Your risk and compliance operations – including GRC policies and controls – are only as good as the regulatory information that supports them. If your front office is relying on policies based on outdated or incorrect regulatory obligations, your exposure to risk could skyrocket. However, keeping up with the sheer volume and velocity of regulatory change is an enormous challenge.
- In 2022, Thomson Reuters estimated there were 234 daily regulatory alerts across 1374 regulators in 190 countries.
- In 2024, $4.6 billion fines were issued by US Regulators accounting for 95% of penalties.
Fifty-five percent of respondents to the XLoD 2025 survey of G-SIB and D-SIB expect a similar level of regulatory fines this year, while 17% expect even more. In addition:
- 70% of respondents said that the poor data quality and completeness are highly significant barriers to having an effective control platform
- 72% said the biggest challenge in implementing regulatory change within the 1st LoD is technology limitations for adapting controls and processes
There’s an impossible amount of regulatory change to manage manually. To do so requires an infinite ability to scale with additional personnel, or an acquiescence to unacceptable levels of risk.
One source of risk is delay in processing these regulatory changes and updates.
- Typical policy review cadences of 6 to12 months allow gaps to go unnoticed.
- Procedural review cycles of 12-24 months compound the problem.
- Off-cycle reviews that occur only in cases of audits, incidents, or strategic changes don’t address the issue.
In short, organizations are updating policies and procedures in a cadence of months, when the changes that impact those policies flood in every day.
Some organizations have turned to off-the-shelf AI platforms to handle the deluge. However, there are serious drawback to relying on tools like Copilot and ChatGPT. First, large LLMs have considerable inaccuracy issues—even on simpler tasks. For instance, The BBC examined AI Assistants’ news summaries of its content. They found the following:
- 51% of all AI answers to questions about the news were judged to have significant issues of some form.
- 19% of AI answers which cited BBC content introduced factual errors – incorrect factual statements, numbers and dates.
- 13% of the quotes sourced from BBC articles were either altered from the original source or not present in the article cited.
LLMs are burdened with vast stores of knowledge unrelated to regulatory compliance. That extraneous data can influence and distort compliance-related output. For AI, the adage, ‘garbage in/garbage out’ applies. Random influence can promote inaccurate output, with the danger increasing as these inaccuracies flow downstream into policy management based on poor information.
Even LLM organizations recognize this issue. Entrepreneur magazine reported that OpenAI formed a team of over 100 former investment bankers with experience at firms like JPMorgan Chase, Goldman Sachs, and Morgan Stanley “to train its AI to automate tedious, manual tasks typically performed by junior bankers.”
AscentAI beat them to the punch. Our purpose-built AI ingests only regulator information, and it is trained on proprietary data based on financial compliance subject matter expert (SME) labeling. That means our system understands the meaning of the text and then applies labels consistent with human SMEs.
To limit risk, you need to ensure the regulatory obligations that inform your GRC policies and controls are up-to date—as opposed to waiting 6 to 12 months to find out. Doing so demands the following:
- Continuous compliance monitoring that manages regulatory obligations in shorter intervals, reducing mean time to discovery and mean time to implementation, spotting gaps before they become violations
- Full lifecycle tracking of new, changed, and retired obligations to ensure updates are made by the effective date
- Immediate regulatory update or change alerts that notify obligation owners versus reliance on legal teams (or other manual methods like outside counsel, data feeds, etc.)
- Faster and more accurate determination of where policy exceptions can and should be made across jurisdictions
- Ability to map obligations directly to risk taxonomy, process, entity, or product/service
Accurate, up-to-date regulatory obligations are the engines of compliance and key to effective decision-making. Manually managing the deluge of regulatory change is fraught with risk, and trusting ‘garbage in’ AI tools can be equally treacherous. AscentAI provides the speed and accuracy to ensure up-to-date obligations data that fuels effective policies, controls, and decision-making.
Learn more about AscentAI’s revolutionary regulatory change management automation, powered by YOUR obligations:
- Download the AscentAI eBook for an overview of our capabilities
- Download the AscentAI Difference eBook to dive in to our obligations based approach to change management
- Learn more about AscentFocus
- Take our quick regulatory change management self-assessment quiz
Contact Us for more information
