Matt Kelly to speak at PrivSec & GRC Connect Chicago

 Taking place April 16 and 17 at Crowne Plaza Chicago West Loop, PrivSec & GRC Connect Chicago provides a platform for organizations to address the cumulative nature of risk.

PrivSec & GRC Connect Chicago’s comprehensive agenda is led by subject matter experts, business chiefs and industry leaders, giving attendees a deep-dive into challenges and solutions on the rapidly evolving GRC landscape.

Event speaker, Matt Kelly is editor and CEO of RadicalCompliance.com, a blog and newsletter that follows corporate governance, risk, and compliance issues at large organizations.

Matt will be attending PrivSec & GRC Connect Chicago to discuss the governance principles and practices that businesses should adopt when implementing AI technologies.

Learn more about Matt and his discussion topic in the Q&A below:

Could you outline your career pathway so far?

I’ve been a reporter following the GRC “beat” for about 20 years. Originally, I was a newspaper reporter, and then drifted into writing about business and technology. In 2004, I started writing for Compliance Week, and ended up editor of the magazine from 2006 to 2016.

Since 2016, I’ve been publishing my own newsletter, Radical Compliance; and I speak often about trends in corporate governance, compliance, audit, and cybersecurity. It’s a fascinating field! Compliance professionals really do have a Rubik’s cube of challenges, where you think you’ve solved one headache and then another comes into view.

I love following and talking about compliance news, and consider it a great privilege that I’ve come to know so many compliance officers around the world. Great group, very friendly and super smart.

What does best practice look like when it comes to navigating the AI adoption journey?

Best practice would be for management teams to slow down and think their AI plans through. My fear is that too few companies are doing that, and they have pockets of AI adoption happening in various ways without management’s awareness.

If I had to capture best practice in a word, that word would be “governance.” That is, senior leaders shouldn’t micro-manage all the ways the enterprise is trying to adopt AI; they should be spelling out several basic principles that business units must follow while those teams tinker with AI. Then the compliance team can follow up more closely to confirm that those basic principles are being enforced. 

For example, say you’re a retailer that wants to use facial recognition technology to identify customers who might actually be known shoplifters. You’d want controls over the quality of images uploaded into your database; and you’d want testing to be sure that the AI doesn’t return a high rate of false positives (innocent customers identified as shoplifters by mistake).

Well, who develops those technical controls for the image database? Who performs that testing of results? Who assesses whether false positives affect minority groups at such a high rate as to be discriminatory? How does management assemble the right team to put those principles into practice, and get those questions answered?

That’s the sort of oversight that needs to happen. And given the seemingly endless potential use-cases for AI, it’s going to be a bumpy learning curve.

What are the biggest pitfalls that exist for compliance, legal and governance professionals as organizations push to harness AI to best effect?

The biggest pitfalls are likely to be:

• Lack of personnel who can easily navigate the IT, audit, and legal issues that all coalesce into one knotty risk management problem with AI.
• Failure to structure roles and responsibilities to tackle AI issues in the right way

Don’t get me wrong; we’ll have a lot of regulatory uncertainty around AI too, and lots of risk management frameworks to adopt, and so forth. But you can hire lawyers to interpret regulations and use technology to manage frameworks and control mapping and remediation.

But if you don’t have the right people on your team, or they’re not managing work in smart, efficient ways, then all that outside help won’t solve your problems.