Policy Management for Regulatory Compliance: How Effective Is Yours?
Policies are rarely something that get people excited, but when it comes to the enterprise, they are the foundation for every risk and compliance solution. More importantly, regulators around the world and in every industry, rely on, and in many cases, require corporations to maintain and enforce policies. Policies are what keep your data private, ensure a fair playing field, and generally keep the world a safe place.
As you can imagine, these policies affect a wide variety of information sources, formats, languages, and geographies. They can't all be expressed with simple patterns that look for nine-digit social security numbers or the phrase "guaranteed results" in an email to a client. Legacy compliance engines relied on basic keyword search, or simple regular expressions to detect anomalies. Even understanding something as basic as present vs. past form of a verb was “out of scope.” Modern policy enforcement requires a much more sophisticated approach. A cognitive approach.
A new policy enforcement module in the latest release of the Attivio Platform enables compliance officers to quickly and easily build, test, deploy, and manage policies with dramatically greater sophistication and intelligence than anything on the market today. Policies can be built on the text in a given communication (email, voice, chat log, etc.), but also across all the metadata generated by our text analytics, machine learning and other workflow elements.
For example, it's one thing to mention a single patient's social security number in an email, but what if you mentioned 100 of them in an attachment? Wouldn’t you expect the system to behave differently when that happens?
Diving deeper into the system's natural language processing capability: what if you're scanning an email between two bankers and find two stock tickers in the same sentence with any phrase that indicates a merger and a date in the future? What if you could train a machine learning-based classifier on known voice conversations that have a high risk associated with them, and then let the system automatically flag similar risky interactions? These capabilities and more are simple out-of-the box components of the Attivio ingestion workflow that feeds the policy engine.
All the cognitive capabilities in the world won't help you solve the business problem at hand if you don't dramatically improve productivity of the reviewer or investigator. That's why Attivio's policy engine includes aggregated risk scoring for each document it scans. Policy authors can assign weights to each rule and the system will aggregate each of those scores, by policy, for each document. This enables investigators to review the riskiest interactions first, and allows administrators to set thresholds for when something needs to be reviewed vs. being dismissed automatically as a false positive.
The Attivio Policy Administration UI enables all this to be done in a live system, back testing against real data before policies are pushed live with zero down time. Rules can be written by hand in our advanced query language, or visually constructed with a query builder. Both methods have access to the full breath of NLP, machine learning and text analytics output from the Attivio Platform.
Results for one of the world’s largest banks
In the past couple of years, we have repeatedly demonstrated our capability to replace legacy compliance solutions to improve efficiency and compliance quality. Our latest version has even better support for policy management with our NLP and machine learning capabilities. In this version, we partnered with a handful of the world's largest and most forward thinking banks on a complete replacement of their legacy compliance solutions. In one case, this encompassed emails and chats from around the world, in every imaginable language and at tremendous scale. We converted and updated the bank’s existing policies into our system and ran a simple A/B test against the legacy system. The results were impressive:
- 87% reduction in false positives
- No loss of existing true positives
- 60% fewer rules to manage
And this is the stat that I like the best:
- We delivered the full production quality pilot and the results above in just 3 months.