations.
It’s a situation that is somewhat reminiscent of the early days of computer science in the 1950s, where the phrase ‘garbage in, garbage out’ was first coined - the point being that the quality of output is determined by the quality of the input. Organizations must therefore ensure that the data feeding into AI systems is accurate and unbiased at all times. Failure to do so not only raises the risk of serious errors but also huge reputational damage to the organizations involved and the application of AI across the profession.
Another crucial concern is the potential replacement of human workers. While it’s clear that AI can and will automate a range of functions currently carried out by human members of staff, replacing people entirely is not without enormous drawbacks. Most obviously, there is an inherent and irreplaceable value in human insight, judgement and decision-making, especially in areas as critical as risk management and compliance, where experience plays a massive role across the board.
In search of a risk management win-win
So, how can organizations deliver a win-win and balance the benefits of AI against the risks? Ideally, they should take a structured approach whereby the implementation of processes and procedures for AI deployment is carried out with full transparency and visibility across the risk management function. For instance, very early in the overall AI implementation process, risk managers should assess AI’s impact on the organization’s overall risk profile and identify any compliance challenges.
Furthermore – and this is a long-term requirement – it is absolutely vital to establish effective controls over the remit given to AI and its performance levels. These should include a commitment to manual oversight, ongoing ad-hoc testing, and the implementation of any other relevant mechanisms to ensure that AI operates within the organization’s risk appetite and compliance framework. In this context, a hybrid approach, where AI and humans work in tandem, is most likely to provide the best results.
But this is just the beginning of a complex and interesting journey. In the long run, AI can contribute significantly to the capabilities and impact of risk management and compliance functions. In particular, as regulatory environments change rapidly, AI’s ability to quickly adapt and provide insights into emerging risks and compliance requirements is invaluable. On the flip side, however, organizations will also need to pay close attention to how AI may be regulated at a government and industry-specific level in the future.
Looking ahead, therefore, those organizations that adopt a well-considered and structured approach to their use of AI will be ideally positioned to deliver better risk management outcomes. And ultimately, that’s a core objective for every risk management organization, but getting there will be a test of their ability to adapt when there is little practical experience to draw on.
The author
Craig Adams is Managing Director, EMEA at Protecht.
