LLM-Augmented Virtual CIO Decision Support for Regulatory Compliance
Keywords:
LLM, vCIO, compliance automation, regulatory policy, infrastructure analysis, executive reporting, GRC integrationAbstract
The objective of this paper is to investigate the integration of regulatory policy corpora-tuned large language models (LLMs) into virtual Chief Information Officer (vCIO) frameworks to improve decision-making assistance for regulatory compliance. Providing the infrastructure schematics and audit logs, it automates compliance gap analysis, generates executive summaries for board-level stakeholders, and develops plans for repairs that can be put into action.
Downloads
References
Y. Zhang, J. Li, and M. Sun, “Towards Legal Document Understanding with Large Language Models: A Survey,” IEEE Access, vol. 12, pp. 65892–65915, 2024.
M. Bommarito, D. Katz, and S. Henderson, “GPT as Legal Engineer: Legal Document Drafting with Large Language Models,” in Proc. Int. Conf. Artificial Intelligence and Law (ICAIL), Braga, Portugal, 2023, pp. 1–10.
A. Hendler and B. Lo, “Compliance-as-Code: Automating Controls with Natural Language and Policy Grammars,” in Proc. IEEE Int. Conf. Cloud Engineering (IC2E), Boston, MA, USA, 2023, pp. 150–159.
N. Yu, S. Saha, and A. Kanwal, “Explainable AI for Regulatory Compliance in Financial Services,” IEEE Trans. Comput. Social Syst., vol. 11, no. 2, pp. 476–488, Apr. 2024.
H. Elsahar, R. Chakravarthi, and A. Kittur, “Multi-Jurisdictional Reasoning with Foundation Models,” arXiv preprint arXiv:2402.10987, Feb. 2024.
A. Rajpurkar, J. Chen, and Y. Zhang, “LLM-Powered Automation in Cybersecurity Policy Mapping: An Empirical Study,” in Proc. IEEE S&P Workshops, San Francisco, CA, USA, 2024, pp. 45–54.
A. Das, Y. Liu, and D. McKeown, “RAGStack: Retrieval-Augmented Generation for Domain-Specific Knowledge Tasks,” in Proc. NeurIPS 2023, New Orleans, LA, USA, 2023, pp. 9984–9995.
S. Barocas, M. Hardt, and A. Narayanan, Fairness and Machine Learning, Cambridge, MA, USA: fairmlbook.org, 2023.
K. McKeown et al., “Summarizing Legal and Regulatory Texts with Domain-Aligned Metrics,” in Proc. ACL 2023, Toronto, Canada, 2023, pp. 401–415.
C. Olston, S. Kandula, and B. Kraska, “Building Reliable Pipelines for Model-Driven Compliance Automation,” IEEE Internet Comput., vol. 27, no. 3, pp. 25–34, May/Jun. 2023.
D. Duvenaud, F. Zhang, and Y. Lei, “Risk-aware Compliance Modeling Using Structured Transformers,” in Proc. AAAI Conf. Artificial Intelligence, Vancouver, BC, Canada, 2024, pp. 5904–5911.
B. Johnson and T. Miller, “Responsible AI in High-Stakes Decision Making: Legal Compliance and LLMs,” IEEE Technol. Soc. Mag., vol. 43, no. 1, pp. 20–30, Mar. 2024.
R. Alabdulkarim, T. Sudhakar, and H. Kim, “Privacy-Preserving LLM Architectures for Enterprise Policy Workflows,” in Proc. IEEE Conf. Trust, Privacy and Security in Intelligent Systems, Atlanta, GA, USA, 2023, pp. 202–211.
S. Bhatt, S. Tjoa, and A. Joshi, “Cybersecurity Framework Alignment with NIST and ISO Standards Using NLP,” IEEE Trans. Eng. Manage., vol. 71, no. 1, pp. 55–70, Feb. 2024.
G. Neubig, H. Ponti, and D. Jurafsky, “Prompt Engineering for Domain-Specific Compliance Tasks: Techniques and Evaluation,” in Proc. NAACL 2024, Mexico City, Mexico, 2024, pp. 1102–1113.
T. Wolf et al., “Transformers and Language Models in Applied NLP: An Industry Perspective,” Commun. ACM, vol. 67, no. 2, pp. 56–65, Feb. 2024.
K. Sweeney and J. Sheth, “Audit-Ready NLP Systems: Tamper-Evident Logging and Explainability,” IEEE Secur. Priv., vol. 21, no. 4, pp. 41–48, Jul.–Aug. 2023.
M. Fazelpour and E. De-Arteaga, “Algorithmic Harms and Human Oversight in Automated Compliance Systems,” AI Ethics, vol. 4, pp. 220–234, 2024.
Y. Chen, B. Zhang, and C. Lin, “Dialog Systems for Governance: Context-Aware Multi-turn QA for Regulatory Compliance,” in Proc. EMNLP 2023, Singapore, 2023, pp. 4802–4813.
S. Agarwal, L. Fischer, and J. Hou, “Real-World Benchmarking of LLMs in Hybrid Cloud Compliance Environments,” arXiv preprint arXiv:2406.01456, Jun. 2024.
