AnalysisCompliance

When comrade AI controls the company

Compliance is a challenge for many companies. The introduction of artificial intelligence is seen as a new means to enhance internal controls. Nonetheless, there are constraints to the extent of automation.

When comrade AI controls the company

It all began with a press release on November 15, 2006. The headline at the time was "Siemens interested in clearing up embezzlement incidents" was the headline at the time, which, together with the subsequent Siemens scandal, was set to anchor the topic of compliance in Germany. Nowadays, compliance is a part of everyday business for every company. However, frustration is growing. "How can we manage the bureaucracy of compliance?" is the question everywhere.

The lamento is a song sung by merchant for decades, and this also applies to the issue of compliance. Already in the mid-tens, midsize companies, for example, feared additional bureaucracy. In a study by the University of Konstanz, 86% of respondents at the time considered this additional effort to be more or less a significant problem.

Nevertheless, the world has not come to an end, especially since legal certainty is not possible without bureaucracy. In the meantime though, regulatory requirements have increased significantly. For example, demands on information security and data protection have risen, and fines for potential violations are also higher.

Ever-increasing demands

Hackers exploit this situation, putting many companies under pressure by threatening to publish stolen data, such as customer information. Above all, there is a need to adhere to an increasing number of internal regulations within organizations – not least because customers have higher ethical expectations. At the same time, the shortage of skilled workers is also affecting compliance departments.

In 2024, however, a new answer is emerging. "We see a game-changer for the next decades," Franz Prinz zu Hohenlohe is convinced. The board member of Munich-based WTS is banking on digitization and artificial intelligence (AI) across the entire field of his tax consulting firm. He hopes to get a handle on the sprawling topic of compliance in this way. After all, the automation of processes through AI presents itself as a solution.

The new standard

A kind of gold rush has broken out. Bavaria's Minister of Justice, Georg Eisenreich, who has been at the helm of the ministry since 2018, has examined AI systems like ChatGPT, and he is delighted: "What these language models produce is the new standard." Speaking at the WTS event "AI Driven Next Generation Compliance" in Munich, he confessed to having put the digitization of justice at the top of his agenda.

In his opinion, the technology addresses three points. "AI models will significantly change the legal market," he believes. The pressure on lawyers and consultants will increase. Second, the systems must support and relieve the entire judiciary, also to keep the apparatus functional against the backdrop of demographic development. Thirdly, society faces significant challenges. It is maximally opaque how the results of the language models come about: "They are a black box."

Nevertheless, AI will also change the rules in compliance, according to Sabina Jeschke. The head of the Berlin innovation ecosystem KI Park e.V., who led the Digitalization and Technology department at Deutsche Bahn from 2017 to 2021, observes a simple consideration in companies that have to manage with fewer personnel: "How should it continue when it becomes increasingly complex?"

Radical automation ahead

As per Tobias Fuchs, Head of the WTS legal department, companies cannot count on a reversal of the trend. He does not see any signs of comprehensive deregulation. The consequence is obvious: "We have a radical automation of compliance ahead of us." This will bring great advantages for companies: "Operational processes will merge with compliance processes." This could enable real-time monitoring.

In fact, companies are placing great hope in digitization. This is revealed by the approximately 50-page study "Next Generation Compliance – How AI Revolutionizes the Rules," which KI Park presented in January and which is based on surveys and expert interviews. More than half of the respondents assess the potential of digitization and AI in implementing compliance as very high, rating it 8 or higher on a ten-point scale.

The dilemma of costs

Automation holds three primary hopes for companies – surpassing goals such as avoiding damage to the company's image or enhancing reputation by a considerable margin: improved risk management, increased legal security, and enhanced cost efficiency. Around 70% of participants mentioned each of these goals. In particular, high expenses weigh heavily because 60% of respondents spend more than 1 million euros per year on compliance. Moreover, a third of respondents had to shoulder fines or legal proceedings as a result of significant compliance cases in the last ten years. The pressure to act is accordingly high.

Therefore, WTS Managing Director Fuchs expects that AI will not only change how compliance is operated, but also who operates it. In the future, it will no longer be human experts but hybrid intelligence systems. AI makes the application of compliance possible, especially given ever-increasing regulatory requirements: "The use of AI in compliance is becoming increasingly indispensable and, prospectively, mandatory."

What will artificial intelligence achieve? For example, AI could identify potential compliance violations before they occur, says KI Park CEO Jeschke. The approach: It analyzes patterns and trends in large amounts of data. Risk assessment becomes more precise, and real-time analysis becomes possible. Ultimately, a holistic compliance view is created that integrates various topics and shows overarching connections that often remain invisible in today's common compliance management systems: "AI enables customized compliance tailored to the specific risk profiles and needs of individual companies."

Privacy paradox

Nevertheless, the study also identifies limits to automation. Two essential factors limit the use of AI in compliance, explains Fuchs. Firstly, the availability and quality of the necessary data are critical. Secondly, human evaluation and decision-making for strategic considerations remain indispensable for the time being.

Furthermore, users are confronted with a paradox that the use of AI in compliance brings, says Fuchs. While it helps to comply with data protection rules, it poses a challenge to data protection itself. For example, AI systems could monitor employees' email traffic to ensure compliance. However, this may violate the privacy of employees. Moreover, while AI-based compliance systems make the increasing complexity manageable, they also increase the need for transparency of algorithmic decisions.