AI-Powered Risk Management: Making the Case to Regulators
Listen to the article.
As the industry fundamentally shifts to include more communication channels like WhatsApp, Teams, and social media, we’re faced with capturing and supervising vast amounts of data. The need to streamline and scale a more effective supervision review process has never been greater. But how can we keep from sinking under the weight of all this new data?
Instead of sifting through an immeasurable amount of data, artificial intelligence (AI) can be deployed to filter out false positives and lower the risk of duplicative content from your review stream. AI can also spot patterns of misconduct more effectively to help reveal and identify risks.
"How would I explain AI models to regulators?"
That’s a question on a lot of compliance personnel’s minds. As part of the regulatory supervision requirements, we will need to incorporate interpretability and explainability into our AI model risk management policies and procedures. As two sides to the same coin, you will need to understand how the model works and then be able to articulate its inner workings.
The idea of having to interpret and explain complicated AI models may seem intimidating. Firms will need to explain these complicated data processes into “plain language” terminology for regulators. With numerous misconduct incidents such as fraud and bias in the market, regulators will want validation that you understand how your model works, how outputs are derived, and how you are supervising those outputs relative to your legal and regulatory obligations.
You’ll need to be able to answer how you can:
- Clearly interpret and articulate your data
- Validate that your data is consistent and reasonable
- Define what metrics you will use to observe and reconcile your data inputs and outputs
- Identify and remove bias within your model, along with other ethical or fairness considerations
- Incorporate certain thresholds within your model, and how those will be tested
- Augment your analytic scenarios to ensure tightly targeted alerts to reduce false positives
What regulators are looking for
Particularly for critical compliance functions, you’ll want to avoid complicated, unexplainable alerts. It’s also important that these analytic scenarios can be augmented with content filters and lexicons to refine and target alerts without retraining the model.
To avoid the “black box effect,” regulators have identified the following areas to consider when establishing policies and procedures related to explainability.
1. Include explainability as a key component in your risk management process.
This may include a detailed summary of the key inputs and all rationales for outputs. The objective is generally to test that the same inputs will produce the same outputs. Ensure that your approach is auditable.
When testing, consider using a team that is separate from the team that created the scenarios, or a third-party vendor, to help eliminate conflicts of interest.
Perform initial and ongoing testing of your scenarios as part of your model risk management process. Over time, consider how communication behaviors will change. The model will need to be agile without losing explainability. What new risks or policies will you need to consider for your models? How will a new communication channel affect your model?
2. Establish risked-based thresholds and limitations to help set guardrails for outputs or actions.
When looking at your data set, consider what types of communication may need additional guardrails or thresholds based on risks such as insider trading, complaints, and other prohibited actions of the firm. For higher-risk items, you may also consider adding additional lexicons and data filters to supplement your review.
3. Include a human component into your review.
This component will help ensure the firm’s policies and procedures as well as regulatory obligations are being met.
Are you able to track communications behaviors across different modalities? For example, are employee conversations that move from text to email to Teams chat trackable? Have you engaged with the appropriate subject matter experts (e.g., compliance, IT, legal) to help validate the data?
Collaboration is crucial as a key component of explainability. Subject matter experts must be able to plainly describe these processes to both regulators and senior management and investors.
Other important aspects to consider
An important part of data governance is identifying your communications data set. By leveraging a third-party vendor like Smarsh, you can create a centralized communications data strategy.
The quality of your alerts will depend on the quality of the input. A centralized communications strategy will allow for a less fragmented supervision environment where you can bring all your communications data into better context.
You can preserve the full context of the conversations that switch modalities, including:
- Following conversations moving from email to text messaging
- The use of emojis
- Language transcriptions
By preserving the full context of the conversation, your scenarios will be more efficient and effective at identifying any possible violations.
How Smarsh can help
Like many areas of this industry, regulations, data science and technology don’t exist in separate silos. They interact and influence each other.
While building analytics that can move us forward from a traditional lexicon-based review approach to a more risk-based review, the scenarios will need to contend with factors such as:
- Model risk management
- Data governance
Smarsh AI-powered analytics can help to understand human communications and behavior more deeply while also identifying critical insights within that data, including:
- Increased risk discovery with scenarios identifying new and emerging risks
- Reduced false positives and improved identification of true positives more precisely
- Proactive management of legal, internal, cybersecurity, brand, and privacy risks
- Lower operating costs from disparate technologies and inefficient review processes
The Smarsh Enterprise platform is a single, cloud-native platform that scales to the size of the challenges you face. Unlock the signals in your communications and focus on what is important to your business.
Share this post!
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.
Ready to enable compliant productivity?
Join the 6,500+ customers using Smarsh to drive their business forward.