ISG Software Research Analyst Perspectives

IBM Watson and Cognitive Compliance

Written by Robert Kugel | Jan 3, 2017 6:30:51 AM

Ventana Research awarded our Governance, Risk and Compliance (GRC) Business Innovation Award for 2016 to IBM for IBM Regulatory Compliance Analytics, powered by Watson (IRCA). This application of cognitive analytics is designed to streamline the identification of potential regulatory requirements and suggest methods for compliance. In so doing the cloud-based system can cut the time and cost of compliance while creating an effective means of ongoing management and control of compliance processes.

A system such as IRCA can strengthen governance while reducing administrative overhead. As such, it will be useful to financial institutions and potentially to other regulated industries. IBM designed the system especially for financial institutions because of the rapid increase in regulation of this sector since the financial crisis of the previous decade. Although the recent election might temper some recently enacted regulations governing financial institutions in the United States, the sector was already heavily regulated before that financial crisis. Moreover, it’s likely that regulatory relief will be focused mainly on small and midsize financial institutions that pose little systemic risk.

Banking and regulation have long been intertwined, and not without reason: History has repeatedly demonstrated that fractional reserve banking systems require regulation because of the temptation for those running banks to privatize gains and socialize losses. It was for that reason that, until the Bank Holding Company Act of 1956 provided a fig leaf to override tradition, the New York Stock Exchange (NYSE) would not allow banks shares to be listed there. For the first century of its existence, the prevailing attitude of the NYSE was that only partnerships were capable of prudent lending because the partners had skin in the game.

Populist suspicion of banking has a long tradition in the United States. For example, to limit their size, until 1994 banks were allowed to operate only within a single state and only one or several counties in some larger states such as New York and Texas. But beginning in the 1980s, some restrictions were removed. Geographic limitations were eliminated in the name of efficiency. The partial repeal of the depression-era Glass-Steagall Act (a law that prohibited deposit-taking banks from having investment or merchant banking operations) was done to make the large U.S. “money center” banks more competitive with the large “universal banks” in other countries that had no such restrictions. In 1999, the Gramm–Leach–Bliley Act enabled banks to be in insurance and other financial services businesses. The result of all of these changes was a greater concentration of banking assets and greater complexity of these large financial services organizations. However, although rules governing the structure of financial institutions loosened, operating rules such as know-your-customer, licensing and anti-money-laundering provisions did not. Indeed, during that same period, in an attempt to counter organized crime, money laundering and other illegal behavior, these sorts of regulations became more stringent. In our governance, risk and compliance benchmark research three-fourths (78%) of financial services companies described themselves as heavily regulated, compared to 40 percent in services and 19 percent in manufacturing.

Regulations imposed on the financial services industry by the Dodd-Frank Act have further increased the compliance burden on banks – and only 70 percent of the act’s 390 rules have been fully adopted. A study performed by George Mason University in 2014 found that the act had imposed 27,669 regulatory restrictions. Some of these have dubious relevance to the safety and soundness of the banking system, such as Section 1502, which mandates disclosures about conflict minerals (such as “blood diamonds”) . And some are at least partially redundant, such as section 1503, which mandates disclosure of mine safety issues. All companies, even those in the software or broadcasting businesses, have been required to include such disclosures in their periodic reports for the past 40 years.

The substantial increase in rules has resulted in a substantial increase in related expenses: The largest banks have spent billions of dollars over the past six years hiring thousands of additional staff to interpret and conform to the new rules.

Since its enactment, there has been criticism of the Dodd-Frank Act because of the cost and complexity of compliance as well as its potential efficacy. The result of the recent national election in the United States may change the course of bank regulation that could undo some provisions and lessen the regulatory burden, especially in smaller financial institutions. In my view, that would not change the essential business case for IRCA. Financial services regulation was already complex before the financial crisis. From my perspective, it’s unlikely that all of the rules enacted will be reversed. There is still room for a tool that will enable financial institutions to deal with regulatory compliance today and in the future.

Watson is a cognitive computer system that uses machine learning. It applies algorithms that enable it to adapt and change its assessments of data as more data and more outcomes are observed, enabling the system to provide guidance that is likely to be increasingly relevant and useful with every use. The system uses natural-language processing to ingest regulatory rules, enabling it to digest the meaning of the rules to provide guidance. These machine learning algorithms are applied to answer questions posed in natural language and mimic how a human might respond to or manage a process. Watson’s cognitive approach to diagnostics and prescriptive analysis has already proved valuable in the field of medicine. While regulatory compliance lacks the emotional appeal of saving lives and improving patient outcomes, there are similarities between the two fields.

At first glance, it might seem that regulatory requirements would be cut-and-dried. In some cases, that might be true. More often, though, as in medicine there are ambiguities: The clear applicability of a requirement in scenario A may not apply to scenario B. Regulations can be duplicative and at times even contradictory, as for example, in the need to comply with the Community Reinvestment Act while maintaining sound lending requirements. Just as a steady flow of medical literature must be digested, the issuance of laws, regulations, judgments, rulings clarifications and updates comes in a steady flow. Just as Watson helps physicians sift through evidence to offer a range of diagnoses with related probabilities of their being applicable to the case at hand, IRCA assists those in supervisory or compliance roles to gain greater clarity as to meaning and applicability. Just as Watson provides guidance on how a physician should act on a diagnosis, IRCA is designed to give practitioners practical advice on how best to implement regulations.

There’s another parallel between financial regulation and medicine. Watson “learns” each time question is posed and responses and answers are chosen. Sharing knowledge and best practices is inherent in the fields of medical practice, so there’s built-in acceptance to using a system that provides for the general good. Similarly, and unlike many corporate activities, it’s not uncommon to share regulatory compliance knowhow, since there is rarely strategic value in coping with the minutiae of rules. The financial services industry – banking in particular – would benefit considerably by widespread adoption of IRCA.

It’s still early days for IBM Regulatory Compliance Analytics, powered by Watson. Its ability to streamline the identification of potential regulatory requirements and offer a range of compliance approaches has substantial potential for an industry that is heavily regulated. By cutting the time and cost of compliance and providing a consistent process of managing the compliance process, banks in particular can achieve the same level of control and risk management with far fewer administrative personnel. I recommend that senior executives and compliance officers investigate IRCA.

Regards,

Robert Kugel

Senior Vice President Research

Follow Me on Twitter @rdkugelVR and Connect with me on LinkedIn.