Accenture’s Irene Liu and team discuss the use of NLP technology within compliance functions, as well as the adoption challenges and how to address them.
In Accenture’s Compliance Risk Study 2022, more than 9 in 10 respondents agreed or strongly agreed that advanced technologies would make compliance easier by increasing automation, reducing human errors and making processes more effective and efficient.
One such technology is Natural Language Processing (NLP), a form of Artificial Intelligence (AI) which allows computers to make sense of human input and use it to make decisions, perform actions or generate responses which can be understood by humans.
Within the realm of regulatory compliance, NLP adoption has largely focused on use cases such as regulatory interpretation, Anti-Money Laundering (AML) / Know Your Customer (KYC) and Conduct Risk. As with any new technology, organisations must carefully navigate around some of its pitfalls.
In this article, we will explore the application of NLP in regulatory compliance, some of its most common challenges, investigate industry trends that may impact its adoption, and offer recommendations on how organisations can commence or expand the use of NLP within their compliance functions.
Application of NLP in Regulatory Compliance
The potential use of NLP in regulatory compliance has been gaining the spotlight in recent years, with even regulators such as the Hong Kong Monetary Authority (HKMA) and Monetary Authority of Singapore (MAS) recognising its capability to aid compliance functions. In this section, we explore the most common use cases for NLP, and how and why they are more successful than other use cases.
1. Regulatory Interpretation
NLP can be used to reduce the time that compliance professionals spend interpreting regulations. According to Thomson Reuters’ Cost of Compliance 2022 study, 40% of Global Systemically Important Banks (G-SIBs) spend between 8 and 10 hours per week tracking and interpreting regulatory changes.
In a world where there is an exponential increase in regulatory requirements (10 new regulations per day in 2004 to 185 per day in 2017), this imposes a huge demand on regulatory practitioners’ time to understand the requirements and ensure consistency of such interpretations with their peers in the industry and with regulators’ expectations.
With NLP-based solutions, the identification, analysis and even interpretation and implementation of such revisions can be automated on an ongoing basis. In place of compliance professionals, NLP can parse vast amounts of unstructured regulatory requirements across multiple regulatory sites and databases and extract key information such as applicable regulatory requirements for analysis.
The popularity of NLP has been driven by its ability to maintain consistency across interpretations across various regulations, and its low reliance on human intervention, which could be subjective and result in inconsistencies over time.
Beyond this, NLP also allows compliance professionals to focus on more value-added tasks, which require human analysis.
2. AML / KYC
The use of NLP in AML / KYC can help alleviate the issue of poor data quality (e.g. lack of completeness or clarity), which according to Refinitiv, is the greatest roadblock to successful screening.
As per the Financial Action Task Force (FATF), NLP is capable of synthesising disparate pieces of information on an entity originating from multiple sources to paint a more holistic picture of an entity during the screening process. Leveraging techniques including named entity recognition, sentiment analysis, part-of-speech tagging and matching – NLP can, for example, augment search engine results with the results of PEP lists and sanctions lists screenings.
In addition, through text analysis, NLP can be used to enhance the success of fraud detection. Researchers have found that the use of NLP on annual reports – to distinguish linguistic features that typically indicate fraud – can increase the accuracy of fraud detection from 56.75% to 89.51%.
Within the financial services industry, regulators and financial institutions (FIs) have been increasing their use of NLP for AML/KYC initiatives. For example, MAS has implemented NLP to extract key information from Suspicious Transactions Reports (STRs) filed by FIs, using the technology to identify organisations (and groups of organisations) that may have been registered under multiple like names in different FIs.
In this manner, any suspicious transactions can be traced back to other transactions from the same entity from different FIs. This is then further analysed using network analytics to highlight if they resemble money laundering typologies.
On the banking front, UBS has implemented an AML/ KYC platform that leverages NLP, among other technologies, to ingest data from public sources and merge it with existing customers’ information.
3. Conduct Risk
Another area in which the adoption of NLP has risen is conduct risk monitoring. Given that FIs have a large amount of text-based data (including transcriptions of client telephone calls) on relationship managers’ (RM) interactions with clients, NLP has massive potential to improve conduct risk controls and monitoring.
As noted by the Group of Thirty, sentiment analysis can be used to identify customer dissatisfaction or complaints which are indicative of sales misconduct. Furthermore, NLP can also understand the context of customer complaints, ranging from RMs’ insufficient explanations of product features to excessive hard selling. Such analysis can then be used to identify trends in customer complaints, allowing FIs to take the necessary remedial actions.
Challenges Impeding the Speed of NLP Adoption
As much as the potential utility of NLP has been gaining the spotlight, key challenges remain which have impeded the speed of its adoption across the industry. These relate to data availability, the technical expertise required for effective rollout, and the complexity of regulatory texts written in multiple languages.
1. Data Availability
To obtain accurate and reliable NLP results, organisations would need to fine-tune their models, for which reliably annotated, domain-specific data sets are necessary. This has proven to be a challenge: a 2021 NLP Industry survey saw 39% of Technical Leaders cite difficulty in fine-tuning as the main challenge with NLP adoption.
Furthermore, as regulations are ever-evolving, NLP models would have to be constantly fine-tuned to keep up with newly emerging regulatory demands. Within the regulated financial services industry, it becomes even more complicated as institutions may be involved in different types of businesses such as retail, corporate, money markets, trade finance, asset management, etc.
The very same regulations may need a different application and hence, datasets across different units. Therefore, to get confidence in the interpretation and application of NLP, it may be necessary to obtain sufficient datasets across multiple FIs to train the NLP models to become more adaptable to industry standards.
2. Technical expertise
To effectively roll out NLP solutions, firms would need to acquire the necessary technical expertise which may prove a challenge, particularly within the context of compliance. For effective fine-tuning, compliance functions and professionals would need to develop and exhibit a confluence of compliance domain expertise and AI technical skills.
Yet, such skillsets are currently disparate within the industry. According to Accenture’s recent report, The Art of AI Maturity, a survey of 850 C-suite executives cited the lack of talent who are familiar with AI and regulation as one of the top challenges in organisations developing regulatory compliant AI models.
This need has become much more prevalent in recent years, prompting some universities to begin offering Financial Forensics as a new undergraduate major that covers legal understanding, technology and analytics as core modules, to cope with the demand. However, until such time when the graduates get into the workforce and gain sufficient experience, this lack of technical expertise will remain a challenge.
3. Complexity of text and multiple languages
While language technology has grown exponentially for some languages, it is lagging in the majority of others. One of the main challenges of broadening the scope of NLP to the underserved languages is the recognition of cultural nuance. Without sufficient cultural sensitivity, it would be easy for NLP to misinterpret regulatory requirements and compliance data.
For example, in the annotation of data to train NLP models, annotators working on the detection of hate speech or aggression, which inherently involves a degree of subjectivity, may subconsciously allow their biases or values to manifest.
Industry Trends That May Accelerate NLP Adoption
Notwithstanding the challenges outlined, we expect that NLP adoption within regulatory compliance might gain more momentum in the near future given industry trends, such as the rising prevalence of Machine-Readable Regulations (MRR) and the shift towards granular data submissions and Machine-Executable Regulations (MER).
1. Rising Prevalence of Machine-Readable Regulations
To address the issue of rising complexity and associated costs of regulatory compliance, both the official and private sectors have embarked on initiatives to enable machine-readable regulations. These machine-readable regulations involve the codification of supervisory regulations such that the technical systems, with the aid of NLP, can perform the needful interpretations to reduce the divide between regulatory interpretation and intent.
For example, derivatives market participants are collaborating on an industry initiative – Machine-Readable and Executable Reporting (MRER) to publish an amended US Commodity Futures Trading Commission (CFTC) and European Market Infrastructure Regulation (EMIR) trade reporting requirements which are machine-readable.
In this initiative, reporting rules are published as executable codes that can be automatically read and interpreted by the IT systems of reporting entities. The impetus of this was to reduce the complexity and cost of interpretation, and bring the focus of the FIs towards improving data quality.
In the UK, the Financial Conduct Authority (FCA) is working on creating its own set of machine-readable and executable regulations.
With NLP as one of the key pillars supporting machine-readable regulations, its use in regulatory compliance can be expected to rise significantly going forward.
2. Shift Towards Granular Data Submissions
A key enabler to being machine-readable and machine-executable is granular data submissions. A number of financial regulators have been exploring the use of granular data submissions to reduce ad-hoc reporting, remove duplicative reporting requirements and enable the use of data for multiple supervisory analyses.
The Bank for International Settlements (BIS) had in 2021 undertaken Project Ellipse which investigated how data-driven supervision could be enabled by machine-executable digital reporting, using a cross-border common data model that captures detailed data attributes. Additionally, the project explored the application of advanced analytics, alongside with NLP, to identify risk correlations and analyse sentiment, through the integration of granular regulatory reporting data and unstructured data.
In addition to enabling MER, such developments could also augment how organisations will be supervised by their regulators, creating an impetus for regulatory compliance and risk functions to adopt NLP as part of their internal risk and compliance assessments.
Bearing in mind NLP’s considerable potential to empower compliance functions as well as recent industry trends, and notwithstanding the challenges, the wider adoption of NLP within the regulatory compliance space is a question of when, not if. For organisations commencing or continuing their NLP implementation journeys, they should consider the following.
1. Secure Organisational Buy-In Early with Quick Wins
Accenture’s Compliance Risk Study 2022 found that although many organisations recognise the need for technological investments to support compliance functions, many compliance leaders are facing mandates to alleviate compliance costs in a time of wide-ranging cost-cutting measures.
Hence, it is recommended that compliance officers, when commencing their NLP journey, start with their desired use cases in mind. While the potential use of NLP may be wide-ranging, it is crucial to take a measured, incremental approach – by piloting NLP implementation in areas that could yield quick wins, compliance professionals would be better positioned to secure organisational buy-in for further adoption of the technology down the line.
For organisations that may be more advanced in their NLP journey, our report found that many compliance officers are considering right-shoring and outsourcing. This could potentially reduce costs, increase access to the requisite talent, and free up funds for future investments.
2. Mitigate Organisational Adoptions Risks
With the rapidly expanding use of NLP not only within compliance, but across multiple functions within organisations, it is crucial that compliance functions take an organisation-wide view in the mitigation of NLP adoption risks.
For instance, the use of NLP in credit decisioning (e.g., by analysing the emotional state or entrepreneurial mindset of the borrower) could lead to reputation and regulatory risks if it leads to biased decision-making.
As the world evolves to a state where AI is used extensively for decision making, responsibility by design is of rising importance. To that end, FIs should ensure that the adoption of NLP is underpinned by robust and consistent model risk management practices and that it is aligned to societal and ethical norms and the rest of the organisation.
This may prove a challenge, however, as according to Accenture’s Compliance Risk Study 2022, only 19% of respondents currently believe that their risk assessment process is fully integrated across their business. Hence, it is key that compliance departments focus on building a culture of compliance to ensure responsibility is shared across the organisation for a seamless and compliant roll out of new technologies such as NLP.
3. Manage Regulatory Expectations
Given the potential pitfalls of NLP, the use of such technology in the compliance space may invite regulatory attention, or even scrutiny. Keeping this in mind, organisations should take proactive steps to manage regulatory expectations.
This should include having robust documentation on the use of NLP technology backed by strong use cases, putting in place robust model risk management practices across the model lifecycle, and having clearly defined roles and responsibilities. Regulators are also seeking individual accountability on whether the FIs’ interpretations are made by humans or machines.
Additionally, global regulators and standards setting bodies are continuing to shape and refine AI governance standards and promote Responsible AI. Examples include the Veritas Initiative in Singapore and Ethical Guidelines for Trustworthy AI in EU. Hence, organisations need to incorporate horizon scanning capabilities to identify new requirements and data lineage capabilities to track changes to the NLP models to ensure traceability and auditability.
4. Experiment with Regulatory Sandboxes
FIs seeking to implement innovative NLP solutions should consider collaborating with regulators via a regulatory sandbox environment. This would allow them to experiment and test their use cases in fail-safe environments, with some legal and regulatory requirements relaxed for a defined period.
Testing of the NLP model on production data can be performed in a regulatory environment where outcomes can be monitored and deviations managed safely without any repercussions on the business, hence increasing the compliance of the model.
The regulatory sandbox approach also offers the advantage of proximity to regulators, allowing them to analyse and understand the business models, which helps in expectation management. Moving beyond the regulatory sandbox following a successful pilot is the final but most critical step to productionalise and scale NLP models.
5. Build vs buy
Before embarking on an immediate decision to start building their own NLP models, FIs can consider a ready suite of tools in the market that can be harnessed to fulfill their needs. Some FIs have chosen to partner with fintech firms whilst others have chosen to develop their NLP capabilities in-house.
For FIs that decide to build, they should explore available regulatory or government support for their NLP adoption. For example, given NLP’s abiility to generate richer insights and facilitate better decision-making, Singapore-based FIs could also apply for the Artificial Intelligence and Data Analytics (AIDA) grant, which covers up to 50% of qualifying expenditures.
In Hong Kong, HKMA and Cyberport have launched various initiatives such as the AML Regtech Lab (AMLab) to focus on “enabling technologies” to support the industry. By participating in industry initiatives, FIs would be able to gain access to a larger pool of domain-specific data and technical expertise, addressing some of the major challenges of NLP implementation.
NLP has become a key tool in the design of the next generation of regulatory compliance processes, and undoubtedly has the potential to transform the regulatory compliance function as we know it today. Yet, as with any emerging technology, there exist challenges that might hinder firms from either adopting or fully investing in it.
Nevertheless, with all the benefits that NLP could bring, compliance functions would do well to consider NLP use cases and how the technology can enhance their capabilities, leveraging the government and regulatory support available.
The widespread adoption of NLP is but a matter of time, and compliance functions should start preparing now.
By Irene Liu, Catherine Lee, Cheuk Yin Lee, and Michael Wongsosaputro at Accenture.