GenAI’s effect on governance, risk, and compliance

By itself, GenAI has seen strategic success in the domain of marketing and content creation, but when it comes to GRC, things get tricky.

AI is definitely exciting, but it remains far from perfect - particularly while the compliance and regulatory laws governing this technology continue to evolve. In fact, the world’s first comprehensive horizontal legal framework for AI was approved by the European Parliament in March, marking the initialisation of a nation-level or a region-level understanding of AI and underlining the need for governing bodies to protect people and their rights from the risks of evolving AI tech.

Ronak Jain, growth specialist, ManageEngine

In Vietnam, the government recognises AI as a pivotal technology of the Fourth Industrial Revolution, crucial for enhancing production capacity, national competitiveness, and economic growth. The country is in the process of developing and drafting legal frameworks to establish a sandbox for AI experimentation in high-potential fields while also refining laws to safeguard privacy and cybersecurity in AI-related activities.

Before delving into the specifics of how GenAI intersects with GRC, it is crucial to address the overarching trend of organisations racing to adopt GenAI. Currently, there’s a notable lack of clarity regarding how GRC standards fit into the GenAI landscape. This uncertainty largely stems from the evolving nature of GenAI models, which are characterised by continuous improvement. Continuous improvement lies at the core of GenAI, representing a fundamental principle of AI itself.

Consequently, both GRC experts from an industry perspective, and regulatory bodies overseeing AI laws from a legal standpoint, must embrace the concept of continuous improvement. In essence, organisations must keep pace with AI advancements, while governments must stay abreast of how these innovations are being developed and utilised.

The stakes are high. Should either side fail to maintain pace, the potential consequences are dire, ranging from a spike in criminal activities to the erosion of individuals’ rights in various forms. As such, staying ahead of the curve is imperative for both organisational and societal wellbeing in the age of GenAI.

Elements of GRC are evolving with increased granularity. This means that the pillars of GRC are individually and collectively influenced by GenAI. Consequently, all GRC professionals and teams within organisations must evolve alongside this field. Some subdomains that stand to benefit from GenAI include automation, change management, policy handling, control handling, monitoring compliance mandates, and predictive planning and scanning.

GenAI aligns seamlessly with task automation, such as the creation and maintenance of internal policies, reducing the workload on GRC professionals and teams. In change management, GenAI simplifies real-time tracking and assessment of legislation, suggested mandates, and public opinion, enabling better prediction of potential regulatory or organisational risks.

In policy handling, GenAI can associate regulatory and change management activities with existing organisational policies, minimising human error. Control handling benefits from GenAI through improved detection and auditing of risks and control deficiencies, including the duplication of effective risks and controls.

Monitoring compliance mandates is made effortless with GenAI, which can map and track regulatory and compliance requirements, notifying organisations of any deviations in continuous compliance. It also enhances predictive planning and scanning, making risk assessments more objective by using intelligent algorithms to project and prioritise potential risks holistically.

These applications represent just a fraction of AI’s potential. AI integrations enhance governance by analysing data from threat feeds and compliance reports, detecting patterns and anomalies, and automating security policy enforcement. They also ensure compliance with internal and external regulations through natural language processing.

AI-driven risk modelling uses advanced analytics and machine learning algorithms to analyse historical cybersecurity incident data, identifying trends and correlations for informed decision-making. In financial services, AI modelling tools integrate with strategic risk models to determine the financial implications of breach scenarios.

AI automation streamlines system monitoring and reporting processes, ensuring regulatory compliance by efficiently analysing vast datasets. Additionally, AI-driven tools perform real-time analysis of communications and transactions, identifying non-compliance indicators and enabling swift corrective actions.

Challenges loom large in the nascent stages of GenAI-driven GRC. Yet, amidst these hurdles, there emerges a pivotal need to swiftly tackle urgent issues surrounding secure integration and alignment with prevailing laws and regulations. This takes centre stage, demanding immediate attention and action.

Exploring the realm of GenAI becomes not just advisable, but critical. Embracing a diverse array of cutting-edge technological solutions is paramount to our collective advancement. Any impediments to this exploration, whether in form or substance, must be swiftly addressed to ensure that our journey towards innovation and progress remains unhindered.

GenAI’s impact on the financial sector Vietnam’s financial sector has shown remarkable growth, accompanied by a rising demand for digital services. Managing director and partner Il-Dong Kwon and project leader Luan Nguyen of Boston Consulting Group explain that a comprehensive strategy is imperative in order to bolster competitiveness.