ClickCease Skip to content

New Report Reveals 85% of Ethics & Compliance Teams Are Exposed on AI Third-Party Governance

“AI in Ethics & Compliance: Risk to Manage, Tool to Leverage” offers a E&C leaders a practical playbook for governing AI, aligning to standards, and launching impactful use cases 
 

Phoenix, AZ — September 24, 2025 Today, Ethisphere, in partnership with SpeakUp, released a new report, AI in Ethics & Compliance: Risk to Manage, Tool to Leverage, spotlighting how ethics and compliance (E&C) leaders are managing AI risks and seizing its potential as a driver of program performance, featuring regulatory guidance from Davis Wright Tremaine

Backed by new data and first-person insights, the report reveals that while AI literacy is increasing within E&C teams, vendor oversight is lagging behind. Only 15% of companies include AI safeguards in their third-party codes of conduct, despite 84% of E&C teams owning third-party risk management. 

 “As most AI enters through partners and procured tools, governance must extend downstream. Ethisphere’s data shows that fo E&C teams, the decision rights exist, but artifacts lag. Boards and regulators will expect control points, not just employee training. 84% of E&C teams own third-party risk, yet only 14% have audited more than half of their vendors. This requires codified clauses, scalable approvals, and continuous monitoring—to match the material exposure our report surfaces.”  Erica Salmon Byrne, Chief Strategy Officer, Ethisphere 

A critical component of the report is its deep dive on regulatory alignment and governance readiness, contributed by Davis Wright Tremaine. The report offers frameworks and workflows aligned to the EU AI Act, NIST, and U.S. state-level regulations. It includes downloadable control kits for model inventories, risk reviews, decision rights (RACI), and human-in-the-loop governance. Readers will also find E&C-focused AI use cases like investigations triage, and risk detection. 

Key Data Highlights: 

  • 77% of E&C teams play a significant or coordinating role in AI governance 
  • 84% of E&C teams own third-party risk management directly 
  • 57% have trained general employees on AI 
  • But only 14% have audited even half of their third-party vendors 
  • Just 15% extend AI safeguards to third-party codes of conduct 

The report features insights from senior E&C leaders in Ethisphere’s Business Ethics Leadership Alliance (BELA), practical guidance from Davis Wright Tremaine, and downloadable templates to support implementation. 

Click to read AI IN ETHICS & COMPLIANCE
By Julia Petre Thought Leadership

Related Posts

Raising Director Liability Without Raising Alarm: A Smarter Approach to a Sensitive Topic

September 22nd, 2025

How Corporate Compliance Builds Value

September 9th, 2025

Building Board Relationships that Drive Value, Not Just Oversight

September 8th, 2025