COMPLYConnect is here! The conference brought together more than 200 industry experts from across the country, all in the name of regulatory compliance education. Yesterday, sessions ranged from mitigating risk with artificial intelligence (AI) to how firms can do their part in protecting their clients’ material non-public information (MNPI).
With day two under our belt, we’re sharing some of the top takeaways we heard from our industry-leading speakers.
Top takeaways from day two of COMPLYConnect 2023 about
Attendees have already gained some incredibly valuable insight, and we have more in store for them! These are some of the top takeaways from yesterday’s sessions:
1. AI won’t replace employees.
COMPLY™ Chief Technology Officer Helen Johnson said, “Generative AI is a tool. It can help you become more efficient, but it will never replace you” during her session about generative AI with Karen DeFreitas of Moelis & Company LLC. Compliance violations come at a great cost, and generative AI can provide results that aren’t entirely accurate. Therefore, firms will need someone to validate the information to ensure accuracy.
2. Employees who use AI should receive training on how to use it.
“I think that training before letting employees use the generative AI system is essential,” DeFreitas said. Generative AI systems like ChatGPT are constantly learning, and they generate results from the information users give to them. If an adviser enters a client’s MNPI or enters confidential information about their firm, that adviser could be putting that client and their firm at risk. Using generative AI requires an understanding of how to input data in a way that protects all involved. Compliance violations are costly, so to avoid that, employees who are expected to use generative AI in their roles should receive training on how to do that.
It’s good practice for firms to:
- Use enterprise accounts for their generative AI systems.
- Require employees to use their work e-mails to access their generative AI systems.
- Anonymize the data that they enter into generative AI systems.
3. Assess how your firm uses generative AI.
Your firm should have a set of policies and procedures for how it uses generative AI, and those documents should be regularly assessed. Some questions to consider are “How did you validate this system? How often did you validate?” said DeFreitas.
4. Note that other countries have different compliance requirements.
Your firm should have policies and procedures that comply with the requirements of the countries in which it operates. Requirements surrounding generative AI vary from country to country and the same is true when it comes to cybersecurity regulations.
During his presentation with COMPLY’s Director of Compliance Jason Vinsonhaler, Michael Cocanower of AdviseryCyber stressed the importance of firms knowing the compliance regulations of the countries in which they operate. As an example, he said, “when a breach occurs, often times it takes a lot more than 72 hours to figure out the scope of the breach. If you discover two weeks later that it did include an EU citizen, you’re in trouble.” Therefore, firms should be proactive and address applicable compliance regulations in their compliance programs.
5. Many states have now put in place additional requirements for protecting consumers’ MNPI.
While states have had their own requirements for protecting consumers MNPI for a while, many have recently added a few more. Vinsonhaler said, “What we see for these new types of requirements are how and when to notify a client of data breaches.” Not only that, but state regulators are also interested in whether firms have reasonable policies and procedures that address concerns about protecting consumers’ MNPI, as well as how they maintain this sensitive information and dispose of records.
6. In the world of cybersecurity, individuals have a certain set of rights.
That’s right! In the world of cybersecurity individuals, including clients and investors, have a set of rights. To name a few, these individuals have a right to:
- Access their data.
- Have corrections made to their data.
- Have their information removed from any systems a firm might have them in.
Complying with COMPLY
How can your firm adapt to these changes? With a reliable partner who takes compliance just as seriously as you do! Meet COMPLY.
During last year’s COMPLYConnect, we officially announced the launch of COMPLY, the new parent brand for the ComplySci®, RIA in a Box®, NRS® and illumis® companies. A year later, we’re still helping compliance professionals and teams adapt to the ever-changing regulatory landscape.
COMPLY offers tailored consulting and technology services to help your firm identify and address compliance risks. By utilizing COMPLY’s tools and solutions, your firm can ensure it has a thorough compliance program that complies with applicable regulations and protects clients’ and investors’ trust and your firm’s reputation.
We also offer events like COMPLYConnect to help compliance professionals help their firms comply with confidence. Attendees have gained some incredibly valuable insight over the last two days. Stay tuned to learn more about what comes from day three.