White Papers
Fergus Allan
December 11, 2023
Legal and Compliance work is hard
Legal and Compliance work is hard and complex.
Teams need to navigate the complexity of rules, impacts and policies, gather and work with a constant flow of information, widely collaborate with diverse stakeholder groups, process and keep secure very sensitive content, manage the knowledge of Legal and Compliance work, and maintain a robust single source of the truth so that they can report to and advise senior management on key risks, issues and performance.
Their work has a heavy reliance on precedent and legislation, and many core tasks require assessment of data and the review of documents, the use of expert judgement and reference to historic trends, patterns and case studies, and the generation and review of text to provide advice or guidance and document decisions.
Because of these ways-of-working, Legal and Compliance appears particularly susceptible to the potential benefits of AI: To take-over data and document analysis; To provide first draft development of judgment and opinion; To automate the creation and review of legal contracts, or review the risks within relationships with suppliers and other third-parties; To carry out other repetitive manual tasks.
GenAI is artificial intelligence capable of generating text, images, or other media, using generative Large Language Models (referred to as foundation models). GenAI systems learn the patterns and structure of the foundation model data used to “train” the model and then uses this to generate new outputs that have similar characteristics. It considers specific input questions or asks, refers to the reference foundation model to find patterns and examples, and creates outputs that for all intents and purposes appear similar to those previously created by team members.
So it is no surprise that the potential of Generative AI (GenAI) in Legal and Compliance has captured the imagination of many General Counsels, Chief Compliance Officers and Legal Operations professionals.
But in the clamour to unlock the full potential of Generative AI, other nearer-term opportunities can be missed including those that do not require any big bets on new, unfamiliar and (as yet) untested technology. For example, improving the efficiency and productivity of current manual work, leveraging technology to support Contract Management, Document Management, or Case and Matter Management, or using Robotic Process Automation.
Evolution of Legal and Compliance Work
GenAI will be transformative to Legal and Compliance work. And soon. The true potential of GenAI will be its ability to create accurate, trusted outputs meaning that its use enables a reduction in staff costs since Legal and Compliance staff are no longer required to carry out certain tasks.
This will be the future. But there are hurdles to overcome. There remain risks in the creation and use of LLM – Do Data Privacy requirements permit the use of data in the foundation model? Can the data be trusted to be accurate? Are the rules that power the GenAI clear and precise enough to enable accurate and realistic analysis and out generation? And others too.
In planning to reach the GenAI end-game, it is first important to understand the evolution of Legal and Compliance work, an evolution that has not yet in all cases reached its final phases. Jumping too soon to consider GenAI opportunities ignores the natural evolution of Legal and Compliance work which can release benefits at earlier stages and during the pursuit of GenAI goals.
The natural evolution of Legal and Compliance work might be considered to have five phases.
Figure1: Evolution of Legal and Compliance work
In the first phase, all work is carried out by people. For some tasks technology is used, but it does not yet replace the need for human work or judgment. Next, the work of people is augmented by artificial intelligence embedded in Robot Process Automation (RPA). Attended bots offer guidance and support to help staff navigate complex processes, or step-in to take over simple work. Next those RPA bots are configured to carry out specific tasks and processes (often those that are high volume, repetitive and rule-based) so that some work is delivered 100% by bots. Then GenAI can be used to assist with content creation, data analysis, customer support, and more.
In practical terms, GenAI can be used to create first drafts of reports, marketing content, document summaries, and even offer recommendations based on data analysis. Finally, in the fifth phase GenAI is accurate and trusted to the extent that its text-based outputs can be relied upon and require zero human intervention.
GenAI opportunities
It is clear that if GenAI can be harnessed in trusted ways that the future of Legal and Compliance work will be very different to today.
Some examples of where GenAI might transform Legal and Compliance work include, amongst others:
Getting specific, many Compliance teams rely upon a Governance, Risk and Compliance (GRC) system to gather, curate and use knowledge about LROs, house policies and procedural workflows, and manage and oversee risks and risk management activities such a self-assessments and monitoring work. However, it certainly appears feasible that with accurately configured foundation models each aspect of a GRC system can be replaced by in-house developed GenAI – in effect creating a GRC system without the capital and operational costs associated with third- party technology.
GenAI can be employed to automate the process of drafting and reviewing legal documents, including contracts.
It can be used to analyze the language used in existing contracts to understand typical structures and clauses so that contracts are consistently drafted, and by analyzing relevant laws and industry standards can create terms and clauses that meet legal requirements. More advanced models can interpret complex legal language allowing the accurate extraction of key information and context from legal documents to support better understanding of the core content and meaning, and it can highlight potential risks and inconsistencies such as ambiguous language, conflicting clauses, or terms that may carry a higher legal risk. In this way, GenAI can help with refining and strengthening contracts before finalization, and allow Legal teams to focus on more complex and strategic aspects of their work.
The benefits are clear. But foundation models are trained on massive data sets. This may include public data scraped from Wikipedia, government sites, social media, and books, as well as private data from large databases. Developing foundation models requires deep expertise in several areas. These include preparing the data, selecting the model architecture that can create the targeted output, training the model, and then tuning the model to improve output (which entails labeling the quality of the model’s output and feeding it back into the model so it can learn). So whilst the use cases are attractive, getting to the point where value can be realized in not a short journey.
Hidden in plain sight
Notwithstanding any benefits from the adoption and use of GenAI, considering the evolution of Legal and Compliance work highlights other nearer-term opportunities including those that do not require any big bets on this new, unfamiliar and (as yet) untested technology.
For example, improving the efficiency and productivity of current manual work, leveraging technology to support Contract Management, Document Management, or Case and Matter Management, or using Robotic Process Automation.
In today’s Legal and Compliance departments, manual work dominates productivity, and quality is reliant on the skill and performance of people. Spikes in volumes can overwhelm capacity and lead to work not getting done, or delays, or oversights, or errors. Actions can be taken now to improve service delivery and performance that do not require the use of automation nor Artificial Intelligence. These include:
These actions – and others too – can unlock efficiency and productivity gains enabling Legal and Compliance departments to do more with the same, reduce costs, or divert focus to higher value activities.
Exploring the use of RPA can already unlock additional value. Attended RPA can input predefined text into simple documents (e.g., NDA contract terms), step-in to take over simple work from humans, where the bots assess that there is an advantage of so doing, Provide “pop-up” training or guidance via chatbots to embed predefined policies and procedures, track and enter time spent on legal matters into a billing system, and distribute notices to all legal hold custodians, and gathering information from custodians.
Using attended RPA means that productivity and quality is less reliant of the skill and performance of people, since bots can provide additional capacity and capability.
Automated RPA can take over 100% of some activity carrying out tasks such as: Automated policy adherence monitoring (e.g. GH&E); Automated third-party screening; Automated Subject Access Request; Automated transactional risk scoring for AML; Automated matter intake and request triage; And automated risk metric dashboard creation e.g., gifts, incidents, audit control failures.
Where RPA is deployed, productivity and work quality are no longer issues, since bots complete highly scalable work around the clock. The work is 100% error-free and compliant. However, configuring bots requires a clear, accurate, and efficient process view as well as clean and organized data. So, issues with ways-of-working and data hygiene need to have already been addressed – meaning that the assessment of manual work and improvements to that is an important precursor.
Implementing GenAI systems takes work and preparation. It’s critical to keep in mind that their output is only as good as their input. Systems trained on limited data or bad data will have limited or bad outputs. This is why it is important to prepare a Legal and Compliance department for this transformation and set it up for success. Harmonizing and consolidating ways of working, tracking and organizing data, familiarizing staff with automated processes, and managing and reporting data are all steps that pave the way for further automation. They help determine where GenAI can be integrated, and support the training process with clean, comprehensive training data.
For now, GenAI work is not trusted. That means that everything that is generated from AI needs a strong department behind it to verify and expand upon its work. A well-structured, organized, and automated department will be able to use GenAI to produce high volumes of top-tier work.
It is clear to us that even before the use of GenAI, there are plenty of opportunities to transform the work of Legal and Compliance.
Figure 2: Example use cases
Summary
GenAI will be transformative. But ignoring early steps in the Legal and Compliance evolution risks losing the reliable benefits of those levels. Going through the evolutionary process not only unlocks all opportunities along the way to GenAI, but also sets the stage for a successful GenAI implementation.
Clients should stand back from the GenAI hype, and seek to understand all the opportunities available in the evolution of Legal and Compliance work. Jumping into GenAI opportunities can lead clients to pass over the inherent benefits gained by evolving naturally into a modern Legal and Compliance department.