ChatGPT and compliance  – interpretation in the digital age

Compliance experts at JWG Group’s virtual trading compliance seminar discuss what it took to bring interpretation into the digital age and AI’s role.

On paper, asking a GPT to suggest the appropriate course of action seems like a great solution. Plug in your robot behind the scenes to do all the thinking for you – but is it as easy as it seems?

In the news last month, we saw Italy ban ChatGPT, stating there is a failure to age check its users and has no legal justification of both the collection and storage of personal data, which it uses to train the chatbot.

Other countries may soon follow suit, with Germany, France and Ireland looking into the tool. Earlier this month, the European Data Protection Board said it would launch a dedicated task force on the matter.

Governing AI compliance solutions

Although AI has been around for decades, few serious firms rely on the robot for the answer unless the instructions are crystal clear and humans are in control. Any black box solutions are generally frowned upon.

Adam Schneider, an Adviser to the Global Digital Currency Association, saw a space for AI in compliance tooling: “I am somewhat optimistic that the AI capabilities recently coming into play give the industry the opportunity to take some of the compliance situations that are based on judgment, and make them far more consistent with potential to improve over time.”

One of the more complex questions around AI is how to evidence how it actually makes those decisions. “The problem is that you don’t know how the model works. It is purely based on statistics of what it has seen in the past,” David Silverman, a senior risk and compliance executive and author of the book Stop Harming Customers: A Compliance Manifesto (expected Q3 2023), added.

Even when we feed our AI robots with data, they can only regurgitate their food. They can’t digest all the small factors that come into play when interpreting policies, standards and information.

Ralf Huber, a lawyer and co-founder & CRO of APIAX agreed with the challenges of AI, explaining that the auditability of AI tooling doesn’t cut it: “how can I explain to the regulator or to my auditor that the algorithm answered this question at this particular time for this employee, like this or like that?”

It seems that AI can be used to assist employees. As Huber adds: “We probably would feel comfortable if an AI would make this interpretation even a bit more standardised than it is today,” but AI seemingly can’t be a solution exclusive of any human interaction as it currently stands.

Digitizing compliance

Technology and compliance tend to come at AI from very different perspectives. The latter requires 100% precision and abhors the ‘magic pixie dust’ of AI.

Compliance needs technology to provide the provenance of the AI with the analysis which humans can improve on.

RegTech gives compliance the opportunity to get beyond large policy documents with rule sets that describe what good looks like in the operational language of the systems used by the business.

With so much of the business now digitized, checks can be automated at the point of transaction and good RegTech can provide the audit trail to the rule books.

Silverman saw this as an entry point to the discussion about how to introduce compliance to every level of a business.

Compliance culture

Without the right tooling and compliance culture around that it often results in more frustrated clients and unmet growth targets, as businesses spend all their time trying to work out what it can and can’t do, as opposed to just getting out there and doing it.

“On the one side, the whole fine thing isn’t really working… On the other hand, I’m going to say almost no one’s coming to work looking to do a bad job or to harm customers or to break the law, and certainly not a top management… that culture of compliance has to flow from the top down…”

Silverman continued: “Compliance should, like audit, report to the board. Because compliance needs to be able to stop those products and services, where it goes against the firm’s policies. It goes against the firm’s ethic… and what we’ve got running right now … the interpretation part can happen lower in the organisation, and you can overrule or push over compliance.”

Huber agreed with this point, referring back to how the top-down approaches have been typically structured in the past: “We provided our business colleagues with thick policy documents, maybe we did once a year training and the certification, that was our type of breaking the requirements into the business lines. Did it work 20 years ago? Probably not. Does it work today when huge volumes of client interaction are happening digitally? Obviously not.”

Compliance by code

So, does that mean we need to get our chatGPT robots in to do the heavy lifting in this digital landscape?

Taking the conversation deeper, Jackson Mueller, Director of Policy and Government Relations at Securrency, shed light on how smart contracts could be part of the solution:

“Smart contract(s) with built-in regulations will determine, who the token can be issued to, where it can go, and ultimately, from a regulatory perspective, it allows for auditability where they can come in view the smart contract, view the built in if-then statements that our technology provides for to understand exactly how it is that the issuer built that code into the contract itself in enabling it to become self-executing”

This aligns well with findings from the recent breakthrough in digital regulatory reporting for derivatives with the open-source FINOS model which JWG helped deliver for CFTC last year.

The DLT-based model enables business transactions to be modelled to align to regulatory obligations. Though not AI, it can revolutionise how the industry applies standards to Derivatives and other reports.

The big takeaway is that while AI could improve efficiency, it needs to be applied carefully so that the humans are in the loop and overseeing the code.

Tips from the panellists

David Silverman, Risk and Compliance senior executive

“I’m trying to get people off the idea of trying of collecting all the law and figure out which law applies. I’m trying to go the other way, and say we are an institution, let’s go figure out what we are already doing. We already know what the law is, let’s go to the people who know which pieces they need, give them their data, and then connect it internally.”

“We always tend to look at the negative, there’s a lot of positives going on. I think compliance is more empowered than it ever has been. And it’s certainly come a long way. So let’s keep going. Let’s get the technology people helping us.”

Ralf Huber, Co-Founder & CRO, Apiax

“I think priority should remain having truly digital strategy within compliance because our organizations are turning more and more digital everyday.”

“The three lines of defence are too complex for today’s environment. More controls should be with the business and thus allow for embedded tools to help bridge the gap between technology and compliance. By embedding compliance checks into core business processes, you boost your front-office’s efficiency.”

Adam Schneider, adviser Global Digital Assets & Cryptocurrency Association

“It’s always better to prevent a problem than to detect it afterwards and deal with the ramifications.  I would really like to see a focus on preventive processes and controls.  We would all be happier if compliance was able to stop issues before they occur.  This would be a far higher return on investment than automating resolving a problem that has occurred.”

Jackson Mueller, Director of Policy and Government Relations, Securrency

“I think we’re heading to a point where traditional financial services start to take advantage of decentralized finance tools, and the transformation of our capital markets is going to be really interesting over the next several years.”

PJ Di Giammarino, CEO and Founder, JWG Group

“The last decade has been subsumed by a lot of reg talk. We need to get back to coalitions that want to collaboratively generate open-source RegTech IP. The thing I love about training rules is that they are data-centric and already have a narrow framework for thinking about how to control the underlying technology. This is a great base for articulating a real business case for collaboration and better tooling.”


Don’t miss this opportunity to frame the big picture for your reporting programmes and mitigate your regulatory risks. Listen to JWG Group’s RegCast for more background here.

PJ Di Giammarino is an independent RegTech authority with a global network of senior bankers, regulators, and technologists which he brings together to enable compliance via adoption of new technology resulting in better, faster, cheaper and safer solutions.

Following a career of building systems and top management consulting including McKinsey,  PJ was the COO of Technology at Barclays Capital.

Seeing the RegTech opportunity early, he founded JWG Group in 2006 to provide practitioners a platform for Joint Working Groups. As an independent think-tank JWG leverages its unique position with regulators, firms and their suppliers to facilitate the right RegTech dialogues and drive global change.

Currently JWG is working with the top players in the industry to deliver on the promise of digital regulatory reporting for global OTC derivatives and defining holistic management obligations for trade surveillance.

NextGen Reporting RegTech & SupTech Seminar June 29. Register here.