Skip to main content

An automation solution that’s not adequately aligned with your business needs or not properly developed can, sometimes, do more harm than good.

Technology is often touted as a panacea for our overloaded work lives. And while we at Ascent believe strongly in technology’s ability to help save firms time and money, we also know that not all technology is created equal.

An automation solution not adequately aligned with your business needs or not properly developed can do more harm than good. “Top-down” automation in particular can have significant consequences.

Below we break down the difference between “top-down” and “bottom-up” automation, define the risks that can come with top-down providers, and explain how to evaluate your options.

READ MORE: What are ‘granular’ obligations in RegTech?

Top-Down Vs. Bottom-Up: What’s the Difference?

Imagine you are given a document about cybersecurity and tasked with analyzing how that document relates to your company’s cybersecurity policy. 

What do you do? Do you scan through the document looking for any mention of the term “cybersecurity”? Or do you read through the document thoroughly — sentence by sentence, word by word — in order to understand it as completely as possible?

These two methods can be seen as metaphors for how top-down and bottom-up automation approach the work of regulatory compliance. 

Top-down automation acts like a search, skimming through the document for a specified search term. The technology involved isn’t meaningfully different from that powering any website search bar. 

Bottom-up automation, however, uses natural language processing and machine learning models to analyze a document at a word-by-word level. Because of this, it’s able to extract a significantly greater amount of information from each document and to employ that information in many more ways.

RegTech providers often shy away from trying to develop bottom-up solutions because they can take years to initially ramp up and can require much more complex technology. But those that spend the time and are able to develop the AI end up with a far more powerful solution.

Bottom-up automation is akin to having a cybersecurity expert analyze that document for your company, while top-down is more like running a quick word search of it. One can provide a deep understanding of the material. The other can carry some hidden risks.

3 Big Risks with Top-Down Automation

Risk #1: Top-down automation creates more work, not less

The promise of any kind of automation is that it will reduce your workload.

In regulatory compliance, one of the most challenging aspects of compliance is analyzing the massive troves of regulatory documents constantly being released in order to determine which obligations apply specifically to your business. This process, if automated properly, can reduce a team’s workload by hundreds or even thousands of hours while simultaneously reducing risk and improving accuracy.

But, if automated improperly, tech providers can create the opposite result.

Rather than a select, curated list of obligations being automatically created for you, top-down automation tools can inundate you with a massive dump of results that may have only a tangential connection to your business. This happens because top-down tools return every result where a search term is mentioned — regardless of whether that mention is meaningful.

Ultimately, this adds yet more to the ever-increasing workload of Risk and Compliance teams, and further widens the trust gap many companies already have regarding AI’s capabilities. 

Risk #2: Top-down automation adds risk instead of reducing it

When teams are inundated with a massive list of “potential” obligations, it doesn’t just create more work for them. It can also create more risk. 

Let’s say a top-down automation tool provides you with a long list of search-based results. Combing through it, you realize the tool hasn’t actually streamlined your process because it hasn’t narrowed down your results at all. You decide to revert mainly to your historical, manual process, occasionally referencing the search results as needed.

But, if in your manual process you happen to miss an obligation, your top-down automation tool might have opened you up to additional risk.

Regulators, combing over the audit trail, might see that the missed obligation was buried in the massive list returned by the automation tool. Seeing this, and that the obligation wasn’t implemented, the regulator could conclude that your team disregarded it. 

This situation is far from hypothetical. Regulators are already going on record asking firms what they’re doing to leverage regulatory technology. As they examine firms’ use of tech, they likely won’t be considering whether firms chose helpful solutions or harmful ones — just whether firms effectively employed them.

Risk #3: Top-down automation undermines faith in the power of technology

Digital disruption is here to stay

Before the current crisis, implementing emerging technologies was a way to leverage a team’s time more efficiently and gain an edge on competition. Now, in our new tumultuous environment with its bear market budget constraints, it’s a cost-saving necessity.

But garnering executive buy-in for a new tech solution, uniting a team around it, and working through a successful implementation is no easy task. It’s made exponentially harder if the stakeholders involved have a fresh memory of a solution that didn’t live up to its promise and ended up wasting precious funds.

In pursuit of end-to-end compliance, teams will likely need to build a RegTech stack of multiple solutions — not just to stay ahead of the competitive curve, but simply to keep up with the pace of regulatory change. That won’t be possible if an institution has lost its faith in the power of technology because of a bad experience with a problematic vendor.

How to Avoid the Pitfalls of High-Risk Automation

To make sure your tech solutions actually act like a solution, we suggest the following:

Take time to vet providers. Learn about the technology behind the tools — whether its machine learning, natural language processing, or something else. The more you understand about how the technologies work, the more you’ll be able to evaluate whether they align with your goals.

Consider using a piecemeal implementation approach. It can feel like a real leap of faith to take on the cost and implementation of a new solution. But by beginning with the starter tier of a platform, you can see firsthand how the solution integrates with existing procedures, build faith in and support for the solution across the company, and see the cost-saving benefits in real time. 

Find a tool that can grow with your company. Part of finding the right tech solution is avoiding one that is too limited in scope. If you can instead leverage a robust tool offering a platform of solutions, you won’t have to rip out a more limited point solution a year or two down the road when the needs of your company have outgrown it. 

Ascent — AI Built from the Bottom Up

At Ascent, we’ve built a truly innovative, bottom-up, regulatory technology solution — RegulationAI™. This “digital brain,” trained on tens of thousands of lines of regulatory text and with hundreds of hours of human expert review, powers the entire Ascent platform.

Our machine learning models decompose regulatory texts down to their most basic units — line by line, word by word. This provides us with not just the “raw data” of a regulatory document but the connections between that data as well. Because of this, we’re able to map a company’s regulatory obligations with significantly more detail and accuracy than a simple search-based approach. We provide our customers not with a massive list of potential obligations but with a select list of requirements specific to their business needs.

READ MORE: RegulationAI™ – Why It’s Different


Modern challenges require modern tools. Interested in seeing how Ascent can help you identify your obligations and automatically keep them updated as rules change?

Contact Us