The Clash of Regulation and Innovation: Getting AI to Comply Series, Part VIII

This fall, we’re sharing a series of blog posts exploring AI’s impact on highly regulated industries and the major compliance barrier that stands in the way: the “black box” problem.

In this week’s post, Matthew Van Buskirk of Hummingbird Regtech discusses reconciling the vastly different workflows of regulation and rapid innovation.

The Mismatch: Why Regulation & Innovation Clash

One of my co-founders, Jo Ann Barefoot, has a slide she often uses in presentations. It features side by side pictures of politician Barney Frank and Steve Jobs. “If you gave both of these people the same task,” she’ll observe, “they would go about it in completely different ways.”

Regulators and the industries they oversee approach the same challenges from different perspectives. This divergence is particularly clear in moments of rapid technological change. This divergence is also particularly important to understand in these times.

AI has arrived, and its rapid adoption into business processes has again brought the spotlight on these differences. In my career, I’ve been very fortunate to have spent time in both camps, and, using this experience, I’d like to share observations to help firms—especially those in highly regulated industries—understand the perspective of those on the other side of the divide.

Regulation, Anachronisms, and Technology

Our regulatory system was built in, and for, an analog era. Many of the laws that police modern systems were written 40 to 50 years ago, long before computers were a fundamental business resource. Because of this, the rules that govern technological integration now are rooted in a world long gone: one in which people (and people alone) were the ones filling out forms and organizing folders.

Along with the assumption of manual labor, current regulatory policy is bound by another key concept: an emphasis on process over outcomes. In the 1970s, when many of the relevant laws were taking form, regulators couldn’t actually measure how well a given policy produced the desired results. They just didn’t have the data—or the computational horsepower—to come to those conclusions. As a consequence, regulators focused on holding industry to the process standards that would, hypothetically, lead to policy goals.

Taken together, these influential policy principles form a substantial philosophical barrier to the successful integration of AI: regulators focus on processes, and those processes need to map to our expectations about manual labor: they need to be intuitive and explainable.

Unfortunately, these are precisely the kinds of characteristics AI doesn’t have. Built on the dense, mechanistic mapping of inputs to outputs produced through training, modern machine learning models make mathematical inferences fiercely resistant to intuition and justification.

But explainability is only part of the problem.

Among other recommendations, the Office of the Comptroller of the Currency’s (OCC) model, risk governance guidance outlined the necessity of maintaining the ability to reproduce a model’s historical versioning record. In other words, firms have to be capable of returning to any point in time in a model’s developmental path, replicate its former function and conclusions, and explain any subsequent changes made. If a model produced a certain result in September of 2016, for example, its operators should be able to show regulators how its calculations worked and how conclusions were reached…even if it’s two years later and the model has changed 25 times since then.

While understandable, these expectations are destined for disappointment. AI applications evolve too rapidly to allow their operators to return to a given past version and dig through expired math in search of justification.

For many modern applications, historical version accessibility is simply impossible.

From Explainable to Effective

Regulators are hesitant to accept modeling techniques that are not fully explainable, but that’s starting to change.

On a global level, perspectives are slowly shifting to emphasize results—a move made possible in part by recent technological advances. Regulatory organizations now have access to the data and computational power necessary to actually measure performance, allowing them to finally assess whether a model is producing the outcomes the original policy intended.

There are experiments going on in credit scoring that exemplify this transition. Financial institutions want to use alternative data to expand credit access to those without the clear financial records that current scoring methods require. But, before they can, they have to demonstrate to regulators that their innovations produce accurate results and do not inadvertently harm groups protected under law.

To do this, they’re employing historical backtesting.

First, a historical dataset of a population that includes the customer profiles, including their financial background and consequent credit performance is identified. The customer profiles and financial histories are then analyzed by both approaches, producing two sets of creditworthiness breakdowns. With information available at a given point, who in the dataset would have been approved for a loan? The selections produced by both methodologies are then compared to subsequent credit records, allowing for a clear sense of the relative effectiveness of the methods.

While this kind of assessment is certainly intuitive, mass adoption requires a paradigm shift in regulatory thinking. Examiners who have spent their entire lives thinking of compliance as process adherence are going to need a new framework, one based on empirical metrics.

Exponential Growth and the Future of Regulation

As much as industry needs to understand the regulatory perspective to keep the broader needs of society in view, regulators have to understand the reality of technological innovation…and what it means for them. Part of this work is the serious and critical exploration of past assumptions and a policy revision that fits an increasingly automated world.

But there is an even deeper misalignment worth considering.

Mathematically speaking, policy-making and technological innovation are not the same order of function: the former produces linear growth, the latter, quite often, exponential. Cryptocurrencies provide a good illustration of this mismatch. It took years for regulators to analyze and write rules for Bitcoin, Litecoin, and other digital assets. And, by the time these policies took effect, the fundamentals of the underlying technology had radically changed, calling into question the suitability of the newly minted regulation.

Regulators face a daunting, escalating challenge with AI…and technological innovation more broadly. To meet this challenge, industry players and regulatory authorities need to continue to come together. For the first time in regulatory history, there is an opportunity to both increase effectiveness and reduce costs through the use of outcomes-oriented technologies. Industry and regulators need to come together now to develop a new policy framework for the next 50 years.

About the Author

Matt Van Buskirk is Co-Founder and CEO of Hummingbird Regtech. Prior to launching Hummingbird, Matt was the Director of Regulatory Affairs at, an international consumer payments startup leveraging blockchain technology, a consultant with Treliant Risk Advisors, a Washington D.C. based management consulting firm specializing in the financial services industry, and a regulator with the U.S. Treasury Department’s Office of Thrift Supervision. His speaking credentials include the American Bankers Association Regulatory Compliance Conference, the Monetary Authority of Singapore’s Fintech Festival, Money 2020, Finovate Europe, the U.S. Federal Trade Commission, and the Department of Homeland Security’s annual AML conference.

About Hummingbird RegTech

Hummingbird aims to give superpowers to the people fighting financial crime. Its service is designed to enhance anti-money laundering and counter-terrorist financing investigations by reducing cumbersome paperwork, providing insightful analytics, and enabling collaboration for compliance professionals and law enforcement agents.

Hummingbird is on a mission to turn the tables against criminals who pollute our financial system. Modern criminals are sophisticated, tech-savvy, and agile. The tools used to fight financial crimes should be, too.

integrating ai

Unlock the “Black Box”

The only way AI’s going to make a real impact in finance, healthcare, and other highly regulated industries is if the “black box” problem tackled head on.

The Amazing, Anti-Jargon, Insight-Filled, and Totally Free Handbook to Integrating AI in Highly Regulated Industries does exactly that. Featuring in-depth pieces from almost a dozen subject-matter experts, this handbook provides a comprehensive breakdown of the problem… and detailed strategies to help you create a solution.

Download Now