2024 has been a hectic year in financial services regulation – from increased corporate governance scrutiny in the wake of last year’s bank failures, to changes around Basel III, to the growing worldwide focus on data privacy protection. 

‍

How can you gain greater visibility into vendor, partner, and customer contracts to achieve compliance? That was the topic as Evisort’s Hal Marcus, Vice President of Product Marketing, sat down with Emily LaCroix, Global Data Protection Officer at Berkshire Hathaway Specialty Insurance, and Stuart Brock, President at iKinetiq Innovation Solutions, which helps companies optimize procurement processes and enable data-driven risk management with AI, for a recent webinar, “FinServ Compliance with Responsible AI”.

‍

The panel dug into how companies can align compliance processes across operations with AI-powered contract data and achieve audit readiness in minutes rather than days leveraging the Evisort Contract Intelligence Platform.

‍

AI helps meet multiplying compliance requirements

As Emily explained, “We're a very lean legal team; there's about 40 of us,” without a legal operations staff. Compliance with data protection regulations is paramount in the insurance industry, and managing the obligations involved in working with clients, contractors and other business partners is extremely complicated.  

‍

She said that if BHSI takes in claimant data and is working with a third-party claims processing system, “all our obligations toward those claimants now need to get passed down” to that third party, for example if a claimant wants to access their data or take it elsewhere. 

‍

“We have to be able to comply with that,” Emily said, “which means we have to go to our partner and have them comply with it.” The same applies to any other entity that has used the data. Moreover, this poses an international challenge, as GDPR and other regional regulations multiply. “A lot of the knowledge economy is just running on data,” she pointed out.

Accelerating the fulfillment of obligations

One obligation requiring quick action comes into play if and when a data breach occurs. “Hypothetically, if we had a breach, or if any organization had a breach,” Emily said, “you need to know, basically instantaneously, who you need to notify.” Notifications may need to go out to regulators and/or data subjects, and business partners may be similarly obligated.  

‍

Using AI that has ingested and analyzed her company’s contract corpus, Emily and her team could handily find those answers by simply searching for terms related to breach notification. Based on those AI-identified terms, her legal team could know, “This is who we need to tell within twenty-four hours, this is who we need to tell within forty-eight,” she said. “And so you can prioritize those notifications.”  

‍

Another valuable insight contract AI provides is whether vendor contracts contain language mandating alignment with specific security measures and industry standards like ISO. With AI, reviewing their contract corpus to ascertain this is far faster, Emily said. “We don't need a whole team of lawyers because we have these tools.”

‍

Keeping pace with changing regulation

As Stuart Brock detailed, contract AI “makes things very easy when laws change.” And laws can change rapidly in financial services. In 2023, the OCC, Federal Reserve, and FDIC jointly published guidance on third-party risk management with no grace or run-in period; financial institutions were expected to comply immediately. 

‍

As a recent example, “Blue Ridge Bank was given 30 days to do an entire overhaul of their third-party risk management program,” Stuart said. “And for those of us who have done those, you're talking six to eight months, not 30 days…to put it together, adopt it, and submit it for approval.“ 

‍

Another case in point? “City National Bank was fined $65 million, and they were given 120 days to do an action plan that was inclusive of a host of remediations,” including their third-party risk management program, Stuart explained. 

‍

So regardless of your firm’s size, if you fall under the purview of any of those agencies, “you're subject to the guidance and need to follow it for your third-party risk,” he said.

‍

AI as a competitive edge

COVID-19 was an inflection point for the industry. Emily LaCroix recalled how, pre-Evisort, “at the beginning of the pandemic my global general counsel comes to me and says, ‘what do our contracts say about force majeure?’ I looked at him like he was crazy.”  With hundreds of potentially relevant contracts that would need manual review, there was no straightforward way to answer that question.

‍

Stuart explained how, during the pandemic, “we got to see both sides of it: the folks who had technologies like Evisort, and those that didn't. Those who had those technologies could respond more quickly, they could actually do amendments and transfer from third parties if needed more quickly, and that gave them a competitive edge during that time.”

‍

He added that having that level of preparedness through contract AI “really does transmit into revenue for the company.”

‍

The conversation covered a lot of ground, touching on how to set up internal frameworks for AI adoption, how legislation like the EU Artificial Intelligence Act may impact its use, and much more. To see and capture it all, watch the on-demand webinar.