Navigating corporate compliance in the age of artificial intelligence

7.9.2023

Compliance is a set of rules and procedures that organisations must follow to comply with relevant laws, standards and ethical norms. The goal is to minimize the risk of legal violations and maintain the integrity of the business.

(on the photo: ARROWS team together with several colleagues from the tax and accounting office ARROWS tax, ARROWS insurance)

There can be a big difference between compliance systems in the Czech Republic and abroad. Each country has its own legal system and this changes the shape of regulation in fundamental ways. For example, in comparing the Anglo-Saxon legal system, which relies on precedents, and our legal system, which relies mainly on law written in the form of statutes and court decisions, we see differences in the form of regulations.

Despite the differences in compliance around the world, many countries agree that compliance is necessary, especially in the financial, energy, pharmaceutical and healthcare sectors. ARROWS ETL and its legal and tax teams regularly address this issue. From criminal to regulatory compliance (data, AML, etc.)

Compliance in finance, energy and healthcare

In the financial sector, legal compliance is a key aspect of operations. This includes adherence to strict banking and financial regulations such as Know Your Customer (KYC), which requires financial institutions to carefully verify the identity of their customers. Another important area is anti-money laundering (AML) and counter-terrorist financing (CFT), where financial institutions must monitor and report suspicious transactions. In the Czech Republic, AML also applies to tax advisors and real estate agencies. In this context, they are affected, for example, by whistleblowing regulations.

Legal compliance in this sector also includes supervision of business practices, consumer protection and compliance with capital requirements. Organisations in this sector must have a robust compliance programme that includes staff training, transaction monitoring and reporting processes to regulators.

The energy sector faces complex legal and regulatory challenges. Organisations in this sector must comply with standards relating to emission limits, operational safety and environmental protection. Compliance with these regulations includes regular inspections and audits of energy equipment to minimise the risk of accidents and outages.

Energy companies must also comply with rules on market competition and price transparency. Legal compliance in this sector helps ensure energy security and sustainability, while minimising the risk of fines for non-compliance.

The healthcare sector is subject to strict regulations on patient protection and the processing of health data. Organisations in this sector have to comply with regulations such as the GDPR (1), which governs the processing of patients' personal data.

Another important area is patient safety and quality of healthcare, which requires adherence to strict normative standards and rules for treatment and diagnosis. Legal compliance in the healthcare sector also includes ethical issues such as maintaining patient confidentiality and preventing conflicts of interest for physicians.

The pharmaceutical sector must comply with strict regulations regarding the development, testing and distribution of medicines. This includes regulations on the safety and efficacy of medicines, the processing of clinical data and the registration of medicines. Pharmaceutical companies must also comply with patent rights and regulations relating to the protection of intellectual property.

Legal compliance in this sector is essential to ensure that pharmaceutical products are safe and effective, as well as to protect a company's intellectual property. Compliance with these laws and regulations is key to maintaining a good reputation and gaining approval to manufacture and sell pharmaceuticals.

The impact of artificial intelligence on compliance

Artificial Intelligence (AI) has huge potential to automate and optimise operations in various sectors. How could AI be used in different sectors and how should it be regulated?

Financial sector

In the financial sector, AI can be used to automatically analyse financial data, identify risky transactions, manage investment portfolios, and even predict market trends.

But in this sector, it is crucial to ensure that AI is compliant with KYC (Know Your Customer) and AML (Anti-Money Laundering) regulations. It is also important that ethical standards are maintained and that AI decision-making is transparent.

It is important to mention the part of the AI Act(2) that discusses regulation with respect to ethics. Clause (37) of the AI Act sets rules for AI so that there can never be any type of discrimination. For example, when examining the creditworthiness of a bank's customer. These systems will be rated as high risk and will be forced to have special conditions in order to be put into operation.

The AI Act also refers to the fact that some of these procedural obligations are already contained in Directive 2013/36/EU(3) on access to the activity of credit institutions and prudential supervision. This Directive places particular emphasis on communication with the European Banking Authority (EBA).

Energy sector

Artificial intelligence can be used to optimise the operation of energy facilities, to plan energy production based on demand, and to reduce carbon dioxide emissions.

Regulation should include rules for the safe deployment of autonomous energy systems and monitoring of emissions. It should also take into account data transparency and cyber security.

Paragraph (34) of the AI Act also highlights the designation of systems that regulate the flow of water, gas, heat and electricity as high risk. In the event of a failure in this sector, the consequences could be very serious and therefore greater attention and regulation is required.

Health sector

In the healthcare sector, AI can find applications in areas such as medical image analysis, diagnosis, disease prediction and even personalised treatment of patients.

However, regulation must ensure that AI systems in the healthcare sector are accurate and safe. It must include rules for the protection of patient data and the ethical use of AI in diagnosis and treatment.

As in the two sectors mentioned above, the European Union's AI Act is relevant to the healthcare sector. For example, in clause (30) it mentions, among other things, that systems used in medical devices and for diagnosis must also be designated as high-risk and thus more regulated.

Pharmaceutical sector

AI can be used to accelerate drug development, identify potential therapeutic targets and analyse clinical data.

Regulation must include regulations for the safety and efficacy of drugs developed using AI. Mechanisms must also be in place to verify the credibility of the data used for drug development.

Regulation in these sectors should be flexible to reflect the rapid development of AI technologies, but at the same time ensure the safety, ethics and accountability of the use of AI. It is also important that regulation promotes transparency and data protection, especially where AI processes sensitive information such as health data or financial transactions. Collaboration between government, industry and AI experts is key to creating effective and fair regulation for these sectors.

How does the European Union's AI Act affect AI and its use in combination with compliance?

The AI Act of the European Union, specifically the aforementioned AI Act, has had a significant impact on the field of compliance not only in Europe but also globally. This Act, approved in April 2021, sets new rules for the development, deployment and use of AI systems in the European Union to ensure the ethics and safety of this technology. How does the AI Act affect compliance?

This legislation places a strong emphasis on the ethical use of AI and requires AI systems to be transparent, explainable and fair. Organizations will need to ensure that their AI systems comply with these requirements, which may require a greater focus on compliance with ethical standards.

The AI Act also introduces new obligations and regulatory frameworks for manufacturers and operators of AI systems. Organizations will need to closely monitor and comply with these new regulations, which may require additional investment in compliance.

The EU is also using this document to protect consumer rights in the context of AI. This includes obligations on transparent labelling of AI systems and the right to information on how AI systems work. Organisations must ensure that their products and services meet these consumer requirements.

The AI Act sets high penalties for non-compliance. Organizations that violate the new regulations may face significant financial penalties. This means it is crucial that organizations have effective compliance programs to minimize the risk of non-compliance.

Although the AI Act only applies in the EU, it has the potential to affect organisations outside the EU if they operate their services or products in the European space. This may lead to non-EU organisations having to adapt their practices and systems in line with European rules in order to maintain access to the EU market.

Overall, therefore, the EU AI Act increases the importance of AI compliance and changes the way organisations develop, deploy and use AI. Organisations operating in this area will need to closely monitor the new regulations and ensure that their activities are compliant with these regulations to minimise risks and adhere to ethical standards.

Petr Prucek contributed to this article.

(1) https://www.uoou.cz/obecne-narizeni-o-ochrane-osobnich-udaju-gdpr/ds-3938/p1=3938

(2) https://eur-lex.europa.eu/legal-content/CS/TXT/HTML/?uri=CELEX:52021PC0206

(3) https://eur-lex.europa.eu/legal-content/CS/TXT/PDF/?uri=uriserv:OJ.L_.2013.176.01.0338.01.CES