5 minute read 25 May 2020
Man working on electronic chip boards

Eight compliance areas that are prime candidates for automation

By Todd Marlin

EY Global Forensic & Integrity Services Technology & Innovation Leader

Global leader in technology & Innovation, with significant experience serving the financial services industry.

5 minute read 25 May 2020

Robotic process automation combined with AI can help automate compliance and free up executives to focus on high-risk issues.

Companies intent on driving efficiencies in compliance management have increasingly turned to robotic process automation (RPA), which helps deliver operational and cost efficiency, while improving quality by reducing human errors. But using RPA alone has its limitations.

It mimics human behavior, but it cannot learn from mistakes or evolve with changing business environments. As a result, technology-savvy organizations are gradually looking to enhance their automation efforts with artificial intelligence (AI) tools, such as machine learning and natural language processing (NLP). By 2022, 80% of RPA-centric automation implementations will derive their value from complementary technologies, according to Gartner. Gartner predicts organizations that combine AI and RPA technologies with redesigned processes will cut nearly a third of their operational costs by 2024.1

Together, these technologies pose a great opportunity for adoption in a wide range of areas in the compliance function, which we explore in detail below. The results are increased efficiency and better quality that bring relief amid new regulations, conflicting laws across jurisdictions, hefty penalties for noncompliance, and pressures to incorporate more data than ever in compliance monitoring.



of RPA-centric automation implementations, by 2022, will derive their value from complementary technologies (mostly machine learning and NLP), according to Gartner.

RPA: the benefits and the limitations

RPA trains software “bots” to perform standard, rule-based processes to automate the data ingestion process in compliance programs, such as retrieval, cleansing and formatting. But they aren’t smart enough to handle many complex legal and regulatory requirements that often demand in-depth analysis by aggregating and cross-referencing data. 



Estimated reduction in operational costs, by 2024, for organizations that combine AI and RPA technologies with redesigned processes, Gartner predicts.

Enhancing compliance programs with AI-enhanced RPA not only alleviates compliance executives from routine, time-consuming tasks, it provides them with risk insights to help shape strategic decisions. The most common analytics-driven technologies being used thus far are:

  • Machine learning. It helps analyze and understand unstructured data (e.g., comments in time and expense data and customer service logs). Machine learning algorithms can be used to help detect hidden patterns of risky activities and relationships. Its self-learning feature improves analytic accuracy and reduces false positives over time.

  • NLP. It allows computers to understand human language, both text and speech. NLP models decipher meaning, measure sentiment and categorize data. For example, NLP can be used to analyze notes in sales transactions to detect potential fraud by emotive tone analysis.

Automation hotspots in compliance

Based on client engagement experience, EY teams have identified eight key areas in a compliance function that are prime candidates for automation, with varying degrees of “intelligence.”

  1. Vendor due diligence. This often involves many laborious tasks that are ideal for RPA implementation. Bots can be set up to automate clearly defined checkpoints (e.g., check against a pre-established list of banned vendors). Machine learning technologies can be used to integrate a much wider range of data sources, (e.g., sanction data and court records) and perform in-depth analysis to uncover risks that otherwise may not be obvious.

  2. Email and social media monitoring. RPA software can be set up to regularly scan corporate emails and public social media posts with predefined keyword searches intended to identify risk activities and relationships. However, deploying NLP can greatly enhance risk detection. NLP can be used with sentiment analysis tools that evaluate the emotion, tone and intent of messages. These tools can produce real-time heat maps of employee engagement.

  3. Anti-bribery and anti-corruption (ABAC). Standard, rules-based ABAC tests can be programmed in bots to analyze data and identify red flags in transactions (e.g., round dollar payments). But the range of data sources that can be accessed or analyzed can be limited if using RPA alone. Using machine learning, the bots’ risk assessment abilities can be greatly enhanced by integrating a much broader set of data sources and generating scores to indicate the level of potential risks.

  4. Complaint management. Companies can greatly enhance the handling of calls to ethics hotlines. Voice analysis detects negative emotions from both the customer and service representative, providing real-time feedback to employees that helps them resolve the call, or flags the conversation for escalation to a supervisor. Successful complaint resolution mitigates legal risks while trends can be detected by categorizing and analyzing complaints.

  5. Data protection and privacy. Technologies that automate the discovery, inventory and classification of sensitive data help reduce noncompliance risk. However, technologies often need machine learning algorithms to handle complex aspects of the tasks, especially when it comes to discovery and classification. Gartner predicts more than 40% of privacy compliance technology will rely on AI over the next three years, up from 5% in 2020.

  6. Time and expense compliance. Expense management tools are using RPA to automate simple checklist type of tasks such as matching credit card receipts to approved types of charges. Adding machine learning allows companies to detect irregular expenses and patterns, flagging them for human review. For example, machine learning algorithms can be developed to categorize expense policy violators based on their risk levels and send email warnings tailored to the problem severity.

  7. Regulatory changes. New regulatory or legal requirements can be managed more effectively with automation. For example, a global effort to phase out interbank offer rates (IBORs) means any contracts or transactions linked to IBORs maturing after 2021 will require contract amendments or fallback language. Many document intelligence tools can be used to automate a lot of the work and convert legacy contracts into digital formats that contract management software can process.

  8. Regulatory and management reporting. RPA bots can be used in straightforward data collection and cleansing tasks. It’s been a common practice to use AI and advanced analytics technologies to provide deep insights and uncover hidden risks in regulatory and management reporting. The sheer volume of reporting required by a compliance function makes this the most promising area for joining AI and advanced analytics with RPA.

Tips for automation success

To stay competitive and reduce risks, companies must become more agile, strategic and efficient in managing compliance. Investing in intelligent automation is a critical consideration for compliance leaders looking to achieve these goals. Here are some tips for successfully implementing intelligent automation:

  1. Start small. RPA on its own can quickly add a great deal of value. Assess your current processes to identify what is easy to accomplish. Look for high-volume, routine, rules-based tasks that can be more efficiently performed by bots. Adopt a phased approach with your automation efforts to minimize disruption to the business and to demonstrate measurable results along the way.

  2. Understand your data. Before any large-scale AI implementation, determine what data the technologies will run on. Identify the data sources, know how to access them and establish a central data platform. AI algorithms require clean, quality data to function properly.

  3. Ensure human involvement. Don’t ever assume that automation can run on its own. Use a monitoring process in which humans can assess how the automation systems perform and intervene when needed. Many AI technologies, such as machine learning, have self-learning capabilities that require human input. In addition, business and regulatory environments evolve quickly in today’s age, so human engagement is critical to keep compliance programs up-to-date.
  • Show article references#Hide article reference

    1. “Gartner Top 10 Strategic Technology Trends for 2020,” Smarter With Gartner, https://www.gartner.com/smarterwithgartner/gartner-top-10-strategic-technology-trends-for-2020/, 21 October 2019.


Enhancing compliance programs with AI-enhanced Robotic Process Automation (RPA) not only alleviates compliance executives from routine and time-consuming tasks, it provides them with risk insights to help shape strategic decisions. To stay competitive, companies must be strategic, agile and efficient in managing compliance risks — investing in intelligent automation is a key way to achieve these goals.

About this article

By Todd Marlin

EY Global Forensic & Integrity Services Technology & Innovation Leader

Global leader in technology & Innovation, with significant experience serving the financial services industry.