How to address the technical skills gap compliance will face due to AI

Stuart Strome

Stuart Strome

Stuart Strome (stuart.strome@gartner.com) is the Director of Research in the Gartner Legal, Risk & Compliance Practice in Arlington, Virginia, USA.
Listen to article
7 minute read

By Stuart Strome

In 2023, it’s fair to say generative artificial intelligence (AI) made a lot of headlines. The speed with which large language model (LLM) AI tools came into widespread use is quite unprecedented, and while Gartner experts placed the technology at the “peak of inflated expectations” in its Hype Cycle for Emerging Technologies in August 2023, they still see it having a profound impact on business and society.[1]

Generative AI presents a dual challenge for compliance functions: They must find ways to use it to boost the function’s productivity while at the same time ensuring their wider organizations are compliant with a growing and increasingly complex patchwork of global regulations.

This will require technical skills that most compliance departments currently lack. In terms of adopting new technology, it could be argued that compliance functions can move at the pace at which they can acquire the skills they need.

In fact, compliance functions that drag their feet will expose their business to risks in the current environment of growing workloads, flat budgets, and falling headcounts.

Without appropriate technology, it will become increasingly difficult for compliance teams to predict, monitor, and mitigate noncompliance effectively in their organizations. So, the compliance function must access the technical skills that will enable it to stay on top of its responsibilities.

Moreover, the need for new technical skills won’t end there because, aside from operations, compliance officers themselves will need a greater level of technical knowledge to properly understand new legislation requirements and whether their organizations’ activities meet such standards.

The salient implication here is that compliance departments must find a way to build up the technical skills in the function. They must also do so at a time when they face enormous competition for these skills—from other functions in their company and external organizations.

Rethink recruitment

Given that expertise in such in-demand areas will be in short supply, compliance departments cannot hire based solely on prior experience or hire for all in-demand skills. Compliance leaders must make trade-offs among the skills they need in their department and consider hires they typically might not, such as those with lower levels of experience.

A key priority should be identifying talent gaps in the department and developing a list of the skills needed to ensure regulatory compliance. Then, triage skills based on their urgency, criticality to the department, and potential for them to be upskilled or trained later. Hiring is going to be challenging and costly, so it is important that compliance leaders understand what skills and qualifications they cannot develop in-house and focus their recruitment efforts accordingly. This process will likely focus recruitment on technical skills not directly pertaining to compliance, such as data science.

In the long term, compliance departments must ensure they are attractive to candidates with in-demand skills and consider hiring for dedicated technical roles, such as technology specialists. This will likely mean partnering with human resources to develop a talent recruitment strategy focused on meeting employees’ escalating expectations to entice top candidates.

Internal skills development

Often, when business functions face challenges that lie outside their traditional expertise, their first move is to hire what they need. For the reasons already discussed, however, this approach will likely not acquire all the skills a compliance department might need and will come at a high price.

Compliance leaders should look at their existing employees as the lowest-hanging fruit in terms of an opportunity to develop technical skills in the function. Moreover, it is highly likely that a good number of existing employees are actively seeking career-development opportunities, so providing them in-house is a mutually beneficial arrangement with the potential to improve employee retention and engagement.

Upskilling existing employees can take place in several ways:

  • Peer mentorship: Mentorship is the cheapest option for upskilling. Here, candidates would be paired with experts from other functions that traditionally make use of the skills compliance required, and they would learn methods and best practices for use in compliance.

  • Online courses: Online resources like LinkedIn Learning or Coursera are relatively inexpensive. These can assist staff in learning specific digital skills, such as data quality assurance.

  • On-site workshops and in-person training: These training options are more costly. The difference between in-person and online training is that compliance leaders could more easily tailor the in-person training to the exact skills required from candidates while also allowing them to ask questions and receive assistance from the trainers directly.

  • Allowing candidates to travel to conferences: This is potentially very costly. The upside to this option is that they could learn best practices from peers and experts in other organizations and associations, bringing new ideas and techniques to their organizations.

  • Enrolling candidates in college courses at nearby colleges: This is the most expensive option, but also the most comprehensive digital training option.

Assuming key skill requirements have already been identified, the starting point will be to gauge employee interest in upskilling in areas with technical skill deficits and identify the most effective route to developing employees in these areas.

To make the most of internal skills development, newly trained staff should be encouraged to act as ambassadors for what they have learned, promoting technical literacy throughout the function and making the business case for further investments in technical skills.

Further, upskilled staff should be better able to offer data control and AI output quality assurance as part of proactively enforcing emerging standards as well as applying AI and analytics methodologies to reporting tasks, such as compliance with regulatory requirements. They should focus their new technical skills on defined business problems and translate insights into actionable business decisions.

Foster internal technical partnerships

If there is sufficient appetite for interdepartmental collaboration on skills development, it has the potential to yield broad companywide benefits if it can speed up the adoption and governance of AI and analytics tools.

Internal demand for technical skills in these areas will almost certainly outpace supply in most businesses, so realizing strategic aims most efficiently will require departments to work together to share technical skills and spread competency throughout the business.

Unfortunately, compliance is often seen as a roadblock, and other functions may be reluctant to share their limited capacity. However, when compliance implements tech platforms without necessary know-how or IT coordination, it usually results in unnecessary work for all involved. Compliance leaders will need to find mutually beneficial opportunities to coordinate implementation of compliance tech, share technical skills and capacity, work with other functional leaders to inventory the technical skills at the company, and highlight the mutual benefit of sharing the skills between departments. Compliance leaders should consider the following approaches to achieve this:

  • Show the “what’s in it for me”: Articulating the compliance, or even enterprise-level, benefits of a project requiring IT support is often insufficient. Instead, highlight to IT how prioritization of compliance projects will help them meet their own goals. Highlight benefits like reduced data storage costs, improved data quality, or how a project will result in less need for ongoing IT support.

  • Proactively coordinate roadmaps with IT: Major IT support efforts are often “booked” several months in advance, and as a result, compliance requests can, therefore, be placed at the back of the queue. Yearly or bi-yearly joint planning between compliance and IT functions—particularly when procuring and/or implementing a new platform—allows compliance to schedule around other large IT projects and bandwidth constraints. This eliminates unnecessary bottlenecks and allows for greater IT visibility to ensure tech platforms are compatible with existing systems.

  • Make your liaison program a two-way street: Leveraging compliance liaisons in different parts of the business is a great way to socialize compliance requirements or identify new risks. While liaisons are often assigned the role, many accept the position as a “stretch goal” or to explore another potential career path. Compliance leaders can take advantage of this by offering liaisons the opportunity to put their skills to use on compliance goals (e.g., developing compliance risk business intelligence dashboards, conducting quantitative analyses on compliance data to assess program effectiveness, tracking emerging risks) while learning more about the function and how it operates.

Conclusion

As enterprises rapidly adopt AI, compliance leaders must equip their teams with the technical skills and understanding to protect the enterprise from undue risk and make their departments more efficient. Competition for these skills will be fierce, and given the resourcing, cachet, and opportunity for advancement technology or front-office functions may have, it will not always be a “fair fight.”

Luckily, compliance leaders have other options. Offerings from colleges and massive open online courses on AI are proliferate and represent a relatively low-cost way to upskill compliance teams. Moreover, as enterprises hire for these skills in other parts of the business, building lasting relationships with IT and data and analytics teams can make it easier to surface potential compliance issues before regulators do—but get support for implementing compliance tech platforms. Compliance programs can thrive in this new environment by leveraging existing skill sets within their companies and their teams’ desire to branch out and acquire these valuable new skills.

Takeaways

  • Artificial intelligence (AI) presents a dual challenge for compliance. The function must both use the technology to boost its own productivity and ensure its wider organization is compliant with rapidly emerging global regulations.

  • This will require technical talent that most compliance functions currently lack, both in terms of staff being able to understand the technology over which they are tasked with providing assurance and implementing new technology to boost functional outcomes.

  • Given that the jobs market for such talent is highly competitive, it is unlikely that compliance functions will be able to easily recruit their way through the emergence of enterprise AI use.

  • Internal skills development offers a path to obtaining the required technical skills that have the added benefit of providing career growth opportunities to existing staff.

  • Internal technical partnerships have the potential to yield broad companywide benefits while helping compliance functions get some of the technical abilities they will need.

 
1 Gartner, “Gartner Places Generative AI on the Peak of Inflated Expectations on the 2023 Hype Cycle for Emerging Technologies,” news release, August 16, 2023, https://www.gartner.com/en/newsroom/press-releases/2023-08-16-gartner-places-generative-ai-on-the-peak-of-inflated-expectations-on-the-2023-hype-cycle-for-emerging-technologies.
This publication is only available to members. To view all documents, please log in or become a member.
Become a Member Login

What to read next...

Making an impact, compliance-style

About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook Twitter LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings