Why Accelerating Compliance Transformation Is Critical in an Era of Disruption

Today’s nonlinear, accelerated, volatile and interconnected (NAVI) operating environment makes it harder than ever for businesses to manage compliance and integrity risks. Building a strong culture of compliance is now non-negotiable, but success demands a strategic rethink of how people, processes and technology work together.  

Our new research explores the way businesses are adjusting their approach to integrity for this NAVI world. It finds that the most confident organizations are the ones that have culturally and operationally embedded compliance measures across their organizations and are strategically adopting artificial intelligence (AI) to manage compliance programs and risk. But although there’s growing pressure to transform, very few organizations that were surveyed form part of this group.

---

---

---

Chapter 1: Equipping compliance teams for today’s disruptive world

Disruption and complexity are pushing businesses to redefine their approach to compliance

Nearly three-quarters of businesses (71%) say the complexity and volatility of the current operating environment makes it harder than ever to keep pace with change, and this is shaping the way they perceive risk.

Our research shows that macroeconomic and trade volatility is the most disruptive force for today’s compliance teams, outpacing geopolitical shifts, tech disruption and regulatory complexity. The unpredictability of this challenge threatens the capabilities and response times of current operating models.

Now is the time to assess compliance practices and accelerate transformation. But while most organizations (67%) are making improvements to their compliance function, just 31% are seizing the opportunity to strategically rethink the role compliance plays within their business over the next two years. Meanwhile, 36% say they’re making only focused improvements and a third (33%) believe their current approach is effective in today’s environment.

---

Global perspective: Regions embracing compliance transformation

Approaches to compliance transformation vary around the world. Around two-fifths (39%) of US businesses say they are using disruption as an opportunity to transform their compliance function. In the UK and Europe, 35% of businesses say the same, but the largest proportion (40%) say they plan to maintain their current approach.

Meanwhile, 27% of organizations based in MEA and India say they are transforming compliance for the future and 36% plan to stay the course. We see a similar trend in APAC and Oceania, where one-quarter are transforming their compliance functions and 35% plan to maintain their current approach.

The largest proportion of Latin American businesses (43%) say they plan to stay the course and just 18% are transforming their compliance functions for the future.

Companies in western markets must generally adhere to more robust compliance and ethics programs than those in emerging markets. Contributing factors include:

• Regulatory landscape: Western-based companies must adhere to stringent regulatory frameworks that mandate compliance with laws and ethical standards.
• Corporate governance: Companies in western markets typically adhere to higher standards of transparency, accountability, and ethical behavior. These are often enforced by independent boards and external auditors.

• Cultural factors: The emphasis on individual accountability and ethical behavior in many western societies fosters stronger compliance. In contrast, cultural norms in emerging markets may lead to more lenient practices.

• Stakeholder expectations: In western markets, stakeholders—including investors, customers, and the public—hold companies accountable for their actions. Failure to comply can result in reputational damage and financial loss.

• Resources/expertise: Western-based companies are more able to afford to invest in specialized compliance officers, training programs, technology, and systems that enhance their ability to manage compliance risks effectively.

Businesses are not confident that they can manage their most pressing risks

Organizations identify data privacy and cybersecurity as their top challenge: 41% rank it among their top three threats. But just 23% of these businesses say they are highly confident in their compliance function’s ability to manage it effectively.

Threats such as phishing, ransomware, and advanced cyber-attacks are evolving rapidly. Their growing volume and sophistication – driven by advances in AI, automation, and the inherent risks associated with third-party business partnerships – are outpacing the defensive capabilities of many organizations, leaving them vulnerable to significant breaches and financial losses. 

Third-party and supply chain risk is identified as a threat by 32% of businesses. But this is the challenge that organizations are least prepared to manage: 41% say they have limited to no confidence in their compliance team’s capabilities.

Our data suggests a lack of agility is inhibiting organizations’ ability to cope with threats. This is most apparent for complex challenges involving external partners: just a third of businesses say they are well-prepared to react quickly and effectively to third-party risk, and 62% claim their processes or systems limit the speed or coordination of their response.

These findings highlight how organizations often struggle to maintain oversight across extended networks. For example, a company might engage a third-party supplier that falsifies carbon credit certifications to inflate its environmental credentials (greenwashing), while also bribing local officials to secure those certifications and violating sanctions by operating in restricted regions.

These risks span multiple jurisdictions and regulatory domains, presenting a significant compliance challenge. As highlighted by the data, a lack of visibility, fragmented processes, and resource constraints add further complexity, making it difficult for organizations to holistically manage risks without significant investment in technology, expertise, and coordination.

“Too often, third-party risk management is focused on finding a needle in the haystack, rather than consistently managing the haystack itself. Today’s operating environment requires a more adaptable framework – one that integrates both structured and unstructured information and links directly to business activity. This will become increasingly critical as businesses look to capture opportunities in new and developing markets.”

Liban Jama, Americas Forensic & Integrity Services leader

What’s restricting flexibility? About half (49%) of businesses claim their compliance function is unable to pivot when it needs to without resistance or red tape. In addition, almost two-thirds (65%) say they are under pressure to deliver faster, more sophisticated compliance and risk management outcomes, but their budget is too low.

These findings reflect a tendency to undervalue the compliance function, with many organizations viewing it primarily as a safeguard against potentially adverse headlines.

But compliance can positively contribute to an organization’s overall success. Organizations recognized among the World’s Most Ethical Companies by Ethisphere outperformed the market capitalisation of a comparable global index by 7.8% over the past five years (as of 2025).

Compliance due diligence in M&A deals also helps uncover hidden risks, such as regulatory violations, environmental liabilities, or anti-corruption issues, which can be quantified and leveraged to negotiate a lower purchase price, favorable indemnities, or escrow arrangements—potentially saving millions and ensuring post-acquisition value preservation.

Organizations rethinking compliance are better prepared for disruption

Businesses transforming their compliance functions for the future are better positioned to react quickly and effectively to today’s most pressing challenges. When it comes to third-party risk, for example, 54% of transforming businesses say they are well-prepared, compared with just 18% of businesses maintaining their current approach.

Our data also suggests that a wider mindset shift is taking place. Just 34% of transforming businesses say their compliance function’s responsiveness is restricted by red tape, compared with 58% of the businesses that are staying the course. Organizations that are more attuned to the need for adaptability in a fast-moving operating landscape appear to be placing greater trust in their compliance teams to act decisively in the face of risk.

Compliance teams must take the lead in driving this change in mindset. Jama explains, “For organizations to see compliance as a strategic business function, compliance teams need to demonstrate how they support decision-making and drive growth. This means linking compliance activities to bottom-line business outcomes and proactively bringing solutions to the table alongside challenges.”

Chapter 2: The gap between awareness and action may leave leaving organizations exposed

Businesses are focused on modernizing compliance, but their leaders are not aligned

Investing in new technology and automation tools is compliance teams’ top focus in the current regulatory landscape: 40% of businesses rank it in their top three priorities. Meanwhile, 38% are looking to revise their compliance operating models, signaling a broader push to overhaul the structures that underpin the function.

Strategic priorities at the organizational level reflect this shift. Half of businesses say adopting AI to enhance compliance is a top focus for investment, followed by compliance monitoring and internal auditing (49%) and compliance risk assessment and program reporting (47%).

Modernization is integral to transformation. But is it taking precedence over more immediate issues? Just a quarter of businesses are prioritizing the expansion of governance and oversight to include emerging risk areas.

There is also a clear gap in opinion across functions. Those working in non-compliance roles with regular exposure to compliance issues and initiatives – such as legal, audit or corporate governance – place an immediate focus on overhauling the compliance operating model. Compliance leads, however, recognize a more pressing need to enhance core capabilities, such as strengthening internal controls and expanding employee awareness.

“Compliance data fuels business intelligence, empowering informed decision-making through trend analysis and anomaly detection. For instance, behavioural analytics of employees, suppliers, or customers can uncover efficiencies and actionable insights. Moreover, it can directly enhance profitability by identifying and mitigating losses, leakages, and fraud perpetrated against an organization.”

Dilek Çilingir, Global Forensic & Integrity Services leader

A business that doesn’t address this misalignment might underinvest in critical areas such as staffing, training and monitoring. Ultimately, this will lead to weak implementation of compliance controls and undermine the function’s ability to effectively manage risk.

Integrated compliance teams are in a position to react to disruption

More than three-quarters of businesses (77%) say their compliance team works closely and effectively with legal, audit and other key functions. Almost three-quarters of these more integrated organizations (74%) say they have strong visibility at board level and receive enough resources to effectively manage risk, compared with just 40% of the less integrated organizations.

Organizations with more integrated compliance teams are also 8 percentage points more likely to be transforming their compliance functions for the future, while less integrated teams tend to take a more piecemeal approach to change.

---

The world view: Which region’s compliance teams are the most integrated?

Organizations based in APAC and Oceania are the most integrated: 90% say they work closely and effectively with legal, audit, and other key internal functions. They are closely followed by those based in the UK and Europe, where 88% say the same.

In MEA and India, 78% of businesses say they work closely with other teams. Meanwhile, in Latin America, this figure falls to 68%.

Interestingly, despite being the most transformational, just 67% of US compliance teams say they work closely and effectively with other teams. This suggests transformation could be being driven more by external pressures: US businesses are the most likely of the three groups to find today’s shifting geopolitical, regulatory and economic environment disruptive.

Several reasons may explain why US compliance teams are less integrated with other risk functions:

• Regulatory complexity and fragmentation: The US has multiple federal and state regulations that can create silos within organizations. Compliance teams may focus heavily on meeting specific regulatory requirements, leading to less collaboration with other functions that may be focused on their own regulatory challenges.

• Cultural differences in risk management: US corporate culture may prioritize individual departmental goals over cross-functional collaboration. Compliance teams might operate with a more defensive mindset, focusing on risk avoidance and regulatory adherence rather than collaborating with other risk functions.

• Focus on transformation and external pressures: US compliance teams are undergoing significant transformation, often driven by external pressures such as geopolitical shifts and evolving regulation. Adapting to external changes may divert attention from building internal relationships and collaboration.

• Historical precedents: In many US organizations, compliance was initially developed as a necessary function to avoid penalties rather than a strategic partner in business operations, which can perpetuate a lack of integration with other teams.

Chapter 3: How compliance teams can use technology strategically to navigate risk

Most businesses lack leading-edge tech capabilities to transform their compliance program

Technology repeatedly emerges as a strategic focus for compliance teams in today’s environment. But just 6% of businesses say they have “leading edge” capabilities — seamless, real-time systems that incorporate predictive tools and dashboards. Instead, the largest proportion (42%) describe their capabilities as “functional,” meaning they have core systems integrated across compliance areas but lack more sophisticated, cross-functional capabilities such as data analytics and predictive insights.

Organizations that say they have advanced/leading-edge capabilities are more than twice as likely as organizations with limited/foundational systems to say they are well prepared to deal with accelerated, interconnected challenges such as cybersecurity and emerging tech risk, as well as third-party risk.

Mature companies are also more likely to be allocating resources strategically: 60% are transforming compliance for the future, compared with just 1% of organizations with only limited/foundational capabilities. In addition, these organizations are 45 percentage points more likely to say their organization allows them to quickly pivot without resistance.

The most resilient organizations are empowering their compliance teams by investing in tools that help them to navigate today’s complex, unpredictable challenges – reinforcing the link between organizational mindset and resilience.

Lack of vision could be undermining the value of advanced tech

Automating routine tasks is the number one area where businesses see the potential for AI or advanced analytics to add value for compliance and risk management: 44% rank it within their top three perceived benefits. More complex uses, meanwhile, are seen as less valuable: generating cross-domain insights from disparate sources, such as audit and risk, is the least popular response.

Businesses could be prioritizing AI for quick efficiency gains because of the accelerated pace of change. But underplaying more complex applications could be limiting its longer-term ability to create business value.

“There are two key factors influencing whether AI is currently being implemented within compliance. First, compliance professionals tend to be risk averse by nature, so their initial question around any new technology is always going to be: can I trust it? AI is constantly evolving, so part of their job is assessing its risk. Second, compliance is a function that does not directly impact a company’s revenue streams, so the business case for investing in AI for compliance is not particularly strong when compared to other areas of the business that have a more direct impact. As a result, teams often have limited influence over how and where AI is implemented.”

Sally Trivino, co-lead, Global Forensic Technology

Our data suggests uncertainty about implementing AI within compliance is the main cause for hesitation. AI bias, cyber threats and regulatory uncertainty are the top three most significant risks businesses identify.

There’s a deeper readiness gap. Uncertainty about the effectiveness of AI use and a lack of investment in the resources required for effective implementation are identified within the top three organizational hurdles to implementation.

To unleash the true transformational power of AI, organizations will need to shift toward tools that are purpose built to anticipate and navigate risk in a disruptive environment.

“Compliance should be a seatbelt, not a brake. Businesses that don’t invest in AI for compliance are forcing their compliance teams to rely on slow, outdated systems that can’t keep pace with today’s business demands. This not only puts them on a back foot against competitors but also leaves them exposed to failures that could ultimately result in later overinvestment under the scrutiny of a regulator-appointed monitor,” says Trivino.

Chapter 4: Three compliance imperatives for navigating disruption

1. Transform – or be left behind

Organizations must take a deliberate, strategic approach to transformation to create lasting value.

• Empower the experts. Compliance teams must be equipped with the right tools and entrusted with decision-making authority to enable decisive, agile responses to risk.
• Integrate risk and strategy. Compliance should be a proactive driver of resilience and growth — not just a safeguard.
• Invest in tech as a strategic enabler. To create maximum value, AI should be embedded within the operating model and regularly updated in line with business needs and industry advances.

2. Redesign for resilience

Businesses must prioritize the integration of their compliance function on both an operational and cultural level.

• Lay the foundations first. This means robust controls, clear monitoring frameworks and a workforce that’s educated on what modern compliance means.
• Structure the organization around compliance. It’s no longer a parallel function — it’s a non-negotiable element of business strategy.
• Prioritize seamless communication and data flow. This will create alignment across functions and enable the compliance team to pivot at speed when it needs to.

3. Lead with authority

• Elevate the leaders. In a disruptive operating environment, it’s more important than ever for compliance leads to have a voice at senior level.
• Be decisive. Move beyond slow, measured decision-making processes to match the accelerated pace of change.
• Own decisions. As cross-functional integration blurs accountability, compliance professionals must assert their authority as recognized risk leaders.

Summary

Businesses are updating compliance strategies to keep up with rapid change and new risks. Technology, especially AI, is becoming more important for managing compliance. Teams that adapt quickly and work together are better able to support business goals and respond to challenges.