The other week I was talking with a chief compliance officer, and asked her what she believes her biggest challenge will be in 2025. “Artificial intelligence,” she immediately replied. “Our IT department thinks they control this more than they really do, and I need to guide them toward a cross-enterprise task force.”
And yet again, we see another example of that age-old challenge for compliance officers: how to position yourself as a trusted adviser about risk to the rest of the business.
Sure, my friend’s answer is a modern, 2025 version of that age-old dilemma, but the dilemma is age-old. Compliance officers have struggled to counsel the rest of the enterprise on compliance risks – to be taken seriously as a partner as the business develops its plans – for decades. That’s true whether the specific risk has been anti-corruption, privacy, ESG matters, or our new risk on the block, AI.
Why is that? We can identify several reasons.
- Tracking the regulations around the world that might affect your business is hard
- Understanding the activity in your business that might trigger a compliance risk is even harder
- Figuring out how to nudge your corporate culture and business practices down the proper paths – through policies, training, executive messaging, and the like – might be hardest of all
Until compliance officers can overcome those obstacles, you’ll never fully achieve that “trusted adviser” status. So let’s talk about how to overcome them.
It starts with more automated compliance capabilities
The plain truth is that you cannot be a trusted adviser if you’re stuck spending all your time chasing down due diligence forms, pestering people to complete training, or searching the internet for that latest change to a regulation in some far-flung geographic market.
Put another way, if you’re bogged down in the tactical work of running your compliance program, you cannot engage in the strategic work of managing your organization’s compliance risks.
That’s why technology, and specifically automation technology, is so important. The more you can automate the tactical chores of your compliance program, the more time you have to consider those strategic issues.
Of course, all that tactical work (gathering due diligence data, pushing out training material, collecting conflict of interest reports, flagging regulatory updates, and so forth) is important. It provides the insights you need to understand your company’s overall compliance posture. But if that’s all you ever do, you’ll never have the time to study those insights and then bring better advice to senior management and the board.
Let’s use my friend worried about AI as an example. If she spends all her time chasing down policies in her global enterprise and then comparing them one-by-one to the many laws and regulations that somehow touch AI, she’ll do little else.
Automation (say, a regulatory change management tool coupled with a policy management tool) would help her find and assess all those policies immediately. Then she could spend her time with the CISO and First Line business units more productively, because she’d be able to say (with the evidence to back it up): “We have these policy violations in these business units, which could cause significant regulatory issues and reputation trouble. Let’s fix that by taking the following steps.”
That’s the level of interaction with other business functions that compliance officers should strive to achieve. It’s also the level of interaction that tells regulators your organization takes ethics and compliance seriously – that you weave those concerns directly into daily business operations and corporate strategy. Isn’t that the goal?
From empowered compliance to better performance
The ultimate goal isn’t simply to have better conversations about risk with the rest of the management team. The ultimate goal is to help your enterprise navigate its way around those risks, so your organization can keep advancing on its goals even in today’s complicated business environment.
Again, that’s going to depend on technology. Technology allows you to assess employee behavior and workforce culture over time, to see whether all your efforts to avoid compliance risks are actually working.
Could you collect that information manually? Sure – but it will take you forever, and the information you collect might be incomplete, erroneous or duplicative. Starting from that flawed supply of data, you’re more likely to reach flawed conclusions about the effectiveness of your company’s controls or the true level of risk your employees’ behavior poses. You end up spending more time double-checking data or figuring out inconsistencies; which moves you away from that goal of being the trusted adviser, not toward it.
Automation feeds reliable data into your compliance dashboards. You get better reporting, more quickly, about how well your program is or isn’t working. That’s what lets you have more informed conversations with senior managers and First Line units about how to keep improving, or at least to be clear-eyed about the risks that the company is accepting.
In other words, those better conversations help your company to be more risk-aware. That’s what good corporate leaders want: to know what’s really going on, so they can make better decisions that can endure even in today’s complicated, interconnected, highly regulated world.
Compliance officers could play a valuable role guiding your enterprise through that world. You just need a strong, robust compliance program to guide you.
Looking for solutions to help automate your risk and compliance program? NAVEX offers much more than just the whistleblowing hotline we’re renowned for. For more information on how to automate your program, check out the link below.
