Download your free copy of the latest Financial Technologist magazine here.
Artificial intelligence has become an indispensable tool for financial institutions to navigate regulatory complexities. Amid regulatory uncertainty and growing scrutiny, AI is playing an increasingly vital role in supporting compliance teams - by processing vast amounts of regulatory data, monitoring transactions and automating routine but essential compliance tasks.
For instance, consider a universal bank operating across multiple business lines and jurisdictions, each with its own evolving regulatory framework. Expert AI is able to track these regulatory changes in real time, automating not just the regulatory change process, but also linking these changes to refresh policies and controls. However, not all AI models are equally suited for high-stakes applications. Just as different medical treatments target specific conditions, AI models must be properly applied to their intended functions. The critical distinction lies between broad, general-purpose models and specialised, domain-focused AI solutions.
Large Language Models: Versatility with Limitations
Large language models (LLMs), such as GPT- 4, have become emblematic of AI's potential, offering automation across a wide range of tasks, from customer service to content generation. GenAI is not just a technology in risk and compliance but a stand-out transformative tool that empowers teams by automating mundane daily tasks allowing more focus on strategic high-value initiatives. But with the benefits come risks, and it is essential to approach AI implementation responsibly and thoughtfully. There are four main risks with the technology.
Inaccuracies and ‘hallucinations’ – generating accurate and informative outputs (e.g. a document summary that ties together the key points in a concise and well-articulated form) and generating misleading or inaccurate information. The problem can be addressed by using high quality, annotated regulatory datasets to ‘ground’ AI models. The output needs thoroughly validation and testing. Data Poisoning - refers to malicious or defective acts related to AI model security. It is more specific than provenance or privacy/ confidentiality issues, as it undermines the performance of AI models. Data poisoning is considered to be more of an edge case. The mitigation is that a firm’s AI models are verified, annotated and comes from trusted sources.
Data Provenance – refers to data coming from not trusted sources. This risk can be mitigated by providing verified data to private versions of the models.
Data Privacy and Confidentiality – AI models that are using publicly available data may expose sensitive information to risks. This risk can be mitigated, where the operations with data take place in a secure environment, i.e. 3rd party models (e.g. LLMs) with publicly accessible, non-private data to train models.
Small Language Models
Small Language Models (SLMs) prioritise accuracy and efficiency over scale, making them particularly advantageous for specialised tasks requiring domain-specific insights. Trained on focused datasets tailored to specific enterprise needs, SLMs minimise inaccuracies and reduce the risk of generating irrelevant or misleading information.
A compelling example is the application of SLMs in regulatory compliance. By training on regulatory frameworks such as, for instance, MiFID II, Basel III, GDPR or any relevant other, SLMs ensure compliance officers receive accurate and actionable insights rather than generic AI-generated responses.
Specialised SLMs trained on carefully curated, structured regulatory content can enhance accuracy in compliance workflows. These models can parse complex legal documents, track jurisdiction-specific rule changes and flag potential compliance gaps with greater accuracy than their LLM counterparts.
By focusing on precision, SLMs address the shortcomings of LLMs, including bias, hallucination and inefficient resource consumption. Their smaller model size also ensures a significantly lower carbon footprint, making them a more sustainable and cost-effective option. Additionally, and very importantly, customer data remains securely within the client’s virtual infrastructure versus being exposed to third-party model providers, and this ensures compliance with strict data privacy regulations.
SLMs vs. LLMs: AI to Specific Enterprise Needs
While LLMs provide versatility across a broad range of applications, their generalist approach limits their effectiveness in fields requiring high accuracy. SLMs, by contrast, leverage targeted training and efficient resource utilisation to deliver outputs that are both reliable and contextually relevant.
Much like chemotherapy in medicine, highly targeted and designed to address specific conditions, SLMs excel in precision-based settings. In comparison, LLMs resemble broad-spectrum antibiotics: powerful, versatile, but often insufficiently precise for the most sensitive and high-stakes applications. In regulatory compliance and other fields where accuracy is non-negotiable, SLMs emerge as the superior choice, offering tailored AI solutions that align with the rigorous demands of specialised industries.
A Hybrid Approach
For compliance teams, the ability of SLMs to process and interpret regulatory documents with precision helps institutions remain compliant with evolving regulations, thereby reducing the risk of fines and reputational damage. By focusing on high-quality, domain-specific data, SLMs enable more informed decision-making, reinforcing their value in critical applications where precision outweighs scale.
However, the most effective AI-driven compliance strategies do not rely solely on one type of model. Instead, companies like ours we use over 100 model types, depending on the data sets and text problem to be solved.
LLMs, with their extensive linguistic capabilities, can parse vast amounts of general regulatory text and extract relevant information. Whilst SLMs ensure that outputs meet the precise standards required in regulatory environments.
For example, a financial institution tracking real-time changes in global sanctions lists might use an LLM to scan and summarise regulatory updates, while an SLM refines these summaries into actionable insights tailored to internal policies. This layered approach ensures that AI-driven solutions are not just powerful but also extremely precise, cost-effective and secure. The application of small language models in compliance is indeed proving that less is more.
By John Byrne, founder and CEO, Corlytics
Download your free copy of the latest Financial Technologist magazine here.
