Skip to content

Limitations of Artificial Intelligence in Due Diligence

Emerging artificial intelligence (“AI”) and machine learning capabilities have the potential to revolutionize the way compliance professionals fulfill their day-to-day responsibilities. Such emerging technology—once fully developed—will permit organizations to automate processes that were previously wholly manual in nature. In turn, AI and machine learning have the potential to help drive organizational efficiency, reducing compliance costs for the organization overall and relieving resource-strapped compliance professionals of the need to conduct mundane tasks.

How Artificial Intelligence in Due Diligence and Data Add Value to Businesses

Automated Third-Party Screening

One major area where AI could help streamline compliance is in the realm of third-party screening. Organizations are increasingly required to conduct basic sanctions, Politically Exposed Persons (“PEPs”), and general compliance screenings of each third party with whom they transact. This expectation is contained in several important documents issued by key U.S. and international regulators over the past several years. Chief among these documents is the U.S. Department of Justice’s (“DOJ’s”) guidance concerning the evaluation of corporate compliance programs. Long a staple of the DOJ’s guidance for organizations of all shapes and sizes, effective third-party management requires risk-based due diligence that begins with basic screening.

AI has significantly improved the capacity of organizations to automate basic sanctions and compliance screening by integrating the screening application itself with the organization’s Enterprise Resource Planning (“ERP”) and Customer Relationship Management (“CRM”) systems. This eliminates the need for organizations equipped with such technology to painstakingly screen such third parties manually through lists like the U.S. government’s Consolidated Screening List (“CSL”). Less reliance on manual processes not only drives efficiency but also reduces the likelihood of screening errors. Such errors are more likely to occur when an organization must repeatedly input the same basic information into their various systems. This, in turn, allows an organization’s compliance function to hone in on third parties that pose the greatest risk to the organization. However, the technology is still far from perfect, and many solutions are still plagued by a few key issues.

guide to third party risk rating

Disadvantages of Artificial Intelligence in Due Diligence and Compliance

No Substitute for Human Judgment

One major risk with this emerging technology is that it is still a work in progress, which means that there can still be inaccuracies and mistakes. At the moment, AI cannot yet fully replace human judgment in third-party screening, specifically concerning evaluating potential matches and false positives. Unfortunately, this technology can sometimes be “tricked” with various quirks that a human review would identify immediately. We’ve already seen this occur publicly.

There are a few major cases where these minor mistakes have even led to penalties with regulators. First, in November 2019, Apple violated the Foreign Narcotics Kingpin Sanctions regulations due to an error in the company’s screening tool. This tool failed to match “SIS DOO” with “Sis d.o.o.,” which led to the tool clearing the third party despite the company appearing on OFAC’s SDN List. Next, Amazon settled with OFAC in July 2020 for its violations of various sanctions programs. Amazon committed several violations stemming from these sorts of errors, such as its tool failing to recognize that “Krimea” with a ‘K’ was an alternative spelling of Crimea, a prohibited region.

Apple paid USD 467,000 for its violation while Amazon reached a settlement for USD 134,000 for its conduct. Apple and Amazon are massive companies, with what seems like unlimited resources, and are widely considered to be some of the most technologically savvy companies in the world. And yet, the failures of their screening AI led to sanctions violations and monetary penalties. Unfortunately, these simple quirks were enough to trick their respective screening tools. This is one of the major limitations of AI in third-party screening.

Limitations in Identifying Compliance Red Flags

Building on the prior point, if AI can struggle to simply match similar names, then it will also have a difficult time keying in on other red flags that may signal a problematic third party. This is particularly true when dealing with foreign entities and persons, who must be carefully screened for involvement with potentially hostile foreign governments, blacklisted organizations, and other illegal undertakings. Because many screening tools still lack the capability to screen effectively in non-Latin characters, an organization can't ensure—with any degree of certainty—that such foreign parties are clear from a compliance perspective. Moreover, simply utilizing the English equivalent of a common foreign name can yield hundreds or even thousands of false-positive results that are laborious to eliminate as potential matches. In this respect, AI is simply no substitute for careful screening by a trained compliance professional aware of the screening solution’s intricacies and limitations.

Requires Sophisticated IT Knowledge and Careful Calibration

The use of artificial intelligence in due diligence and for compliance screening also requires intimate knowledge of both the capabilities and limitations of AI generally—knowledge that is not ordinarily amongst the many skills in a compliance professional’s arsenal, no matter how experienced. AI and machine learning often involve advanced algorithms and intricate processes that even the most sophisticated software engineer might only tangentially understand. It is virtually impossible to communicate this information to a compliance professional, who the organization relies on to thoroughly understand the methods it employs to mitigate risk. If something were to go wrong with the software, is there someone in the organization that can fix it? Or worse, will a compliance professional even recognize there is an issue before it leads to a major problem?

Creativity is Not the Key for AI

AI and machine learning also require large sets of similar data to be utilized for the system to function as intended; in other words, to detect patterns that can be replicated. Fragmented or disparate datasets are insufficient to leverage AI and machine learning capabilities. Insofar as an organization lacks this large amount of similar data, AI will be of limited, if any, real utility to the organization from a compliance perspective. For additional context, one need only think about the use of AI to return relevant hits during a simple internet search. While Google and its competitors have likely invested hundreds of millions of dollars in refining and developing how such results are generated, even the simplest of internet queries are bound to return innumerable results that may be irrelevant. In short, an organization's investment in AI and machine learning capabilities requires a long-term commitment that very few organizations outside of major corporations are willing to devote substantial resources to.

High Cost of Artificial Intelligence in Due Diligence and Compliance

Like any new technology, solutions that incorporate AI and machine learning capabilities can often be prohibitively expensive. When flat screens televisions first appeared on the market, for instance, the initial cost was staggering. Over time, flat-screen television technology has become so commonplace that one can practically get one for free. AI products are in that early stage where the technology is still cutting-edge and may require a significant investment to implement.

Moreover, systems that employ AI require careful calibration to ensure that the system is meeting the organization’s expectations. As such, an organization can expect to invest tens of thousands of dollars in initial implementation and training costs for screening solutions that employ AI and machine learning capabilities. This is to say nothing of the diversion of human capital required by the organization to integrate the new system into its existing practices and procedures. While these costs will continue to decrease in the coming years, as the technology continues to be refined and market competition increases, we may still be several years from seeing an “affordable” option.

Michael Volkov

Michael Volkov specializes in ethics and compliance, white collar defense, government investigations and internal investigations. Michael devotes a significant portion of his practice to anti-corruption compliance and defense. He regularly assists clients on FCPA, UK Bribery Act, AML, OFAC, Export-Import, Securities Fraud, and other issues. Prior to launching his own law firm, Mr. Volkov was a partner at LeClairRyan (2012-2013); Mayer Brown (2010-2012), Dickinson Wright (2008-2010); Deputy Assistant Attorney General in the Department of Justice (2008); Chief Counsel, Subcommittee on Crime, Terrorism and Homeland Security, House Judiciary Committee (2005-2008); and Counsel, Senate Judiciary Committee (2003-2005); Assistant US Attorney, United States Attorney's Office for the District of Columbia (1989-2005); and a Trial Attorney, Antitrust Division, United States Department of Justice (1985-1989).

Implement a tailored Third-Party Risk Management solution