Last year, Boston Consulting Group reported that banks were tracking three times as many individual global regulatory changes as compared to 2011. The report added that these institutions were averaging 200 regulatory revisions per day in 2017.
RegTech often refers to the use of cloud computing technology through software-as-a-service (SaaS) with the aim of helping businesses conform to regulations faster and less expensively. In this piece, we aim to explore current applications of artificial intelligence in the RegTech space and coax out the broad segments under which they can be classified.
Through our preliminary research, we identified the following three major application segments for AI in regulatory compliance:
- Stress Testing for Financial Forecast Models
- Automation for Tracking and Monitoring of Regulatory Changes
- Machine Learning for Enterprise Email Filtering
Below, we will highlight five companies that offer AI services for regulatory compliance from each application segment. We will also go into more details about how AI vendors are helping financial enterprises manage their regulatory processes by looking at use-cases and examples.
We distill the applications for each company with the aim of exploring how AI is being used for RegTech today and how can enterprises augment the capabilities of their compliance teams.
Stress Testing for Financial Forecast Models
California-based Ayasdi, founded in 2008, claims to offer big data analytics and artificial intelligence services. The 120 employee company was co-founded by Gunnar Carlsson, Professor Emeritus in the Department of Mathematics at Stanford University, and CEO Gurjeet Singh who previously earned a PhD from Stanford in computational and mathematical engineering.
Ayasdi claims that their artificial intelligence platform, Ayasdi’s Model Accelerator (AMA) can help enterprises in financial services to predict and model regulatory risk. The company also claims that their platform can achieve this by using machine learning to find hidden patterns in historical financial data or for forecasting revenue data. The company claims it could help banks in the following ways:
- Establish and adhere to regulations for anti-money laundering (AML). The company claims this may be particularly challenging for banks and that non-compliance can potentially result in fines of over tens of billions of dollars.
- Help banks to automatically monitor customer transaction data to identify anomalies and ensure that they are compliant with regulatory requirements..
- Help global banking clients reduce false positive rates in fraud detection as compared to traditional rule-based methods used by most banks traditionally, while still identifying a similar number of suspicious activity reports.
Below is a video from Ayasdi where Senior Data Scientist Jesse Paquette demonstrates and explains how the platform might be used for fraud detection applications:
Ayasdi reports that it’s platform runs on a Topological Data Analysis (TDA), which was developed for a project funded by DARPA
Below is short 2-minute promotion from Ayasdi where its core team members explore how the platform might be beneficial to enterprises in different applications:
Our preliminary research led us to two case studies from which we discuss their collaboration with Citi Group in further detail. According to a 2017 case study from Ayasdi, the company was chosen by Citi to help create justifiable models of Citi’s revenue and capital reserve forecast to pass the Federal Reserve’s Comprehensive Capital Analysis and Review (CCAR) process (which was initiated after the 2008 financial recession to a bank’s financial foundation).
Before working with Ayasdi to improve it’s capital planning process, Citi had failed the first two out of three annual CCAR stress tests. Ayasdi’s first steps with the company involved using subject matter expertise from the leaders of the bank’s business units regarding to review some of the banks macro-economic variables like revenue and capital reserves as stipulated Federal Reserve.
Ayasdi claims the machine learning platform was then used to correlate the impact of these variables on each business unit’s monthly revenue performance over a six-month period and models were developed to predict the future performance of these business units. Lastly, Ayasdi claims that the business unit heads were once again roped in to evaluate the predictive model final performance.
According to Ayasdi, streamlined Citi’s nine-month process requiring hundreds of employees to a three-month process, utilizing less than 100 employees.
Along with Citi, the company has also worked with HSBC for an anti-money laundering application. An Ayasdi brochure also claims that one of the Top 3 Nordic Banks used the AMA platform to predict the probability of default models for mortgages, identified strong and weak fit areas, and adjust their models with targeted fixes. The brochure did not go into further detail about this client’s use of the program.
Automation for Tracking and Monitoring Regulatory Changes
London-based CUBE, was founded in 2011 and claims to offer a RegTech platform that can help businesses cut regulatory costs and minimize risk of non-compliance. The 94-employee company claims their platform can assist in predicting compliance risk, automating AML, Know Your Customer (KYC) and Cyber/information security processes.
CUBE states that the platform uses machine learning to help enterprises to automatically keep track of global regulatory data and prompt alerts by detecting regulatory changes that pose a compliance risk. The company claims it has created a regulatory ‘data lake’ that covers the regulations for financial services organizations across the globe. We, however, could find no evidence of how extensive their database is.
Below is a four-minute interview from the International Compliance Association where CUBE Founder and CEO Ben Richmond explores the role of AI in managing regulatory risks and details how CUBE is applying AI to this problem:
According to CUBE’s website, some ways in which enterprises might benefit from CUBE’s regtech platform include:
- Helping Identify global regulations and compliance requirements and automatically keep track of any changes to these regulations.
- Enterprises might identify in real-time internal regulatory gaps in policies and procedures
- Businesses engaging in cross-border selling might use the CUBE platform to gain an understanding of the rules and regulations for business across borders and build controls into internal company procedures.
During the 2nd annual DIT UK trade mission to Empire FinTech Week in April 2018, the Department of International Trade (DIT) in the United Kingdom chose CUBE as one of the 15 “UK-based FinTech startups” for actively entering the US market as part of the official delegation from UK to engage with US regulators to reduce barriers to doing business.
CUBE’s current CEO Ben Richmond is a 20 year veteran in the technology sector, specializing in better leveraging unstructured data. Richmond is also the Chief Executive of the International RegTech Association (IRTA).
We could not find any details on how CUBE’s RegTech platform analysed regulatory information from their data lake to prompt compliance actions to their clients or any evidence of robust case studies.
Compliance.ai is a Silicon Valley startup founded in 2016 with around 26 employees. The company has launched a platform that they claim uses machine learning to improve search, monitoring and tracking of regulatory content relevant to financial organizations.
Compliance.ai states that the platform’s Team Edition might enable banks and other financial institutions to automate research, as well as track financial regulatory content and regulatory updates in one place. Compliance.ai also says its platform curates financial regulatory content from sources like federal and state-level regulatory agencies, executive orders, whitepapers and news media.
Leadership level executives at banks might work alongside a team from compliance.ai to help them understand their global and individual jurisdictional presence, according to the company. The platform can then be integrated with the banks existing systems and can potentially prompt compliance officers at the bank with alerts for compliance risks after cross-checking its curated database.
Below is a one-minute video from Compliance.ai giving an overview of how their platform claims it can help financial institutions:
According to the company, financial institutions might apply Compliance AI’s platform in these ways:
- To keep up with regulatory changes by using “expert-in-the-loop” machine learning models to comb through regulatory content. The company claims Compliance.ei can automatically classify this content to find high-risk compliances and then send a suggested action to the bank’s compliance officers.
- Compliance officers at an enterprise might choose integrate the Compliance.ai platform within an existing compliance team’s digital infrastructure to automatically collect and curate financial regulatory data. The company claims that this could insure that no new regulatory rules are being infringed upon.
In a testimonial, Illeana Falticeti, VP of Compliance at Cloud Lending Solutions said, “Managing and optimizing time, resources and skills management are the challenges where products like Compliance.ai may help financial services players with.” She notes her experience with the platform in the video below:
In one case study, Compliance.ai claims to have worked with the Bank of Marin (Headquartered in California) to help automate the banks’ regulatory tracking processes which was previously done manually by compliance officers.
According to the case study, the bank’s compliance officers would constantly track regulatory changes from the websites or newsletters of its regulatory bodies such as the Federal Deposit Insurance Corporation (FDIC) and state regulators like the California Department of Business Oversight.
Compliance.ai claims that its platform was able to automatically identify the most relevant compliance requirements from an ocean of regulatory information from multiple state and federal sources. Although Compliance.ai claims that the Bank of Marin realized a return on investment in terms of time spent for compliance employees, no further data on the cost of the integration or its end results could be found.
Compliance.ai CEO and Co-founder Danielle Deibler is also the Co-President of the International RegTech Association (IRTA) in the Bay Area and has previously worked with mobile application development. We could not find anyone with robust experience in AI development in the executive leadership team at Compliance.ai, although according to their LinkedIn page, three employees specialize in data science and machine learning.
Text IQ is a San Francisco-based AI startup founded in 2014. With roughly 32 employees, the company offers risk and compliance software for enterprises, law firms and government agencies which the company claims uses machine learning to identify sensitive and compromising in big data (like internal business data records).
Text IQ offers a platform tailored for Chief Compliance Officers. The company claims it combines natural language processing with relationship analysis and aims to narrow down document sets to manageable sizes for human officials to review.
Here are a few examples of how Test IQ claims the platform can be used:
- The chief compliance officer at a financial institution might be able to cut down the time spent in keeping track of FCPA, GDPR, anti-money laundering or insider trading risks by ‘summarizing’ only the relevant regulatory content from all the authorities into a document that can be reviewed by a human officer.
- A consumer goods manufacturing company might be able to find systemic behaviors in employee work patterns that are in violation of the law or internal policies leading to regulatory infringement.
During our preliminary research we found no evidence of successful case studies from enterprises using the Text IQ platform specifically for regulatory compliance although there seems to be some evidence that Wendy Riggs the senior manager of eDiscovery and litigation operations at Twitter Twitter was interested in a demonstration from Text IQ for using their platform in an eDiscovery application.
Text IQ was co-founded by CEO, Apoorv Agarwal who earned a PhD in computer science from Columbia University in New York. The company also claims that over 70 percent of its team are either PhD or master’s degree holders in computer science, however, we could not confirm this through research on the company site, Linkedin or Crunchbase.
Machine Learning For Enterprise Email Filtering
Tessian (formerly CheckRecipient)
According to the General Data Protection Regulation (GDPR) regulations in Europe, enterprises can be fined up to 20 million euros or four percent of their annual global turnovers for infringing on data security laws, including instances like misaddressed or unauthorized emails.
London-based Tessian, founded in 2013 provides an enterprise email security platform which the company claims uses machine learning to help prevent sensitive emails in an enterprise from being sent to the wrong person. The 58 employee company claims their platform can potentially detect emails that may lead to data loss (example – misaddressed emails) or a data security threats (emails to unauthorized accounts).
Tessian claims that their platform can analyze historical enterprise email data (such as the records of all the incoming and outgoing emails sent by a particular team or employee) and ‘understand’ patterns in email behavior of employees (such as regular emails with sensitive information to persons external to the company) to devise security filters.
According to the company, once these patterns are recorded, the platform monitors outgoing emails of employees and can potentially spot anomalies like, “recipient looks unusual for the context of this mail,” or ‘top secret project data detected in this email.” Employees can then ensure that there are no breaches to data security more efficiently.
Taylor Vinters, a law firm in the UK, used Tessian’s platform to ensure that the company’s data security was in alignment with the GDPR regulations which included preventing email breaches proactively.
Steve Sumner, Director of IT at Taylor Vinters, explains in the video below that the law firm needed to upgrade their email security since traditional rule-based security in Microsoft Outlook (which they previously used) was time-consuming and inefficient.
Tessian claims that Com Laude, a brand protection and corporate domain name management services provider, used the platform to implement a regulatory framework for their internal communication policies. No further details of the case study, including how long the integration process was or other quantifiable end-results, could be found.
Tessian was founded by Tim Sadler, Ed Bishop and Tom Adams, all of whom were graduates from Imperial College London. We were unable to find evidence of the Tessian leadership team’s robust academic or business experience with artificial intelligence in the past.
Our research concludes the following themes:
- Artificial intelligence applications in RegTech are in their infancy today although regulatory compliance is ripe for automation through AI, as evidenced by the emergence of many startups and AI vendors in the space.
- The major applications today seem to be around using predictive analytics to stress test a company’s business performance under different market conditions, automatically tracking compliance requirements and establishing an email monitoring and filtering systems.
We also took note of two themes that business leaders may be interested in:
- Data security regulations have been steadily getting more strict and with the recent GDPR mandate in the EU, businesses can expect that data security norms might get tighter in the future.
- AI use-cases in RegTech are still few in number and the next two to five years might see the emergence of many established AI applications – just as was seen for AI applications FinTech.
*This article first appeared on Emerj.