This past week, I gave a talk in Toronto on the impacts of artificial intelligence on compliance and regulatory analysis. The technology in ChatGPT and other tools continues to evolve at a breakneck pace. A few tasks that compliance professionals can already automate with AI include:
Summarize regulatory documents
Pinpoint requirements in regulatory documents
Determine applicability of regulatory documents
Write policies, procedures, standard work and other documentation to maintain compliance
And much more!
Sounds too good to be true? Contact us to get a live demo of how Nimonik is using artificial intelligence to save companies tens of thousands of dollars in compliance costs. No need for expensive compliance software, we can help you streamline your systems and cover a broad range of topics - quality, ehs, cybersecurity, human resources, power transmission and other highly regulated areas of your business.
To learn more about leveraging these technologies to reduce your compliance costs, contact us at info@nimonik.com today!
3. About Us
Founded in 2008 with offices in Montréal,
Calgary, Toronto, and Shanghai.
Nimonik services over 700 customers around
the world, especially mid-size international
companies.
4. Canadian
Integrations
Companies you may have worked with:
● ConformanceCheck (Toronto)
● MediaLogic (Calgary)
● Templegate (Toronto)
They are all now part of Nimonik!
Nimonik will soon be offering access to
standards from CSA and other standard
development organizations.
5. We are not EHS management
software or just a content provider
or simply an audit tool.
Nimonik is an integrated
compliance solution for
regulations, standards and
internal requirements.
7. Surprises abound
Most organisations do not know all of their obligations,
leading to “surprises”...
Across various topics (EHS, Quality, HR, safety,...) a typical
factory 3,000+ obligations and 200+ changes per year.
Each non-compliance costs $5,000+ in internal costs.
8. Frequency of change 3x
Regulatory change has increased 3x in five years.
Organizations have not increased staff or updated
processes to manage regulatory change.
9. The Four Pillars of Compliance
2 3 4
1
Prevention
Risk profile
Historicals
Monitoring
Detection
Early detection
Self-reporting
Internal Audits
Response
Fast response
Data analysis
Action plans
Correction
Actions
Corrective
Effectiveness
IMPACT
11. The main hurdle to identifying
requirements is understanding:
what a document regulates,
how it regulates and
who it applies to.
12. V
Traditional
Approaches
• Hiring, training, support
• Good knowledge of operations
In-house
• Robust knowledge
Consultants
• Consistent across organization
• Corporate control
Enterprise Software
Time
Cost &
inconsistent
More cost and
complexity
14. Nimonik Inc. offers an integrated compliance management program for organizations to better manage
their obligations across quality, environmental, safety, privacy, human resources, and other regulated areas.
Nimonik helps you achieve compliance across your operations and increase your organization’s resilience.
Nimonik software workflow
Identify documents Extract obligations Identify risks Create actions Conduct audits
1 2 3 4 5
Identify applicable regulations,
industry standards and
internal documents
Extract obligations from
applicable documents
Risk rank and link
obligations to controls
Create actions to
stay in compliance
Conduct internal audits
to ensure continuous
improvement
15. The challenge of the decentralized
approach is that most organizations
delegate this work to various parts
of the business - who each take
their own approach.
17. Definition
Generative AI is a type of Artificial Intelligence that can
create unique, original content automatically - from text to
images and video.
Modern generative AI uses machine learning algorithms
that are trained on large amounts of data, usually Large
Language Models (LLM).
Includes a random component. The same inputs can lead to
different variations of the output.
19. Identify your physical
operations and outline
Obligations, Actions
and Audits for each
location
Control access by
business unit, region
or facility
Application
20. Identify your physical
operations and outline
Obligations, Actions
and Audits for each
location
Control access by
business unit, region
or facility
21. Identify your physical
operations and outline
Obligations, Actions
and Audits for each
location
Control access by
business unit, region
or facility
22. Identify your physical
operations and outline
Obligations, Actions
and Audits for each
location
Control access by
business unit, region
or facility
23. Identify your physical
operations and outline
Obligations, Actions
and Audits for each
location
Control access by
business unit, region
or facility
24. Identify your physical
operations and outline
Obligations, Actions
and Audits for each
location
Control access by
business unit, region
or facility
25. Identify your physical
operations and outline
Obligations, Actions
and Audits for each
location
Control access by
business unit, region
or facility
26. Identify your physical
operations and outline
Obligations, Actions
and Audits for each
location
Control access by
business unit, region
or facility
27. 1. Open source libraries and data sets make this
technology widely available.
2. Much of the regulatory analyst job will be
automated. Consulting work may be affected as
well.
3. Limited “moat” to offer services that are solely
analysis. The “human” factor will become more
important along with workflows and tools to
manage data.
Ownership
29. Why Nimonik
leverages AI?
Nimonik collects 2,000 -
3,000 new regulatory
documents per month
AI tools becoming more and more
essential to ensure quality and timely
content delivery
Number of new documents is
constantly growing due to the
expansion of Nimonik’s coverage
and increasing regulatory activity
30. Generation of
summaries
Identification of
obligations
Detection of
relevance
• Nimonik offers short
summaries for essential
documents
• This allows you to
understand if a
document is relevant for
you
• AI analyzes and
produces summaries
almost instantly
• Nimonik extracts
obligations from
essential documents
• This allows you to focus
on and track only the
provisions relevant for
you
• AI almost instantly
extracts obligations with
90%+ accuracy
• Nimonik classifies
documents based on
their industry sectors
and topics
• This allow you to
subscribe and see only
the documents relevant
for you
• Nimonik works on use of
AI to streamline the
classification process
How Nimonik leverages AI?
AI chatbot
• Nimonik works on
implementing an AI
solution to securely chat
about document
• This will allow you to
receive instant answers
to your questions about
the document
• AI agent serves as your
personal consultant
31. Key takeaway about generative AI tools
While personal use is really simple and can deliver great
value with almost zero effort, business integration and use
requires careful planning, testing and overcoming
numerous challenges.
Pros and cons of AI deployment need to be carefully
considered.
32. Challenge
What Nimonik does?
• AI is smart but it cannot take new content to
process by itself.
• For example, OpenAI’s GPTs are not able to
open the links with documents and process
their text without additional plugins or tools.
• Nimonik covers hundreds of jurisdictions
that are differ in their content delivery
approaches, content quality and
accessibility.
• Nimonik makes sure that in each
case content can be correctly
extracted and easily fed to the AI
for summary generation and
other tasks.
• To achieve this, Nimonik uses
various internal and external
content processing tools and
techniques tailored to each
jurisdiction to ensure quality
content.
• … and deals with such websites :)
Key challenges: Content to be processed by AI
33. Challenge
What Nimonik does?
• All generative AI models have their limits in terms of
maximum content to be processed.
• Even the most capable models are still capped at
around 200 pages of content, while a lot of
documents are much larger.
• Cost is also a factor for large-scale application.
• Currently, Nimonik uses various proprietary
solutions to achieve the best efficiency to cost
ratio.
• Nimonik also develops own internal solution to
process text larger than 150 pages based on
advanced text processing techniques.
• In terms of cost, Nimonik’s internal solution will
be based on one of the open source LLM
models that deliver results comparable to
ChatGPT.
Key challenges: Content size and cost
≈ 200 pages
≈ 40 pages
≈ 20 pages
≈ 5 pages
34. Challenge What Nimonik does?
• Third-party solutions cannot guarantee
privacy of your data.
• Additionally, there might be intellectual
property concerns while using copyrighted
content in publicly available AI tools.
• Currently, Nimonik does not process in
third-party AI tools any sensitive or copyrighted
data.
• Nimonik’s own internal solution will be
deployed according to the best available
practices to ensure data security.
Key challenges: Security of data
≈ 150 pages
35. Challenge What Nimonik does?
• Nimonik has high standards for documents’
summaries quality that should be met by AI.
• While some prompt engineering makes the
results better, they are still not always
consistent in their quality and format.
• While Nimonik already generates majority of
summaries using AI tools, the results are still
being reviewed by our analysts.
• Nimonik’s goal is to achieve consistent and
quality results by “fine-tuning” the AI model
that we will use for our purposes.
• In other words, Nimonik will train AI on large
number of summaries created by analysts to
produce the results following the same
approach.
Key challenges: Quality of results
≈ 150 pages
36. ChatGPT
Solution used by
Nimonik
• No meaningful result for the link
• Result produced by inputting the text:
The Energy Conservation Equipment Exemption
Regulations prescribe various equipment, articles, and
materials as energy conservation equipment for the
purposes of section 9 of Part XVIII of Schedule III to
the Excise Tax Act. This includes thermal insulation,
wood-burning stoves (excluding fireplaces or those
burning oil/gas), wind deflectors for vehicles,
waterwheels and related generators/pumps, loading
dock door seals/shelters, and power factor correction
capacitors.
This document outlines the equipment, articles, and materials prescribed as
energy conservation equipment for the purposes of the Excise Tax Act
(particularly, Section 9 of Part XVIII of Schedule III to the Excise Tax Act). These
include:
(a) Thermal insulation designed for pipes, ducts, boilers, tanks, and wrapping
materials exclusively for use with such insulation;
(b) Wood-burning stoves, wood-burning stove kits, wood-burning furnaces, and
wood-burning space heaters, excluding fireplaces and oil or gas-burning stoves,
furnaces, or space heaters;
(d) Wind deflectors designed to reduce fuel consumption and for installation on
motor vehicles and trailers;
(e) Waterwheels for converting water power to mechanical or electrical energy,
and pumps and generators specifically designed for use with such waterwheels;
(f) Loading dock door seals and shelters designed to conserve heated or
refrigerated air during loading and unloading;
(g) Power factor correction capacitors.
Example 1: Energy Conservation Equipment Exemption Regulations
Input: https://laws-lois.justice.gc.ca/eng/regulations/C.R.C.,_c._590/page-1.html
Bottom line: Both solutions provide good results but ChatGPT is not really able to access and
summarize contents under the links
37. ChatGPT
Solution used by
Nimonik
• No meaningful result for the link
• No result produced by inputting the text as text size exceeds
ChatGPT’s capacity for processing
This document outlines the requirements for conducting onshore and offshore geophysical
operations. Notable provisions of this document include the following:
1. Operators must apply for authorization by submitting a completed application form to the
Chief Conservation Officer. Applications must be submitted at least 30 days before the
planned commencement date for onshore operations and 30-90 days for offshore
operations, depending on the seismic energy source.
2. Operators are required to take reasonable safeguards against property damage, control
and extinguish fires, and handle refuse responsibly. Offshore operations must adhere to
specific guidelines for air gun systems, gas exploders, and electrical seismic energy
sources. Onshore operations must consider survey monuments, seismic energy sources,
and drilling shot holes for charges.
3. Occupational safety and health regulations mandate radio communication, safe working
practices, and training for geophysical crew members. Operators must submit status
reports to the Chief Conservation Officer at the commencement, termination, and weekly
during the operation. They must also retain data and report accidents or incidents causing
injury, loss of life, property damage, or environmental threats.
4. Investigations may be conducted by the Chief Conservation Officer and Chief Safety
Officer for accidents or incidents involving death, injury, equipment damage, or
environmental damage.
Example 2: Canada Oil and Gas Geophysical Operations Regulations
Input: https://www.canlii.org/en/ca/laws/regu/sor-96-117/latest/sor-96-117.html
Bottom line: Our solution and ChatPDF provide good results but ChatPDF requires extra steps
to get the summary
ChatPDF
• Result obtained by converting html page in PDF:
The Canada Oil and Gas Geophysical Operations Regulations document
outlines the regulations for geophysical operations in relation to oil and gas
exploration in Canada. The regulations cover a range of topics, including the
application process for geophysical operations, safety requirements,
reporting requirements, and data retention requirements. The document
also outlines the specific information that must be included in a
geophysical operation authorization application, as well as the information
that must be included in a final report. Overall, the regulations aim to ensure
that geophysical operations are conducted safely and responsibly, and that
the resulting data is properly recorded and retained.
38. Initial summary Problems to tackle
The Oil and Gas Spills and Debris Liability Regulations (SOR/87-331) fall under the Canada Oil and
Gas Operations Act. These regulations were registered on June 11, 1987, and pertain to the limits
of liability for spills, authorized discharges, and debris related to the exploration or production of
oil and gas. The regulations were published in the Canada Gazette Part I on January 3, 1987,
allowing interested persons to make representations.
No representations were made to the Minister of Energy, Mines and Resources or the Minister of
Indian Affairs and Northern Development. Consequently, the Governor General in Council, on the
recommendation of the aforementioned ministers, made the annexed regulations.
The Oil and Gas Production and Conservation Act is referred to as the ""Act"" within these
regulations. The limits of liability are outlined in section 3 of the regulations and are as follows:
a) For areas referred to in paragraph 6(1)(a) of the Arctic Waters Pollution Prevention Act, the limit
is the amount by which $40 million exceeds the amount prescribed under section 9 of that Act.
b) For submarine areas north of the sixtieth parallel of north latitude not covered by paragraph (a),
the limit is $40 million.
c) For areas within the Yukon Territory or Northwest Territories covered by or located within 200
meters of any inland water body not covered by paragraph (a), the limit is $25 million.
d) For areas within the Yukon Territory or Northwest Territories not covered by paragraphs (a) or
(c), the limit is $10 million.
e) For any area to which the Act applies and for which no other limit is prescribed by these
regulations, the limit is $30 million.
1. Summarizer picks information from webpage irrelevant for understanding of the
document
2. Summarizer includes some technical document information that is not relevant
3. Summarizer decides to include the full list in simplified version but omits certain
information that affects the meaning of the items on the list
Example 3: Oil and Gas Spills and Debris Liability Regulations
Input: https://www.canlii.org/en/ca/laws/regu/sor-87-331/latest/sor-87-331.html
Adjusted summary
This document outlines the limits of liability for spills, authorized discharges, and debris
related to the exploration or production of oil and gas. The limits of liability are outlined in
section 3 of the document and range from $10 million to $40 million depending on the area.
39. Initial summary Problems to tackle
The European Commission's Implementing Regulation (EU) 2018/151 outlines rules for digital
service providers to manage risks to network and information systems security and determine the
impact of incidents. Digital service providers must adopt a systematic, risk-based approach to
information security, including risk analysis, human resources, security of operations, and security
architecture. They should also perform assessment and analysis procedures to ensure the
security of systems and facilities.
The regulation specifies that digital service providers should have policies on human resources,
security architecture, physical and environmental security, and the security of supplies. They must
also establish and maintain policies on incident handling, business continuity management, and
monitoring, auditing, and testing. International standards, including existing national standards,
may be used for the security of network and information systems.
Digital service providers must be able to estimate the number of users affected by an incident, the
duration of the incident, and the geographical spread of the affected area. They should also
measure the extent of disruption to the functioning of the service and the impact on economic
and societal activities. An incident is considered to have a substantial impact if it meets at least
one of the specified criteria, such as affecting a large number of users or causing significant
material or non-material losses.
The regulation is binding in its entirety and directly applicable in all EU Member States. It entered
into force on the twentieth day following its publication in the Official Journal of the European
Union and has been in effect since May 10, 2018.
The summary is overall good but it might create an impression that it includes all relevant
obligations contained in the document.
Example 4: EU Commission Implementing Regulation 2018/151 of 30 January 2018
Input: https://eur-lex.europa.eu/eli/reg/2018/151
Adjusted summary
The European Commission's Implementing Regulation (EU) 2018/151 outlines rules for digital service providers to manage
risks to network and information systems security and determine the impact of incidents. Notable provisions of this
document include the following:
1. Digital service providers must adopt a systematic, risk-based approach to information security, including risk analysis,
human resources, security of operations, and security architecture. They should also perform assessment and analysis
procedures to ensure the security of systems and facilities.
2. The regulation specifies that digital service providers should have policies on human resources, security architecture,
physical and environmental security, and the security of supplies. They must also establish and maintain policies on
incident handling, business continuity management, and monitoring, auditing, and testing. International standards,
including existing national standards, may be used for the security of network and information systems.
3. Digital service providers must be able to estimate the number of users affected by an incident, the duration of the
incident, and the geographical spread of the affected area. They should also measure the extent of disruption to the
functioning of the service and the impact on economic and societal activities. An incident is considered to have a
substantial impact if it meets at least one of the specified criteria, such as affecting a large number of users or causing
significant material or non-material losses.
The regulation is binding in its entirety and directly applicable in all EU Member States. It entered into force on the twentieth
day following its publication in the Official Journal of the European Union and has been in effect since May 10, 2018.
40. Summary and comments
The document outlines the Regulation respecting occupational health and safety in Quebec, which applies to all establishments and construction sites. The regulation
aims to establish standards for air quality, temperature, humidity, heat stress, lighting, noise, contaminants, sanitary facilities, ventilation, hygiene, sanitation,
cleanliness, area conditions, storage and handling of dangerous substances, machine and tool safety, high-risk tasks, individual protective equipment, and worker
transportation. Looks like a selection of the Divisions in the OHS Regulation S-2.1, r.13 but missing key topics (Hot Work, respiratory Protection, Asbestos) and
focussing, in my opinion, on lesser important issues (lighting, sanitary facilities, cleanliness, heat stress).
Employers are obligated to comply with these standards, and equipment used for maintaining these conditions must be in optimal operational condition. The
regulation covers various aspects of workplace safety, including access routes, passageways, yards, vertical openings, guardrails, floors, walkways, workstations,
cleaning, refuse containers, machine locations, and transportation of workers. GOOD
Specific requirements are provided for service stairs, ramps, permanent ladders, portable ladders, and stepladders. The use of ladders is subject to certain conditions
and restrictions, including inspection, placement, and prohibited usages. Workers must follow safety precautions while using ladders, such as maintaining three points
of contact and facing the ladder at all times.
The regulation also addresses the safety of gangways, stationary platforms, and suspended scaffolding, with specific requirements for load capacity, guardrails, and
fall protection. Suspended scaffolding must comply with CAN/CSA standards and be used in accordance with the Health and Safety Code for Suspended Equipment
Operations.
In summary, the Regulation respecting occupational health and safety in Quebec aims to ensure a safe and healthy work environment for workers by establishing
comprehensive standards and requirements for various aspects of workplace safety. Employers must comply with these standards, and workers must follow safety
precautions to minimize risks and hazards. That’s taken from section 49 and 51 of the OHS Act... pretty cool! That’s a good summary. However, there is no word on
risk assessment which, as you know, is key in OHS management.
A lot of emphasis on Fall Protection in 3rd
and 4th
paragraph but nothing on Machine Safety, Lifting Equipment and LOTO although equally important risks. The
regulation covers an array of different topics. The first paragraph should highlight the key risks (ref. see Glencore Fatal Hazard denomination). Then, depending on
amount of word you want to use in the text, stay general or dig deeper for each key hazards. The closing paragraph is good.
Example 5: Regulation respecting occupational health and safety
Input: https://canlii.ca/t/1128
41. Summary and comments
The Clean Air Regulation (CQLR c Q-2, r 4.1) aims to protect the environment by setting standards and limits for emissions from various industrial and commercial
activities. The regulation covers particle emissions, volatile organic compounds, and emissions from stationary internal combustion engines, fuel burning equipment,
and incinerators. It also addresses specific industries such as cement plants, steel mills, and petroleum refineries. It would be best to say the regulation applies to all
industries including cement plant….
The regulation requires that any device, system, or equipment used for emissions control must be maintained in good working order and operate optimally during
production hours. It sets limits for particle emissions from industrial processes and facilities, as well as emission limits for volatile organic compounds from certain
industrial or commercial facilities or activities.
The regulation also sets standards for emissions from stationary internal combustion engines, fuel burning equipment, and incinerators. It addresses the use of wood,
wood waste, and pulp and paper mill residual materials as fuel in fuel burning equipment and industrial furnaces. Repetitive from paragraph 1 ???
Operators of facilities must maintain records of emissions and comply with monitoring and reporting requirements. Monetary administrative penalties and fines may
be imposed for non-compliance with the regulation. That’s a given!
The Clean Air Regulation replaces the Regulation respecting the quality of the atmosphere (chapter Q-2, r. 38), except for certain provisions. It applies to facilities in
operation on or after 30 June 2011, with some transitional provisions for existing facilities." Agreed but somewhat trivial.
Appendix E present important emission factors while Appendix H show modeling requirement instructions which are the key added values of the regulation over the
preceding one.
Everything else in the appendices is captured by the “limit for emissions” reference in paragraph 1, so well done.
Example 6: Clean Air Regulation
Input: https://canlii.ca/t/8pm7
42. Key challenges with AI
• Ability of AI to process various types of
data
• Volumes of data that can be processed
by AI
• Format of data generated by AI