eLearning and software provider VinciWorks has identified a shortage in compliance training around AI-related compliance breaches. With McKinsey reporting an explosive growth in the use of AI in 2023. Less than a year after most gen AI tools were launched, a third of organisations were using tools. While 40% said they were increasing investment in gen AI.
It was notable that the four highest generative AI risks organisations perceived were inaccuracy, cybersecurity, IP infringement and regulatory compliance. One suspects that with the growing cadence of legislation coming into force around AI, this last might have increased in importance since the survey was conducted as far back as April 2023. One suspects the adoption rates are also much higher.
The VinciWorks survey, though from a much smaller sample, indicated that 45% of compliance professionals are already using AI. It continued by saying that 45% intend to explore how they can do so. In recent months organisations such as Icertis, Agiloft and Sirion have all added more AI capabilities into their platforms. While the majority of firms saw AI introduced into sales and service teams, it is clearly now penetrating compliance as well.
It is thus surprising that in a recent survey of 269 compliance professionals, only 29% have implemented specific procedures, training, or preventive measures to guard against Artificial Intelligence (AI) related compliance breaches. Of those who do not have the measures in place, 13% have no plans to do so in the future.
The VinciWorks survey drew responses from across the UK, USA and Europe. While around 24% work in legal and 10% in financial services, the remainder were scattered across multiple industries. However, with no qualitative element to the survey, 13% might be made up of business leaders in organisations that are not using generative AI or AI tools. That not only seems unlikely with the pervasiveness of AI across applications in general use, but it may also be naïve.
Training falls short
Organisations can buy into AI in many ways. The headline items are LLMs using data the company had. However, many software vendors, widely used across multiple industries, are embedding AI into their commonly used solutions. Whether that is Microsoft, Salesforce, Oracle, SAP and many others. Organisations do not always have to buy new AI tools. They may already be using them. Those tools are as diverse as sales, marketing, client due diligence, supply chain management and recruitment.
The risks associated with their use are also varied, and humans must be kept in the loop, or the risk is increased. Concerns vary from discrimination, plagiarism, intellectual property theft, and data privacy violations, whether DPA (UK), GPDR (EU), or CCPA (California, One of several US acts).
Addressing the new regulatory landscape for AI
New regulations are also coming into force. The most publicised is the European Union’s Artificial Intelligence Act. Importantly, this carries even higher penalties than GDPR, with organisations risking up to 7% of global turnover for breaches. Others are looming in Canada, the US and Brazil, with other countries introducing frameworks for businesses to work against. (Source: OneTrust DataGuidance).
VinciWork naturally wanted to identify whether compliance professionals were ready to put compliance measures in place. The answer, based on the level of training received, was probably not. Only 3% of respondents had completed training around AI compliance. 82% admitted to either not completing AI training or being uncertain about their current status. 19% of those 82% have no intention of participating in any AI training at work. This leaves a gap of around 5% who may implement measures but are not likely to receive training to help them. ((82%*19%)-(79%*13%)).
Nick Henderson-Mayo, Director of Learning and Content at VinciWorks, said, “In light of these findings, there is an immediate and critical need for comprehensive AI training and risk mitigation procedures within organisations.
“With AI regulation on the horizon, there’s an immediate need for businesses to invest in comprehensive AI compliance programmes. Using AI in business can be very helpful in some areas. Still, if employees end up using chatbots to write their reports or feed customer data into an AI without permission, that can cause a serious compliance problem.”
Solving the AI compliance issue
Compliance professionals are naturally more risk-averse than others, but 51% expressed optimism about the impact of AI on their industries. Only 12% felt pessimistic; however, with the current momentum, AI is here to stay, and compliance professionals will have to understand the risks better in the coming months.
To help with that challenge, VinciWorks has created a guide on AI & Compliance: Risks and opportunities for compliance professionals in the Artificial Intelligence age, which is available on registration. It has also launched a suite of training around AI and its various risks, which includes courses for:
- Understanding AI Opportunities and Risks
- AI and conducting an effective risk assessment
- AI and cybersecurity
- AI and data privacy
- AI and discrimination
- AI and Intellectual property
- Plagiarism in the Age of AI
Enterprise Times: What does this mean
While the survey sample and insights are small, the overall message is clear. Organisations are unprepared for AI from a risk perspective in many cases. With legislation coming into force and that legislation has teeth. It will be interesting to see how organisations react to the risk.
This survey could have been much wider. It would have been interesting to see whether the subject or AI risk is at the board level. And whether non-execs are questioning whether firms have the right guardrails in place for both the creation of AI technologies and their usage.
While the survey and analysis by VinceWorks point the reader to its training platform. It also highlights the wider issue of whether they are ready for the explosion of AI usage. What are the compliance risks associated with its use, and is the organisation at risk of a compliance breach? Training is just one way that organisations can improve their stance, and VinceWorks appears to have the makings of a comprehensive suite of courses that will help address the issue. Details of what the courses include are notably absent and most of the above courses are quite short, all are under thirty minutes.