You are currently browsing the category archive for the ‘Uncategorized’ category.
Today’s proponents of artificial intelligence (AI) tend to focus on its spectacular uses such as self-driving cars and uplifting ones such as medical treatment. AI also has the potential to aid humanity in more modest ways such as eliminating the need for individuals to do tedious repetitive work in white-collar areas. Along these lines, at its recent Vision users conference, IBM displayed an application of its Watson cognitive computing technology designed to automate important aspects of regulatory and legal compliance. Should it prove workable, the application of cognitive computing to compliance could be the first step in achieving what various “Paperwork Reduction Act” legislation has failed to do: substantially cutting the time needed to comply with rules imposed by government entities.
Regulatory compliance requires plenty of effort, especially in heavily regulated industries and especially during periods of rapid change in rules. Regulatory burdens on business in the United States have been increasing and growing more complex. For example, the number of pages added to the U.S. Federal Register, a rough measure of rule-making, grew 38 percent, from 529,223 pages in the 1980s to 730,176 in the 2000s, and that growth is on pace to reach 800,000 for the decade ending in 2019. Not all of these additions apply to a specific company’s business, and not all changes are relevant. But poring through pages of laws, rules and judicial rulings to identify relevant new requirements or changes to existing ones requires expertise and often considerable effort. Determining how to address regulatory changes and ensuring that these requirements are being met also entails knowledge and experience and consumes time. While necessary virtually none of all this work adds to the bottom line (except to the extent that it avoids fines or penalties) or improves a company’s competitiveness.
In concept, cognitive computing is well suited to help manage compliance because it has the ability to continuously scan all sources of rule-making, identify those that may be relevant to an organization, and provide suggestions on how best to comply with rules and oversee the compliance program. It can improve the effectiveness of the compliance process by reducing the risk that a company will overlook regulations that apply to it or will implement a compliance program that does not adequately address requirements. In short, by using automation, cognitive computing can increase the efficiency with which a company addresses its compliance requirements. Our benchmark research on governance, risk and compliance (GRC) finds that this is important: Companies most often focus on GRC to contain overall risk and the risk of failure to comply with regulations (77% and 74%, respectively) and much less often to cut costs (31%).
The primary steps any company faces in addressing regulatory compliance are identifying and understanding regulations that apply to it; determining how to address each of them; creating the appropriate measures and governance to achieve compliance; ensuring that the necessary documentation is created to confirm conformance; and guaranteeing that issues that arise are handled properly. Companies face challenges in doing this correctly and in a timely fashion. The process of interpreting the regulations and linking them to the appropriate controls is difficult and costly. Expertise is necessary, on the part of internal staff, external consultants or legal counsel. Historically companies have devolved responsibility for regulatory compliance to the individual business units most closely affected because it was the practical approach. However, decentralized approaches make it difficult to gauge overall compliance, and as the scope of regulation increases over time they lead to duplicate controls and increased costs of compliance.
IBM Watson is potentially a good fit for managing regulatory compliance because it pools knowledge of a topic. As in the case of medicine, the collective efforts of all companies using Watson to assist in managing regulation help all of the participants. Because their combined learning processes are cumulative, Watson can build a knowledge base fast and absorb new facts and conditions quickly. It’s to all participants’ advantage to expand the capabilities of the system cooperatively. In both disciplines, learning involves mastering a technical language and syntax and being able to link their meaning to specific recommended actions.
Watson’s approach to cognitive compliance starts by parsing the body of regulations in a fashion similar to the work it has done in consuming the scientific literature in the field of medicine. It then would identify all compliance requirements that may be relevant to a specific financial institution. The company would vet the list it produces to arrive at a list of validated compliance requirements. The cognitive compliance system would then use Watson to generate a recommended set of controls and procedures based on accepted practices (which may be rooted in anything from black-letter law to actions taken by similar companies). The user company would select those that it deems appropriate. These decisions would be made by trained individuals – for example, those with compliance responsibilities in a particular area, internal counsel or attorneys specializing in a relevant practice area. Once established, a cognitive compliance system could automate the process of monitoring regulatory actions and rule-making that is relevant to the company and flagging anything that requires review.
IBM intends to focus Watson’s cognitive compliance efforts initially on the financial services sector. In part this is because the company already has a significant presence in this market segment, but the main reason is because in the United States the complexity of the rules governing this industry has mushroomed since the financial crisis of the past decade. For example, the so-called Volcker Rule, intended to prevent banks from engaging in speculations that put government deposit insurance and the financial system at risk, was spelled out in just 165 words in the 2010 Dodd-Frank Act. However, translating that concept into practice required the collaboration of five regulatory agencies: The Federal Reserve, the Securities and Exchange Commission (SEC), the Commodity Futures Trading Commission (CFTC), the Federal Deposit Insurance Corporation (FDIC) and the Office of the Comptroller of the Currency (OCC). It took about five years for this group to assemble a 71-page rule (not written in plain English) that has an 891-page preamble. As to cost of dealing with this complexity, in 2015, the OCC estimated that the cost of complying with Dodd-Frank for the seven largest U.S. banks in 2014 was US$400 million. In another example, 13 Europe-based banks spent between $100 million and $500 million each to achieve compliance with a rule requiring them to create umbrella legal structures for their local operations and take part in the Fed’s annual stress tests. To be sure, the current regulatory conditions affecting banks is an extreme example. However, for that reason it’s an attractive potential market.
If applying cognitive computing to regulatory compliance works for financial services, there are likely to be many other industries in which the regulatory requirements are demanding enough to track and implement to make its use worthwhile. One intriguing possibility for the longer term is Watson’s potential to identify duplicate or conflicting regulations and laws and enable legislators and regulatory bodies to streamline or rationalize them. We recommend that financial services organizations and perhaps others look into this intriguing possibility.
Senior Vice President Research
Follow Me on Twitter @rdkugelVR and
Connect with me on LinkedIn.
The blockchain distributed database was invented to create the peer-to-peer digital cash called bitcoin in 2008. Although the future potential of bitcoin and other cryptocurrencies has been debated, the distributed ledger structure using a blockchain database that supports bitcoin is likely to be adopted for a range of commercial and governmental purposes. Distributed ledgers are a secure and transparent way to digitally track the ownership of assets while enabling faster transaction speeds and reducing potential for fraud. How quickly companies, governments and individuals start using distributed ledgers and for what specific purposes remain to be seen, but their use will be independent of cryptocurrencies’ fortunes. Expansion in the use of distributed ledgers will depend heavily on the success of the initial applications and whether there are major hiccups in their use.
To the extent that people have even heard of distributed ledgers, most associate the technology with bitcoin or some sort of payment system. However, it can do more than that. The technology can complement and enhance a variety of enterprise applications, facilitate commercial transactions of all types and provide governments with the ability to streamline interactions with the public.
Here’s a summary of the technologies involved: A distributed ledger is a shared database of assets and their owners located on multiple nodes (sites) on a network. All nodes have an identical copy of the ledger, and any changes to the ledger are incorporated rapidly (at a maximum within minutes; ideally within seconds) in all copies. Distributed ledgers’ distinct value is their ability to securely identify ownership of any form of asset – physical, financial, legal or virtual – and faithfully record all transactions involving these assets. The security of the validity and dependability of the distributed ledger depend on several factors: its blockchain construction, decentralized ownership of identical copies of a ledger, the use of public key encryption of the entries in the database and the use of digital signatures for access control. An important advantage of it lies in moving much of the complexity of managing security onto the structure of the system itself, making such systems easier and less expensive to manage and use than conventional on-premises and cloud-based applications.
Blockchain algorithms enable transactions to be aggregated in blocks that are added sequentially to a chain of existing blocks using a cryptographic signature. A transaction may be, for example, the sale and purchase of an asset or the addition of a health record or a patent filing.
When someone wants to add to the database, each owner of the distributed ledger runs a set of algorithms to evaluate and then verify the proposed transaction. If a consensus (usually a majority of participants) agrees that the transaction looks valid – that is, the identifying information matches the blockchain’s history – then the new transaction will be approved and a new block added to the chain in that ledger. If the participants deciding on the validity of the transactions are preselected, the ledger is said to be “permissioned.” If the process is open to everyone (like bitcoin), the ledger is “unpermissioned.” The advantage of an unpermissioned ledger is that it evades control by authorities. This may be to achieve ethical objectives (for instance, overcoming censorship or theft by autocratic or kleptocratic governments) or for nefarious purposes (money laundering or trade in contraband). Permissioned ledgers can have an advantage if managed by actors (such as self-regulated commercial body or governments) that have the trust of the participants. Permissioned blockchains provide highly verifiable data sets because the consensus process creates a digital signature visible to all parties.
The cryptographic signature using public key encryption can provide individual privacy while validating the identity of the individual making the change. Already in wide use public key encryption enables anyone to encrypt a message using the public key of the receiver, but such a message can be decrypted only with the receiver’s private key. Public key encryption is often compared to a locked mail box with a mail slot. The mail slot is accessible to the public, and its location – the street address – is the public key. Anyone can drop a message through the slot, but only the individual who has the private key can open the mailbox and read the message.
The blockchain structure provides a permanent audit trail since no records can be deleted without collusion on a massive scale. Distributed mirrored databases substantially reduce the ability of anyone to tamper with data since each instance would have to be altered in an identical fashion almost simultaneously. A cryptographic hash function provides a fast and highly efficient means of detecting if a blockchain has been tampered with and for assuring the integrity of transmitted data. That said, distributed ledgers are not invulnerable to attack. Anyone who can find a way to modify one copy legitimately might be able to modify all copies of the ledger. This will happen if systems can be compromised through, for example, phishing or pretexting.
How a given distributed ledger is controlled can vary. Although the ledgers are distributed, there can be varying degrees of centralized control to suit the specific purpose of the ledger. Unpermissioned ledgers (such as bitcoin) are not owned by any individual or entity and anyone can contribute data to the ledger. At the other end of the spectrum, permissioned ledgers may have one or many owners and only they can determine who can add records and verify the contents of the ledger. In practice, the latter can only be considered a distributed ledger (in the definition I’m using) if the number of owners and their independence are sufficient to ensure that the possibility of successful collusion to alter the database is sufficiently low to achieve public confidence. I’ll leave it to others to decide for themselves if a distributed ledger organized and controlled solely by a single organization such as the financial network SWIFT should be regarded as a “true” distributed ledger. By my definition it is. It’s likely that some existing single-entity controlled networks (such as those that manage supply chains) will adopt the distributed ledger structure for all or part of their operations to provide new services or to modify their existing architecture to reduce costs, enhance performance or gain flexibility.
There is no shortage of potential uses of distributed ledgers. There are so many that they – and the underlying blockchain methodology – can appear to be another example of a new technology in search of a mission. Distributed ledgers are not an application but a facility that can support application functions. They can, for example, record the basics of a transaction (such as the details of the item that has been exchanged and the corresponding payment) or serve to signal events (such as accepting a shipment).
Distributed ledgers could serve as a secure platform for all forms of contracts; potentially they could make it easier to enforce contracts of all types in parts of the world where the rule of law is weak because the platform could ban all participants that renege. Distributed ledgers also could be used in settling securities trades of all types – this is more of an evolutionary improvement over today’s systems. In concept, a distributed ledger could cut reconciliation costs by more fully automating the trade settlement process and substantially improving the quality of data, as well as enabling financial institutions to make more efficient use of collateral and regulatory capital by limiting the volume of trades in limbo because they failed to settle.
In commerce, distributed ledgers have the potential to substantially enhance visibility in multitier supply chains and multistep distribution, increase traceability of materials and combat drug counterfeiting. They can provide accurate and immediate customer records or immediately reflect changes to the properties in product life-cycle management and product information management. Networks for connecting members of a value chain have been difficult to establish because typically they have been set up by one of the major players. Competitors of that major player cannot (will not) participate in that network, blunting its effectiveness and leading to network fragmentation. Distributed ledgers might be less prone to this defect because they provide a secure, auditable mechanism for data capture and exchange that can complement but not replace the functionality of a value-added network. Companies therefore would be able to operate on different value-added networks that all use the same transaction data.
In the public sector there are many ways in which governments can use distributed ledgers including property record-keeping, healthcare data, a digital notary system, recording government contracts and handling tax and other payments.
Despite these potential uses it’s not clear how quickly distributed ledgers will gain traction and profitability in the commercial realm. In developed economies, there already are many trusted networks and methods for transacting business governed by commercial codes. Ultimately they may adopt a distributed ledger structure because it’s superior to the technology they are currently using in terms of speed and robustness. Some observers estimate that banks collectively could save billions of dollars in IT infrastructure costs by employing them for payments across borders, securities trading and regulatory compliance. Beyond savings, the desire to improve service or the threat of competition from an upstart will drive the process. There are many opportunities to create permissionless networks in less developed economies, but it may be difficult to make them more than marginally profitable initially until some combination is achieved of their networks becoming large enough and their costs getting small enough.
Much work still needs to be done to make distributed ledgers a reality. One serious issue for distributed ledgers is the large amounts of computing (and electrical) power required to make them work. Another issue to be addressed is auditing. Accountants will need to be able to audit records on permissioned ledgers. Then, too, there is the matter of governance structures. This is less of an issue in largely free-market jurisdictions with solid rules of law. Rules established by the owners and participants of a ledger that safeguard their private interests must be supported by legislation and regulation consistent with existing commercial codes. In turn legislation and regulation must balance public and private interests without being so rigid as to stifle innovation and growth.
For the time being, it’s not clear that distributed ledgers will displace trusted networks such as those offered by ERP vendors because it won’t have the functionality and process control that are part of those products. Those running trusted networks probably will not be in a hurry to open up their management to others since all have some value associated with being in charge. And the security issues that SWIFT has encountered (hackers managed to steal $US 81 million from Bangladesh’s central bank) would not have been prevented through the use of blockchain. It’s likely that there are scores of opportunities to create blockchain networks that are economically workable, but it’s not clear how soon these will become economically significant.
I’ll leave it to others to comment on the future of cryptocurrencies. I’m fairly certain that their impact on the adoption of blockchain technology is neutral. All the attention that bitcoin and others have showered on blockchain is fully offset by entities that hold a negative view on cryptocurrencies because of their association with illegal commerce and theft. Nevertheless it is likely to have an impact someday, and software executives and information technology service providers would be well-advised to familiarize themselves with the technology and its potential.
Senior Vice President Research
Follow Me on Twitter and
Connect with me on LinkedIn.