Ignorance of the law is no excuse—but when you’re running a company, knowledge of the law can be extraordinarily challenging. If you’re in the BFSI industry, you must pore over hundreds of pages of regulatory documents per week to determine their relevance and assess compliancies, obligations, required actions, and deadlines.
This is why Kayvan Alikhan started Compliance.ai, a company that uses artificial intelligence to automate the regulatory enforcement process.
On this edition of UpTech Report, Kayvan discusses the scope of the regulatory challenges in the BFSI sector and explains the technology behind his solution.
More information: https://www.compliance.ai/
Co-founder and CEO of Compliance.ai, Kayvan Alikhani brings 25 years’ experience in enterprise technology to his role. A pioneer of the RegTech industry, he has interviewed 500+ Chief Compliance Officers at financial services institutions to understand the scope and urgency of the challenges they are facing. He has a practical vision for how technology can be applied to address their most pressing needs within today’s complex and dynamic regulatory environment.show more
Kayvan previously led the Identity Strategy team at RSA, and represented EMC on various industry alliances such as the FIDO board. He was co-founder and CEO of PassBan (acquired by RSA).show less
DISCLAIMER: Below is an AI generated transcript. There could be a few typos but it should be at least 90% accurate. Watch video or listen to the podcast for the full experience!
Kayvan Alikhani 0:00
20% of the workforce I’m not talking about consultants and outside counsel and offshore, I’m sorry outsourced workforce the employees 10 to 20% have risk or compliance under Title.
Alexander Ferguson 0:20
Welcome to UpTech Report. This is our applied tech series UpTech Report is sponsored by terribly learn how to leverage the power of video at Teraleap.io. Today, I’m joined by my guest Kayvan Alikhani, who’s based in California is the CEO and co founder at Compliance.ai. Welcome Good to have you on came on. Thank you for having me. Appreciate it. Now, apply and study AI is a regulatory compliance solution and software. So for those out there in firms within banking, financial services, or the the insurance industry, this might be an interesting platform, you’re going to want to check out now on your website, say we speed compliance, you can speed your business, help me understand, okay, well, what was the problem you initially saw with industry with compliance that you set out to solve? You know,
Kayvan Alikhani 1:03
the volume and complexity of regulatory changes that are being handed to regulated companies, specifically in the banking, financial services and insurance industry is so high, both from the perspective of the number of changes the number of pages within these changes and the complexity,
Alexander Ferguson 1:23
and it’s only increasing.
Kayvan Alikhani 1:25
It’s all increasing three 400% over the past seven, eight years, and it’s not showing any sign of slowdown. And meanwhile, organizations are still using outmoded methods that they would have would have been suitable for a significantly lower volume or significantly simpler, regulatory landscape. So we provide essentially a way to transition or transform the way you deal with regulatory changes so that you can be much more effective and efficient in that process. Compliance has become the costliest department along with risk risk and compliance combined, are the number one spend within many regulated sectors in the United States. And that is a sign of the methodology that’s been used to solve it, which is to throw bodies at it use manual approaches, or use significantly expensive, error prone time consuming methods to solve compliance and risk issues. And we really think that the availability of digital regulatory content, the availability of cheap CPU, the maturity of automated ml driven modeling, allows for companies to now do things a lot faster, more effectively and at a much more cost effective
Alexander Ferguson 2:42
manner. So use technologies smarter in a better way than just throw more people at it. If I understand like the platform, you take in the reports from a lot of different regulatory agencies. And then the user can go in and customize the area that the covers what what location or what they’re interested in, then they can customize the reports in my getting the kind of the some of the nuts there.
Kayvan Alikhani 3:03
Think about a very large document. Imagine don’t imagine a two paragraph news item about the latest, you know, fiasco differential, but imagine a 100 page substantial document, which has everything in terms of obligations, references to other rules and regulations timelines in it. So now you’re facing with not being able to just browse over, you have to read it, you have to assess whether this document is relevant to you to your role in the organization? What business or operational topics does it map to? What are your obligations as part of this? What are the timelines and deadlines that you need to pay attention to? And what has to happen inside your organization? Imagine having to do that, again, three to 400 documents per week. And imagine that each of those documents on average being 20 3040 pages and all legal, legally word. That’s the framework that we live in. And so our perspective is, first and foremost, how many of those three 400 irrelevant to reduce the size of that funnel by using classification, using your company’s business profile as a way to focus on changes that are relevant to you in your role, whether you’re a compliance officer, a risk officer in charge of audit, General Counsel, in charge of BSA, AML, privacy, cyber security, depending on topic, depending on concept and operational role, get access to that very reduced collection of content, and then give you all the rich metadata that tells you these are the key deadlines. These are the concepts these are the topics these are the cross reference rules and regulations. These are your obligations. And from there, you’ll be able to make decisions significantly faster and be able to build an inventory of decisions you’ve made over time and then of course, subsequent to that, be able to then interact with those documents, annotate them, assign tasks, take action, and find To report on everything that you’ve done before, during and after that we’ll make the process that is really the ultimate goal of a solution that would be called regulatory change management. And that’s exactly what we
Alexander Ferguson 5:11
got. So the, I don’t know if this is a good analogy to see when I think of like in the consumer world, often we have like, our RSS feeds or Feedly are tool. Another thing we want to customize What news? What information Am I getting in, and consumers have that for a while, but in the business side, it’s just you’re inundated sounds like with all these updates when it comes to compliance reports that are coming out. But what you’re trying to focus on is Alright, let me actually skim that down to exactly what you need, what you need to be paying attention to. And then you know what to take action on.
Kayvan Alikhani 5:40
Yeah, imagine that that RSS feed constituted a 1000s of changes, that you have to then know, decipher going through all of them in detail is not scalable. And that’s what’s led to the close to $400 billion in fines enforcement actions that have been issued against just financial service organizations in the past eight years alone. And then you have from the other side, the significant increase in operational costs both top line and bottom line impact, and not to mention the reputational impact that it has for companies that fail audit or find them to find their name in the news or are at a significant competitive disadvantage, because they’re moving much slower than their competitors who have embraced a transformative approach to change management.
Alexander Ferguson 6:26
Of course, the common concern that comes along with technology and AI is taking jobs away, you just set mentioned will throw more people at it. So now you don’t need to throw as many people at it. So where is that, where’s the balance here,
Kayvan Alikhani 6:39
the balance is actually the companies are not properly sized to begin with. Because it’s so costly to properly size, if you were to take a full manual approach, they really need 20 people and they have four, they really need 12 people, but they have six. So what ends up happening is technology coming and saying this is now a companion, this is a argument, this is an extension of your existing team, essentially not one of necessarily saying, start laying people often say you are understaffed to begin with. And now instead of begging and borrowing additional budgets to hire another 15 people, you have technology automation to the rescue as a way to reduce the overall cost and be ready for scale. And that’s been seen, we’re not the only business segment that’s doing this, we’ve seen that repeatedly within CRM, within business applications with the tool you and I are using right now. So solutions that scale very rapidly don’t require a huge amount of hand holding don’t require a huge amount of effort in installation implementation, or upkeep. SAS basically from the other side, ones that reduce the amount of work that humans have to do by taking recurring mundane tasks off their back so they can focus on more analytical activities. So we think that is actually a sigh of relief in the what we’re seeing very specifically talking to Chief compliance officers risk officers, General Counsel, we have a very, I would say impressive, and humbling advisory group that provides us that type of feedback. And these are cc OCR, O’s, GCS auditors, current former regulators, and they tell you look for any and all opportunities for automation look for any and all opportunities to reduce that complexity. And even the regulators are very much welcoming about this approach.
Alexander Ferguson 8:31
This concept of compliance officer now trusting in a technology to take the place of the scores of people that require before what do you say to them? someone saying, How do I know that what you’re showing me is everything? How can I trust the technology? How have you guys then solve that?
Kayvan Alikhani 8:49
Yeah, how are you trusting it before? So it’s basically what are we comparing it to the status quo of having humans who make mistakes, and are not necessarily your employees and maintain their outside counsel, and many times, they’re distracted with a whole bunch of other activity, we’re versus a dedicated set of resources that are systematic, and yes, systems do make mistakes, and they do falter. And we are very transparent about that. In fact, we think that that’s an essential part of any AI based system to provide full transparency on how decisions are being made, what approach is being used in modeling, if there are, you know, any decisions that are being surfaced, what’s the confidence in those decisions, and using that approach, clients can now have visibility, that’s a and b. It is not a machine versus human. In our case, it’s very much what we call expert in the loop a nuanced approach to supervised learning that allows us to use experts, not humans, experts, as those who provide not only feedback of the build out of the models in the changing of the models, but also in assuring the quality of the results that are surfacing. By our models, we have 100%, manual quality assurance coverage of machine based. So now you’re not getting just machine or human, you’re getting best of both worlds marriage between human and robot, if you will, that hopefully that’s not going to misunderstandings is really providing that healthy collaboration that then says, You’re taking advantage of automation and things are happening at Internet scale. And yet, there are experts that are monitoring and are impacting and are influencing the decisions that have been made that are very specifically recruited for that purpose. So that so that’s how you do that, at the end of the day, you cannot point to a machine and say the machine did it right, you have to have a accountability of humans, by humans. And and I would say that the difference is still going to be yes, the machine made some errors. But what are we comparing the before and after? And that’s been time and time again, the case where they said, you know, earlier, I thought I was missing two or three documents with compliance, I found out missing hundreds of changes. So that wasn’t effectively looking at these changes. Yes, maybe in 1% 2% of cases, or one document over a six month period, or I don’t know, five documents over a year. But even in those cases compliance study, I came back and made an adjustment and updated that. So it’s not ever going to be 100%. Perfect. That’s kind of a nice aspirational goal. But it is significantly close to being perfect in terms of collecting, assessing on a scalable basis. There’s just no comparisons, apples and bicycles for me. I mean, imagine you throw two or three people to look at 1000 page rule book to read to extract the inventory of obligations from that rulebook, well, how long is that effort going to take? And when they’re done? What are you going to do with that information, the next time it comes, I have to start all over again, right? But imagine that that’s done via system, extracting those looking at your feedback about those obligations in the next time taking advantage of that to do a better job, what is taking two and a half months, highly expensive lawyers, we both know they’re not cheap. One, the other one is taking minutes, and providing you an inventory that’s actually learning and working for you in the future. So the differences are time scale, accuracy. And of course, ultimately, the efficiency for growth that it provides for the organizations,
Alexander Ferguson 12:31
where I’m fascinated with the role of technology, it truly is allows us to to do much, so much, so much more in less time and effort, if it’s properly trained, and managed by person is not an autonomous like just go in and does it all. But it’s that combination of solely I appreciate the term expert in the loop, combined with technology. And this is for years, the guy’s been arrested 2017 that it started. I’m curious, from your perspective from the beginning. What’s the adoption been like? How are people resonating? Or what are some of the barriers that you’ve seen to the adoption technology when it comes to compliance?
Kayvan Alikhani 13:08
Yeah, I think the history part of it is quite fascinating that we started with the premise of all we have to do is provide regulatory intelligence companies already have risk and compliance solutions. If you just feed this intelligence to them, they’re going to be good to go. And we started with that approach. And very quickly, after a series of conversations, listening very carefully to the feedback from the compliance community, we found that intelligence enough is not enough. And it does just alone is not enough. Why? Because all you’ve got is now dumped literally a mountain of information at them without providing them with the ability to take action on it. I think in 18, we started seeing more and more of the use of the term regulatory change management as opposed to regulatory intelligence or regulatory trend analysis or insights, not not not in opposition with each other, but kind of like bringing them together to regulatory change management. Go back 10 years, this was not even a term, there was not such a process in these organizations that would deal with it. So this is something new that started forming 16 1718 started becoming more and more of a curiosity and what is this? What is reg tech, reg tech dozen technologies that help you with monitoring, tracking and reacting and reporting on regulatory changes by taking advantage of automation and SAS and ml, we are very much the poster child for that. But then in 2019, we started seeing more and more actual forward looking csio CRS GCS that would put request for information request for proposals. And in 2020. In spite of where maybe because of COVID, you started seeing a much more specific focus on regulatory change management automation, transforming it into a modernized form, if you will, within the organizations to the point that we were recipient of over over 30 RFPs, from mid to large sized organizations just in the US alone, with comprehensive plans of transforming regulatory change management, I think it went from what the heck is this to? Let’s try it out to now we’re going to formally transform our change management solution. I think I’ve seen that so much right now, it takes less than five minutes to explain and get a head nod from heads of compliance risk or audit or general counsel at organizations about the challenge they’re facing and the fact that they need to modernize the change management practice.
Alexander Ferguson 15:36
So if I heard correctly, you’d say the pandemic has been an accelerant to the compliance industry to saying yes, we needed to use technology more.
Kayvan Alikhani 15:44
That’s right, think about having to do things from anywhere using just a browser not having to rely on going to the office or relying on necessarily four walls of firewalls and it involvement and not having to rely on a large workforce having to be able to button down and do things more with less enforcing, and embracing business continuity and resiliency. All of that is very much in line with using SAS browser based nothing to install, nothing to maintain or update or upgrade ever. And the ability to rely on a highly scalable solution. So that was one side of it and PPP related regulations and privacy related regulations and matters that have to do with cybersecurity. And of course, the incoming of a new administration that undid a lot of the deregulation that happened during the prior administration have been catalysts for a I would say very significant uptick in organizations taking a look at how they deal with regulatory change.
Alexander Ferguson 16:50
On that topic of the way regulatory has changed, and some of the things you just mentioned PvP, the new administration and act What are you seeing some of the main trends that someone should be paying attention and aware of it with all this happening?
Kayvan Alikhani 17:03
Yeah, first and foremost, privacy continues to be a highly checkered set of regulations and rules. We know we California has voted into law, the California California Consumer Protection Act and the rights act in November of last year, again, enforcement actions to sue in terms of how organizations manage a store and share consumer information. What is consumer privacy mean, we see states like New York, Virginia and others standing their own price regulation, there’s efforts underway at the federal level, to try to come up with comprehensive consumer privacy that’s very much in line with what happened. I want to say four or five years ago in Europe with GDPR. So that’s one set of rules and regulations that are very much impactful of the organizations the contrast between GDPR ccpa, Virginia, New York and the Illinois biometric regulations that relate to privacy or the upcoming I would say cross jurisdiction differences between those and the upcoming federal revenue level regulations. Of course, there’s a huge amount of D regulatory activity that President Biden took in the first 60 days in the office issuing a collection of over 20 enforcement action executive orders, sorry, intended to undo the prior administration’s policies. And so that then puts pressure on organizations to take a look at that and see how that impacts their business, a series of executive orders. Interestingly, one of them a reaffirmation, I would say, of an executive order that we saw many years ago during the Clinton era of regulatory planning and review and a recommendation for essentially modernizing regulatory reviews modernisations, with the focus of many of President Biden’s early actions, meaning the businesses that haven’t already embraced digital transformation should consider embracing digital transformation very, very soon. And you see that embedded in many of the policies and procedures that are putting put it out environment, social and ESG based regulations that are essentially coming out. We’re seeing more and more focus on ESG based regulation, corporate governance, essentially environmental, social and governance if forget it for a second, which are putting a lot of emphasis on paying attention to climate, climate change, not as climate change, but as risk what is the risk of climate change to organizations, specifically banks as it relates to real estate or in light of the growing need to movement in terms of social impacts of organizations taking a much closer look at You know, who the who’s hated who do they take money from? Who do they partner with losing the business with as now impacted the outcome and we’re looking to a set of ESG based regulations actually, to drive some environmental rules and regulations in in the in the current year in the two years to come and is at least 10 more but I need one more for you, which is top of mind for many users is cryptocurrency at Ico blockchain related rules and regulations, you see a huge amount of activity by the OCC and other agencies trying to put proper rules and regulations in place to hopefully put an end to the Wild Wild West. That is, you know, crypto and Ico give companies a framework that they can work within to deal with Ico and cryptocurrency. So those are some of the trends to look for. And like I said, there’s at least five or six more that we can talk about later as well.
Alexander Ferguson 20:55
That curious, have you personally like been involved with compliance for a while, like how did you get involved or where you will come from the technology side, and you saw the challenge, and you’re like, I can solve this challenge over here with technology.
Kayvan Alikhani 21:08
very much a technologist, look at it from the perspective of organizations that are highly regulated, came at it from cybersecurity primarily. Formerly, I was working at RSA, one of the leaders, both in terms of cyber cyber security, but also RSA publishes in a solution called Archer, which is the leading provider of governance risk and compliance solutions for the enterprise very much, including banks, financial service and insurance companies. We saw the uptake and in terms of rules, regulations, we saw the huge amount of consultative and manual, labor driven approaches that we’re taking to assess that you have a problem. You know, as a technologist, you’re always trying to come up with solutions for that, because we’re not subject matter experts, we ended up then building a solid foundation of advisors coming from the field, seeking their advice, Hey, is this is your problem as we think it is? Yes. You know, what would this approach work? Yes. And then basically being very, very much collaborative in that effort. And then bringing in the CC OCR as a GCS into that discussion in that early on formation. But it was very much looking at that. I mean, read the news and look at the stats in terms of where companies spending their money, and compliance and risk being on the top of the list. You know, many highly regulated organizations, you find 10 1215 20% of the workforce, I’m not talking about consultants and outside counsel in offshore, I’m sorry, outsourced workforce, the employees 10 to 20% have risk or compliance under Title. And that that represents that that tells you where the losses come from.
Alexander Ferguson 22:58
Where do you see in the future, that percentage will go down to
Kayvan Alikhani 23:03
you, I would, I would probably say that instead of looking at that, as a cost center, you would start looking at that as a streamlined part of the company’s growth development lifecycle as being it’s part and parcel to you’re trying to expand to jurisdiction, now you have a way to have compliance, work with you as part of that process, not as a stopgap not as a friction, not as something that stops things, but actually something that informs you very rapidly, very dynamically as part of that. You’re trying to launch a new solution, you’re trying to acquire another business, you’re launching your product into another country, you’re taking on clients that you hadn’t taken before, all of that is growth, and all of that should not be tampered and should not be basically handcuffed with compliance. Instead, compliance should be part of that process. This is really a transformation. It’s not about what percentage necessarily, and obviously, that percentage, we think should be at least kept steady, if not reduced. But it’s ultimately saying let’s look at compliance not as something in the corner as an afterthought. It’s the same thing we talked about 10 years ago about security, right, security driven program, security driven businesses, businesses that are looking at security as part and parcel of what they do not as an afterthought. And now you see more and more of that in various business applications. And I think regulatory change lends itself very nicely to being that next in line. Let’s call it streamlined into being part of that overall business process.
Alexander Ferguson 24:37
I’m intrigued with this this vision you see of compliance that is not a burden of cost, but actually actually helping you go to new areas. I mean, this and I appreciate you you were in this industry already seeing the with enterprises of of insurance and finance and you saw the challenge they had and you’re like with your technology background like I can I can solve this, I can fix this. I imagine there’s it’s kind of a growth as you peel back the onion and realize the multiple layers. I’m curious over the last four or five years, if you go back five years ago and tell yourself one thing, when you were beginning this journey, what would you say to yourself,
Kayvan Alikhani 25:18
listen to users much more proactively, essentially the value of having a conversation with the stakeholders. So we have a pretty good understanding of the technological capabilities available to us, you know, computation, modeling, the ability to digest and process large volumes of documents. That’s the tech side of it. And then on the user side, what is really problematic within their organization, how can you really impact their day to day life in a very positive way? In fact, I will tell you, we did a blog series at the end of 2018, with a CEO as the ghostwriter, we call it a day in the life of the compliance professional, and it was from waking up and drinking coffee all the way to the end of the business days. What are you doing? And how can we impact that positively and reduce the stress, reduce the anxiety, reduce the uncertainty, reduce the ability provide you with tools to help mitigate the risk associated with regulatory change? I would say that more of that is really the way to go. With that you’re much more informed, and you make much better decisions as a result of that.
Alexander Ferguson 26:32
It’s a kind of a amazing transformation of growth, really dig further to the consumer, the user and say, What exactly do you need? How is it used? And that’s where the real use comes to shine. I’m curious, what can you share going forward? Like what’s what’s the roadmap, what’s the vision, anything coming up that you’re excited about and can share?
Kayvan Alikhani 26:52
We very much started as a an organization focused on us space. banks and financial service insurance companies, we’re now seeing a global demand. We’re seeing multinational requests for companies that are multinationals headquartered elsewhere, operation of the US, or vice versa. And so we are very much we started with GE 20. And we’re a coverage and we’re now looking at expansion beyond that. And additionally, you know, it’s not really bfsi. That’s bank finance. So it’s an interest that are impacted by regulatory change. We know healthcare, energy environment, and many others highly regulated sectors are very much can be very much take advantage can take advantage of this type of an approach in this type of transformation. And of course, we think that a much more proactive set of collaboration with the regulator’s themselves these are agencies like the Fed, like CFPB, OCC, FCA in the United Kingdom, and many other proactive and I would say forward looking agencies that are tech friendly, that type of collaboration has been a highly benefit, not only our users, their constituents, of course. And last but nice the formation of more and more alliances. We’re working and talking to air as an example Alliance, where regulators and regulation, innovative regulation, and many similar innovation. alliances very much welcomed that type of collaboration between regulators and regulated companies to kind of come together, sit around the table and come to a consensus on what would work make their life easier.
Alexander Ferguson 28:33
I like the division in the future of regulatory compliance across the globe, it’s like being able to expand no matter where you are being able to know it have this information. As a Chief Compliance Officer. You don’t have to have a whole army of people now scourging and looking through all these reports, use technology and be able to make your life simpler. And as a passionate as one whose passion for technology and curious just even outside, maybe specifically what you guys are building. What do you see as the future of tech any protect predictions the next 510 years what we could imagine coming down the road?
Kayvan Alikhani 29:07
Yeah, I think it’s going to be very much an enabling technology. enabler. technology’s always been that way. We’ve seen that time and time again, is it related to various various business applications, and this is not going to be an exception to that. I think you’re going to see more and more of a legal tech and rec tech where there’s more and more collaboration between the legal counsel compliance community and the tech community too. And you’re gonna see more of a cross pollination around that. More and more, I would say business specific type solutions, where they’re very much tuned in to the requirements of that business. I think that there’s going to be that that type of alliance that we talked about is going to lead to cohort based compliance decisions. So for example, similar organizations that operate in similar jurisdictions and offer similar products will start now taking advantage of compliance solutions that actually take advantage of their anonymized and tokenized decisions. And so in that realm, instead of building siloed compliance practices, you start benefiting from a cohort based approach. And we think that’s going to be highly consequential for businesses in terms of compliance no longer being a siloed competitive one off thing to being one of saying, let’s just make this just like cyber security where we reached an agreement that sharing, anonymized tokenized data on breaches is beneficial to all organizations, we think compliance very much falls into the same mold.
Alexander Ferguson 30:45
Thank you, Kevin, for for sharing this insight and the track and the direction that you guys are headed for those that want to learn more, you can go over to compliance.ai and be able to get a demo and be able to dig into more of a thank you so much for your time.
Kayvan Alikhani 31:00
Thank you so much. Very nice talking to you. Alex reshooting.
Alexander Ferguson 31:03
I will see you all on the next episode of UpTech Report. Have you seen a company using AI machine learning or other technology to transform the way we live, work and do business? Go to UpTechreport.com. And let us know