Are there any regulations and risks that apply to Robotic Process automation (RPA)?

Every industry has its own level of regulation so this is the first consideration, you need to comply with all relevant regulation as applied to the area you’re working in.

It can get complicated though, because regulation was written with people in mind, and RPA robots can work differently.

I’ll extend your question to include a bit of machine learning, the two most frequently occurring examples of where regulation challenges the way you implement automation are:

  1. Segregation of Duties

  2. Accountability (Traceability)

Segregation of duties is an internal control to prevent errors and fraud. By assigning at least 2 individuals to separate parts of a task, for example in payroll or payments, no one person is in complete control of the process. It makes sense and is a common procedure, but makes no sense at all if a bot does the job. Having 2 separate bots do the job follows the human process but would now fail the control as the same individual could now be responsible for working and deploying both bots.

Segregation of duties are still needed, but the controls need to be placed at the development/test/deploy to be effective.

Accountability in regulatory terms are individuals with recognized responsibilities within the organization. They often have specific skills or training and are the person who will have to go to court if any breach of regulation occurs. A bot can never have accountability in law, it has to be a real person. So every decision needs traceability (which can be difficult when machine learning is used, most models cannot work backwards to the reasons why).


Risks are really a separate, but hugely important, question. Companies embarking on any programme should weigh up the risks and establish mitigation (things that will be done to reduce the risk) and contingency (things that will be done if the risk occurs). Common examples of risk are:

  • Loss of knowledge from the business

  • Resistance from business areas (culture) delays/slows progress

  • Resistance from IT prevents progress

  • Over governance slows down progress

  • ROI not attained

  • Incompatibility of systems

  • Loss of control (change management)

  • Costs overrun

  • ‘Solution fails to meet business needs

  • Unable to find / retain the right skills

  • Over enthusiasm (behaviors)

you get the idea, spend some time thinking about these things. They’re no difficult to fix if you plan in advance.

If you’re interested in learning more, there are a few areas you can follow up: I have written a book on the Digital Workforce[1] which covers both business and technical side of RPA, I provide corporate training through The RPA Academy[2] who can tailor skills to your specific needs, and I consult[3] with businesses who are looking to understand RPA or troubleshoot their problems scaling RPA.

Best of Luck

Rob King (VP Product, UK Country Director at The RPA Academy)