How Watson Assistant helps clients stay compliant in regulated industries

Make sure your virtual assistant isn’t putting you at risk

By | 3 minute read | April 28, 2021

Regulatory compliance

When selecting a conversational AI platform for use in a regulated industry, remember that cutting corners can have disastrous consequences. When virtual assistants aren’t developed and deployed with an eye toward regulatory compliance, customer experience will suffer. Even worse, your organization risks running afoul of the many ever-shifting regulatory frameworks in which they operate.

HIPAA, GDPR, and SOC2 are just a few of the common frameworks that may constrain the behavior of your virtual assistant, the data it uses and how that data is stored and protected. You’ll want to be sure that your chatbots are designed and deployed with an understanding of all relevant regulations: those that apply to your industry and the regions in which you and your customers operate.

For example, consider GDPR. This framework was created to harmonize data protection law across the EU, but it imposes strict rules on organizations hosting and processing data anywhere in the world. Violations are costly – in 2020, the EU collected more than $191 million in penalties for GDPR violations, up 40% from the prior year. Virtual assistants need to provide users a simple way to access, review and download electronic copies of their data. Users should be able to delete their information if they want. You’ll need to evaluate what information your organization is allowed to store in the form of chat logs, and what you can share with third parties. Your organization must also take reasonable care to protect customer data against a network breach.

IBM has invested heavily in making Watson Assistant GDPR-ready, so that our customers can achieve compliance easily and with a high degree of control, enabling them to be ready to respond when regulations inevitably change. Our conversational AI platform allows you to easily opt out of log data use before data is collected or created, and to label and delete existing data that doesn’t conform to GDPR rules.

Watson Assistant is well-suited to organizations in industries that must comply with strict regulations on how customer data is used, such as healthcare and finance. Let’s look at a few real-world examples of how this can play out.


Watson was crucial to financial institutions adapting to COVID restrictions while adhering to industry regulation. When restrictions hit Europe in 2020, call volume at some banks increased by a factor of 20 to 30. On NatWest’s service lines, customers were struggling to get through to a representative to ask about access to services and the financial implications of the pandemic. NatWest’s AI team sprang into action with their virtual assistant “Cora,” which was built using Watson. Cora fielded customer service inquiries, transforming customer experiences and providing support to agents.

In Australia, leading bank Westpac also improved contact center efficiency with conversational AI. Their bot fielded over 215,000 chats, resolving over 70% of customer inquiries without having to engage an agent.

Auto loan provider GM Financial built a chatbot with Watson Assistant called “Nanci,” which answered 60% of customer interactions. The company also employed text analytics software to listen and learn from their customer interactions. “IBM’s commitment to cybersecurity and regulatory compliance allows us to rest easy, knowing that our customer data is in good hands,” said Bob Beatty, Executive Vice President, Chief Experience Officer, GM Financial.


In healthcare, organizations need to be especially aware of how they’re collecting, storing, and using customer data. In the U.S., for example, virtual assistants operating in the healthcare space must follow all HIPAA requirements, such as in-transit and at-rest encryption, strong passwords, training for employees, and more. Watson Assistant is designed to make implementation of these capabilities straightforward.

The University of Arkansas for Medical Sciences deployed a virtual agent to field incoming COVID-related queries about testing, symptoms, and other resources. Average registration time has been reduced by 50%. And the Andhra Pradesh National Health Mission portal implemented a virtual agent to help residents get quick answers to their COVID questions. This bot speaks English, Telugu, and Hindi. The virtual agent is deployed in a web browser and is built to safeguard user privacy.

Over the next few years, we can expect regulations to grow even more complex, and their consequences more severe. Watson Assistant helps the above organizations stay compliant while adapting to — and thriving under — new challenges. See what it can do for you.