Is ChatGPT a helpful compliance tool?

Everyone’s buzzing about ChatGPT, the AI-powered chatbot that’s changing the way many people work. It’s programmed to churn out text on a wide variety of topics – and it can be hard to tell it was written by a machine, not a person. Imagine a Beowulf-inspired epic poem on business continuity, or organic chemistry explained in a way even a second grader can grasp written in seconds. Plus, it can solve math word problems, whip up HTML code, and even rephrase paragraphs like a pro.

Already, people are using ChatGPT for all sorts of things – from crafting job descriptions and social media posts to helping students with their assignments. It’s not only a fountain of creative inspiration but also a great way to break down complex subjects. But when it comes to compliance, can ChatGPT lend a helping hand to your department?

Not quite yet.

Why ChatGPT is a bad fit for compliance

ChatGPT sure knows how to talk the talk when it comes to compliance – so much so that you might be tempted to take its word as gospel. But hold up! Don’t put all your trust in this cutting-edge AI technology for your compliance queries.

You see, ChatGPT is designed to craft answers that sound believable, not necessarily ones that are 100% accurate. While its responses come across as authoritative and are spot-on with grammar, they’re not always guaranteed to be factually correct.

Let me give you a glimpse of three compliance questions I threw at ChatGPT, and the worrisome answers it gave me.

Question #1: ChatGPT gives inaccurate information 

Q: Does my credit union have to follow CRA?

A: If your credit union is located in the United States and is insured by the Federal Deposit Insurance Corporation (FDIC) or the National Credit Union Administration (NCUA), then it is subject to the Community Reinvestment Act (CRA).

The CRA requires insured financial institutions, including credit unions, to meet the credit needs of the communities in which they operate, including low- and moderate-income neighborhoods. The law requires institutions to demonstrate that they are serving the credit needs of the communities in which they operate, including low- and moderate-income neighborhoods, and to develop and maintain a record of their efforts to do so.

The specific requirements and obligations of your credit union under the CRA will depend on its size and location, as well as other factors. However, in general, credit unions are expected to make credit and financial services available to all segments of the communities they serve, and to be responsive to the credit needs of those communities.

If you have more specific questions about how the CRA applies to your credit union, you may want to contact your credit union directly or speak with a financial advisor or attorney.

I don’t need to tell you that isn’t right. Credit unions don’t have to comply with the federal Community Reinvestment Act (CRA), only state-level CRA laws where required. Only banks are subject to federal CRA regulations.

And credit unions aren’t insured by the FDIC.

Question #2: If ChatGPT can’t find an answer, it will make one up.  

Q: Tell me about an enforcement action against a credit union that had problems with its compliance management system.

A: There have been several enforcement actions taken against credit unions that have had issues with their compliance management systems. One example is the case of [name redacted to protect the innocent], which was ordered to pay a civil money penalty of $175,000 in 2019 by the National Credit Union Administration (NCUA) for deficiencies in its compliance management system.

According to the NCUA, [name redacted] had failed to adequately identify, monitor, and manage compliance risks, and had also failed to implement adequate policies and procedures to ensure compliance with consumer protection laws and regulations. The credit union also failed to adequately train its staff on compliance-related matters.

As a result of these deficiencies, the NCUA determined that [name redacted] had engaged in unsafe and unsound practices, and had violated several federal laws and regulations. In addition to the civil money penalty, the credit union was required to develop and implement a compliance management system improvement plan, and to submit progress reports to the NCUA.

This case highlights the importance of having a robust and effective compliance management system in place for credit unions. In order to avoid enforcement actions and penalties, credit unions must be diligent in identifying and managing compliance risks, and must ensure that their policies, procedures, and staff training are up to date and effective.

This sounds like a summary of a real enforcement action (and good advice about having an effective compliance management system), but it’s completely fabricated. Worse yet, it put the name of a random credit union in there – one with no history of regulatory problems.

It’s also frustratingly short on details. What were the several federal laws and regulations violated?

Question #3: ChatGPT skimps on the details 

Q: Our bank is considering offering a $50 gift card to potential new customers who open a new account with a minimum deposit of $200. Is this promotion permissible? 

A: Offering a $50 gift card to potential new customers who open a new account with a minimum deposit of $200 is generally permissible as long as it complies with applicable regulations and guidelines.

Talk about a non-answer. The promotion is permissible as long as it doesn’t violate any regulations. No mention of what those regulations are or how they might apply. It’s basically a non-answer.

Conclusion: ChatGPT is not to takeover compliance

ChatGPT is not going to replace compliance professionals in its current form. It doesn’t know if it’s providing correction information and it doesn’t have the reasoning to apply regulations to business practices.

Some day it may be able to do these things and more. Until then, tread carefully. ChatGPT can write a silly poem, but when it comes to compliance, it has a long way to go.

Rafael DeLeon

Rafael DeLeon

Rafael E. DeLeon is a vibrant spokesperson with a wealth of knowledge on issues of regulatory compliance and risk management for financial institutions. Prior to joining Ncontracts, he served as ... Web: www.ncontracts.com Details