To: Alan Turing; Re: Decipher Enigma, Regulatory Compliance cc: IBM Watson, Deloitte
Hey Alan,
Saw you in the movie, looking good! Needless to say that if you get Cumberbatch to play you, you're pretty much up there. Oh, and sorry about the all the persecution. Truly sorry.
Well, you might be happy to know that we haven't started WW3 (yet!) and your inventions have largely been used for peaceful purposes. AI and machine learning, along with what some are calling 'Cognitive' is really taking off. The seeds you sowed are bearing fruit, and oh boy, are people lining up for the goodies. It all started with machines that won Jeopardy, defeated Garry Kasparov in chess (which may have actually spurned the modern generation of reality TV with the wild accusation flinging), and yet another which won a game called Go against world champion Lee Sedol. No, Alan, don't dismiss these as mere games/trifle, as they are launchpads to several use-cases that have benefited humanity on a large scale.
But enough about the past. This is a heads up for an interesting use case that's coming to a cloud near you, soon. Today's Enigma is banking regulatory compliance. Why? Plenty of reasons (below), but mainly because it's extremely complicated, ever changing, and has dire consequences if not deciphered and acted upon. Sound familiar? The bottom-line is, we have tried throwing more money and labor at the problem, but as you well know, that approach does not scale.
"Only a machine can decipher the regulatory monster that awaits banks today."
The Regulatory Compliance Enigma in Banking
Banks are fighting a losing battle everyday with regulatory compliance, with no end in sight. Industry watchers estimate that US based banks are required to read through 20,000 pages of new regulations – and that’s a conservative estimate – to ensure that they don’t violate state or federal regulations. The number increases exponentially as banks expand internationally. Bottomline: Compliance is a nightmare, even for those that are trying very, very hard, even more so as these lengthy regulations are published in written text (PDFs or documents) which have to be combed through manually with florescent markers by an army of lawyers to decipher and ultimately, arrive at IT controls.
IBM Watson, with its cognitive arsenal, and Deloitte, with it's deep expertise in the compliance market, are attempting to reduce the pain points associated with this process through cognitive/intelligent automation. This is a significant announcement as it’s cognitive computing and deep industry expertise applied to a business pain-point, with the potential to unlock significant business value.
Cognitive systems can contextually understand ‘action items’ in regulatory documents
Enter Watson. No, not the jeopardy playing artificial intelligence machine – that no longer exists. Instead, Watson is now a group of cognitive, domain-specific services that can be used by enterprises. For the banking industry, IBM proposes to provide a Watson enabled service that, in effect, ingests all regulation (as documents or PDF) and parses (through natural language processing, identity resolution, matching, etc.) through the documents looking for potential obligations. To do this, it must be context aware, semantically nuanced, and have an idea of what banks are looking for. This is where the trainer steps in: consultants, service providers, or even compliance analysts can “train” Watson through ontologies and taxonomies to help it understand what to look for. At this point, Deloitte provides the control library, contributing to an ongoing process of telling Watson, 'yes this is a valid obligation, or no this one isn't, – knowledge is an essential ingredient for any cognitive service, and Deloitte/IBM are making significant upfront investments to ensure that customers find long term value. Once potential obligations are identified, they can be validated by a human compliance analyst. After obligations are validated, they are then mapped to controls, with Deloitte throwing in the weight of their consulting and banking expertise to ensure that best practices are followed and bank specific controls are designed. Future versions of the service will focus on importing existing controls from vendors.
Is it accurate? Regulators are not known to be forgiving.
The short answer is – yes, if you acknowledge that humans make errors as well. A compliance analyst is equally likely to make an occasional oversight, and any cognitive system’s abilities are only as good as the human intelligence that gets it started. No magic there, but IBM Watson does learn very quickly how to spot critical things that matter in-context. The alternative to have a lawyer/paralegal manually read through the pages and highlight the obligations – again, not a foolproof process. To start with, IBM Watson uses guided machine learning, where it learns from a massive repository of cases where experts have completed the task. Also, it operates on confidence levels and can flag up things it thinks may be attention worthy – erring on the side of caution. The most important advantage is that it learns over time to be more and more accurate with a higher degree of certainty and can reduce the grunt work for a compliance analyst by a degree of magnitude. Also, since it can be fed drafts of new regulations (these are published on a regular basis) which generates more fodder for Watson to learn from.
What to expect and watch out for
At this point, the solution is not ‘generally available’ and will likely hit the market in Q3. There are some details that need ironing out – such as, how would such a service be priced? It will likely be a model based on the amount of data ingested and a services element, but banks could argue that ingesting 2000 pages of the Dodd Frank act is not the same as ingesting 2000 pages of the home mortgage act, and so on. It is imperative that IBM-Deloitte play this by ear and work with their long term clients to shape the offering. The product roadmap will likely focus on developing integration points to existing GRC solutions and may even gravitate towards making it easy for regulators to specify controls for banks. IBM OpenPages has a new module called Regulatory Compliance Management which supports firms in breaking down regulations into a catalog of requirements, evaluating its impact on the business, and creating actionable tasks. For banks, it pays to be aware of this offering as it has the potential to drastically reduce compliance costs and make the process less painful.
Best Regards,
Surya