Search
As business integration of generative artificial intelligence (GenAI) grows rapidly, financial institutions continue to find ways to incorporate it into their operations to increase efficiency and stay competitive. One form of GenAI tools demonstrating promise in the financial crime compliance arena are large-language models (LLMs), which are trained on vast historical datasets and capable of comprehending and generating human language. Use cases for these models can cover a wide range of areas that include intelligent automation, knowledge-based answering, text classification, generating original written content, and summarizing documents. The potential for GenAI to augment, improve, and enhance operational capability is especially significant for organizations in the financial services industry. Because financial crime compliance involves a vast array of necessary but repetitious tasks that must be carried out in accordance with well-defined policies and procedures, it can be an ideal arena for incorporating task-specific LLMs. By automating the time-intensive responsibility of gathering and organizing data in a logical, structured, consistent fashion, your organization can free up human talent to handle the judgment-based activities required by financial crime compliance.
Regulators have become more open to the use of AI and even encourage it.1 However, organizations must bear in mind that they are likely to view any AI-driven solution as regulatory technology, or RegTech—a collection of digital technology, models, and solutions that help entities comply with regulations—rather than as generic software solutions, models, or approaches. In this context, strategic decision-making around GenAI RegTech becomes even more vital, since regulators can and will hold your organization to a higher standard given the dual complexities of GenAI RegTech and financial services compliance standards. In addition, a solution that may have worked in one context can quickly expose you to risk in another. Understanding these dynamics is key to a successful GenAI implementation that enhances your compliance program’s effectiveness and efficiency while meeting regulatory expectations.
From a pure development perspective, a particular LLM model may appear to offer good functionality and performance but not be the right fit for some uses. In anti-money laundering investigations, for example, an LLM model may be able to automate the entirety of a case investigation process, up to and including making determinations of suspicion. But a model risk management team and regulatory examiners may be skeptical that the model is conceptually sound if it lacks sufficient explainability, clear and evident alignment to required risk typology coverage, and human involvement in the decision-making process. When it comes to financial crime compliance, understanding what LLMs shouldn’t do is as important as knowing what they can do. Organizations that take the time to consider these factors will be more likely to design GenAI RegTech that will satisfy both operational needs and regulatory demands.
For some financial institutions, experimenting with LLMs by developing internal pilots within their broader IT and data science teams seems like a logical way to leverage economies of scale, reduce costs, and optimize resources by applying the same solution or models to similar problems across an organization. But collaboration is needed between IT and compliance teams when implementing LLMs. Consider the process that is followed in the selection and implementation of a new platform such as an anti-money laundering (AML) transaction monitoring system, Know Your Customer system or sanctions screening system. This process is often guided and driven by compliance organizations, who will define the requirements, select vendors, refine required features, measure efficiency and productivity, and importantly, assure alignment with regulatory expectations. The process should be no different with LLM solutions in this area.
Even in situations where a particular GenAI model and approach may have more universal applicability, the specific use cases for financial crime compliance often require very specialized knowledge. For example, with AML compliance, there may be hundreds or even thousands of behavioral risk typologies that need to be addressed, evaluated, and mitigated. The compliance team is best suited to oversee such responsibilities vis-à-vis GenAI RegTech, with IT and data science contributing their expertise in more supportive roles.
With so much at stake—from compliance to ROI—it’s essential to be vigilant regarding tracking, recording, and keeping a direct line of vision into all GenAI-generated outputs. According to “The State of GenAI Today: The Early Stages of a Revolution”—a 2024 Guidehouse/CDO Magazine survey of senior executives across commercial and public sectors—more than three-quarters (77%) of respondents reported that regulatory compliance and ethical guidelines surrounding GenAI in their organizations are vague or unclear. That’s why comprehensive, well-defined regulatory frameworks for GenAI are needed to ensure compliance and ethical alignment.
Survey results also indicated that organizations with a better handle on GenAI-related regulatory compliance and ethical guidelines have a substantial 75% of AI outputs fully documented. Financial organizations must prioritize such monitoring throughout implementation and deployment, since enhancing documentation and transparency for any GenAI-infused RegTech solution is critical for building trust and facilitating effective AI governance.
Because the GenAI application process should be treated in much the same way as any RegTech design, development, and implementation, your compliance teams should keep the following considerations in mind:
Be the driver — Your organization’s compliance team should own implementation of GenAI technology because its members are best positioned to understand regulatory risks as well as proper workflow, procedures, and outcomes. But this doesn’t diminish the importance of your IT and data science teams, who are critical partners to success.
Be transparent — Regulators expect transparency, repeatability, and auditability of outcomes. GenAI is inherently opaque, but if you ensure that your solution’s design is well thought out with strong controls, you can more easily pass regulatory review.
Be adaptable — Designing your GenAI implementation as a modular solution will allow for maximum flexibility. Modularity lets you adapt prompts to emerging risks, typologies, and behaviors without risking unknown impacts across the model, where one small change might otherwise require a complete evaluation of the whole solution.
Be involved — At the core of every compliance decision, a responsible party is necessary. Humans provide the crucial interpretation and judgment to evaluate GenAI output.
The path to effective, compliant use of RegTech is particularly complex for the financial services industry. Whether you are at the start of your organization’s journey or well on your way, engaging a proven subject matter expert can enable your organization to successfully select, implement, deploy, and monitor the right GenAI RegTech for your institution. Guidehouse is eminently well-positioned to help financial institutions, payment processors, and fintech companies with responsible design and implementation of GenAI governance, frameworks, infrastructure, models, and operational integration while navigating the nuances of the regulatory landscape.
Guidehouse is a global consultancy providing advisory, digital, and managed services to the commercial and public sectors. Purpose-built to serve the national security, financial services, healthcare, energy, and infrastructure industries, the firm collaborates with leaders to outwit complexity and achieve transformational changes that meaningfully shape the future.