Single Blog Title

This is a single blog caption
16
Oct

The key challenges for machine-readable and executable regulation

As the age of digitalised regulation comes closer into the view, there is growing discussion around the role of machine-readable and executable regulation in the financial industry.

According to Michael Thirer, legal director of Muinmos, the role of such a technology may very easily grow beyond what its users could have imagined.

He said, “In Greg Bear’s classic sci-fi novel, “Blood Music”,  a renegade biotechnologist creates simple biological computers, which, in a matter of days, grow, multiply and evolve into a massive, advanced civilization, surpassing anything the biotechnologist could have imagined.

“The conversation around machine-readable and executable regulation may very well resemble this turn of events. After all, in its onset, the idea behind machine-readable and machine executable regulation was to “translate” “human” regulation into terms machines can understand. Now, with the rise of the Natural Language Models, it seems this “translation” may no longer be necessary, though it will be necessary to maintain the principles of transparency, explainability, accountability.”

However, Thirer explained that even if a direct translation of the regulation from legal code to computer code may soon not be needed, discrepancies between regulatory terms and regimes need to be settled in order to create a workable machine executable regime on a global scale.

“The challenge to that may arrive from a very surprising direction – the regulators themselves,” continued Thirer. “This, due to the fact that whereas regulators have really stepped up in terms of technical standards and uniformed reporting in recent years; the current trend in global regulation is “Agile Regulation”, which is closer, in nature, to norms-setting than descriptive regulation.”

Thirer said that regulators’ push towards Agile Regulation – such as the UK’s Consumer Duty – derives from their desire to support innovation in the field of RegTech.

“Ironically, this trend might make it harder to develop this specific sector of RegTech, as regulation will be much less descriptive and therefore much less suitable for machine like decisioning and actioning,” he added.

Venky Yerrapotu, CEO and Founder 4CRisk.ai, commented that regulatory, risk and compliance processes receive critical input from constantly evolving regulatory, business and external risk environments. These inputs, he states, are typically unstructured content and require significant human capital to discover, analyse, and provide insights to teams and stakeholders to aid in decision-making.

“However, with new technologies, unstructured content can be digitized to be machine-readable, and further, AI techniques and models can be leveraged to discover, analyze, provide insights, to reduce risk and show compliance. To battle the much-discussed challenges that public domain Knowledge Bases present for security (hallucinations, data poisoning, bias and privacy violations),  SLMs (small language models) are becoming the route for enterprises that want to use this technology.

“SMLs leverage a combination of AI techniques, engineering algorithms, and a deep understanding of the risk and compliance domain, and can be trained explicitly on regulatory, risk and compliance data for accuracy and efficiency.  This protects data with zero-trust security and reduces bias. However, digitization will only get you 80% of the way there; Human-in-the-loop is still required by SMEs from legal, regulatory affairs, compliance and risk to review and ensure the right actions are taken by the right people,” said Yerrapotu.

Challenges and opportunities

Echoing a similar sentiment to Thirer, Flagright growth manager Joseph Ibitola emphasised that machine-readable and executable regulation is a concept that feels straight out of a futuristic novel. However, he said its ‘very much a part’ of today’s compliance conversations.

“The idea is simple in theory, regulations written in a format that machines can interpret and execute automatically. It sounds like the Holy Grail of compliance, but as always, the reality is a bit more complicated,” he said.

What are some of the challenges? Ibitola noted that one of the first is the issue of standardisation. “Regulations aren’t uniform, they vary by jurisdiction, industry, and even specific use cases. Translating these human-made rules into something a machine can consistently understand and act upon is no small feat. One misinterpretation could have serious consequences, especially in highly regulated industries like finance,” he stated.

He continued, “Then there’s the trust factor. For this technology to really take off, companies need to trust that it will execute regulations as intended—without overcomplicating or oversimplifying. And that’s a tall order. There’s always the risk of over-relying on machines, potentially losing the human judgment that often plays a critical role in interpreting the grey areas of regulatory frameworks.”

Despite these challenges, the Flagright growth head said the potential upside is ‘massive’. With the reduction of manual oversight, machine-readable regulation could slash compliance costs and free up teams to focus on higher-level strategic tasks.

“Imagine a system that adapts in real-time to regulatory changes, ensuring compliance without constant manual updates. It would level the playing field, especially for SMEs, making compliance more accessible and less resource-intensive,” said Ibitola.

“In the long run, machine-readable regulations could lead to a more consistent application of rules, removing the subjectivity that sometimes clouds human judgment. It’s a transformative vision, and while there are hurdles to overcome, those who embrace this shift early will likely find themselves ahead of the curve,” he finished.

Ascent emphasised their view that key challenges to machine readable and executable regulation lies in the regulation itself.

“Regulation stipulates that the firm is the ultimate sign off on compliance. What happens if the machine reads and applies an obligation or a change incorrectly leading to non-compliance?  Who is at fault? If it is the Regulatory Body who ‘own’ the model that reads and generates the executable code – then are they at fault for everyone’s non-compliance?  How would this play out?  Personally, machine executable regulation poses significant challenges for the industry as a whole, not just for individual firms,” the firm said.

Ascent continued, “No matter what the future holds for machine-readable and executable regulation, it won’t be practical to use and implement unless we can settle on a global standard for how this data is represented. Ideally through an independent, non-profit consortium, similar to how the W3C that enabled the explosive growth of the internet and Web 2.0. Without a single standard, adoption and innovation will remain impractical.”

An addition to compliance

RegTech firm RelyComply, meanwhile, exclaimed that MRR and MER technology is a ‘handy’ addition to compliance that can remove the timely, costly middleman of interpreting a legal document.

The company said, “In financial regulations, to get a machine to understand and execute an institution’s requirements, the FCA guide lowers or removes the errors associated with manual oversight in a fraction of the time. The technology has even greater efficiency benefits: reducing costs, increasing interpretation accuracy and swift implementation.

“But for every upside, there are downsides. Much like the financial industry faces challenges using machine learning for investigative purposes, the capabilities of such advanced tech require the knowledge of experts who can best put it into practice. AI can hallucinate or contextualise data based on trained biases. Similarly, the fundamental task of MRR and MER to make compliance information as clear as possible could result in incorrect disambiguation or removal of flexible trains or thought.”

Ultimately, using them would require a big cultural shift in interpreting regulatory requirements and relying on the trust in the accuracy of machines, said the South African RegTech.

“Before MRR/MER methods can scale, adoption must be accepted everywhere. As with many strands of AML compliance, the difficulty remains that differing jurisdictional rules and processes stand in the way of technology that standardises tricky regulations. Correct training for MRR and MER would need to be rolled out, audited and fine-tuned industry-wide to assess its accuracy with prominent regulatory documents.

“A form of standardisation in executing regulation is welcome; after all, MRR/MER can help extract only pertinent information to close the gap between compliance lawmaking and its widespread execution. Hopefully, its prominent RegTech advantages will allow it to be prioritised for use by compliance professionals, and it will start to bear fruit in the ever-more-difficult regulatory landscape,” the business concluded.

Copyright © 2024 RegTech Analyst