Why Regulation and Compliance is Fundamentally a Data Science Exercise Fintech Nexus
June 27, 2023
Thank you everybody for making the time to be here with us this afternoon. The topic of discussion for us is why regulations and compliance are fundamentally a data science exercise. I’ll be your host for this panel. My name is Jas Randhawa. I am the Founder and Managing Partner of StrategyBRIX. We are a boutique Risk and Compliance consulting business. Prior to StrategyBRIX. I was the head of compliance for companies like Stripe and Airwallet. Before that, I managed PwC financial trends business for the fintechs of the West Coast. I am joined here with me today on my left with Matt and Ana from stripe. Asif from Compliance.ai and Simon Taylor, I let the folks introduce themselves before we dig right deep into the questions, Matt, you want to go first.
Speaker 2 0:54
Thank you all for coming here. We promise we’re going to make this topic exciting and interesting, which we obviously believe regulation is actually quite an interesting thing. I’m a co-founder of Hummingbird RegTech, we’re a global case management investigations platform, previously regulator with an agency under the US Treasury Department and I was also the first head of compliance at Circle.
Speaker 3 1:12
Hi and I’m Ana Davila, elite stripes anti money laundering Intelligence Unit. My prior experience is in the consulting space, mostly focusing on pre transactional due diligence, complex investigations, fraud, etc. I do want to clarify; I am not speaking on behalf of stripe today and all opinions are my own.
farlam 1:30
Thank you. I’m Asif Alam, CEO of Compliance AI. It’s a reg tech firm and happy to talk more about it. But my background is that I have been in the FinTech and RegTech legal tech for 20 plus years, used to be at Thomson Reuters, and then subsequently with a few other startups.
Speaker 5 1:48
Hello, everybody I’m British guy on the panel because every panel needs one. My name is Simon. I’m head of strategy at a company called Sardine which is a fraud and compliance platform used by crypto and fintech businesses. We see some fraud and we need some compliance, but also best known as a blogger. So FinTech brain food is a free weekly newsletter, where I cover topics and regulation and compliance and data science are one of my passion projects. I’m glad you showed up to hear more about it.
Speaker 1 2:20
Thank you, everybody. We’re going to start the discussion by talking a little bit about the evolution of compliance over the last 15 to 20 years. Compliance as a function used to be very legally driven technology used to be a second Thor. And a lot has happened since then, till about the financial crisis, which we’ve discussed as being an inflection point, as if you don’t mind sharing your thoughts on how you’ve seen the industry change over the last decade or so.
farlam 2:54
Thank you, Jas. It is really interesting, you know, the evolution, if you will, of compliance and regulation that has become front and center, through many transformations that have taken place. It’s really driven by the complexity and the velocity of what we are seeing complexity, meaning, the world is more digitized, things are becoming, it’s not physical, it’s digital. How do you actually do that it’s everything is becoming more global. I used to be in New York, have relocated to San Francisco since but I was here in 2008, the debacle of financial crisis, soon
Unknown Speaker 3:36
this, what happened.
farlam 3:38
And what I remember very vividly is that post that all the banks, if you go and visit the trading floor, that all of a sudden, technology became a must have not a nice to have, what I’m seeing now, as we going into 2023, and with everything we are seeing that technology now is becoming a must have not a nice to have in the Office of General Counsel, when you talk about compliance. When you talk about regulation, when you talk about risk, and it goes back it connects the door, again, to the very fact and the very fabric of you know, just the all the regulators are just not reactive, they are being proactive. There are a lot of things that are coming in, which was not there. So again, velocity and complexity are the major reason,
Speaker 1 4:29
I think not to give away my own age, I distinctly remember I’ve been doing compliance for about, let’s say, seven, eight odd years, more on the tech side. Till the time the crisis happened. I distinctly remember sitting down with my wife and telling her I think I’m basing my career and I need to get out probably, you know, build some products or do some more front-end stuff. Not to say thankfully, the crisis actually happened. I think things started to evolve a lot more. Being a technologist, an engineer by background, working a lot on systems. I used to struggle explaining to people what my job was, there was a compliance officer, who I had to deal with, who came with a very heavy legal background. And then there was it in the back, that was fixing data and systems for you. And here, I’m sitting in the middle, I can talk to both of them, and I understand what they want. And I understand what they can produce. But there was no definition. I used to use this term robot on the bridge between, compliance, and, Dec and it and whatever. But I could see that whole transformation happen as technology evolves. Simon, any thoughts? Any inflection points you observed during that point?
Speaker 5 5:45
I think fundamentally, technology and financial services was a cost center, not a not as competitive advantage for a long time, that started to change with the tech boom. And since 2008, compliance hasn’t yet become a competitive advantage. Although I think now, we’re starting to see a year in 2008, at least, it became a really important focus, and a need for innovation and technology could help us and of course, we gave birth to reg tech, regulation, technology, we’ve now got a whole category focused on this space. But given the recent banking crisis, I think we have a crisis of trust, generally, whether it’s banks, whether it’s FinTech companies, crypto, there’s a crisis of trust amongst consumers, amongst businesses, amongst regulators, about what am I fundamentally getting here from these businesses and is regulation working? The consumer trust index across all financial services has really, really come down? Being really good at compliance is a competitive advantage. Circle, one of the reasons they were able to get as far as they did so long, is because of those relationships with regulators, but also the application of data science, to what is fundamentally a data science problem. Because if you think about what regulatory reporting is, if you think about what examinations are, it’s about proving you’re following these rules, which the rules are really about proving you’re not being a douche. Prove you’re not messing up, prove that you’re doing the right things for your customers and society and everybody else. So how do we observe that? How do we make sure that’s the case? Well, usually it’s in the form of a PDF that comes out of the back of a system built in the 1970s, that regulator reporting is probably going to be hard to read. We have this wonderful thing now called large language models that can read PDFs and do amazing things. So that’s why I think the title of this panel is the most interesting thing I’ve ever seen. That the problems we face in society, one of the biggest ones we have is we have a lack of trust and natural lack of trust in financial services. But data science is an art form and a science. And we should think very carefully about how we start to apply it to financial services. And then whether that’s inside of a financial institution or a FinTech company, or inside of agencies as well.
Speaker 1 8:25
That’s such an interesting perspective. As we look ahead 510 years from now, Matt, we’ve spoken a lot about the profile of a CCO evolving, it already has evolved. What do you think in about 10 years from now a cc in the org would look like?
Speaker 2 8:44
I think the top credential that makes you qualified to be a compliance officer today. For most of history, since these rules were put into place 50 odd years ago, it has been how much of a human encyclopedia you can be. You need to remember what 12 CFR 32.5, whatever would be means and be able to cite it to your examiner so obviously tends to have a lot of lawyers in there, people will have that kind of mindset. My experience. my first exposure to working with real engineers and data sciences was a circle. I met my co-founder of hummingbird there when he basically started kidnapping engineers and data scientists from his product team to build tools for my team. And my role rapidly evolved into being the bridge between the regulatory knowledge and but beyond a translation into what the product team could understand. They would often ask, okay, why do I need to do this thing? And why does it need to be done that way? And the first question is very important, I think because it cuts to the core of everything we’re talking about in the panel here, which is the reason why these regulations are in place. It’s to protect people, it’s to keep bad actors out of the financial system. The second question is maybe even more important because it doesn’t need to be done this way. The model that we have is basically established in an era before we had computers, we were assuming there’d be people on paper doing the work. And that’s really not the case anymore, we could not decide at this point, it was not measurable, we didn’t really have a means of proving that it was trustworthy, other than sending auditors in to go look at things, pull samples and dig through a bunch of PDFs. But now, if you actually have a compliance team that’s equipped this way, they can actually start to prove the results of the methodologies that they’re using. So, to your question, I think the profile for the compliance officer, the future is no longer there, they still need to understand the regulations and why they’re there. They don’t need to be the encyclopedia anymore, though, they need to be almost like a product manager that is able to have subject matter experts that report up to them. But there’s also data scientists and engineers who know how to implement those requirements in their products themselves, kind of like a compliance by design principle. And then also, more importantly, how do you measure and prove that you’re achieving the results that you are supposed to be?
Speaker 1 11:07
Interesting, so the lawyers are not going to cut it anything? Is that about yesterday? At Cannes you were talking about? In analyzing securing ml data, and genuine good true spirits. I did mention that I was asking a general question to the panelists about whether you think compliance officers should be sent to SQL school pythons culture, they understand technology. And unanimously everybody laughed at me. And for a minute, I was shocked. I had some transformations in my career, especially at places like Stripe, where we used to hire investigators. They would go to SQL school, they could pull their own data, they could analyze their own information, they could do basic dashboarding. Anna, what are your thoughts in terms of embedding technology within the investigations function and the compliance or clarity?
Speaker 3 11:56
I think beyond the compliance officer role, it’s just the role of data science is growing right within the compliance space. And that will inevitably redefine how we work within compliance, how we hire for compliance, or where we place value in terms of skill sets. We talked a little bit about compliance officers, data scientists need to be embedded in this teams, it’s no longer nice to have, it’s a must have. And it’s really our best bet at tackling both the challenges of how complex the economic and financial system is today, we have the you know, the FinTech space is revolutionizing how we think about money and the economy, defy crypto, all of these challenges come with big data. Our best bet at tackling big data is through data science. Not to mention, we’re not the only ones looking at app technology, right? The bad actors and the bad guys are also trying to innovate and learning how to leverage technology, you take a little dive into the deep in the dark web, and all you see is tutorials being sold on how to exploit financial institutions and fintech. So really leveraging data science is our best bet of tackling this to challenges that are inevitable, they’re trends that are traveling at the speed of light. And for me, it’s very natural to think that investigators, especially the investigators doing the heavy lifting of the work, within AML need to be equipped with all these tools, right, and the roles are going to be less isolated, I think they will need to interact more with data scientists, because machines can’t replace humans, right? There still needs to be a dialogue and a tuning process. I think these roles are just going to become more cross functional, more complex and more diverse.
farlam 13:35
Can I just add one more thing. And there is, again, as we were talking about evolution as it’s taking place in front of our eyes, so what happened? And one of the things that I saw was that the physical branches were forced to go away. Community banks, they were forced to go online, even really against their DNA as well. One of the first things they did when they went online was, they then started seeing customers from other states. Well, you know, in the previous world, their compliance officer or compliance group was very small, knew about let’s say, it was a community bank and state of Georgia or, you know, knew very much about or even the city of Atlanta knew everything about it. All of a sudden, jazz from California is becoming a customer. Now you need to be compliant and for the state of California, also, because you have a customer. The complexity, it’s not about how big of a bank you are, it’s about how complex you are. And that is happening very rapidly. So again, and how do you do that? How are you efficient in that. It’s not by throwing bodies. It’s about learning, enabling using technology, and that’s where RegTech really comes in and data science comes in.
Speaker 1 14:52
That’s interesting. I think there used to be a point in time when compliance and risk officers were known to be You know, they would just pump the brakes. They’re the naysayers. They are the obstacles. And basically, they would go back and, you know, hold things back. There’s been a very significant evolution there on FinTech, in the crypto side, you’ve had very commercially minded compliance and risk officers, who are enablers, and support business and growth. And even in the conventional institution, there’s a lot of the mindset has shifted, where folks want to help and be more engaged with growth teams. I want to pivot a little bit and talk about what are the real challenges you guys feel they see in you know, on a day-to-day basis? and being able to get investments being able to make changes? What discussions are they having? What are the real struggles? Simon, any thoughts if you want to go?
Speaker 5 15:51
Never worked as a compliance officer. I look to the panel for that. But as you were talking, the pump, the brakes thing really stuck with me, actually. And that was the adversarial relationship of the business prevention officer for a long time. And actually, if I think about the world’s best uses of the brake pedal, I think about F1 drivers who drive to survive, and the way you go the fastest. The way you win the race is knowing when to apply the brakes, and to apply them extremely hard when necessary, and softer, and other times and when to accelerate. And I think that’s exactly the role of what we always called the risk-based approach, that is a risk-based approach to controls. And so that too, is a data science problem. Because the more data I have, the more effectively I can manage all forms of risk. But no, what we did historically is we had a fraud system, and we had a transaction monitoring system. And we are none of the data in any of these things talk to each other. If I portrayed it as a data science problem, I would treat it a little bit differently. I think the mindset shifted there when I spoke to a sardine customer who said, we realized that when we started tweaking our payments interchange, we were really arguing over basis points with our providers. But when we looked at the fraud levels, and we really started understanding where our false positives were, where we could start to really maintain our position with other issuers by getting our fraud rates down, we saw we were dealing with percentage points. What’s more meaningful, if I can get my false positives down, if I can get my fraud rates down? Great. But actually, I’m making a percentage point difference to my bottom line, I’m no longer a business prevention officer. I’m the most important business creation officer in the company.
farlam 17:53
Interesting. So sorry, for the grade point there, right? Because, again, data, as everybody says, is the new oil. But it’s the refined data. And it’s another point that I want to make is to your point, Simon, is that you have the capability now through technology through data science, to bring all these different datasets together and squeeze it different ways.There is no reason for to keep the data in a silo fashion, bring it together. And to make the most out of it. How do you do that through data science? That’s the power of data science, that same data that is sitting in there, you can reduce your risk, you can increase your profitability by bringing everything together. And that’s where what we are seeing is that the CROs and the you know, really Office of the General Counsel’s, have a seat on the table of not just preventing companies from losing money, but how do you actually make more money? How can you be more preferred profit, you know, so that’s, that’s the change that and then how is it coming up is through the data science.
Speaker 1 18:58
Interesting. I thinkat Hummingbird and Matt, you guys play a pretty significant role that all of this information converges for compliance officer risk officers to leverage and to do their jobs on a day to day basis? What kind of impediments Do you see? Then you see the use of machine learning data science, what’s holding the industry back?
Speaker 2 19:22
I’ve always had a belief that the compliance arena, the compliance of reg tech, anti-money laundering arena is one of the most difficult areas to deploy machine learning. And fraud. The fraud area is pretty, it’s more straightforward because you have a very clear cut, like something you lost some money fraud happens, very easy to label that data. By the compliance world. All the training data sets you need to actually build machine learning models are basically locked up in 1000, different spreadsheets and in SharePoint, and the amount of work needed to clean that data up and make it available to feed back into models is significant and if you don’t have your compliance team is actually equipped with it. In hearing data sciences resources, it’s effectively impossible to kind of like taking maybe weird to be saying this as a vendor. But if you don’t have that in house capability, you’re basically handing control of your destiny to whatever vendor you pick, and you’re going to be stuck with them for a long time. The biggest challenge is getting the data and getting it in a format where you can have feedback loops from different systems all talking to each other standardizing it and such. I think to elaborate on Simon’s point there, this is moving away from the compliance datasets, everything we’re talking about today is very procedurally oriented. It’s sort of how good are you at executing against your documented procedure? I think what we need to really be orienting towards in the future is how well do you learn from the data that you’re getting, in real time, like your function, we have a very strong status quo bias in the compliance and regulatory world, it’s like if something is new, when your regulator comes in and looks at it, that’s their focus all their attention on that new thing and ask you all sorts questions like, Why did you change it? In some of these cases, it should be fairly obvious, because the old thing wasn’t working. And we think the new one is, but if you’re able to then sort of show how, in the financial crime world, the bad guys are people, they’re out there, they’re actively evolving. They’re embracing new techniques. They’re trying to optimize to get the most money out of you, or want the most money through you as they can. And we need to be able to be, look fast learners, be very agile, and not hold ourselves to the standard of sort of what’s been documented for the past decade. But hold ourselves to the standard of saying, okay, this is how fast we stay on top of, or how fast we adapt.
Speaker 1 21:40
I think in a conversation with Ben Laski, who spearheaded the New York DFS five or four regulation, which allowed the financial crimes industry to really hone in on what we’re supposed to do on the transaction, monitoring side sanctions training side and build an attestation program around it. At that point in time, we were trying to work on a bunch of machine learning models for transaction monitoring on the AML side, specifically, there were numerous challenges in terms of the explainability of the model, a sequel based model, easy to explain this is the input. This is the process; this is the output. The examiner is walking in saying on the first of Jan, last year, can you tell me what happened? Like it’s a little bit hard to explain, as I understand the machine learning model. And we were going back and forth about what we can do better, I’m sure the engineers can have some problems and do some explainability. And at that point in time, I think you made a comment about how more than 75% of his actual workforce started before the email was invented. It’s going to be a little bit harder than that. Simon, you’ve spoken about previously, we can’t have enough data, the more data we have, the better results we’re going to have. Do you see a world in which the industry cross border like we’d be exchanging information with each other to get the best results for our, for our compliance teams risks, themes for better onboarding.
Speaker 5 23:06
I really hope so. But this is the topic that comes up on every fraud, compliance and risk panel is like we share data. It’s like teenage sex, everybody’s talking about it, but nobody’s doing it. It’s like, alright, but let’s get on with it. Sardine just got 31 for the designation so that we can participate in it, and that we can hopefully build an AWS for everybody else. And I’d love for everybody to get involved in that. But where one organization, you know, a rinky dink startup, Series B, there’s only so much we see, this has to be on every sponsor bank on every embedded finance company on every payment company. I mean, its one of the reasons I think Stripe has known its claim to fame is it sees so much data. And it’s able to do so much more with data science, because it reached a scale and it was able to solve a lot of problems across the whole spectrum of being able to do that. Yes, is the short answer. We need to do it. But let’s not talk about it. Let’s show up to the Saudi one and show up to other initiatives by unit 21. And let’s actually collaborate like we don’t hate collaborating.
Speaker 1 24:20
It’s interesting. I think from an ML investigations perspective, there are some regulations that prevent free information sharing across, even within organizations. I would love to get your perspective. You’re in that space. You work with a lot of investigators deeply. You file a lot of SARS.
Speaker 3 24:43
This goes back to your question on the challenges of implementation. We have a huge disparity in this space, because we have obvious differences in sizes of companies and their budgets and their ability to invest in absorbing these technologies. And if you take a step back, even within a con MEC, right, smaller, larger economies, et cetera. But then we have the cross-region all across country barriers, even within the same organization, it’s so incredibly difficult to share information on suspicious activity reporting on investigations that are active even on some high impact typologies, or tips we get from law enforcement within the same organization. So even the communication between subsidiaries can be incredibly, incredibly challenging. And I think this has been called out by many, many agencies, including faith as this is really one of the biggest challenges for this approach to work, right. And it’s also part of the solution right to technology is here to solve this problem. But it’s, it becomes this, this really complex cycle. And, and sometimes, even though compliance professionals do want to share the information, we find the benefit, we want to do it, we’re restricted by laws and regulations. And I think, again, going back to the topic of trust, the regulatory environment doesn’t have a standard yet, we don’t know what the paradigm is going to be in the next few years, where the thresholds are, what the expectations are going to be. It’s very important for us in this industry as professionals to push for that as enablers in the space.
Speaker 5 26:10
And it’d be cool if there was an open-source standard that the industry just came up with, let’s just go build what we think it should be, and have the regulators react to it, because I think finding a way to do that. I imagine if you are a regulator and you’re on the regulatory side, you don’t have all the answers. And sometimes it’s a lack of just knowing what the art of the possible is from not being at the cutting edge implementing this stuff day in and day out. Whereas actually, industry practitioners who are trying to prevent money laundering working as good partners of law enforcement could do that, and then sort of start to put it out, and maybe it’s open source, maybe it’s something else. But that could be fun.
Speaker 3 26:48
And that’s what’s fascinating about working in the FinTech space, we’re doing things for the very first time. In a way, we’re helping enforcement in another private and public sector partners just to understand what we’re seeing, because we’re the first of them, seeing them, you mentioned stripe in terms of the data, we have products that are so incredibly complex, and we’re touching new funds, flows and ways of innovating, that I think we hold a very big responsibility to be active in those conversations.
Speaker 2 27:19
The regulators have a very difficult job here, because they need to be seen as authoritative. It’s kind of part of their job, they set the terms that the entire industry operates by, but they don’t have these skills in house compared to what companies like Stripe and square and Coinbase and have hundreds of engineers and data scientists. It’s very difficult for government agencies to kind of recruit and maintain that same level of talent. I think a lot of them, in their heart of hearts, understand what can be done here, but they can’t, its difficult for them to take the risk to try it. I think to Simon’s point, we need a kind of industry leadership here that is grounded in what the regulator’s need and want to see happen. But we need to kind of build it for them in a way and help to lead them to a path that they can then trust, I
Speaker 1 28:09
At stripe, we strongly participated in a bunch of public private partnerships, one, specifically that I’d spent about two years working with FinCEN. And the PSAC was an industry advisory group of about 1012 leading financial services companies, both from FinTech, crypto and traditional finance, the banking world. It changed my perception. I was quite intrigued to see the amount of interest they had, they were leaning in on the industry to really tell them what cutting edge identity and verification really looks like. How are you detecting risk? How are you finding these hours? What other information do you have? How can we be more competitive in the world and keep pushing our economy forward? But I feel that at some point, and not you know, if you’re if you’re an early stage FinTech, it’s understandable, you’re strapped on resources, you need to build your product, you need to get your market fit, and you need to be out there. But I think as you grow, it’s increasingly more important to go and build those relationships, find those opportunities, any experience you folks have in participating in these public private partnerships, and how should organizations seek them out?
farlam 29:31
I think that’s needed at the time. Right? Matt and I were talking earlier, again to that thing that there is a responsibility on some of the rec techs also, that despite even if there is a little bit of overlay that we need to sit together, we need to create that channel, right of how are we orchestrating all the compliance needed? And I just want to say one thing, which is kind of to the same note that You know, we, in the, in the world of the realm of the startups, we see a lot of fractional chief financial officers, as you’re starting your journey, you see a lot of fractional, I think we are getting to a point where you will see a lot of fractional chief compliance officers, because of again, in the realm of the complexity that is happening. And what we need to do is, again, the champions of the RegTech is to create that ocean that can be you know, where all the data is there that you are actually creating that lake, which can be very friendly in that environment. I think that public private is a key next step that needs to happen. Now,
Speaker 1 30:44
I love the idea of fractional CCOs. It should also be a fractional jail term if you screw up. Just kidding. I think this conversation is probably going to be incomplete. If we don’t talk about AI, and the role of AI and all the cool stuff that’s happening right now around us is going to play out. From an investigation perspective, do you think anything’s going to change? I mean, we’ve been hearing a lot about, you know, the machine is going to do the job. And you know, we don’t need any more investigations in your thoughts on
Speaker 3 31:15
the machine is not going to do all of the work. The machine is a great tool, it will empower investigators, I think the role of the investigator is going to change. And this is already happening just because of the reaction to the complex environment we live in. I think, if we go back to your point on public private partnerships, there’s always going to be an emergent typology, that is based on a new innovation, or just the political social climate we live in. We’ve been seeing that with crypto, we saw that with January 6, the rise of violent extremism and the US. All of these challenges are increasingly changing the landscape of investigations, right? It’s very easy to talk about AI or machine learning in the context of operations. You know, we have the regular pipeline, the transaction monitoring rules, your traditional vanilla AML cases, my focus is more on the more challenging complex strategic investigations. I think intelligence units will play an increasingly important role in this space, because the challenges are not as straightforward anymore, we need to be able to analyze connections, networks, behaviors, segmentation is going to be incredibly important. The suspicious patterns are no longer limited to transaction patterns. That’s what I’m getting at. This is where AI will do two things. It’ll unblock a lot of resources and time because you’re going to be able to do some things faster. Yes, machine learning, onboarding, and due diligence. Now you have more resources and more space. What are you going to do with that it’s time to get strategic creative to make all these controls more proactive, as opposed to reactive,
Speaker 1 32:46
called Simon, AI changing the realm of onboarding risk detection?
Speaker 5 32:50
Yeah, absolutely. It’s a couple of examples that stand out. The first example is Saadian, and many others have anomaly detection, as was one of the standard things and talking about using more data sources. What showed up was that a bunch of people were signing up for accounts passing KYC. With what looked like verified identities, with devices that were based in Omaha, Nebraska, there was just a high velocity of it and our anomaly detector went well, that’s a little bit odd what else is going on. And it turned out that every single one of those devices had a time zone mismatch and when the time zone was Lagos, Nigeria, now, who spots that unless a machine is spotting it, and I think it’s the ability to just detect that something looks weird, maybe a human should look at this, which is the first starting point of any great use of AI. And let’s not forget, the bad actors have AI when they’re training their models. This is an arms race; we absolutely need to be involved in it in order to protect the customers. But I’m going to speak specifically about large language model models like chat GPT. I know Stripe is a big user of them. I was in sessions; I swear you can see some of the use cases blew my mind. But the ones that I found that people really get is there’s a company called Hajra Reyes, ha D, R IUs, they’ve just come out of Y Combinator. What they’ve essentially done is take the SEC rulebook for registered investment advisors, and this large language model can review marketing copy to spot anything that looks like it might not be suitable for investors. The other thing it can do is take in teams messages, WhatsApp messages, and start to look for evidence of collusion or other such nefarious activities. Now, I don’t know if I’d have started with the SEC rulebook personally. But there are interesting use cases here that you start to see emerge for AI. We do need to be paying attention to the space. Absolutely.
farlam 34:52
I also say that from an AI perspective, I’ve been playing with AI for as long as I remember from my Thomson Reuters day to multiple startups. And the key there are two or three things that we cannot forget an AI is our friend, right? I mean, there are a lot of things that are being said about AI. But to me, it’s about efficiency, right? And ROI that how do you do that, and bringing it to what we are trying to solve. And, and the problem here through data science and everything. To me, the key message there is that, you know, in our space, the knowledge is very tribal, that ANA might know something Matt might know something. I may know something and you may know something, how do you bring it together? And that’s connecting the dots of the data and bringing it together? And how does it make it easier? Again, its efficiency, and enabling people to do their jobs. To me AI should, regardless of its compliance and regulation, or any other thing should be seen as a tool that really helps you get your job done fast. Without repeating things. For example, if you have a policy, which you upload, and President Biden gives a speech, why do you need a consultant to come in and look at it and say, hey, my policy, is it still up and running? Or is it compliant?
Unknown Speaker 36:25
That’s because consultants are children. So
farlam 36:31
they can still have a job; they can fix it right? And, but that’s different job, right? He comes
Unknown Speaker 36:36
home, not what,
Speaker 1 36:38
I need a job. We have a few minutes left, we might have missed the questions that came from the audience. We’re just going to go round. But I have one quick question that I want to run by all of you, folks. You know, is there a point that we missed the intent of compliance, and we played too hard by the rulebook at times? How good is data science and disaggregation of data? How could that materially impact how we solve for compliance in the long run?
Speaker 2 37:09
I have a metaphor I just thought of on the stage here, which I’m going to test and we’ll see if it works. Like a lot of compliance. The Financial Crimes world is an example. A former federal agent told me the quality let me use was that we only catch the stupid criminals today, because we don’t have the time and resources to catch the sophisticated ones. The metaphor I want to test is like most of this today is kind of like the whack a mole game where the compliance teams are just whacking the thing that’s pops up. Well, we need AI to understand the mechanics, the machine underneath, and then actually kill the machine itself. And that’s impossible for individual humans to do. But if we’re all learning from each other, that’s how we can figure out the underlying mechanics.
Speaker 3 37:48
I’m 100% in agreement, I think we are, we had to do what we had to do after 2008. Right, with all the regulation, we need to check the box, we need to do the exercise. But compliance is about doing the right thing. And we have to remember that when we’re in the complaint space. Pigeon, everyone. When you’re in the complaint space, you also have a responsibility towards the financial institution in the economic system that you’re operating. We need to do the right thing not only for Stripe or for Sardine, we’re players in the larger economic landscape. I think there’s a lot of that. And we’re going to have the opportunity to do more of that, for sure.
farlam 38:30
I agree with both of you. I will say that the time is now to use data science and to use the power of the data and really stitching data together and the only way you can do it is using AI and data science.
Speaker 5 38:45
I generally find this a bit observing America, it’s surprising how very rule following an orderly America is for a country that’s so into freedom that you need to fill in the I9 form and stand in the blue line so that you don’t worry, oh my goodness, like why can’t I just can I just moan about the line instead of standing in the right one, I’m British. But the interesting thing is we can learn from global perspectives. And we can learn from it. To compliment the US, the most dynamic private sector in the world without question, it’s the best. And that’s an amazing, amazing asset. But with that we can build better things that we learn from the global best practice. When you look at Asia Pacific, as you’ve looked at what India has done, as you look at principles-based regulation in the United Kingdom, there are the intent of the rules. And there is the ability, I think, in public private partnerships to apply data science to the intent of the rules and show evidence, meaningfully better outcomes for consumers, businesses and society.
Speaker 1 39:50
We’re closing comments. Thanks, Simon. Any questions in the audience? Thank you very much. Thank you for taking the time and to all of you for being here with us, thanks a lot.
farlam 40:02
Thank you it was fun.
Regulatory Compliance Tools
Regulatory Intelligence
Asif Alam
CEO & Board Member
Asif Alam is the Chief Executive Officer at Compliance.ai. A leader in shaping disruptive technology, his experience includes building products using AI and natural language processing for GRC, payments, lending, risk, trading, and new solutions, from Fortune 500 companies to startups.
In his most recent role, he served as the Chief Strategy Officer of ThoughtTrace, unlocking new revenue streams and markets, and reignite portfolio growth. ThoughTrace was then acquired by Thomson Reuters in 2021.
He brings more than 20 years of management and business experience; increasing profitability, unlocking new revenue streams and markets, and reignite portfolio growth for companies like Thomson Reuters, Crux Informatics, and Finastra. Asif is a forward-thinking expert driving engagement via client forums, public presentations, and white papers.
Cesar Lee is a Principal at WRV, a venture capital fund focused on early-stage investments in hardware, semiconductor, and other technology-related companies. Previously, he was an investment professional at Riverwood Capital, a technology-focused, late-stage venture capital, and private equity fund. He began his career at RBC Capital Markets, where he was part of the Mergers & Acquisitions group for two years and the Equity-linked & Derivatives group for one year. While at RBC, Cesar spent a majority of his time working on M&A advisory transactions for technology companies.
Cesar’s investment experience includes buyouts, later stage, early stage and seed rounds. Cesar has completed transaction in the U.S., Latin America, and Asia, and in technology sectors including data centers, software, semiconductors, consumer electronics, robotics, big data, and internet.
Maria Devassy is a RegTech, Content, and Technology leader with over 20 years of experience helping companies bridge the gap between technology, product, and business. Maria has held leadership positions with MetricStream, KPMG, Oracle Corporation, and other technology companies. She has launched several successful RegTech products, business partnerships, and advised Fortune 100 clients on risk management, audit, advisory, and compliance business across Industries.
Hugh Cadden is a recognized expert in derivative financial and trading markets including futures, options, and swaps. Hugh is currently a senior consultant and expert with OnPoint Analytics, Inc. an economic, finance and statistical consultancy specializing in expert testimony for complex litigation. He has been specializing in the organization, operation, and regulation of financial and trading markets for over 40 years. Hugh’s experience includes both the public and private sectors and he has held senior level positions with the U.S. Commodity Futures Trading Commission including serving as Director of the Division of Trading and Markets and Deputy Director of Enforcement. He has been qualified as an expert on financial and trading market matters before the Commodity Futures Trading Commission, the Securities and Exchange Commission, the U.S. Tax Court, Financial Industry Regulatory Authority, National Futures Association, American Arbitration Association and federal courts.
Drake Ross is a former bank regulator who specialized in compliance with consumer protection regulations while at the OCC, FDIC, and OTS. While at these agencies, he provided extensive training and guidance and developed materials to ensure full comprehension and proper application of rules, laws, policies, and guidance, and served as a Subject Matter Expert in numerous areas. Because of his expertise, he often presented at agency and industry events. He also played a significant role in successful windup of the 2008 IndyMac Bank failure, where because of his extensive knowledge of the FDIC deposit insurance regulations, he was called upon to administer highly-complex insurance determinations.
Carliss Chatman is an Assistant Professor of Law teaching Contracts, Agency and Unincorporated Entities, Corporations, and Transactional Skills. Her work is influenced by over two decades of service on non-profit boards and involvement with community organizations. Through leadership positions, she has developed expertise in corporate governance and non-profit regulation. She has also been instrumental in strategic planning and fundraising efforts. Prior to law teaching, Professor Chatman was a commercial litigation attorney in Houston, Texas. In practice, she focused on trial law, appeals and arbitration in pharmaceutical, health care, mass torts, product liability, as well as oil, gas, and mineral law. In addition to negotiating settlements and obtaining successful verdicts, Professor Chatman has also analyzed and drafted position statements regarding the constitutionality of statutes and the impact of statutory revisions for presentation to the Texas Legislature.
Sign me up for all regulatory updates
Get access to EITL Forum recordings
Mariam is an Operating Principal at Cota Capital. Mariam has experience providing guidance on strategic and operational planning to Venture and Growth stage companies. Prior to Cota Capital, Mariam spent her career in management consulting as a Director at KPMG. She has experience leading global transformation programs and developing innovative service offerings for Fortune 500 companies in the Technology sector. Mariam has an MBA from UCLA’s Anderson school of management with an emphasis in Finance and Entrepreneurship. She has a Bachelors in Science in Finance and a Bachelors in Science in Economics from Santa Clara University.
Chris Callison-Burch is an Associate Professor in Computer and Information Science Department at the University of Pennsylvania. His research interests include natural language understanding and crowdsourcing. He has served the Association for Computational Linguistics as the General Chair for the ACL 2017 conference, as an action editor for the Transactions of the ACL, as an editorial board member for the Computational Linguistics journal, and an officer for NAACL (the North American chapter of the ACL) and for SIGDAT (the special interest group for linguistic data and corpus-based approaches to natural language processing)
Tom Ladt is an experienced executive and investor. Tom has lead and served on the boards of several public and private companies serving highly regulated industries such as technology, healthcare, real estate, and food processing. Tom has also served in key governmental roles and on numerous community boards.
Jeroen Plink is a global executive with a proven track record of developing and growing businesses, teams, and technologies with innovation and passion. Jeroen was CEO of Practical Law US during its acquisition by Thomson Reuters. He now serves on numerous boards and acts as a strategic consultants for start-ups.
Global Legal and Compliance executive with 15+ years of success in the SaaS technology and financial services industries. Partner to the CEO and executive team in corporate transactions, business development, product expansion, and regulatory navigation during periods of intense growth and organizational change. An advocate of effective risk management that starts with sound business practices and putting the customer first.
Richard Dupree has held multiple Risk, Compliance and Operations positions at regional, national, and global financial services firms including Wells Fargo, Silicon Valley Bank, Bank of the West and BNP Paribas. Rick currently advises FinTechs and RegTechs and sits on industry panels, contributes to industry whitepapers, thought leadership efforts, and speaks at industry seminars on Risk and Compliance challenges faced by banks and FinTechs.
Brian advises clients on legal and regulatory compliance in the financial, tech, and procurement sectors. His passion is helping businesses succeed in heavily regulated environments. As counsel and trusted advisor to businesses of all sizes, and as a former regulator, policymaker, and federal official, Brian acutely understands the unintended burdens that even well-intentioned government requirements can put on innovation and business growth, as well as how to create policies that strike the right balance.
Brian served as National Ombudsman in the Obama Administration, leading the federal Office of Regulatory Enforcement Fairness in assisting hundreds of startups, entrepreneurs, and small business owners in every industry and every state.
Dr. Marsha Ershaghi Hames is Managing Director of Strategy & Development at LRN, a leader in advising and educating organizations about ethics and regulatory compliance, as well as corporate culture, governance and leadership. With the focus of inspired behavior versus required behavior, LRN is a leading voice in the industry for companies to build ethical cultures instead of “check-the-box” compliance approaches. She’s advised Department of Justice corporate monitors on successful program transformation under CIAs (Corporate Integrity Agreements. With over 20 years of experience in leading multinational ethics and compliance strategies, Marsha has become a highly sought-after thought leader on leading Corporate Compliance and Ethics practices.
Carla Carriveau is currently the Senior Managing Counsel at Wealthfront, an automatic investment service firm in Redwood City, California. Carla was previously Senior Counsel, Division of Trading and Markets, at the United States Securities and Exchange Commission. As a former regulator with over 15 years of experience in helping small businesses navigate legal and regulatory needs in the financial services sector, Carla advises Compliance.ai on financial services regulation, the regulatory landscape and industry practices.
