Is your compliance stack outdated?

Sid Yenamandra, founder and CEO of Surge Ventures, has been a key figure in leveraging AI to address emerging compliance challenges within highly regulated industries like wealth management and financial services. His approach to AI-driven compliance management represents a significant shift from traditional methods, which have long relied on outdated technology and manual processes.

“The compliance stack that a lot of wealth management firms were using, it’s kind of old. It was technology that was built in the 80s or the 90s.” This outdated approach, he explains, is no longer sufficient in today's fast-evolving regulatory landscape, particularly as the pace of AI innovation accelerates. 

The firm’s focus is on creating a new generation of governance, risk, and compliance (GRC) tools, designed specifically for the wealth management industry.

Yenamandra will be speaking at InvestmentNews' upcoming RIA Activate California on November 12 – book your tickets here

“With AI coming in, there was a massive opportunity for disruption and innovation in the way traditional, mature software was being built.” The advantages of AI over traditional compliance models are vast. AI systems, for example, can quickly analyze and adapt to new regulatory changes, a critical capability in an environment where the SEC increased enforcement actions by 10% in 2023 alone. By incorporating AI, Surge Ventures is building solutions that not only streamline workflows but also improve compliance accuracy and efficiency. 

Yenamandra’s vision for AI in compliance management extends beyond just automating processes. He describes a scenario where AI acts as a supplement to human expertise, much like a cardiologist using AI to analyze an EKG report before providing their medical opinion.

“What if you had the ability to supplement [human consultants] with some AI capability?” he asks, emphasizing that AI can serve as an important co-pilot in decision-making processes. This is particularly relevant in sectors where fines and penalties for non-compliance are increasingly frequent and severe. AI models, when properly trained, can alert firms to regulatory changes or potential compliance risks before human consultants even review the data. 

Yet, as AI continues to evolve, companies face the challenge of balancing innovation with regulatory compliance. Yenamandra acknowledges this tension, stating that while AI can drive efficiency in compliance activities, firms must ensure the technology they use is itself compliant.

“If the SEC and FINRA are using AI to predict which firms they’ve got to audit, I think the firms have to use AI to stay ahead of it.” His analogy to the early days of cloud computing is particularly apt: just as companies initially questioned the security of public cloud infrastructures, they are now grappling with the complexities of using AI to manage compliance. While AI has the potential to revolutionize compliance processes, firms must be careful to ensure that the algorithms they rely on are not only accurate but also transparent and unbiased. 

Despite these concerns, Yenamandra is confident in AI's role as a “co-pilot” rather than a replacement for human oversight. He describes Surge Ventures’ model as “AI-powered, but human-led,” where AI models are rigorously trained and tested by human compliance experts. These experts ensure that AI-generated recommendations make sense before they are implemented. In this hybrid approach, AI handles the heavy lifting of data analysis, while humans make the final compliance decisions.

And it’s Yenamandra’s background in cybersecurity that also informs his perspective on the role of AI in enhancing security protocols.

“The growth in the threats to organizations... is exponentially growing in the age of cyber,” he adds.

AI’s ability to process and analyze large datasets at speed makes it an invaluable tool in the fight against cyber threats. In fact, AI has already been widely adopted in the cybersecurity space, with many vendors using it to power endpoint detection and response systems. However, as Yenamandra points out, the wealth management industry has been slower to adopt these technologies, creating a significant opportunity for growth. 

Cybersecurity compliance and the introduction of new regulations by the SEC and FINRA is forcing firms to rethink their approach to breach reporting and disclosure. Firms are now required to disclose material breaches within a strict timeframe, often as short as 48 hours in some states. AI can help firms manage this complexity by automating the identification and classification of breaches, ensuring that firms comply with reporting requirements without overwhelming their internal teams.

For Yenamandra, this is where AI’s true potential lies: “You can use AI to do a gap assessment... a lot better than waiting three months for somebody to actually read every line on your cyber policy.” 

Yet, even as AI transforms both compliance and cybersecurity, ethical considerations remain at the forefront of the conversation. Yenamandra stresses the importance of adopting a “responsible AI” framework, drawing parallels to the SOC 2 reports that are now standard in cloud computing.

“There needs to be a SOC 2 for AI-led solutions,” he argues, to ensure that AI systems are transparent, fair, and free from bias. This is particularly crucial in industries like wealth management, where the use of AI for decision-making could have significant financial and legal implications. 

Ultimately, Surge Ventures’ approach to AI in compliance and cybersecurity reflects a pragmatic vision of the future, one where AI serves as a powerful tool for enhancing efficiency and accuracy, but always in partnership with human expertise.

“The most logical and practical implementation of AI in the foreseeable future, I believe, is as an aid to technology,” Yenamandra explains.

Yenamandra will be speaking at InvestmentNews' upcoming RIA Activate California on November 12 – book your tickets here