Ian Gotts, founder and CEO at Elements.cloud.
“AI agents can never be deployed to handle highly regulated processes. The lack of consistency and data security risks are too great.”
Never is a strong word. Back in 2000, we were told that regulated industries would never allow their data to be in the cloud. Twenty-five years later, Veeva (pharma) and nCion (banking) are two of Salesforce’s largest industry ISVs.
If you take a look around, it’s easy to see why so many are bullish about AI’s ability to reinvent or disrupt so many industries. Just take a look at the AI page on HSBC’s website. It sees AI as a way to provide better and new offerings to its customers. And the company is investing heavily in the core disciplines to make AI work: processes, data and skills.
Regulated industries accept that the cost of doing business is to ensure that they need to comply with different regulatory compliance regimes. When I think about the regulated industries, the ones that are top of mind are food & pharma (FDA), financial services (FSA and FCA), oil and gas and construction (HSE). And every major organization has common regulatory standards that include quality (ISO9001), InfoSec (IS27001 SOC2), privacy (GDPR/CCPA) and Sarbanes Oxley (SOX).
Reactive To Proactive
Organizations had SOPs and operational processes that were textual documents that were rarely read. Some internal auditors changed from reactive—coaching the teams just before the external audit—to being proactive—making it easier to find and understand the operational processes. Adopting UPN process diagrams as a way of documenting and getting adoption for regulated processes provides clear benefits.
AI Agents Are Digital Labor
AI agents are replacing tasks performed by humans, so they need to be regulated in the same way as humans. One benefit of an AI agent is that they will follow operational processes and comply with policies to the letter. But that means you need to ensure that they are given clear, explicit instructions. Just like human agents, this is best done with a detailed UPN process diagram.
The good news is that AI agents are easy to monitor and track. Every interaction between an AI agent and the customer/user is recorded and can be analyzed. If you’ve taken a process-led approach, you have the exact version of the process, instructions and actions that were used for each interaction. This supports the regulatory governance framework that is required for AI agents.
So, if there are regulatory issues and you need to audit a particular interaction, you can see exactly why it played out like it did. And if there are changes, then these can be made very quickly by changing the process, the data (knowledge, policies, customer data) or the prompts/workflows that the AI agent is using. Now, every interaction with the new AI agent will be immediate and consistent—unlike a large human workforce where every individual would need to be briefed on the new process or knowledge.
Humans have inconsistencies in how they interpret and apply the changes. An AI agent, deployed at scale, will instantly be using the most recent information across all interactions.
Building Agents That Regulators Love
We are discovering that the fastest way to build agents is to create a UPN process diagram that sets out the detailed processes that they need to follow, the backend workflows that they can use and the data they can access. From this, you can automatically generate the agent. This approach means that the agent’s performance is more reliable because you know that the instructions are consistent and complete.
When regulators pick up non-conformances, changes can be made to the process diagram. This generates the new agent and the regression test utterances to check the changes do not impact other aspects of the agent’s skills. The new agent can then be deployed.
The alternative is writing instructions straight into the agent. If you don’t consider the detailed flows, handoffs and fault paths, you will write ambiguous instructions. You will burn up weeks trying to rewrite instructions to get consistent results. It is time-consuming, wasteful and frustrating. You are always at risk of non-compliance. The process-led approach eliminates these issues. Agents are delivered in days.
Agents Do Not Change Everything
We can use past best practices. Agents are digital labor. There are very strong parallels with human labor. Agents are not magic. They are not black boxes that are impossible to govern. Over the last 20-plus years, we’ve seen organizations use a governed, process-led approach to ensure their human workforce can comply with complex regulations. Why would that be any different for our digital workforce?
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Read the full article here
