The Financial Crimes Enforcement Network (FinCEN), a bureau of the United States Department of the Treasury, requires financial institutions to accurately and promptly report suspicious activities under the Bank Secrecy Act. When institutions fail to meet anti-money laundering (AML) compliance requirements such as maintaining adequate transaction monitoring systems, performing customer due diligence, and properly filing suspicious activity reports (SARs) they can be fined billions of dollars. This is on top of the more than $275 billion the industry already spends on AML compliance.

Lawmakers and policymakers know that AML compliance places significant cost and operational burdens on financial institutions. Through the AML Act of 2020 and Innovation Initiative—and the latest proposed rule—FinCEN is actively advocating for financial institutions to modernize and innovate their AML/CFT programs and combat financial crime, including an increased focus on risk-based processes and technology. This will hopefully reduce some of the compliance costs and improve effectiveness. There is a growing emphasis on integrating technologies to support and enhance human intervention and judgment, ultimately boosting operational efficiencies and reducing errors.

As we move further into 2025, incorporating AI into AML compliance programs will be crucial. Fortunately, many leaders in the financial industry are already turning to AI to keep up with the changing landscape. According to a recent report, 78 percent of financial institutions arelooking to technology to help automate processes and improve efficiency.

Here are four ways AI can help you update your AML program:

1. Transform Transaction Monitoring

Traditional transaction monitoring (TM) systems struggle to keep up with the complexities of modern financial crime. They rely on static rules that can't adapt to new criminal tactics, resulting in a flood of non-suspicious items or false positives that overwhelm compliance teams and obscure the real threats.

While many TM analysts were attracted to their job’s analytical work, many have found their days to be tedious—filled with performing data gathering tasks rather than leveraging their true talent for fighting financial crime, managing risk and mitigating it. In traditional compliance operations, upwards of 80-85 percent of analyst work is spent tracking down information and supporting evidence for case reviews. By automating this tedious, error-prone work and auto-populating the SAR narrative, AI drastically reduces mistakes, ensures complete information, and frees up the analysts to work on higher-value/higher-risk type of work — making them more strategic contributors to the program.

2. Automate Manual Compliance Processes

Many AML programs still rely heavily on manual processes, which are labor-intensive and error-prone, leading to compliance breaches and hefty fines. AI and automation technologies can handle these repetitive and time-consuming tasks, such as customer onboarding, sanctions screening alert review, and the filing of suspicious activity reports, to improve efficiency and accuracy while freeing up human analysts for higher-value work.

For instance, AI can automate the review and disposition of sanctions alerts, of which 99 percent are false positives. Automation can also streamline the SAR filing process by automatically generating SARs based on predefined criteria, reducing the risk of human error and helping banks maintain regulatory compliance.

3. Mitigate Staffing Challenges

The financial industry continues to grapple with a significant talent shortage in AML and sanctions compliance. Many banks have open positions that remain unfilled for months, and even when new analysts are hired, onboarding and training can take considerable time. High attrition rates further exacerbate these challenges, as trained analysts often leave for better-paying opportunities, creating a perpetual cycle of recruitment and training.

Banks can leverage AI to augment their existing teams. AI can handle routine tasks, such as screening alert disposition and data extraction, allowing human analysts to focus on complex investigations that require judgment and expertise.

AI-driven augmentation enhances productivity and helps banks scale their operations without constantly hiring and training new staff, particularly during periods of increased alert volumes. AI can step in to manage the surge, ensuring compliance standards are maintained without overburdening the team.

4. Enhance Regulatory Reporting and Compliance Accuracy

With regulatory scrutiny intensifying, accurate and timely reporting is more critical than ever. AI and ML improve the accuracy and efficiency of regulatory reporting by analyzing large datasets and identifying relevant information to ensure that SARs and other compliance reports are thorough and error-free.

Additionally, AI can provide deeper insights into a bank’s risk exposure by identifying complex networks of transactions that might indicate money laundering, enabling banks to take proactive measures to mitigate risks.

The Future of AML

There’s no doubt that criminals are getting smarter, alerts are multiplying, and regulatory scrutiny penalties are mounting. By incorporating AI into their AML programs, banks can stay resilient and effective in the fight against financial crime.

The future of AML lies in using AI to enhance human capabilities, making compliance programs more adaptable to the ever-changing landscape of financial crime. Embracing AI isn’t just about staying compliant, it’s about staying ahead and protecting our financial system from criminal activities.  

David Caruso is Vice President of Financial Crime Compliance at WorkFusion. With over 25 years in financial crime compliance, David has led major AML and sanctions programs at banks, including JP Morgan, Wachovia, Key Bank, and Riggs Bank.

The post Four Strategic Ways AI Can Strengthen Your AML Program appeared first on Compliance Chief 360.

While these elements are important for the board to understand, the actual compliance presentation at board meetings often misses the mark by failing to showcase the proactive work that a compliance team is doing. Compliance officers are often not effectively demonstrating how they are aligned with the evolving and innovative strategies of their business, industry, and environment.

Compliance officers occupy a unique vantage point in their companies. They have unparalleled visibility into almost every facet of an organization’s operations. This allows them to understand the workings and interplay between technology, ever-evolving regulations, and day-to-day business practices. In my experience, the most engaging board presentations are the ones where the compliance officer can articulate what the compliance department is proactively doing to address emerging phenomena, discussing both the risks and the mitigation strategies in place. It positions the compliance officer as a strategic partner, not one who impedes progress.

This proactive approach not only progresses the compliance agenda at the highest levels of the organization, it also directly aligns with the expectations of the U.S. Department of Health and Human Services – Office of Inspector General (HHS-OIG), Department of Justice (DOJ), Securities and Exchange Commission (SEC), and other relevant regulators.

Next, we’ll consider five key topics compliance officers should be actively discussing with their boards in 2024. We’ll explore how to move beyond reactive reporting and demonstrate your role as a strategic partner. While we’ll focus on the life sciences sector, many of the topics are relevant to all compliance functions.

1 Digital Enablement
Digital enablement continued to increase in importance during in the first six months of 2024. Artificial Intelligence and Machine Learning (AI/ML) are revolutionizing drug development and clinical trials by enabling the analysis of vast amounts of data and accelerating the discovery of new treatments. AI/ML algorithms can identify patterns and predict outcomes, aiding in the selection of potential drug candidates and predicting patient response to treatments. By optimizing trial design, AI/ML can improve the efficiency of clinical trials, leading to faster and more accurate results. Outside the life sciences sector, AI is quickly inhabiting nearly every aspect of the organization, raising endless possibilities for innovation and efficiency, while also unveiling several complex risks.

Drug Discovery

• AI/ML algorithms are being used to analyze vast amounts of data from genomics, proteomics, and other sources to identify potential drug candidates and predict their efficacy and safety.

Clinical Trial Design

• AI/ML can be used to optimize clinical trial design, such as identifying the most appropriate patient population, optimal dosing levels, and predicting potential adverse events.

Trial Data Analysis

• AI/ML can be used to analyze clinical trial data more efficiently and identify potential safety signals or trends, allowing for faster course correction and improved drug development outcomes.

Similarly, AI/ML is transforming the way nearly all companies approach commercial activities. Using predictive analytics, AI/ML can assist companies in identifying potential customers, creating personalized marketing strategies, and predicting future market trends.

Content Personalization

• AI can generate personalized marketing materials, such as email content, website landing pages, and social media posts, tailored to the specific needs and interests of customers and other stakeholders.

Sales Optimization

• AI can analyze sales data with healthcare professionals (HCPs) and Healthcare Organizations (HCOs) to prioritize them based on likelihood of Rx conversion, helping sales teams focus their efforts on the most promising opportunities.

Sentiment Analysis

• AI can analyze patient and caregiver feedback and social media conversations to identify trends and potential issues, allowing for proactive customer service and reputation management.

Action Items: Compliance officers should be proactive in establishing robust data governance policies, collaborating with the AI/ML team to mitigate potential algorithmic bias, and working across the company to develop a comprehensive compliance framework for AI/ML use. When communicating with the board, keep them informed about how you are tracking with the company’s AI/ML initiatives, highlighting the potential benefits and associated risks. Discuss the steps your compliance team is taking to mitigate these risks, including partnering on data governance policies, bias mitigation strategies, and adherence to regulatory frameworks.

2 The Talent Shuffle
The life sciences industry in 2024 presents a tale of two realities. While a wave of innovation is fueling growth for some, established players are resorting to cost-cutting measures, leading some companies to institute major layoffs. These same forces are impacting companies in just about every industry.

Cost Cutting: Life sciences companies often face the need to reduce costs to remain competitive. We’ve seen several announcements thus far this year:

• Pfizer – $4 billion cost-cutting by end of 2024 + $1.5 billion over next 3 years
• Bristol Myers Squibb – 2,000 employees impacted by layoffs
• Bayer – reduced headcount by 1,500 employees
• Takeda – 641 workers impacted by layoffs

Talent Retention: Retaining talented employees contributes to the long-term success of the company. Companies are using a variety of mechanisms to attract and retain talent. These include: highlighting the company’s unique mission and culture; innovative compensation models; hybrid work arrangements; upskilling programs; wellbeing offerings; Diversity, Equity, and Inclusion (DEI) focus; and commitment to career development.

Depending on the stage of a company’s product lifecycle and market, different strategies may be implemented. Some life sciences companies may focus on cost-cutting, while others prioritize talent retention. In certain cases, companies may simultaneously pursue both objectives.

Action Items: Compliance officers need to be proactive as the employee landscape shifts. With new hires and role changes, a crucial focus should be on providing targeted training and education on role-specific compliance requirements. However, this isn’t the only concern. Compliance officers should also identify areas where existing controls may become inadequate or even disappear entirely due to staffing changes. The compliance officer should inform the board about these potential control gaps and propose solutions, such as increased monitoring or adjustments to existing processes and controls. More importantly, these changes may necessitate a revision of the company’s risk assessment. If key personnel with deep operational and compliance knowledge depart or controls are weakened, the overall risk profile of the company can shift significantly. The compliance officer should work with relevant departments to re-evaluate the risks, identify new vulnerabilities, and update the risk assessment accordingly.

3Decentralized Clinical Trials
Decentralized Clinical Trials (DCTs) are a growing trend in the pharmaceutical industry. These trials leverage technology to collect data remotely, reducing the need for in-person visits. This allows for greater patient participation, especially from geographically dispersed populations or those with mobility limitations. Examples include telehealth-based trials using video conferencing, wearable devices collecting health data like heart rate and activity levels, and mobile apps for patient-reported outcomes and communication.

However, DCTs also raise compliance concerns. Data security and privacy require robust security measures, clear data governance policies, and strong encryption protocols. Patient privacy is another consideration, as remote data collection necessitates carefully adapted informed consent procedures to address potential coercion or undue influence. Finally, regulatory bodies are still developing guidelines for DCTs, creating some uncertainty for companies.

Action Items: To navigate the evolving DCT landscape, compliance officers must stay informed about changing regulations and develop clear policies for ethical conduct in DCTs. This includes adapting informed consent procedures for the remote setting, implementing robust patient data protection protocols, and establishing clear communication channels to address patient concerns. Compliance officers should be proactively informing their boards on how the compliance program is helping the company leverage the benefits of DCTs while minimizing risks and maintaining ethical practices.

4ESG Considerations
Environmental, Social, and Governance (ESG) factors continue to remain important for investors and stakeholders. Boards are discussing how to integrate ESG principles into their corporate strategy and demonstrate their commitment to sustainability and social responsibility. Boards are facing challenges in this space.

Lack of Standardized Regulations

• Currently, there’s no single, overarching set of ESG regulations globally. Different countries have varying regulations and reporting and disclosure requirements, making it complex for companies with international operations.
• Action Item: Compliance officers must stay updated on these diverse regulations to ensure adherence across all markets.

Greenwashing Concerns

• Regulatory bodies are increasingly scrutinizing ESG claims to prevent “greenwashing,” where exaggerated information is presented about a company’s sustainability efforts.
• Action Item: Compliance officers should be working cross-functionally and sharing with the board how the company’s is ensuring its ESG reporting is accurate, transparent, and verifiable to avoid potential penalties and reputational damage.

Consumer Protection

• Consumer protection regulations are evolving to address misleading environmental claims in marketing.
• Action Item: Compliance officers must collaborate with commercial teams, corporate affairs, and their PRC committees to ensure all ESG-related messaging is accurate and substantiated.

Cybersecurity Risks

• The increasing collection and use of ESG data introduces new cybersecurity risks.
• Action Item: Compliance officers need to work with IT and other groups gathering data in the organization to implement policies and robust data security measures to protect sensitive ESG information from breaches or misuse.

5 Economic and Geopolitical Headwinds
The life sciences industry is continuing to face several disruptive macro forces in 2024. Beyond the ongoing challenges of scientific advancement and regulatory compliance, boards of directors are grappling with a complex economic and geopolitical landscape. This is across all industries, not just life sciences. The war in Ukraine, ongoing tensions between major powers, and escalation in the Israeli-Palestinian conflict are creating significant supply chain disruptions, potentially impacting research collaborations and access to critical resources. Coupled with a persistent inflationary environment, boards are strategizing on how to navigate these economic headwinds. This could involve cost-cutting measures (previously explored), investigating alternative sourcing options, or even raising prices to maintain profitability.

Action Items: For compliance officers, these disruptions present unique challenges. Inflationary pressures may incentivize corners being cut, potentially impacting quality control measures or adherence to Good Manufacturing Practices (GMP). Compliance officers should be informing the board about potential risks associated with cost-cutting measures, as well as the potential legal and reputational consequences of non-compliance. Additionally, compliance officers should be prepared to advise the board on navigating the complexities of a shifting geopolitical landscape. This could involve ensuring robust due diligence on new suppliers and research partners, mitigating the risk of sanctions violations, and helping the business ensure continued access to critical resources.

From Reactionary to Proactive

Compliance officers have a golden opportunity to continue to transform their role. By proactively tackling the aforementioned topics and demonstrating a strategic grasp of the industry’s evolving landscape, they can become invaluable partners to their boards. This shift transcends mere reporting. Instead of simply reacting to events, compliance officers can anticipate risks, propose solutions, and actively align with the company’s strategic goals. This proactive approach will only strengthen their compliance program.

Key Takeaways

• Compliance officers must align with board priorities to truly become a strategic partner.
• Compliance officers should discuss with the board how they are helping mitigate digital enablement risks, including partnering on data governance, adherence to regulatory frameworks, and bias mitigation strategies.
• High turnover weakens controls, raising risk. When the employee landscape shifts, compliance officers need to identify gaps and refresh risk assessments.
• Compliance officers need to ensure their programs are adapting for decentralized clinical trials (DCTs).
• Compliance officers must continue to advise the board on responsible ESG reporting and navigating sanctions and supply chain risks.

Amy Pawloski, CCEP, CFE, PMP (amy.pawloski@strategicversatility.com) is the president of Strategic Versatility LLC a healthcare compliance consulting practice in Phoenixville, Pennsylvania.

The post The Top Five Boardroom Issues Compliance Officers Should Be Discussing appeared first on Compliance Chief 360.

A forensic post-mortem investigation into the cause of any corporate scandal or failure will identify a number (or perhaps all) of these deficiencies and weaknesses. But what if we could do a “pre-mortem” investigation? What if we could predict the scandal in advance and head it off by considering all the ways things could go wrong?

Artificial Intelligence is the latest buzz among compliance departments, and for good reason: It has the potential to completely transform compliance as it does for many corporate functions. But there is also a downside in the potential for massive risks that stem from the use of AI. It’s not hard to imagine that these AI risks will come to pass at one or more organizations and blow up into the latest scandal of epic proportions.

Artificial Intelligence technology as it evolves is certain to contribute to the creation, preservation, and destruction of stakeholder value in the coming weeks, months, and years. In terms of value creation, digital and smart technologies are already pervasive and AI in its many forms, such as machine learning, natural language processing, and computer vision, has the potential to leverage from this in order to add significant value, to make enormous contributions, and to create long-term positive impacts for society, the economy, and the environment.

It has the potential to solve complex problems and create opportunities that benefit all human beings and their ecosystems. Unfortunately, AI systems also have the potential for tremendous value destruction, and to cause an unimaginable level of harm and damage to human ecosystems, including business, society, and the planet.

Given the deficiencies and weaknesses described above in relation to everyday corporate scandals, one does not have to be a rocket scientist to predict that these same issues are also likely to arise in relation to AI technology. It is therefore incumbent upon our leaders to consider the potential serious impact, consequences, and repercussions which could emerge in relation to the development, deployment, use, and management of AI systems.

Anticipation of Future AI Hazards

An AI defense cycle can be viewed in terms of the corporate defense cycle, with the same unifying defense objectives representing the four cornerstones of a robust AI defense program.

Prudence and common-sense would suggest that it is therefore considered both logical and rational to anticipate the following deficiencies and weaknesses in relation to AI technology and to fully consider their potential for value destruction.

1. Failures in AI Governance
The current lack of a single comprehensive global AI governance framework has already led to inconsistencies and differences in approaches across various jurisdictions and regions. This is likely to result in potential conflicts between stakeholder groups with different priorities. The lack of a unified approach to AI governance can result in a lack of transparency, responsibility, and accountability which raises serious concerns about the social, moral, and ethical development and use of AI technologies. The ever-increasing lack of human oversight due to the development of autonomous AI systems simply reinforces these growing concerns. Prevailing planet governance issues are also likely to negatively impact on AI governance.

2. Poor AI Risk Management
Currently there appears to also be a fragmented global approach to AI risk management. Some suggest that this approach seems to overemphasize a focus on risk detection and reaction and underemphasize a focus on risk anticipation and prevention. It can tend to focus on addressing very specific risks (such as bias, privacy, security, and others) without giving due consideration to the broader systemic implications of AI development and its use.

Such a narrow focus on AI risks also fails to address the broader societal and economic impacts of AI and overlooks the interconnectedness of AI risks and their potential long-term consequences. Such short-sightedness is potentially very dangerous as it fails to address and keep pace with the potential damage of emerging risks while also failing to prepare for already flagged longer-term risks such as those posed by superintelligence or autonomous weapons systems and other potentially catastrophic outcomes.

3. AI Compliance Failures
AI compliance consists of a patchwork of AI laws, regulations, standards, and guidelines at national and international levels. This lack of harmonization of laws and regulations means that they are not in clear alignment, meaning they can be inconsistent in nature. This makes them both confusing and ineffective, making it difficult for stakeholders to comply with, and for regulators to supervise and enforce, especially across borders.

This lack of clear regulation and the lack of appropriate enforcement mechanisms makes it difficult to hold actors to account for their actions and can encourage non-compliance, violations, and serious misconduct leading to the potential unsafe, unethical, and illegal use of AI technology. The existence of algorithmic bias can result in a lack of fairness and lead to an exacerbation of existing inequality, prejudice, and discrimination. A major concern is that the current voluntary nature of AI compliance and an over reliance on self-regulation is not sufficient to address these potentially systemic issues.

4. Unreliable AI Intelligence
Unreliable intelligence can ultimately result in poor decision making in its many forms. Many AI algorithms can be opaque in nature and are often referred to in terms of a “Black Box,” which hinders the clarity and transparency of the development and deployment of AI systems. Their complexity makes it difficult to interpret or fully comprehend their algorithmic decision-making and other outputs.

It is therefore difficult for stakeholders to understand and mitigate their limitations, potential risks, and the existence of biases. This can further contribute to accountability gaps and make it difficult to hold AI developers and users accountable for their actions. AI development can also lack the necessary stakeholder engagement and public participation which can mean a lack of the required diversity of thought needed for the necessary alignment with social, moral, and ethical values. This lack of transparency and understanding can expose the AI industry to the threat of clandestine influence.

5. Inadequate AI Security
The global approach to AI security also appears to be somewhat disjointed. Data is one of the primary resources of the AI industry and AI systems collect and process vast amounts of data. AI technologies can be vulnerable to cyberattacks which can compromise assets (including sensitive data), disrupt operations, or even cause physical harm. If AI systems are not properly protected and secured, they could be infiltrated or hacked, resulting in unauthorized access to data and this could be used for malicious purposes such as data manipulation, identity theft, or fraud. This raises concerns about data breaches, data security, and personal privacy.

Indeed, AI powered malware could help malicious actors to evade existing cyber defenses thereby enabling them to inflict significant destruction to supply chains and critical infrastructure. Examples include damage to power grids, disruption of financial systems, and others.

6. Insufficient AI Resilience
The global approach to AI resilience is naturally impacted by the chaotic approach to some of the other areas noted above. Where AI systems are vulnerable to cyberattacks, this can allow hackers to disrupt operations leading to possible unforeseen circumstances which are difficult (if not impossible) to prepare for. This can impact on the reliability and robustness of the AI system and its ability to perform as intended in real-world conditions and to withstand, rebound, or recover from a shock, disturbance or disruption. AI systems can of course also make errors, incorrect diagnoses, faulty predictions, or other mistakes, sometimes termed “hallucinations.”

Where an AI system malfunctions or fails for whatever reason, this can lead to unintended consequences or safety hazards that could negatively impact on individuals, society, and the environment. This may be of particular concern in critical domains such as power, transportation, health, and finance.

7. Ineffective AI Controls
The global approach to AI controls also seems to be somewhat disorganized. Once AI systems are deployed, it can be difficult to change them. This can make it difficult to adapt to new circumstances or to correct mistakes. There are therefore some concerns that an overemphasis on automated technical controls (such as bias detection and mitigation) and not enough attention given to the importance of human control can create a false sense of security and mask the need for human control mechanisms.

As AI systems become more sophisticated, there is a real risk that humans will lose control over AI leading to situations where AI may make decisions that have unintended consequences that can significantly impact on individuals’ lives with potentially harmful consequences. Increasing the autonomy of AI systems without the appropriate safeguards and controls in place raises valid concerns about issues such as ethics, responsibility, accountability, and potential misuse.

8. Failures by AI Assurance Providers
There is currently no single, universally accepted framework or methodology for AI assurance. Different organizations and countries have varying approaches, leading to potential inconsistencies. The opaque nature and increasing complexity of AI can make it difficult to competently assess AI systems, creating gaps in assurance practices, and thus hindering the provision of comprehensive assurance.

The expertise required for effective AI assurance is often a scarce commodity and may be unevenly distributed which in turn can create accessibility challenges for disadvantaged areas and groups. The lack of transparency, ethical concerns, and the lack of comprehensive AI assurance can lead to an erosion of public trust and confidence in AI technologies which can hinder its adoption and potentially create resistance to its potential benefits. Given all of the above, the provision of AI assurance can be a potential minefield for assurance providers.

AI Value Destruction and Collateral Damage

Should any assurance provider worth their salt undertake to benchmark these eight critical AI defense components to a simple 5 step maturity model ( 1. Dispersed, 2. Centralized, 3. Global (Enterprise-wide), 4. Integrated, 5. Optimized) then each one of them individually and collectively would currently be rated as being only at step 1, Dispersed. This level of immaturity in itself represents a recipe for value destruction.

Each of these eight critical AI defense components are interconnected, intertwined, and interdependent as individually each impacts on, and is impacted by, each of the other components. They represent links in a chain where the chain is only as strong as its weakest link. Collectively they can provide an essential cross-referencing system of checks and balances which helps to preserve AI stakeholder value. Therefore, the existence of deficiencies and weaknesses in more than one of these critical components can collectively result in exponential collateral damage to stakeholder value.

Examples of Potential Value Destruction

Misuse and Abuse:AI technologies can be misused and abused for all sorts of malicious purposes with potentially catastrophic results. They can be used for deception, to shape perceptions, or to spread propaganda. AI generated deepfake videos can be used to spread false or misleading information, or to damage reputations. Other sophisticated techniques could be used to spread misinformation and be used in targeted disinformation campaigns to manipulate public opinion, undermine democratic processes (elections and referendums) and destabilize social cohesion (polarization and radicalization).

Privacy, Criminality, and Discrimination: AI powered surveillance such as facial recognition can be intentionally used to invade people’s privacy. AI technologies can help in the exploitation of vulnerabilities in computer systems and can be applied for criminal purposes such as committing fraud or the theft of sensitive data (including intellectual property). They can be used for harmful purposes such as cyberattacks and to disrupt or damage critical infrastructure. In areas such as healthcare, employment, and the criminal justice system AI bias can lead to discrimination against certain groups of people based on their race, gender, or other protected characteristics. It could even create new forms of discrimination potentially undermining democratic freedoms and human rights.

Job Displacement and Societal Impact: As AI technologies (automobiles, drones, robotics, and others) become more sophisticated, they are increasingly capable of performing tasks that were once thought to require human workers. AI powered automation of tasks raises concerns relating to mass job displacement (typically the most vulnerable), and the potential for widespread unemployment which could impact on labor markets and social welfare, potentially leading to business upheaval, industry collapse, economic disruption, and social unrest. AI also has the potential to amplify and exacerbate existing power imbalances, economic disparities, and social inequalities.

Autonomous Weapons: AI controlled weapons systems could make decisions about when and who to target, or potentially make life-and-death decisions (and kill indiscriminately) without human intervention, raising concerns about ethical implications and potential unintended consequences. Indeed, the development and proliferation of autonomous weapons (including WMDs) and the competition among nations to deploy weapons with advanced AI capabilities raises fears of a new arms race and the increased risk of a nuclear war. This potential for misuse and possible unintended catastrophic consequences could ultimately pose a threat to international security, global safety, and ultimately humanity itself.

The Singularity: The ultimate threat potentially posed by the AI singularity or superintelligence is a complex and uncertain issue which may (or may not) still be on the distant horizon. The potential for AI to surpass human control and pose existential threats to humanity cannot and should not be dismissed and it is imperative that the appropriate safeguards and controls are in place to address this existential risk. The very possibility that AI could play a role in human extinction should at a minimum raise philosophical questions about our ongoing relationship with AI technology and our required duty of care. Existential threats cannot be ignored and addressing them cannot be deferred or postponed.

AI Value Preservation Imperative

Under the prevailing circumstances the occurrence of some or all of the above AI related hazards represent both an unacceptably high probability and impact, with potentially catastrophic outcomes for a large range of stakeholder groups. Serious stewardship, oversight, and regulation concerns have already been publicly expressed by AI experts, researchers, and backers. It represents an urgent issue which requires urgent action. This is one matter where a proactive approach is demanded, as we simply cannot accept a reactive approach to this challenge. In such a situation “prevention is much better than cure,” and it is certainly not a time to “Shut the barn door after the horse has bolted.”

Addressing this matter is by no means an easy task but it is one which needs to be viewed as a compulsory or mandatory obligation. Like many other challenges facing human beings on Planet Earth this is one that will require global engagement and a global solidarity of purpose.

AI value preservation requires a harmonization of global, international, and national frameworks, regulations, and practices to help ensure consistent implementation and the avoidance of fragmentation. This means greater coordination, knowledge sharing, and wider adoption in order to help ensure a robust and equitable global AI defense program.

This needs to begin with a much greater appreciation and understanding of the nature of AI value dynamics (creation, preservation, and destruction) in order to help foster responsible innovation. Sooner rather than later, the approach to due diligence needs to include adopting a holistic, multi-dimensional and systematic vision that involves an integrated, inter-disciplinary, and cross-functional approach to AI value preservation. Such an approach can help contribute to a more peaceful and secure world, by creating a more trustworthy, responsible, and beneficial AI ecosystem for all.

This pre-mortem simply cannot be allowed to develop into a post-mortem!   

Sean Lyons is a value preservation & corporate defense author, pioneer, and thought leader. He is the author of “Corporate Defense and the Value Preservation Imperative: Bulletproof Your Corporate Defense Program.”

The post Anticipating a Scandal: Is AI a Ticking Time Bomb for Companies? appeared first on Compliance Chief 360.

The shareholder proposals specifically urge Exxon to diminish carbon emissions and broaden the range of emissions it monitors. “Investors face economy-wide risks from climate change,” Natasha Lamb, co-founder and chief investment officer at Arjuna Capital, said. “We have a fundamental right and duty to voice concern over climate risk, its impacts on the global economy, and shareholder value.”

According to Exxon, the proposals are “driven by an extreme agenda” and that the only reason why these activist organizations became shareholders was exclusively to campaign for change that is “calculated to diminish the company’s existing business.”

In its complaint, the energy giant said the Exxon shareholder proposals, “do not seek to improve [the company’s] economic performance or create shareholder value,” rather they are “trying to shrink the very company in which they are investing by constraining and micromanaging [its] ordinary business operation.”

Although Exxon has already demonstrated its efforts in reducing its greenhouse gas emissions, which includes those emissions that result directly from its business operations, the company has not implemented a plan to reduce emissions that result from the use of its products.

Exxon Sidesteps Traditional Proposal-Exclusion Procedure

When companies are faced with shareholder proposals that they would like to exclude from a proxy statement, they ordinarily file a “Rule 14a-8 no action request” with the SEC. A company can usually succeed in such a request if it can show that the proposal “relates to the company’s ordinary business operations.”

Although Exxon has asserted such a contention, the company did not do so with the SEC; instead, the oil giant sidestepped the agency and filed its lawsuit in a Texas federal court. The company addressed its decision to do so in its complaint: “The plain language of Rule 14a-8 supports excluding the 2024 Proposal, but current guidance by SEC staff about how to apply the rule can be at odds with the rule itself.”

In recent years, the SEC has raised the bar for companies seeking to challenge activist proposals by adopting a stricter standard. During this year, American Express and many other companies were denied in their requests to exclude certain shareholder proposals regarding environmental impacts, abortion, discrimination, and civil rights. Because of the SEC’s stringent view of “Rule 14a-8 no action requests,” Exxon opted for an unconventional approach in filing its lawsuit with the District Court in Northern Texas.

Although Exxon’s strategic sidestep may be unorthodox, it is not the first time that such a move has been used. Apache Corp. pushed the SEC to the side when it filed a similar lawsuit in the Southern District of Texas to strike activist shareholder proposals it saw as improper. The company prevailed in its lawsuit and set the stage for others to take the legal avenue.

From 2011 to 2014, three more companies followed suit and filed lawsuits in U.S. District Courts. All three companies prevailed in their lawsuits and were permitted to exclude certain shareholder proposals. However, in 2014, three more similar lawsuits were filed but were later dismissed for lack of jurisdiction.

Exxon hopes for a favorable ruling before March 19, anticipating two crucial deadlines in the upcoming spring. The company must submit its proxy statement by April 11, in preparation for its annual shareholder meeting scheduled for May 29.  

PHOTO BY HARRISON KEELEY, USED UNDER CREATIVE COMMONS LICENSE: CC BY 4.0

Jacob Horowitz is a contributing editor at Compliance Chief 360°

The post Exxon Takes Rare Move to Sue Shareholders Over Climate Change Proposals appeared first on Compliance Chief 360.

As with any transformative force, though, AI also presents a range of challenges and ethical concerns that demand careful consideration and decisive action. While many technology experts are still debating whether or not AI technologies could present an existential threat to humanity, the dangers of its misuse are clear to many. In the wrong hands of those with mischievous goals, AI can be used to help commit crime, aid terrorism, and circumvent security measures. Already, AI is being used to create audio and video “deep fakes” that impersonate voices or video likenesses to deceive our own eyes and ears.

In recognition of the profound impact of AI, as well as its potential dangers, the Biden Administration issued an Executive Order on Artificial Intelligence last month, outlining a comprehensive framework for the “safe, secure, and trustworthy development and use of artificial intelligence.” The executive order on AI sets new standards for AI safety and security, has new privacy provisions, and more.

“My Administration places the highest urgency on governing the development and use of AI safely and responsibly, and is therefore advancing a coordinated, Federal Government-wide approach to doing so,” President Biden stated in the order. “The rapid speed at which AI capabilities are advancing compels the United States to lead in this moment for the sake of our security, economy, and society.”

The Executive Order’s Pillars of AI Governance

The Executive Order on AI establishes a set of guiding principles for the development and deployment of AI across various sectors of the federal government. These principles emphasize the importance of:

1. Safety and Security: Ensuring that AI systems are designed, developed, and deployed in a manner that protects against potential harms, including safety risks, algorithmic bias, and privacy violations.
2. Reliability and Robustness: Fostering trust in AI systems by ensuring their reliability, accuracy, and resilience against adversarial attacks or manipulation.
3. Equity and Civil Rights: Preventing and mitigating potential harm to civil rights and ensuring that AI systems do not perpetuate or exacerbate societal inequities.
4. Public Trust and Transparency: Promoting transparency and accountability in the development and use of AI systems, allowing individuals to understand how AI is impacting their lives and providing mechanisms for redress in case of harm.

Key Provisions and Initiatives of the Executive Order on AI

To operationalize these principles, the Executive Order on AI outlines a series of concrete actions and initiatives. These include:

1. Establishing AI Governance Structures: Directing federal agencies to establish AI governance structures that align with the principles outlined in the order, including the designation of AI risk officers and the development of AI risk management policies.
2. Advancing Responsible AI Innovation: Promoting responsible AI innovation by funding research and development in AI safety, fairness, and explainability, as well as supporting the development of AI standards and best practices.
3. Protecting Federal Workers: Ensuring that AI systems used in the federal government are designed and deployed in a manner that protects the privacy, equity, and civil rights of federal workers.
4. Managing Risks from Government AI Uses: Establishing a framework for identifying, assessing, and managing risks associated with the use of AI in government decision-making, including the potential for bias, discrimination, and unintended consequences.

Promoting AI for Societal Benefit

While addressing the potential risks of AI is crucial, the Executive Order also recognizes the immense potential of AI to address societal challenges and improve human well-being. The order emphasizes the importance of:

1. Promoting AI for Public Benefit: Encouraging the development and use of AI to address public policy goals, such as improving healthcare, enhancing education, and protecting the environment.
2. Fostering an AI Talent Ecosystem: Investing in programs to develop the AI skills and expertise needed to support the responsible development and use of AI in the United States.
3. Promoting AI Innovation and Competition: Fostering a competitive and innovative AI ecosystem in the United States that encourages the development of groundbreaking AI technologies.
4. Advancing American Leadership in Global AI: Strengthening the United States’ leadership in global AI governance, promoting international cooperation, and ensuring that AI is developed and used in a manner that aligns with democratic values and human rights.

A Roadmap for Responsible AI Development

The Biden Administration’s Executive Order on Artificial Intelligence marks a significant step towards ensuring that AI is developed and used in a manner that aligns with the principles of safety, reliability, equity, and public trust. By establishing a clear framework for AI governance, promoting responsible AI innovation, and fostering an AI talent ecosystem, the order lays the foundation for a future where AI can be harnessed for the benefit of society while mitigating potential risks.

As AI continues to evolve, the implementation of this order will be crucial in navigating the complexities of this transformative technology and ensuring that AI is a force for good in the world.  

Joseph McCafferty is editor & publisher of Compliance Chief 360°.

The post Unpacking the Biden Executive Order on AI appeared first on Compliance Chief 360.

These laws (specifically, Rule 17a-4(b)(4) of the Exchange Act and Rule 204-2(a)(7) of the Advisers Act) impose a broad requirement that a broker-dealer and investment adviser retain all communications of relevant employees while in their professional capacities. This enforcement action represents a long-standing effort by the SEC to crackdown on off-channel communications resulting from continuous employee communication through popular and modern messaging and texting platforms such as iMessage and WhatsApp.

Of course, the use of unmonitored communication channels underscores the need for recordkeeping requirements, however that doesn’t justify the actions of the SEC to merely impose a fine and move on. Rather, the rise in off-channel communication violations highlights the need for the SEC to adapt to changing times and more recent communication technologies as it evidently shows that traditional regulatory measures are not fully effective in addressing the challenges posed by modern messaging platforms.

The SEC itself recognized that the use of off-channel communication platforms is pervasive within the financial industry. The Commission, however, fails to recognize that the pervasiveness does not necessarily stem from individuals intending to violate the Act, but simply from the convenience and effectiveness that such communication platforms offer. iMessage and WhatsApp offer easy and effective means through which broker-dealers and executives may conduct business. These platforms are used daily and on a worldwide scale; they are used for essentially every matter.

The SEC’s enforcement actions resulting from these violations are completely understandable in that they are, in part, efforts to safeguard the agency’s ability to exercise effective regulatory oversight. However, the SEC should be looking beyond these violations and to the root of the problem: the rise in technology. Rather than forcing these firms to pay for employing a modern, technological approach to communication, it should be focusing on adjusting its guidelines for digital recordkeeping in order to conform to the present era’s standards.

Ever since the COVID-19 pandemic, there has been a significant trend of working from home. As a result, many business-related text messages went untracked and unrecorded and thus the SEC enforcement actions resulted. However, it is undisputed that the “work-from-home” trend is likely to continue and perhaps even increase among broker-dealers and investment advisers who require only a computer and WI-FI to conduct business.

Work-From-Home Here to Stay

Bloomberg reported that just 20 percent of financial-services companies require that their employees come into the office five days a week, and two out of three banks offer full flexibility regarding their work schedule or some sort of hybrid work arrangement. Clearly the concept of remote work is not a trend but rather a common and permanent practice in today’s age. Popular communication platforms such as Zoom and Microsoft Teams are likely to only increase in use. This comes to show the everlasting effects that the pandemic had on the workplace and the standards of communication used by virtually every corporate firm. The SEC must recognize this clearly permanent change in the modern-day workplace and adjust its regulations to fit its demands.

Many will argue that although SEC’s regulations regarding off-channel communication are outdated, it would be impossible to implement changes that allow the agency to oversee actions that indicate unlawful behavior by brokers such as price fixing, insider trading, and manipulative trading practices. However, just as modern communication platforms pose an issue to the SEC, it also offers a solution. Some instant messaging platforms have begun to add features aimed at professional organizational industries, such as those designed to ensure compliance with the communication retainment requirement. Slack offers a good example of this.  Slack is a messaging app for businesses that strives to connect people to information. The company recognizes the need for record retainment and as a result implemented a feature that allows businesses to export conversations and retain them for eDiscovery purposes.

The SEC should look towards companies such as Slack as a representation of the ability ensure compliance with the Books and Records requirement all the while supporting modern technological developments. This is not to say that such a platform will completely deter broker-dealers from fraudulent behavior or communicating through off-channel communication platforms, as there will always be private alternatives. Employees communicate over iMessage or WhatsApp simply because it’s a common habit, given recent generational trends. However, by offering a regulatory alternative that is both capable of complying with record retainment requirements and conforms to the modern-day standards of communication platforms, firms will be more willing to comply with the SEC requirement, while maintaining an approach to off-channel communication used by broker-dealers for the purpose of conducting business.  

Jacob Horowitz is a J.D. candidate at the Benjamin N. Cardozo School of Law at Yeshiva University in New York.

The post Reform, Not Fines: The SEC Needs a New Approach to Off-Channel Communication appeared first on Compliance Chief 360.

As Chief Ethics and Compliance Officer at Activision Blizzard, my priority is building a safe, inclusive workplace culture for all employees. But how do we do that when the ground is always shifting?

Step One: Find steady ground in policies and processes

Much like laying the foundation of a house, the bedrock of any culture is its policies and processes. At Activision, this meant auditing our existing documents and refreshing them with employee-first language full of real-world examples. Gone are the days of lawyer-speak: our focus was on building a Workplace Integrity Policy that our employees could see themselves in. It needed to feel current—and human. We applied the same approach to our Code of Conduct, which now includes scenarios and quotes from employees.

In addition to refreshing the language in policies, we also experimented with new ways of promoting policies to Activision employees. By releasing bite-sized narratives that revealed ethical dilemmas in Way2Play Stories and offering annotated PowerPoint guides and talking points for people leaders, we could start to bring our shared commitments to life.

Step Two: Create safe spaces for people to practice ethics

Once the foundation is in place, the job is to build virtual rooms of the house where employees can not only understand ethical decision making, but practice and role-play different scenarios. At Activision, we co-developed a live, interactive Workplace Integrity Training complete with common workplace situations. This gives all employees not only the chance to learn, but also the opportunity to rehearse bystander intervention in challenging moments fostering a speak-up culture.

Additionally, we empower our global group of ethics ambassadors (called Way2Play Heroes) to represent all parts of our business. They serve on the front lines of employees who might have concerns at work but aren’t yet sure what to do. To amplify the voices of all of our employees, these Way2Play Heroes champion speaking up at the grassroots level.

Along with equipping employees with practical insights about Workplace Integrity, we provide a clear list of reporting channels on our ASK List so employees know where they can raise issues. Those on the ASK List practice and gain additional skills to fulfill their roles and responsibilities when reports are made. Rather than have one singular reporting channel or escalation path, our preferred method is to share multiple ways of communicating concerns, including an anonymous hotline. By offering employees choice, they’re encouraged and empowered to select the path that makes them the most comfortable and confident in the process.

Step Three: Define a rock solid and transparent investigations process

Perhaps the most significant element of building a speak-up culture is the investigations process. Ensuring the right people, process, and technology are in place is table stakes; otherwise, employees lose faith in the system.

Over the course of a year, Activision’s Ethics and Compliance team has scaled from a few people to nearly thirty dedicated team members. Establishing the right resources and infrastructure to follow up on every elevated concern was paramount. By being as open as possible about how and when decisions are made, our Way2Play Ethics and Compliance team can follow through on our commitments to earn (and deepen) our employee community’s trust.

Step Four: Make speaking up a business imperative

In today’s competitive talent market, building a thriving workforce requires shared commitment across the business. To craft a speak-up culture, it can’t be solely a compliance, legal, or HR project. Real change comes from every member of the organization committing to speaking up and standing up for what’s right.

As part of a global company in throes of change, coordinated communication is key to enabling this speak-up culture. It also takes a shared commitment from the leaders who model day-to-day behaviors, and fully listening to people’s stories if we miss the mark.

The Heartbeat of the Organization

Your organization is likely experiencing its own version of uncertainty and state of change. We often see unethical behavior emerge during these inflection points—even when they’re positive ones. By fostering a speak-up culture, our goal is stay closer to the heartbeat of the organization, hear about the small issues before they escalate, and empower every player to be a part of creating a culture where everyone can do their best work together. We’re by no means perfect, but we’re committed to reinforcing a better and more ethical house. Brick by brick.  

Jennifer Brewer is Chief Ethics and Compliance Officer at gaming company Activision Blizzard. Anne Jacoby is CEO of Spring Street Solutions Co., a strategy consulting firm based in Los Angeles.

The post Reinforcing a Speak-Up Culture in Uncertain Times, Brick by Brick appeared first on Compliance Chief 360.

• A top-tier bank was found to have no surveillance on its voice-brokered swaps desk, resulting in a $45 million fine for spoofing.
• FINRA warns about “non-specific surveillance thresholds” that are “not reasonably designed” based on their 2023 exam findings.
• The CFTC plans to invest in a “robust market surveillance unit” as part of its double-digit budget increase
• The SEC’s ambitious market structure proposals may have material consequences for trade surveillance parameters.
• The U.K.’s FCA Market Watch yet again reminds firms to conduct risk assessments and make sure their controls detect market abuse.
• Enforcement priorities across jurisdictions in APAC all cite concerns regarding market abuse, e.g., MAS in Singapore, SFC in Hong Kong, and ASIC in Australia.

While the compliance professionals I speak with are well aware of this regulatory scrutiny, are firms deploying trade surveillance resources efficiently to meet the risk?

As Eventus details in our recent report, global regulators are pressing compliance leaders to reassess their trade surveillance capabilities and to ensure they have tailored these systems properly to the new risks they face. For example, the SEC and FINRA said they examined nearly half of the 3,500 registered U.S. broker-dealers last year. These exams help the regulators collect information to promote compliance, prevent fraud, and monitor risk. Sometimes, these exams expose serious concerns that lead to wider enforcement investigations.

With time and experience, many practitioners note a pattern: new rules and guidance, followed by warnings, then, unsurprisingly, enforcement. Too often, updates in compliance systems, alert parameters and processes that could have prevented many headaches lag behind regulatory scrutiny.  The problems are well-known: pressure to lower the total cost of compliance operations, legacy technology that is unresponsive to ever-increasing false positives, markets that grow increasingly complex, and pressure to lower the total cost of operating.

My colleagues and I come from roles and organizations that have felt this pain. Today, I speak with a range of compliance leaders across the globe who are serious about compliance and care deeply about getting trade surveillance right. These are professionals in broker-dealers, banks, FCMs, exchanges, prop trading firms, and digital asset platforms.

Increased Complexity

One theme we continually hear is the need for flexibility in their compliance technology to empower their teams, not act as a barrier or burden. As shown in our recent survey, 94 percent of respondents cited the increased complexity and challenge of trade surveillance over the last three years. These leaders rarely believe that maintaining the status quo is the safe option and they want flexibility and expertise built into their systems.

As our recent report concludes, global regulators are scrutinizing firms with outdated parameters or alerts not tailored to their businesses. Like financial debt, being weighed down by technical debt can harm a firm’s bottom line and reputation.

The most experienced compliance teams–whether in broker-dealers, banks, or exchanges–look forward, with at least a five-year time horizon. They anticipate what behaviors their firms are exhibiting today that regulators might question in the near future. For example, the spread of encrypted mobile messaging apps a few years ago inevitably led regulators to crack down, issuing warnings and fines. Today, we can anticipate that issues like cross-product manipulation, multi-asset surveillance and having adequate explainability in machine learning will be part of investigations and enforcement cases for the rest of this decade. And, all of this while trying to lower the total cost of ownership.

The opportunity amid this challenge is that the industry has the expertise, experience, and now technical flexibility to build market surveillance for specific needs. There is a renewed desire to get to the risk quicker with top talent and improved efficiencies. The new paradigm dictates that compliance software be adaptable and allow teams to have a real say in how technology works for them.  

Joe Schifano is Global Head of Regulatory Affairs at Eventus

The post Practitioners Must Drive Trade Surveillance Compliance appeared first on Compliance Chief 360.

“The demand for compliance professionals, especially Chief Compliance Officers, is as strong as it has ever been,” says BarkerGilmore Managing Partner John Gilmore. “The need for business-minded leaders, an environment of increasing regulations, and the heightened awareness of the risks associated with lack of compliance have created a competitive landscape for compliance professionals.”

According to the report, the average total compensation for all CCOs was $346,000, with males earning slightly more than females by just $2,000. Interestingly, female CCOs earn slightly more on average in base pay—$250,000 compared to $245,000 for men—while males earn higher bonuses—$86,000 for men versus $70,000 for women.

Compliance Talent In High Demand

“As the government increases regulations and expectations, companies have responded by scaling up their compliance teams,” the report’s authors write. “During a year when their in-house counsel counterparts saw an overall compensation decrease of 3 percent, overall compliance compensation increased 8 percent. The demand for talent has allowed the most talented and experienced compliance professionals to seek competitive compensation packages.”

The average pay for all compliance officers was $258,000, with women out-earning men by an average of $6,000. Not surprisingly, public-company compliance officers far out-earned their private-company counterparts, with the average public-company compliance professional taking home $347,000 in annual total compensation, compared to $242,000 for private company compliance officers.

Energy Sector CCO’s Fair Best

Compliance professionals at publicly traded energy and public utility companies earned the most, with CCO’s in those industries earning an average total compensation of $638,000 and other compliance officers earning an average of $572,000. Those in the financial services sector had the lowest total compensation packages. CCOs at public financial firms earned an average total compensation of $387,000 and other compliance professionals at public financial firms earned average total pay of $261,000.

Other key findings of the report include:

1) Compensation Changes by Position: The average annual base salary increase for all positions across industries was 10 percent. Total compensation increased by 8 percent. CCO’s total compensation rose 10 percent, with a significant increase in long-term incentive pay (14 percent) and a 12 percent increase in base compensation. Total compensation for Compliance Officers and Counsel increased by 6 percent, with the only change occurring in base salary.

2) Chief Compliance Officers: On average, CCOs received 100 percent of their target bonuses in 2022. Chief Compliance Officers with a J.D. have a significantly higher salary than their non-J.D. counterparts. Total compensation for CCOs with a J.D. was 69 percent higher than those without a J.D. The difference in compensation was observed at all levels—base, bonus, and LTI. Chief Compliance Officers with experience working at Am 100 law firms earn significantly higher total compensation than those without law firm experience and those that worked at small or boutique law firms. Total compensation packages for female Chief Compliance Officers were 1 percent lower than their male counterparts. Thirty-seven percent of Chief Compliance Officers expect to make a compensation-related job move within the next year, down 3 percent from last year.

3) Compliance Officers: On average, Compliance Officers received 100 percent of their target bonuses in 2022. The overall gap in total compensation between Compliance Officers with J.D.s and without J.D.s is 15 percent; however, the gap widens significantly based on the law school ranking of the Compliance Officer. Compliance Officers who graduated from a Top 50 law school made 56 percent more in total compensation than Compliance Officers without a J.D. Similarly, Compliance Officers with law firm experience have increased total compensation by 25 percent compared to those without law firm experience. The gap grows to 62 percent if that law firm experience was with an Am Top 50 firm. Female Compliance Officers made 2 percent more in total compensation than their male counterparts. Forty-three percent of Compliance Officers expect to make a compensation-motivated job move in the next year.

4) Direct Reports: The number of direct reports a Chief Compliance Officer or Compliance Officer has correlates with their total compensation. Chief Compliance Officers with 20 or more reports made 133 percent more than those without reports ($665,000 compared to $285,000). Compliance Officers with 20 or more direct reports made 97 percent more in total compensation than those without reports ($463,000 compared to $235,000).

5) Sign-on Bonuses: Twenty-five percent of Chief Compliance Officers in new positions received sign-on bonuses. The median value of the sign-on bonus was $40,000. Similarly, 25 percent of Compliance Officers in new positions received sign-on bonuses. The median value of Compliance Officer sign-on bonus was $17,000.

The data was collected from a random sample of compliance professionals throughout the United States through an online survey administered in March 2023. More than 500 compliance professionals of various levels of seniority within different-sized public and private organizations responded to the survey. 

Joseph McCafferty is editor & publisher of Compliance Chief 360°

The post Compliance Officer Pay Jumped Significantly Last Year appeared first on Compliance Chief 360.

Legal, internal audit, and compliance leaders should address their organization’s exposure to six specific ChatGPT risks, identified by consulting and research firm, Gartner. They must also consider what guardrails to establish to ensure responsible enterprise use of generative AI tools, according to Gartner.

“The output generated by ChatGPT and other large language model (LLM) tools are prone to several risks,” said Ron Friedmann, senior director analyst at Gartner’s Legal & Compliance Practice. “Legal and compliance leaders should assess if these issues present a material risk to their enterprise and what controls are needed, both within the enterprise and its extended enterprise of third and nth parties. Failure to do so could expose enterprises to legal, reputational, and financial consequences.”

The six risk from ChatGPT (and other AI apps) that legal, internal audit, and compliance leaders should evaluate include:

Risk 1: Fabricated and Inaccurate Answers

Perhaps the most common issue with ChatGPT and other LLM tools is a tendency to provide incorrect – although superficially plausible – information.

“ChatGPT is also prone to ‘hallucinations,’ including fabricated answers that are wrong, and nonexistent legal or scientific citations,” said Friedmann. “Legal and compliance leaders should issue guidance that requires employees to review any output generated by ChatGPT for accuracy, appropriateness, and actual usefulness before being accepted.”

Risk 2: Data Privacy and Confidentiality

Legal and compliance leaders should be aware that any information entered into ChatGPT, if chat history is not disabled, may become a part of its training dataset.

“Sensitive, proprietary, or confidential information used in prompts may be incorporated into responses for users outside the enterprise,” said Friedmann. “Legal and compliance need to establish a compliance framework for ChatGPT use, and clearly prohibit entering sensitive organizational or personal data into public LLM tools.”

Risk 3: Model and Output Bias

Despite OpenAI’s efforts to minimize bias and discrimination in ChatGPT, known cases of these issues have already occurred, and are likely to persist despite ongoing, active efforts by OpenAI and others to minimize these risks.

“Complete elimination of bias is likely impossible, but legal and compliance need to stay on top of laws governing AI bias, and make sure their guidance is compliant,” said Friedmann. “This may involve working with subject matter experts to ensure output is reliable and with audit and technology functions to set data quality controls.”

Risk 4: Intellectual Property (IP) and Copyright risks

ChatGPT in particular is trained on a large amount of internet data that likely includes copyrighted material. Therefore, it’s outputs have the potential to violate copyright or IP protections.

“ChatGPT does not offer source references or explanations as to how its output is generated,” said Friedmann. “Legal and compliance leaders should keep a keen eye on any changes to copyright law that apply to ChatGPT output and require users to scrutinize any output they generate to ensure it doesn’t infringe on copyright or IP rights.”

Risk 5: Cyber Fraud Risks

Bad actors are already misusing ChatGPT to generate false information at scale, such as fake reviews and falsified video and audio impersonations. Moreover, applications that use LLM models, including ChatGPT, are also susceptible to prompt injection, a hacking technique in which malicious adversarial prompts are used to trick the model into performing tasks that it wasn’t intended for such as writing malware codes or developing phishing sites that resemble well-known sites.

“Legal and compliance leaders should coordinate with owners of cyber risks to explore whether or when to issue memos to company cybersecurity personnel on this issue,” said Friedmann. “They should also conduct an audit of due diligence sources to verify the quality of their information.”

Risk 6: Consumer Protection Risks

Businesses that fail to disclose ChatGPT usage to consumers (for example, using it to create a customer support chatbot) run the risk of losing their customers’ trust and being charged with unfair practices under various laws. For instance, the California chatbot law mandates that in certain consumer interactions, organizations must clearly and conspicuously disclose that a consumer is communicating with a bot.

“Legal and compliance leaders need to ensure their organization’s ChatGPT use complies with all relevant regulations and laws, and appropriate disclosures have been made to customers,” said Friedmann.

The use of AI in the workplace is just getting started and is likely to balloon in the coming years. As these apps evolve and employees begin to use them in new and surprising ways, new risks are certain to emerge. Legal, risk, audit, and compliance professionals need to stay on top of these emerging risks and manage them to ensure they don’t cause negative consequences to the organization. 

Joseph McCafferty is editor & publisher of Compliance Chief 360°

The post Six Risks from ChatGPT that Compliance Leaders Should Know About appeared first on Compliance Chief 360.