CCO Insight: Managing AI Regulatory Complexity and AI-Enabled Compliance
The role of Compliance and AI regulatory complexity
“One of the absolute hardest elements is the increasing divergence and fragmentation of AI regulations across states especially with the uncertainty of when/if a federal regulatory framework will be established.”
Laura Byerly
Managing Director
KPMG LLP (KPMG) conducted a cross-industry Chief Compliance Officer (CCO) discussion focused on the role of Compliance in managing the complexity of AI regulations as well as an AI-enabled compliance environment. The following contains common themes from the discussion.
Regulatory Landscape
- Regulatory Divergence: Utilize trade organizations, compliance, gov’t affairs, policy and legal teams to stay abreast of changing and divergent federal, state, and global requirements.
- Rate of Change: Develop and utilize AI models/tools to track fast-paced regulatory changes across various geographic and regulatory jurisdictions.
Risk Management
- Oversight: Establish and communicate firmwide restrictions on AI use. Utilize internal team (e.g., cyber, risk, compliance) to monitor and report potential violations.
- Use Cases: Establish cross-function AI governance committees to review licensing and AI tool selection/approval. Consider a risk-based approach to review/approval of AI use cases and tools.
Workforce Planning
- Redefining the Compliance Workforce:
- Identify skill sets of the future workforce in an AI-enabled environment.
- Upskill current employees to shift focus from “doing” to “reviewing.” Critical thinking becomes an even more important skill.
KPMG Perspective
As AI moves from experimentation and pilot initiatives to enterprise-wide deployment and adoption, companies are assessing how they can create and sustain long-term value with this technology. To do so means addressing the new risks AI may introduce—hallucinations, biases, data provenance, and quality issues—and being cognizant of the potential to amplify existing risks to new levels of concern, including cyber breaches and the unsafe use of unauthorized AI tools by employees. The role of the compliance function is to support the company in mitigating against the regulatory risks and ethical failures in the environment of high regulatory uncertainty, help address the dilemmas that AI adoption brings, and establish necessary guardrails to balance competing priorities, opportunities, and risks.
KPMG identified five AI governance principles that can serve as guidelines and as a pragmatic, logical starting point in navigating these challenges:
Relevant Thought Leadership
Subscribe to receive regulatory and compliance transformation insights
By registering you will periodically receive additional compliance-related communications from KPMG.