Big data and AI shaping the face of regulatory compliance

Big data and AI shaping the face of regulatory compliance

22 July 2020 By Tony Zhang
HSF partner Jeremy Birch

As developments continue to progress in data analytics and artificial intelligence, the face of regulatory compliance, government investigations and enforcement are changing, according to analysis from a global law firm.

Herbert Smith Freehills has released its series The Byte of Big Data: Investigations and Enforcement, which shines a spotlight on how misconduct is monitored in the age of big data and explores how businesses need to prepare for this new era.

HSF partner Jeremy Birch said advances in data analytics and machine learning offer significant potential for businesses in terms of monitoring supply chains, business partners, employees and customer transactions for suspicious activity and misconduct. 

But the advancements have also led to complexities for businesses across jurisdictions.


“We know that big data has changed the way business is done, but it’s also changing the face of [white-collar] crime and, as a result, how misconduct is detected, investigated and prosecuted,” Mr Birch said.

“These advancements in data analytics will create growing pressure from regulators on businesses to enhance their abilities to monitor, detect and report misconduct.

“Companies now face more complexities in meeting compliance expectations, conducting internal investigations and managing government agencies during enforcement.”

Herbert Smith Freehils surveyed a number of clients in general counsel, senior legal, compliance and risk roles in organisations spanning multiple sectors and jurisdictions. 

The report revealed for nearly 80 per cent of respondents, data plays a role in their organisations’ commercial strategy, and over 66 per cent have a data governance strategy in place.


The research found that data analytics and artificial intelligence (AI) are being used primarily to improve efficiency and operations as well as corporate strategy. 

However, there was less of a focus on how data could be used to proactively monitor compliance or more efficiently meet regulatory requests and expectations.

For instance, only 8 per cent of organisations are relying on internally generated data to monitor or supervise their employees. 

“This may indicate that the private sector is at risk of failing to prioritise modernising compliance and investigations functions at a time when regulators are becoming increasingly technologically sophisticated,” the report stated. 

Mr Birch analysed that there is a lot of excitement around the automation of monitoring activities. 

“What used to be a manual, and a very [labour-intensive] process, is becoming less so,” Mr Birch said.

“However, while the introduction of technology is changing the playing field, data quality, for some organisations, may still be preventing advancement.

“One in five respondents [reports] having concerns over the quality of the organisation’s data. While respondents didn’t note this as their main concern, it still demonstrates that not all organisations have the right data sources to implement monitoring for misconduct in a meaningful way.”

The report showed that an increase in resources may help manage this, however, businesses ultimately need to consider what they’re trying to achieve from gathering data so they can implement the appropriate IT infrastructure to attain the data pool they need and use it in a valuable way.

HSF senior consultant Tess Lumsdaine agrees that the sophistication of monitoring systems and issues around how data is collected and used, is part of the problem. 

This means corporate goliaths such as big tech, as well as many governments, may have the resources to collect and analyse massive amounts of data. 

“We are not seeing that kind of sophistication in the private sector in relation to employee monitoring,” Ms Lumsdaine said.

“If a business is looking to monitor a certain type of misconduct or within a market, they may wish to focus their efforts around that, which in turn will allow them to manage the risks of complying with privacy legislation, together with considerations [underemployment] and discrimination law.”

Big data and AI shaping the face of regulatory compliance
Intro image
lawyersweekly logo