Post on 26-May-2018
Intelligent Requirements &�Obligation Lifecycle Management �Using Cognitive Computing & IBM Watson
Sridhar Iyengar Distinguished Engineer Cognitive Services & Solutions Architecture Research IBM T.J. Watson Research Center siyengar@us.ibm.com
© 2014 IBM Corporation 2016-10-25
Topics Covered § Cognitive Computing – The new era,
an introduction – Basic Terminology – ‘Cognitive’ – Why Computing & AI – Next Era of
Computing
§ Managing complexity and harnessing big data effectively and intelligently using learning systems
§ Examples of Watson use in the Industry
§ Watson & Obligation/Requirements Management
§ Wrap-up ‘Watsononourshoulder,inourpockets,in
ourhome,car,office…makesusallsmarter’
© 2014 International Business Machines Corporation 3
The exponential growth of data, especially on the cloud, is changing industries, and driving new applications and business models
0
5
10
15
20
25
30
35
2009 2010 2011 2012 2013 2014 2015 2016 2017
Exa
byte
s (10
^18)
How big is “Big Data”? 98% of all data created in last couple of years
Multimedia
Manufacturing & Enterprise IoT
Consumer oriented IoT
Text data Genomic
Structured
Other
The true value of Big Data is in the embedded context
Raw data Feature extraction metadata
Domain linkages Full contextual analytics
Location risk
Occupational risk
Dietary risk Family history
Actuarial data
Government statistics Epidemic data
Chemical exposure Personal financial situation
Social relationships
Travel history
Weather history . . .
. . .
Patient records
BusinessMoment
Refine&Curate
MethodologyTechnologyKnow-how
Data
Continuously curate information to make it suitable for consumption
© 2014 International Business Machines Corporation 5
IBM Research Defines and Transforms the Future of Technology, making an impact to society
World Class Talent - Foundation of IBM Research
Genomic Medicine
Micro-Cloud
Precision Agriculture
Debater (GC) Quantum Computing Synapse (GC)
Opening Frontiers of Science and Technology
Intelligent Security Medical Sieve (GC)
GC : IBM Research Grand Challenge
© 2014 IBM Corporation
Cognitive: of, relating to, or involving conscious mental activities (such
as thinking, understanding, learning,
and remembering)1
Intelligence Augmentation vs Artificial Intelligence
Interprets and understands natural language
Generates & evaluates hypotheses
Adapts & learns
Watson understands me.
Watson engages me.
Watson learns & improves over time.
Watson helps me discover.
Watson establishes trust.
Watson has endless capacity for insight.
Watson operates in a timely fashion.
Analyze unprecedented amounts of unstructured data
Watson is IBM’s implementation of Cognitive Computing, AI and more
Games Provide a Laboratory for Reasoning
© 2016 International Business Machines Corporation
Winning A Game Based on Natural Language
© 2016 IBM Corporation 10
Expertise! Ecosystem!Technology!
160+ !Partners currently developing !
cognitive applications!!
20,000+ !API developers worldwide!
3800+ !Ecosystem Partner
Applicants!
50!Cognitive APIs !
expected by end of 2016!!
Based on !
50+ Core technologies !
32+!Cognitive APIs !
currently available!
2000+!Cognitive consulting !
Professionals – and growing!
7!Years of cognitive !
knowledge!
Nearly ten years of focus give us the comprehensive cognitive platform to create highly differentiating customer experiences vs. a small set of off-the-shelf point solutions with limited scope.
Watson is uniquely positioned to provide enterprise strength solutions to address the ever increasing challenges businesses face
Ø Industry Overview
WatsonDeveloperCloudServices
Transitioning Military Members to Civilian Life
Improving Financial Planners’ Advice
"Moon Shots" to End Cancer
10 Watson-powered Applications Tackling Clinical Trial Research
A Makeover on R&D Discoveries
Transforming Veterinary Care
Next-Gen Security Analytics
Training Retail Sales Employees
Redefining the Travel Experience
Improving Cancer Care
© 2015 International Business Machines Corporation
Cognitive Computing Research Agenda
© 2016 International Business Machines Corporation
Use Case Scenarios
Core Capabilities
System Infrastructure
Debating / Research
Medical Imaging
Regulatory Compliance
Geological Exploration
Financial Advise, Risk…
Immersive Environments
Emotional Interactions
Large-Scale (Deep) Machine Learning
Video Newscasting
Reasoning, Planning, Decisions
Deep Knowledge Representation
Multilingual NLP & Speech
Computer Vision
CPU / GPU Acceleration
Material Discovery
Conversational Dialog
Neuromorphic Systems
Approximate Computing
Personalized Healthcare
Scalable Graph Stores
Narrative Generation
Semantic Data Curation
New Computing Paradigms
Augmented Reality
Pattern Mining & Discovery
Optimization & Scaling
Domain Specialization
M e t h o d s T o o l s A P I . .
Emerging IBM Research Innovation Snapshot
© 2016 International Business Machines Corporation
Operational Risk Analytics
Wealth & Asset Management
Lead Generation
Cognitive Compliance
Equity Research And more…
Financial Regulatory Compliance
Significant increase in enforcement and penalties..
• In 2013, JPMorgan hired 4K additional compliance staff, spent extra $1B
• In 2014, Deutsche Bank included 1.3B euros in extra regulatory-related spend
• In 2015, Citigroup reported ~$1.7B being “consumed by additional investment” in regulatory and compliance
..has led to soaring FSS compliance spend.
Data from FT, May 28, 2015
§ Significant uptick in enforcement has led to high compliance spends (>10% opex for majority of firms)
§ Current processes have a large manual component, leading to high cost
WSJ, 12/2014: $65B in fines for US and European banks in 2014
© 2015 IBM Corporation
The Regulatory Compliance problem
16
Enterprises
Privacy regs Disclosure regs
Sarbanes Oxley Act Tax Code regulations
FFIEC
OSHA
Know Your Customer Anti Money laundering
Fiduciary responsibility
CPRB
IRS
SEC FCC EPA PCAOB
NRC
Dodd Frank
CPSC FAA
FDIC FTC
FDA NLRB
HIPAA
Securities and Exchanges Act Foreign Corrupt Practices Act
Exchange Act
Electronics | Travel and Transportation | Banking | Insurance | Legal | Accounting | Health Care | IT | …
What does this reg mean to my <X> line of business? My product <Y>?
My enterprise wants to enter into business <Y> in country <Z>. What regulations apply?
How has the regulation changed? How does it affect my existing controls, policies, procedures?
Which of my contracts have data right obligations? …
Fundamental Problem: Understand regulatory text to determine legal constraints, risks and consequences for an enterprise�s operations, devise policies and procedures to ensure compliance, with full auditability.
ACE
ATF
CFTC VA DEA ETA EEOC FCA FEC
FERC
FHA
FMC
FDIC
The Fed ICC
Full traceability from regulation to products, policies, risks and controls
What are all the regulations that impact my area of responsibility?
Multiple jurisdictions
Unstructured and Structured Input
Do this continuously as regulations, people, systems change.
© 2015 IBM Corporation
A view of idealized Compliance tasks
17
A1. Regulations: Monitor, Ingest, Understand
A2. Answer questions
D1. Gather and analyze data -- about company internal policies, procedures, operations, business processes
D5. Assess gaps in traceability, remediate
D2. Explore and evaluate possible designs for controls and procedures
D3. Analyze existing set of controls for risk, compliance, redundancy and irrelevance.
D4. Construct a master compliance implementation framework, (policies)
M2. Serve as an institutional (query-able) memory for compliance practices
M1. Monitor business operations for anomalies. Flag jeopardizing changes
M3. Resolve and remediate flagged violations.
Ingest, Correlate, Analyze
Design
Monitor
A3.Simulate audits to assess state of compliance, assembling proofs, assessing gaps, generate audit report
Natural Language Understanding | Machine Learning | Knowledge Representation and Reasoning | Planning | Design | Diagnosis | Repair
© 2015 International Business Machines Corporation 18
IBM Research – Industries & Solutions
IBM Confidential
Cognitive Regulatory Compliance: Obligation Lifecycle Management
Document Ingestion
I. Cognitive Obligation Extraction
II. Cognitive Mapping:
Regulations to Controls
Regulatory Documents
Controls
Reporting Gap Identification Policy Management …
IBM RCA + Cognitive Compliance Mapping
RCA : Regulatory Compliance Analytics
Tasks Compliance Mapping
Û Identify New/Updated Regulations
Û Parse Regulations into Obligations
Û Map Obligations to Controls
Û Map Policy to Operational Controls & Identify Policy Gaps
Û Map Operational Controls (i.e. Procedures, Processes tools etc.) to Operations
Û Compliance Status
Compliance automation
External content
Internal content
Policies
Operational Controls (Procedures/ Tools)
Operations
Regulations
Obligations
Regulatory Controls
Value • Automatically
link obligations to risk domains, products, services, policies and controls
• Reduction in volume of manual change notifications
• Greater time savings
• Automation of compliance checks
Û Map Regulatory Controls to Policies
Com
plia
nce
Mon
itorin
g R
egul
atio
n Tr
acki
ng
External Control Requirements drive internal control techniques that must be aligned to a common structure to avoid inefficiencies, gaps or redundancies
IBM Cognitive Regulatory Compliance – Where are we headed?
Cognitive obligation extraction (IBM Regulatory Compliance Analytics)
BlueHOUND
Obligation extraction
Knowledge graphs
BlueHOUND (Natural language processing) Automated ontology creation
Unstructured test 1 2 3 4
Watson is helping customers parse FFIEC Handbooks, amongst other regulations
~136 pages, 2511 Lines ~ 460 lines contain obligations in main body of document
Cognitive obligation extraction example results Sentence
No Sentence Text Document Section Watson Score Internal Obligation
Ref# Doc Page
Other Notes
359 Security Controls Implementation SEC CONTROLS IMPL No 18
360 Access Control SEC CONTROLS IMPL No 18
361 The goal of access control is to allow access by authorized individuals and devices and to disallow access to all others. SEC CONTROLS IMPL No 18
363 Access should be authorized and provided only to individuals whose identity is established, and their activities should be limited to the minimum required for business purposes. SEC CONTROLS IMPL Yes 18
364 Authorized devices are those whose placement on the network is approved in accordance with institution policy. SEC CONTROLS IMPL Yes 18
365 Change controls are typically used for devices inside the external perimeter, and to configure institution devices to accept authorized connections from outside the perimeter. SEC CONTROLS IMPL No 18
367 This section addresses logical and administrative controls, including access rights administration for individuals and network access issues. SEC CONTROLS IMPL No 18
368 A subsequent section addresses physical security controls. SEC CONTROLS IMPL No 18
369 Access Rights Administration SEC CONTROLS IMPL No 18
370 Action Summary SEC CONTROLS IMPL No 18
371 Financial institutions should have an effective process to administer access rights. SEC CONTROLS IMPL Yes 18
372 The process should include: SEC CONTROLS IMPL Yes 18
373 Assigning users and devices only the access required to perform their required functions, SEC CONTROLS IMPL Yes 18 bulleted sentence alone is not an obligation
374 Updating access rights based on personnel or system changes, Reviewing periodically users' access rights at an appropriate frequency based on the risk to the application or system, and SEC CONTROLS IMPL Yes 18 bulleted sentence alone is not an
obligation
375 Designing appropriate acceptable-use policies and require users to agree to them in writing. SEC CONTROLS IMPL Yes 18 bulleted sentence alone is not an obligation
376 System devices, programs, and data are system resources. SEC CONTROLS IMPL No 18
377 Each system resource may need to be accessed by individuals (users) in order for work to be performed. SEC CONTROLS IMPL Yes 18
378 Access beyond the minimum required for work to be performed exposes the institution's systems and information to a loss of confidentiality, integrity, and availability. SEC CONTROLS IMPL Yes 18
Obligation: Access should be authorized and provided only to individuals whose identity is established, and their activities should be limited to the minimum required for business purposes.
Not Obligation: This section addresses logical and administrative controls, including access rights administration for individuals and network access issues.
Obligation: Financial institutions should have an effective process to administer access rights. The process should include: Assigning users and devices only the access required to perform their required functions …
Not Obligation: System devices, programs, and data are system resources.
IBM Cognitive Regulatory Compliance Roadmap
Cognitive Compliance Mapping Overview
P1. �To assure stability of the institution the Bank will develop a Contingency Funding Plan documenting strategies for emergency funding.�
P2. �In an effort to measure risk to market value of equity, the Bank will review all long-term fixed rate assets.
P3. �Should a funding and liquidity problem develop, the Asset/Liability Committee, will implement the contingency funding plan.�
Policies Regulatory Obligations O1. Any credit union that has assets of $50 million or more must establish and document a contingency funding plan (CFP)…
O2.Financial institutions should have an effective process to administer access rights.
O3. The maximum aggregate amount in unsecured loans … must not exceed 50% of the corporate credit union�s total capital.
Cognitive Compliance
Mapping
O1 P1
P3 Identify mappings of obligations to policies.
Financial text quantities Financial term dictionaries
Financial topic ontologies Expert mappings
Intermediate Control Set / Topic Taxonomy
Compliance Taxonomy
• Hierarchically organized compliance topics • Common obligations across multiple regulatory docs • Annotations to taxonomy enable supervised models
11.1 Manage enterprise risk 11.1.1 Establish the enterprise risk framework and policies 11.1.1.1 Identify and implement enterprise risk management tools 11.1.1.2 Coordinate the sharing of risk knowledge across the organization 11.1.2 Manage operational risk 11.1.2.1 Report disclosure, COREP, and internal reporting 11.1.2.2 Manage fraud management procedures
Example compliance taxonomy subsection
Cognitive compliance mapping example results
“Embossing and encoding blank plastic card stock, if conducted in-house, should be performed in a secure area and include inventory controls, accounting controls for the number of cards used (including test and reject cards), and dual controls for blank card stock storage.”
“Software development contracts should contain objective pre-acceptance performance standards to measure the software's functionality.”
“Determine whether token-based authentication mechanisms adequately protect against token tampering, provide for the unique identification of the token holder, and employ an adequate number of authentication factors.”
“Determine whether management and department heads are adequately trained and sufficiently accountable for the security of their personnel, information, and systems.”
Regulation Mapped Topic Family
ü Physical security
ü IT and services sales
ü IT security
ü Human resources management
Web-Service UI of Cognitive Compliance Mapping
Audit systems
Reporting and monitoring
Answer ques*ons about usability of component in product
ArBcle2.ThisdirecBveshallnotapplytobaHeriesandaccumulatorsusedin:
(a) equipmentconnectedwiththeprotecBonofMemberStates'essenBal
securityinterests,arms,muniBonsandwarmaterial,withtheexclusionof
productsthatarenotintendedforspecificallymilitarypurposes;
(b) equipmentdesignedtobesentintospace.
ArBcle4:1.WithoutprejudicetoDirecBve2000/53/EC,MemberStatesshall
prohibittheplacingonthemarketof:
(a)allbaHeriesoraccumulators,whetherornotincorporatedinto
appliances,thatcontainmorethan0,0005%ofmercurybyweight;and
(b)portablebaHeriesoraccumulators,includingthoseincorporatedinto
appliances,thatcontainmorethan0,002%ofcadmiumbyweight.
2.TheprohibiBonsetoutinparagraph1(a)shallnotapplytobuHoncells
withamercurycontentofnomorethan2%byweight.
DIRECTIVE2006/66/EC
R: ‘_ prohibits the placing on the market of _’(State, Item):-
R=rule('Directive 2006/66/EC', [‘Article 4’, 1, b]), ‘member state’(eu,State), 'portable battery or accumulator'(Item), applicable(R,Item), ‘cadmium content’(Item,‘by weight’,X percent), {X > 0.0002}.
IBM Cognitive Regulatory Compliance – What Next?
©2016IBMCorporaBon
Some Thoughts on Requirements Management in the Application LifeCycle
The Vision: Finding the Information to do the Job § Going after the 30% time spent looking for
information, from many sources: – Requirements – Other �requirements-like� information
• Design information • Trade studies
– Other information in Application Life Cycle • Test Cases, Test Scripts, Work Items
– External/Internal/Published Documents/Articles
§ While not all engineering information is structured like requirements/items, much of it can be parsed into chunks that resemble requirements
– Sentences – Paragraphs – Intelligent parsing based on content
§ Once parsed interesting analysis / queries become possible using the power of Cognitive Computing
31
© 2016 IBM Corporation 32
• Identifies attrition risk, potential life events and product propensities
• Indicates reasoning and recommendations
• Client psychographic profile and insights • Prioritized news based on portfolio
Wealth Management Insights provides every FA with a Predictive, Prescriptive, Cognitive Assistant
Ø Wealth Management Insights
Financial Thesis
Cognitive Pro/Con Analyst
Supporting or Refuting Arguments and Facts
Expert Opinions Forrester: Apple’s iPad sales dropped 18 percent year-over-year in the last quarter Related Facts XYZ CEO: We are looking for more companies to acquire Events At COP21 in December 2015, 195 countries adopted the new global climate deal Additional Predictions ABC will cut its manpower by 15% in the next quarter
Timeline View
Refuting/Supporting Theses
Watson for Financial Research Ø Financial Research Wealth & Asset Management
Risk Analytics
http://wpncatalog.stage1.mybluemix.net/assets/assets_risk_visual_analytics
Governance Risk & Compliance Visualization Solution
© 2015 IBM Corporation 34
Governance Risk & Compliance Visualization Solution: Example : Visualization of Risks & Controls using a Sankey diagram
Operational Risk Analytics
Here we explore specific relationships between Controls, Risks, and
Business Entities
Notice how this Control affects two different Risks (solid line
is the primary owner)
CTG5 Business Entity has two highly rated
risks affecting it
CTG5 Business Entity has two highly rated
risks affecting it
CTG5 Business Entity has two highly rated
risks affecting it
We can show what types of elements are affected by the
Risks by selecting here
http://wpncatalog.stage1.mybluemix.net/assets/assets_risk_visual_analytics © 2015 IBM Corporation 35
36
Cognitive Environment Lab Symbiotic Cognitive Computing Society of Cognitive Agents
Back-end platform (Computational environment)
Front-end sensor-enabled Cognitive Room https://www.youtube.com/watch?v=0heqP8d6vtQ
© 2015 IBM Corporation 36
Mergers and Acquisitions
Shows use of Watson Developer Cloud and Emerging Research Services Obligation/Requirements Life Cycle Management Demo Financial Sentiment & Outlook Analysis Demo Mergers & Acquisition Cognitive Agent Demo
Selected Demos
Cognitive Computing – What Next : Takeaways • What : Cognitive Systems enable you to
– ScaleandaugmenthumanexperBse
– Transformindustries,professions&organizaBons
• How : Watson Developer Cloud & Watson Ecosystem • What Next : IBM.Next : Fueling the next wave of
innovations from IBM Research : See it in action • Healthcare & Financial Services are early adopters • Obligation/Requirements Management using Cognitive
is emerging • Cognitive Computing can help you ‘OutThink’ the
competition
The Cognitive Business is coming – ‘Outthink’ your competition
Answer ques*ons about usability of component in product
ArBcle2.ThisdirecBveshallnotapplytobaHeriesandaccumulatorsusedin:
(a) equipmentconnectedwiththeprotecBonofMemberStates'essenBal
securityinterests,arms,muniBonsandwarmaterial,withtheexclusionof
productsthatarenotintendedforspecificallymilitarypurposes;
(b) equipmentdesignedtobesentintospace.
ArBcle4:1.WithoutprejudicetoDirecBve2000/53/EC,MemberStatesshall
prohibittheplacingonthemarketof:
(a)allbaHeriesoraccumulators,whetherornotincorporatedinto
appliances,thatcontainmorethan0,0005%ofmercurybyweight;and
(b)portablebaHeriesoraccumulators,includingthoseincorporatedinto
appliances,thatcontainmorethan0,002%ofcadmiumbyweight.
2.TheprohibiBonsetoutinparagraph1(a)shallnotapplytobuHoncells
withamercurycontentofnomorethan2%byweight.
DIRECTIVE2006/66/EC
R:‘_prohibitstheplacingonthemarketof_’(State,Item):-
R=rule('DirecBve2006/66/EC',[‘ArBcle4’,1,b]),
‘memberstate’(eu,State),
'portablebaHeryoraccumulator'(Item),
applicable(R,Item),
‘cadmiumcontent’(Item,‘byweight’,Xpercent),
{X>0.0002}.