AI in Compliance: Bridging the Business and Technology Divide 

With most financial institutions (FIs) now either using or exploring AI, the key to fully leveraging AI’s power effectively lies in its successful integration with people, process and technology. This is especially true for compliance departments that seek to use AI to keep pace with the fast-moving FinCrime landscape and its sophisticated bad actors.  

Recently, anti-financial crime experts from KeyBank, Blue Ridge Bank, Stripe and WorkFusion gathered to discuss how IT and business can come together to select the right technologies that drive improvements in productivity and ensure that compliance departments can better manage risk and add value to the business with AI-driven solutions. Taking part in the discussion were Tammy Barth-Oakes, Director of Enterprise Security Services & Head of AML Operations at KeyBank; Rebecca (Becky) Schauer Robertson, EVP BSA Officer at Blue Ridge Bank; Paula Borges, Head of FinCrime Controls at Stripe; and Wendy Petty, Chief Revenue Officer at WorkFusion. 

The conversation focused on three key aspects of AI technology adoption: 

• How to drive alignment between the business and technology sides of the house 
• Best practices and common pitfalls attaining cross-organization buy-in 
• Understanding and preparing various regulators 

Here are some highlights from the conversation: 

Aligning all teams, not just IT, Technology and the business 

Tammy from KeyBank stressed the importance of engaging all teams when driving technology innovation into processes. Not only does KeyBank’s AML operations team collaborate with technology and IT teams, but they also engage modeling teams, risk partners, data teams and information security teams. “If you don’t do that, later, everyone wonders what the security strategy is and how AI works in there,” explained Tammy. She noted the need for constant communications that start early and provide as much context as possible. Because AI is such a mystery to many stakeholders, Tammy underscored the need to inform teams about AI solution vendors, POCs (proofs of concept), testing, contract approval, and more so that all teams can come to agreement. 

Paula from Stripe noted that cross-organizational alignment is particularly important in situations where an organization has multiple, disparate systems and solutions in place and is hesitant to yield control to a new AI vendor’s solution. “I don’t think any kind of technology department wants to see their business partners buying everything instead of building.”

However, she stressed that market forces are unique with AI and that IT and technology teams now recognize the need to keep pace by relying on vendors with deep AI and FinCrime expertise. “So, [in my former job at a large bank] we started to see that tension between what is available in the marketplace start to break down those barriers to the cost of entry and just how complex it would be to get the data in a shape that would support a lot of AI adoption.”  

Becky from Blue Ridge Bank focused her comments on the context given to IT. “IT has to understand the why. Why are we seeking this different technology? What are we striving to achieve and whether that be through a technology system which we already have like our transaction monitoring system, a core system or an ancillary system like WorkFusion.” 

Build versus buy 

Paula explained that a Fintech like Stripe is such a different space from traditional banking. She contrasted the mindsets which she experienced between a large bank having a department called “IT” while at Stripe that department is called “engineering.” Engineering departments typically have a first inclination to say, “we can build it all ourselves.” But we should also be asking, “just because we can build it ourselves, should we?” said Paula. “So, we determine what we should build ourselves versus areas where vendors have deep expertise and provide solutions for us. We must be really deliberate in those choices.”  

Her approach to this matter is to avoid prescribing solutions to IT/Engineering, opting instead to define the problem for them and enabling them to devise a solution.  “The biggest shift or most critical element is that we talk to our IT and tech partners to help them understand ‘what is the root cause problem’ and less of ‘what is the solution that I think you need to give me’,” she stated. “Let them be the technology experts and let them do that kind of design and just go against our natural instincts to give them an idea of what we want and let them do it, making sure that we are VERY detailed on the actual problem statement.”  

Tammy’s organization takes three major steps to progress any new solution: 

1. Identify the problem to be solved. When meeting with vendors, check to see if they are really delivering against the defined problem for peer banks.  

2. Understand what’s real versus conceptual. This greatly reduces the number of realistic solution options.  

3. Build out a POC. A POC can guide your development of a business case to show the expected value and prove why certain solutions are needed. “Everyone vendor says that they have AI technology,” explained Tammy. “But who’s really using it in their technology and is it truly deployed at different places?” 

How to brief regulators on the AI technology you’re deploying 

Becky advises that organizations discuss AI technology adoption plans as early as possible with regulators – at the solution consideration stage. “We want to understand upfront what regulators’ concerns are. You need to very knowledgeable about the new technology so that they understand what you’re bringing to the table.” She noted that regulators appreciate it when you bring them the information they need to be comfortable and knowledgeable about your approach and direction. Along with the technology, it’s also important to inform them of any changes to your policies and procedures. “No surprises,” Becky added. 

Paula highlighted the need to build, test and validate your models so that regulators know you’re being thoughtful about the new solution’s impact. “Even how to educate the regulator on things like a migration approach and testing,” Paula explained.  

Paula said that not all regulators are equally knowledgeable. She highlighted OCC and MAS (Monetary Authority of Singapore) as being most knowledgeable. MAS even gives grants to FIs seeking to lean more heavily into AI. “There’s a broad range of knowledge and differing levels among different regulators.”  

The discussion is rife with tips and points to consider as you adopt AI-based solutions. To understand more, watch the webinar. 

Click here to view the webinar.