How Telefónica uses artificial intelligence in compliance to optimise digital risk management
The Telefónica Group’s compliance function is structured around processes and criteria that apply to an ever-increasing range of situations and are shaped by increasingly complex and changing regulations. Only efficiency can prevent the function’s ‘slow death’. And this is where, like a phoenix rising from the ashes, process automation and, above all, artificial intelligence applied to compliance come into play. In compliance risk management within a predominantly digital environment—the ultimate objective of our programme at Telefónica—AI is becoming the key player, both within telecoms operators and on a global scale. In this latter context, and within the framework of a clearly defined project (with expert advice, governance, roles and responsibilities), we are fully committed to generating use cases that facilitate our work for the benefit of the entire organisation: from the simplest to those requiring greater technical expertise. To this end, we combine profiles and experiences, and promote comprehensive training for our professionals to enable paradigm shifts. Our objective is to ensure, in the short to medium term, that the “continuous improvement” to which we, as a department, must be permanently committed, reaches the desired threshold of “transformation”, in line with the company’s Strategic Plan.
Regulatory challenges of artificial intelligence at Telefónica: international regulatory compliance and AI regulation
I appreciate the question, as it is of particular relevance to us. It is precisely the Compliance department which, drawing on its own regulatory remit, drove forward the Telefónica Group’s AI governance model as early as 2023. It was a disruptive model in our environment, as were Telefónica’s Principles of Ethical AI in 2018. With this governance model, we managed to weave a corporate framework ideally suited to addressing regulatory challenges, reserving a significant role for the Digital Compliance Department in its implementation. Indeed, this sort of ‘international AI compliance’ is now a reality. As on previous occasions (particularly regarding privacy), Europe took the lead with an ambitious Regulation; and now, driven by the exponential acceleration of technology, it is seeking that delicate balance, in which it aspires to remain the benchmark for the protection of rights without allowing disproportionate zeal to hinder unstoppable progress. The good news is that, at this crossroads, Europe is showing signs of understanding that it cannot achieve this desirable harmony without assigning companies – those who ultimately know best how to pursue their corporate objectives through responsible technology – the role of key players. And here, once again, a Compliance department such as Telefónica’s, committed to innovation and the proportionate management of the risks it entails, and equipped with sufficient training to anticipate the future, is essential. A further thought: AI solutions serving the Compliance function itself must be the first to benefit from this comprehensive approach: one that uses AI to increase efficiency in promoting and monitoring compliance, whilst continuing to manage the underlying risks in this endeavour in a timely and rigorous manner.
This is confirmed by the most recent international regulations dealing with the assessment of compliance programmes.
How AI is transforming fraud detection and automated compliance at Telefónica
This automated compliance I referred to earlier is not only set to make many of our functions more efficient, but, through well-structured algorithmic combinations, can prove decisive in fraud detection. It is a challenge we share with other areas, and one that will undoubtedly contribute to significantly strengthening the security environment at Telefónica. That said, in this regard, I would like to convey a message of reassurance from the perspective I represent, that of Compliance. It is one thing for AI to be legitimately used to identify deviations, by identifying patterns related to them, or by working directly on their root causes; it is quite another for such findings to potentially deprive those affected by this ecosystem of non-compliance of their rights and safeguards, which are non-negotiable. It is certainly a key message of Telefónica’s Compliance programme that breaches must have consequences, but it is equally important that Compliance procedures which may affect individuals must allow for a balanced weighing of criteria and circumstances—a task that cannot be entrusted entirely to technology. This does not mean that, as I said at the beginning, there is not already a vast fertile ground for the use of AI in the field of compliance.
The importance of ethics in artificial intelligence applied to compliance at Telefónica
The cobbler’s children have no shoes. In our field, integrity is everything. It is the end goal, because the integrity programme is the cornerstone of our compliance work. And it is also a tool, because we apply integrity standards to everything we do. It is no simple task. It often involves balancing legitimate interests, and at times fundamental rights, requiring us to prioritise some over others. Furthermore, at Telefónica we proudly fly the flag of ‘Compliance by Design’, which is the purest form of responsible compliance: if all innovation entails transformation, we strive to ensure that all potential impacts are recorded, assessed and weighed up from the outset, during the ideation and use-case definition phase. And of course, it is that very same approach that we must apply to our AI processes. In Compliance, perhaps more than in any other area of the company, the ethical AI of our revised Principles (2024) must result from the application of our own technological governance standards, and become AI with integrity.
The future of Compliance with artificial intelligence: opportunities for Telefónica and the telecoms sector
Believe me, not only in Spain but across the globe, AI is the undisputed star of every Compliance forum.
Having accepted for some years now the Compliance formula for coordinating a comprehensive programme capable of preventing risks in this area, all that remained was to test the elixir at the heart of that approach within the very core of the function itself. And the first sips have been enough to conclude that the Compliance of the future depends to a large extent on AI. As I have already highlighted, few functions are more suited than Compliance—the guarantor of the uniformity and consistency of a programme that must reach every corner of the organisation—to take this on. To this must be added that artificial intelligence is equally called upon to guide the digital transformation of telecommunications, and that, in the case of Telefónica, it is already proving decisive in its unwavering commitment to innovation. From all of the above, it follows that Telefónica’s Compliance programme is at the heart of this perfect storm. Our mission is to ensure that, far from undermining the essence of our role, it reinforces the objective we pursue through it: to keep the company at the forefront of compliance culture. I am very aware that, strikingly, this no longer depends on machines or pipe dreams, however tangible they may be. It depends almost exclusively on the people who make up the team, on the curiosity with which they explore the opportunities of this new era, and on the honesty and sense of responsibility – once again, integrity – that they bring to this noble task.
In this context, the evolution of Compliance driven by artificial intelligence directly reinforces Telefónica’s value proposition: to become the best gateway for citizens to access digital technologies, ensuring a secure, reliable, and ethically managed environment. By proactively integrating risk management, regulatory compliance, and technological innovation across all its processes, Telefónica not only improves operational efficiency but also consolidates customer trust as the primary indicator of quality. This approach enables the company to advance its ambition of leadership in Europe, delivering increasingly advanced and competitive services in a digital landscape where trust and security have become key differentiating factors.
