Last week, I penned a blog series around a special White-Collar Crime section in the July Harvard Business Review (HBR). This week, I am writing a blog post series based upon the MIT Sloan Management Review Special Report: Making Good on the Promise of AI. Today, I want to consider the article Using AI to Enhance Business Operations by Monideepa Tarafdar, Cynthia M. Beath and Jeanne W. Ross. I am using the article as an introduction into the corporate compliance function can use Artificial Intelligence (AI) to not only enhance the compliance function but also business operations. Today, in Part 1, I consider the crucial capabilities which a compliance function must have to implement an AI solution. Tomorrow I will conclude with the four practices that create the conditions for an AI solution in compliance to deliver on its promise.
The authors believed that Enterprise Cognitive Computing (ECC), which they define as “the use of AI to enhance business operations involving embedding algorithms into applications that support organizational processes” can be used to improve the speed of information analysis, the scope of data reviewed and in the reliability and accuracy of outputs. Moreover, “The power of ECC applications stems from their ability to reduce search time and process more data to inform decisions.” This all leads to enhanced operational excellence, more efficient business processes, and a more robust compliance experience.
Generating value from ECC applications is not easy for compliance professionals as there can be multiple roadblocks to successful design and implementation. The authors observed, “many companies that hoped to benefit from ECC but failed to do so had not developed the necessary organizational capabilities. To help address that problem, we undertook a program of research aimed at identifying the foundations of ECC competence.” They identified five capabilities “that companies need to splice the ECC gene into their organization’s DNA.” I have adapted their strategies for the compliance function.
Data Science Competence
Data science competence encompasses a wide range of skills essential to ECC. It includes skills such as determining the availability and usefulness of massive amounts of data: collecting, cleaning, curating, tagging, and analyzing internal and external data from multiple sources. Data science competence also entails identifying and describing relationships between data, as well as developing AI algorithms that have learned from the data how to identify patterns and probabilities. This is definitely not the strong suit of lawyers or law schools which train them. This means that compliance professionals will need to hire “data science competence”.
Compliance Domain Proficiency
Compliance professionals should have better chance with the domain expertise. And yes, this does include the ability to read a spreadsheet. The reason compliance proficiency is needed is to understand the tasks, workflows, and logic of existing compliance processes, as well as to imagine how ECC applications could improve them. Compliance domain proficiency also means the ability to understand the relationships among the data from a process and compliance point of view which is important for creating the business rules that shape how the outputs from the algorithm are handled by the ECC application.
Enterprise Architecture Expertise
This does mean building the AI infrastructure because ECC applications do not deliver value by simply processing data and delivering outputs. Rather, “ECC applications deliver value when the organization changes its behavior — that is, when it changes processes, policies, and practices — to gain and apply the insights from those outputs.” This sounds suspiciously close to what Chief Compliance Officers (CCOs) currently perform. This role clearly transitions into expert enterprise architecture design because it is needed to create business value from ECC applications and then help manage the transition from the old organization to the new one. Essentially, an ambitious ECC application in compliance will affect and impact several, often fundamentally different business processes. In such cases, enterprise architects are needed to orchestrate the redesign of the systems, processes, and roles across organizational units. The more ambitious the ECC compliance application, the more likely it will require far-reaching organizational changes.
Operational IT Backbone
Once again this will likely be outside the subject matter expertise (SME) of a corporate compliance function. However an organization’s existing technology and data foundation, what the authors term “its operational IT backbone and the people responsible for it support the development and running of ECC applications”, are critical elements as they provide the resource capabilities needed to store and access critical data, integrate ECC applications with other applications, provide reliable operations, and ensure privacy and security.
Even though this may be out of the compliance professional’s wheelhouse, the reality is that no new enterprise application can operate in isolation from other enterprise applications. The authors conclude that “ECC is no exception. If an application is not properly integrated, it will be hard to use and possibly ignored.”
Digital Inquisitiveness
A key to the continued need for compliance professionals is that AI algorithms in ECC applications do not produce definitive answers. Rather, they produce predictions based on probabilities: that there could be payments outside a gift, travel and entertainment parameter or that monies claimed to be marketing expenses or charitable donations may be illicit payments. However, there are situations in which the compliance professional users must consider these predictions and apply human judgment to arrive at decisions about how and where to deliver a compliance solution. To do this effectively, they need to possess digital inquisitiveness — a habitual inclination to question and evaluate the data before them. They must use that skill to better understand the options provided by ECC applications and continually improve outcomes.
The authors conclude by noting that in developing the five capabilities compliance functions are equipped to derive value from ECC applications. Even at that point, companies must apply those capabilities. In tomorrow’s concluding post for this series, I will discuss the four practices helpful in creating the conditions for a compliance application to deliver on its promise.
[View source.]
