All Tech is Not Created Equal: The Difference Between “Top-Down” and “Bottom-Up” Automation | Ascent

An automation solution that’s not adequately aligned with your business needs or not properly developed can, sometimes, do more harm than good.

Technology is often touted as a panacea for our overloaded work lives. And while we at Ascent believe strongly in technology’s ability to help save people time and money — and feel that, in these tumultuous times, it represents the only real path forward for Risk and Compliance teams — we also know that not all technology is created equal.

Unfortunately, an automation solution not adequately aligned with your business needs or not properly developed can do more harm than good. “Top-down” automation in particular can have a detrimental effect.

Below we break down the difference between “top-down” and “bottom-up” automation, define the risks that can come with top-down providers, and explain how to evaluate your options.

DOWNLOAD WHITEPAPER: Complying Smarter in Turbulent Times


Top-Down Vs. Bottom-Up

Imagine you are given a document about cybersecurity and tasked with analyzing how that document relates to your company’s cybersecurity policy. 

What do you do? Do you scan through the document looking for any mention of the term “cybersecurity”? Or do you read through the document thoroughly — sentence by sentence, word by word — in order to understand it as completely as possible?

These two methods can be seen as metaphors for how top-down and bottom-up automation approach the work of regulatory compliance. 

Top-down automation acts like a search, skimming through the document for a specified search term. The technology involved isn’t meaningfully different from that powering any website search bar. 

Bottom-up automation, however, uses natural language processing and machine learning models to analyze a document at a word-by-word level. Because of this, it’s able to extract a significantly greater amount of information from each document and to employ that information in many more ways.

RegTech providers often shy away from trying to develop bottom-up solutions because they can take years to initially ramp up and can require much more complex technology. But those that spend the time and are able to develop the AI end up with a far more powerful product. 

Bottom-up automation is akin to having a cybersecurity expert analyze that document for your company, while top-down is more like running a quick word search of it. One can provide a deep understanding of the material. The other can carry some hidden risks.

Here are three to look out for.

Danger #1: Top-down automation creates more work, not less.

The promise of any kind of automation is that it will reduce your workload, saving you time and therefore money.

In regulatory compliance, one of the most challenging aspects of regulatory change management is analyzing the massive troves of regulatory documents constantly being released in order to determine which obligations apply specifically to your business. This process, if automated properly, can reduce a team’s workload by hundreds or even thousands of hours while simultaneously reducing risk and improving accuracy.

But, if automated improperly, tech providers can create the opposite result.

Rather than a select, curated list of obligations being automatically created for you, top-down automation tools can inundate you with a massive dump of results that may have only a tangential connection to your business. This happens because top-down tools return every result where a search term is mentioned — regardless of whether that mention is meaningful.

Ultimately, this adds yet more to the ever-increasing workload of Risk and Compliance teams, and further widens the trust gap many companies already have regarding AI’s capabilities. 

Danger #2: Top-down automation adds risk instead of reducing it.

When teams are inundated with a massive list of “potential” obligations, it doesn’t just create more work for them. It can also create more risk. 

Let’s say a top-down automation tool provides you with a long list of search-based results. Combing through it, you realize the tool hasn’t actually streamlined your process because it hasn’t narrowed down your results at all. You decide to revert mainly to your historical, manual process, occasionally referencing the search results as needed.

But, if in your manual process you happen to miss an obligation, your top-down automation tool might have opened you up to additional risk.

Regulators, combing over the audit trail, might see that the missed obligation was buried in the massive list returned by the automation tool. Seeing this, and that the obligation wasn’t implemented, the regulator could conclude that the team disregarded it. 

This situation is far from hypothetical. Regulators are already going on record asking firms what they’re doing to leverage regulatory technology. As they examine firms’ use of tech, they likely won’t be considering whether firms chose helpful solutions or harmful ones — just whether firms effectively employed them.

Danger #3: Top-down automation undermines faith in the power of technology.

Digital disruption is here to stay

Before the current crisis, implementing emerging technologies was a way to leverage a team’s time more efficiently and gain an edge on competition. Now, in our new tumultuous environment with its bear market budget constraints, it’s a cost-saving necessity.

But garnering executive buy-in for a new tech solution, uniting a team around it, and working through a successful implementation is no easy task. It’s made exponentially harder if the stakeholders involved have a fresh memory of a solution that didn’t live up to its promise and ended up wasting precious funds.

In pursuit of end-to-end compliance, teams will likely need to build a RegTech stack of multiple solutions — not just to stay ahead of the competitive curve, but simply to keep up with the pace of regulatory change. That won’t be possible if an institution has lost its faith in the power of technology because of a bad experience with a problematic vendor.

You can avoid the perils of faulty automation.

To make sure your tech solutions actually act like a solution, we suggest the following:

Take time to vet providers. Learn about the technology behind the tools — whether its machine learning, natural language processing, or something else. The more you understand about how the technologies work, the more you’ll be able to evaluate whether they align with your goals.

Consider using a piecemeal implementation approach. It can feel like a real leap of faith to take on the cost and implementation of a new solution. But by beginning with the starter tier of a platform, you can see firsthand how the solution integrates with existing procedures, build faith in and support for the solution across the company, and see the cost-saving benefits in real time. 

Find a tool that can grow with your company. Part of finding the right tech solution is avoiding one that is too limited in scope. If you can instead leverage a robust tool offering a platform of solutions, you won’t have to rip out a more limited point solution a year or two down the road when the needs of your company have outgrown it. 

READ ARTICLE: “But Does RegTech Actually Work?” 3 Ways Financial Firms and RegTechs Can Bridge the Trust Gap


Why we build our technology from the ground up:

At Ascent, we’ve built a truly innovative, bottom-up, regulatory technology solution — RegulationAI™. This “digital brain,” trained on tens of thousands of lines of regulatory text and with hundreds of hours of human expert review, powers the entire Ascent platform.

Our machine learning models decompose regulatory texts down to their most basic units — line by line, word by word. This provides us with not just the “raw data” of a regulatory document but the connections between that data as well. Because of this, we’re able to map a company’s regulatory obligations with significantly more detail and accuracy than a simple search-based approach. We provide our customers not with a massive list of potential obligations but with a select list of requirements specific to their business needs.

Modern challenges require modern tools. Interested in seeing how Ascent can help you identify your obligations and automatically keep them updated as rules change?

Contact Us


Leave a Reply

Subscribe to Cliff Notes

Our monthly newsletter keeps you at the forefront of compliance and technology.