The inaugural AI Discussion Forum hosted by the Compliance Institute Southern Africa and sponsored by Afriwise on 21 November 2024, garnered tremendous attention from the African compliance fraternity. What is it about the intersection of technology and regulation that triggers such interest?
Having been an in-house head of compliance myself for almost two decades and listening to the challenges and pain points faced by many in-house compliance practitioners currently, the truth is that we all really want the same thing, which is to fast-track compliance in the quickest and most cost-effective way. Yet, why are so many in-house compliance teams “stuck” with their in-house compliance programmes?
In an assessment of where most in-house compliance teams are currently focussed, the reality is that very few in-house teams have progressed beyond building and formulating their legal registers. Even for those who do have these in place, they are struggling to maintain their registers, due to the extensive manual maintenance required to migrate regulatory content from a platform onto a spreadsheet. Yes, most legal registers exist on spreadsheets! Very few of the in-house compliance teams have meaningfully moved beyond this point into the actual nitty-gritty of data-driven and evidence-based compliance required for the effective management of regulatory risk and addressing identified non-compliances in their business and operational environments.
This is where the potential of AI exists in compliance. I anticipate that the dream of every in-house compliance team lies in legal registers that automatically update with changes and developments in law, laws that are automatically risk assessed and ranked for prioritisation and whole pieces of legislation and regulations that can be structured and curated into nifty checklists of only the material obligations that tell you exactly what you need to do to be compliant. This is just the tip of the iceberg of the potential of AI to fast-track lagging compliance programmes in the most cost-effective way, without time-consuming manual processing (as is the common practice), the necessity for investments in large, cumbersome and expensive systems (which often turn out to be “white elephants” by the time the system is fully customised and implemented), or ever-expanding legal and compliance teams (which are simply no longer the norm), and with the possibility of reducing what was traditionally a 10 or 20-step process, into a 5-step process.
If these are the possibilities, then the ask is for compliance officers to think outside the box, shift away from the traditional ways of doing things, and get creative with how AI can be used as an effective compliance management tool to complement existing in-house compliance teams and programmes. AI gives the compliance fraternity the chance to re-define and reinvent what compliance means for business.
However, it’s not to say that AI is the miracle cure for all compliance challenges and pain points, and as with any form of innovation and technology, there are certain criteria that should be applied to ensure that the use of AI in the context of compliance is appropriate and effective for the specific business environment.
Without getting into the technicalities of AI, which I encourage compliance practitioners to start getting familiar with, some of the criteria to test whether AI is a suitable tool for your compliance environment is to test for the following principles:
1) Simplicity over Complexity: An AI solution must be designed to simplify your regulatory lifecycles and not make them more cumbersome with unnecessary steps and processes that will be too difficult to sustain over a full regulatory universe. If the solution has one too many clicks, steps or dependencies for it to give you what you need, then it has defeated the point of an AI-driven solution.
2) Solution vs. System Approach: An integrated approach to compliance requires three components, being firstly, updated, accurate and real-time regulatory content feeding in into the second component, being an underlying risk-based methodology that automatically runs on a simple and user-friendly platform for purposes of managing regulatory risk lifecycles, and thirdly, the appropriate in-house resourcing (both within and outside compliance teams) that will be able to navigate their way around these components for the effective identification and management of compliance risks. A solution-driven approach creates the flexibility to create tailored fit-for-purpose offerings. A system approach is often wrought with dependencies such as requirements for data interfaces and linkages, lack of flexibility (one-shoe-fits-all approach), cumbersome built-in risk methodologies, that cannot be changed, etc. Compliance practitioners are encouraged to take a solution-based approach when integrating AI into their environments, as solutions must be capable of flexibility and with the ability to be designed according to the specific profile of the business and the in-house compliance team.
3) Cost Effectiveness: The beauty of AI, automation and machine learning is that it remains repetitive and continuous once effectively programmed and trained. AI is inherently equipped to be continuously improving. This means that AI-driven solutions should be technically less expensive and more cost-effective than ready-made off-the-shelf systems that may require significant customisations at additional costs, especially when integrating into existing in-house IT systems. If you are paying an “arm and a leg” for your AI-driven technology, it may be worth checking why, and interrogating the development of the solution, to understand what is driving the cost of the solution to increase significantly.
4) Minimal Impact on Resourcing, Complements Existing Capacity: AI-driven compliance solutions should be complementary and fit-for-purpose to any environment. If you are investing in an AI solution that requires additional investment in a new and bigger team of people and resourcing just to man, navigate or maintain the solution, this may be defeating the purpose and objectives of adopting an AI-driven solution, and may be considered a possible red flag.
5) Ability to Authenticate and Validate: If you are adopting an AI-driven technology solution that combines regulatory content with an automated platform, and you don’t have access to or visibility of the source content, this may place your entire solution and investment at risk of possible inaccuracies and poor-quality information. Not having visibility and transparency of the source content (especially legal and regulatory content that you place reliance on for decision-making purposes) and not understanding how it is being curated and processed using AI is a material risk for any legal and compliance officer. If your service provider cannot explain this to you in simple terms or is unable to demonstrate, validate or authenticate their sources of regulatory content or data, then this may not be a suitable or appropriate investment, and may in fact be creating more compliance risks rather than reducing these risks.
AI is no longer a tool for the future; it’s here and transforming compliance in real time. From structuring data to guiding optimal actions, AI empowers compliance teams to innovate, simplify, and excel.
As compliance professionals, we have a unique opportunity to embrace these tools and lead the way into this new era. AI doesn’t just make our jobs faster—it makes them better. The challenge now is to integrate AI thoughtfully, ensuring our programmes are not just efficient but also ethical and evidence-based.
Let’s seize this moment and reimagine compliance for the better.
--
This article was written by VIshala Panday - Head of Compliance Services at Afriwise and Steven De Backer - Founder & CEO of Afriwise, for CISA
