The Role of Compliance and Internal Audit Teams for Mitigating AI Risk

In the past year, compliance officers anticipated increased regulations for artificial intelligence (AI) use in corporate organizations. However, while expectations for regulatory intervention were high, governments did not implement as many regulations as anticipated, according to an article by Navex.

Nevertheless, enforcement actions for improper AI use still occurred. Entering 2024, it is expected that more specific regulations for AI will be introduced, but companies incorporating AI into their processes should be aware of existing regulations posing enforcement risks.

In December, the U.S. Federal Trade Commission (FTC) took action against a retail chain that had implemented AI-driven facial recognition technology to identify potential shoplifters. The company had been comparing customers against a photo database of known shoplifters. However, the FTC found several shortcomings in the use of this technology, such as weak technical controls, insufficient testing, poor employee training, and inadequate procedures. As a result, the company was banned from using its AI technology for five years.

This incident highlights that the risks associated with AI adoption are not solely dependent on the technology itself but rather on the management practices surrounding it. Companies must oversee the adoption of new technology carefully, and compliance and internal audit teams play crucial roles in this process. Internal audits examine data accuracy and validity, while compliance teams assess enforcement risks related to privacy and discrimination.

Collaboration between operating units, compliance officers, and internal audit teams is crucial for successful AI adoption. When operating units experiment with AI without input from compliance and internal audit teams, compliance risks can emerge and escalate into severe threats.

Compliance officers should be part of senior management discussions to analyze how AI adoption may trigger compliance risks. It is essential to keep compliance issues at the forefront while considering ethical and governance considerations. This approach is crucial for keeping the company on the right side of enforcement risk in the realm of AI. The message for compliance officers is similar to past discussions on anti-corruption risks, emphasizing the need to be involved in strategic plans for international expansion.