Transforming Regulatory Compliance with AI: The RegXperience Journey

Project RegXperience: DeepDive Labs X DeepDive Labs (a pro-bono project).

How might we streamline workflows for compliance offices?

View project here: https://www.nathanielalejandrino.com/regxperience

Generative Artificial intelligence. You have seen it. You have tried it. You may have just used it a while ago! The rise of generative AI brings great opportunities for everyone. The power of AI to improve productivity and democratise creativity continues to shape the world and the future we know. So as a team of User Experience design students from General Assembly, we were thrilled to be invited by DeepDive Labs to work on an internship project to streamline workflows for compliance offices with the help of Artificial Intelligence.

Our journey kicked off with a meeting with DeepDive Labs the Founder Divya and Chief Product Officer Vidyaraman. The company is looking to develop an SaaS system with an aim to leverage AI to redesign regulatory workflows. The focus was on integrating advanced technologies like LLMs and ChatGPT to streamline processes and reduce backlogs for auditors and compliance officers. The CPO shared insights into the regulatory challenges faced by banks and emphasized the importance of guidelines like the Technology Risk Management (TRM) from MAS, setting the stage for our project. DeepDive Labs conceptualised an "LLM first regulatory approach," aiming to design a platform that seamlessly integrates regulatory checklists and compliance frameworks into a user-friendly SaaS product.

There are many parts in a typical audit and compliance workflow. They include planning, documentation review, risk assessment, interviews & observations, testing controls, analysis & reporting, presentation to the management as well as follow-up & review. The main focus of this project is to simplify the planning and documentation aspect.

Week 1

Our first task was to develop a clickable prototype by the end of the first week. So in the first week, we conducted user research interviews to gather key qualitative data. This was crucial for understanding the needs, goals, and challenges of compliance officers and auditors. We manage to interview 8 participants — a mix of auditors and compliance officers. From our insights, we concluded that they indeed need tools that simplify documentation and streamline communication. The following were some challenges shared:

• Data Management

There is a concern when it comes to data. Audit and compliance work is all about keeping security in mind. Compliance offices are mindful about uploading information online. We even have one interviewee who shared that while it makes sense to conduct audits online and save travel time, field work can be done at the site itself as some company documents are private and confidential. So challenges include managing and securing the storage of these documents. 

• Assessing Relevancy

There are also challenges in effectiveness and assessing relevance of controls. Compliance workflows are not automated and are manually reviewed by officers, which takes up a lot of time and effort. To tackle this problem would mean saving more time for more important tasks. Current manual review process is time-consuming and burdensome. 

• Unorganised Documentation

It was also shared that they struggle with unorganised compliance documents as they can come from many different places, and so there is difficulty in obtaining a complete overview. There is extensive effort required to review and manage documents. 

• Version Control Risk

Lastly, one of the interviewees described a manual collaborative process. Most compliance offices work in teams and when things are reviewed manually, there is a risk of discrepancies for each version. So this does pose a question on how might we offer a better collaborative experience and reduce risk of discrepancies. At the same time, there is also a strong desire to simplify workflow with AI. One interviewee shared how great it would be if there was an AI assistant to help him with his work. 

In addition to user research interviews, our team also looked at existing companies. We identified 3 existing companies that are already in the field of streamlining compliance workflow and looked at key features that make them stand out. Vanta, Grand and SWMS.

One key feature for Vanta we identified about this software is timeline. Auditors and compliance officers often have tight time constraints. With Vanta, users are able to keep in view of how much controls are cleared, and anticipate upcoming deadlines. Grand on the other hand has a collaborative sharing feature which will be useful for compliance offices as members work in teams. Different team members have different roles so this will be a great help for internal collaboration. SWMS offers a unique AI Generation feature. Compliance work is never simple and there are always workflows such as searching for regulations and extracting information that can be automated. So SWMS found a way to streamline manual tasks with a click of a button.

Other companies we also looked at were 4crisk, Relativity and Handshakes. Unfortunately, these softwares, including Vanta, Grand and SWMS are only available to enterprise users. Given enough time and resources, it would be great to explore more functions and study their features, UX and UI elements. This also gives us an inspiration to cater for individual users by empowering aspiring freelance independent auditors and compliance officers to get started with an SaaS compliance platform powered by AI.

Week 2 (29 April - 3 May): Refining the Prototype

Building on our initial prototype, we updated our designs to enhance functionality and user experience.

Key Activities:

• Design System: We established a design system to ensure consistency across the platform.

• UI Enhancements: We polished the UI for RegXperience and explored UI designs for the RegAdmin Hub, focusing on clarity and ease of use.

In our second week, we focused on establishing our design systems and polishing up the UI for RegXperience. We also explored on RegAdmin Hub UI for administrative access to the SaaS. Through regular stand-up sessions, we were able to build, reiterate RegXperience and update together with our CPO. The constant reiterations did take some time as we wanted to ensure that flows are sensible and prototype testable for user testing sessions we planned for the following week.

In addition, we thought about how we can make RegXperience platform economically sustainable for the company while enabling users to utilize all essential features on the platform. 

Screenshot: Proposed User Project Gallery (Dashboard) with subscription tile.

We also progressed by collaborating with both DeepDive Lab’s Software and Machine Learning Team. We build components that will make it easier for developers to extract and implement. As UX/UI designers, this was an eye opening experience as we get first hand experience of collaborating with developers. 

Key Learnings & Challenges

Throughout our journey, we’ve embraced a user-centric approach, continuously iterating based on feedback and testing. Here’s what we’ve learned and the challenges we’ve tackled:

Key Learnings:

• User-Centric Design: Tailoring the platform to different user roles is crucial for success.

• AI Integration: AI-driven checklists and frameworks significantly reduce manual effort and streamline compliance processes.

• Feedback Iteration: Continuous improvement based on user feedback ensures that the platform meets user needs and expectations.

Challenges Faced:

• Interview Recruitment: Securing enough participants for interviews has been a challenge, but we’re committed to gathering diverse insights.

• Compliance Complexity: Documenting business processes and ensuring control effectiveness requires meticulous attention and precision.

• System Integration: Integrating new tools seamlessly with existing systems is essential to avoid disruption and encourage adoption.

• Automation Balancing: Ensuring the accuracy of automated processes while maintaining the human touch is a focus.

• Documentation Management: Managing large volumes of documentation efficiently is a constant task that we’re tackling head-on.

They require efficient methods to ensure the accuracy and relevance of controls. A lot of workload are done manually and they aim to reduce the manual effort involved in compliance tasks. In terms of common challenges, included managing large volumes of documentation, ensuring the accuracy of automated processes, and maintaining up-to-date compliance with evolving regulations. 

Week 3 (6-10 May): Usability Testing and Iteration

On week three, we worked on our usability testing by understanding how different from various backgrounds interact with the UI. This time, our participants were a mixture of audit/compliance professionals and ordinary layman so that we can see how this platform is used by someone who is not from compliance. 

This week marked significant progress as we collaborated with the machine learning and software teams. Our focus was on usability testing and refining the design based on user feedback.

Key Activities:

• Component Organization: We organized our Figma files, ensuring that all components were tidy and ready for further development.

• Usability Testing: We conducted usability tests to identify pain points and areas for improvement.

• Findings and Iterations: From our usability tests, we discovered four main problems and prioritized them as critical, major, minor, and cosmetic.

Usability Findings:

• Critical Problem: 4/5 users had difficulty locating the frameworks.

• Solution: Improved information hierarchy by shifting the framework selection to the top.

• Major Problem: 3/5 users found the company description obstructive.

• Solution: Made the company information collapsible.

• Minor Problem: 4/5 users struggled to locate the sharing function.

• Solution: Separated the search and export functions, making them standalone.

• Cosmetic Problem: 3/5 users were confused by having two options to add controls.

• Solution: Simplified the interface by keeping only one add control button at the top.

Week 4

On week four, we finalised the project. We created logos for DeepDive Labs and RegX, finalized our presentation slides, and prepared for our final presentation.

Personal Reflections and Experiences:

Working on RegXperience has been an interesting journey, blending the realms of UX, AI innovation and regulatory compliance. From day one, the team's enthusiasm and dedication have been infectious. We've faced numerous challenges, from the complexities of securing user interviews to the intricacies of designing a user-centric interface that genuinely simplifies compliance tasks.

One of the standout moments for me was during the prototyping phase. Seeing our conceptual ideas take a tangible form was incredibly rewarding. Joseph's prototype, featuring multi-select functions and AI-driven frameworks, was a game-changer. It not only demonstrated our technical capabilities but also validated our vision of an intuitive, AI-powered compliance platform.

The feedback sessions were particularly enlightening. They highlighted the real-world complexities compliance officers and auditors face, underscoring the importance of our user-centric approach. Each piece of feedback was a stepping stone, guiding us towards a more refined and effective solution.

As we move forward, our focus remains on enhancing the prototype, integrating user feedback, and preparing for impactful stakeholder presentations. The journey has just begun, and the potential for RegXperience to transform regulatory compliance is immense.