Moving faster: Reinventing compliance to speed up, not trip up

Winning through compliance innovation

Global regulation – driven by myriad macro forces and crises – is adding unprecedented complexity and cost to companies. Against a backdrop of commercial pressures, some have adapted and become ‘compliance pioneers’, evolving their processes, technology and talent model to mitigate risks, manage cost and offer new insights. For others, this complexity has diverted management attention and resources and undermined confidence, causing them to lose their balance and momentum in pursuing strategic and competitive goals.

But what if there was a different way? A way to reinvent compliance to navigate complexity, build trust, and take risk intelligently to speed up – and stay in the race.

PwC conducted a survey of executives to obtain their perspectives on compliance practices, challenges, and ways they are evolving to remain fit for the future. Our survey represents feedback from:

• 1,802 executives in the first, second and third line, including business leaders (38%), Chief Compliance Officers (25%), Chief Risk Officers (14%), Chief Audit Executives (9%), and General Counsel/Heads of Legal (5%)
• 63 territories, covering Europe (29%), North America (26%), Asia Pacific (22%), Latin America (15%), Middle East (6%) and Africa (2%)
• A broad mix of industry sectors, including financial services (29%), industrial products and services (20%), technology, media and telecommunications (14%), consumer markets (14%), and health industries (10%)
• Companies operating domestically and internationally. 54% have annual revenues greater than US$1 billion 

The insights shared in this report can help you to:

Amongst the findings in our survey

1. The compliance ecosystem is more complex and connected than ever before, driven by transformation, cross-industry reinvention and new business models. The common denominator is the focus on technology compliance risks, particularly cyber security and data privacy and protection – a top priority for 51% of respondents.
2. A majority of respondents (77%) stated that their company had been negatively impacted to some or a great extent across several areas that drive growth. This creates an imperative for companies to evolve compliance to alleviate the commercial impact and unlock its upside potential for ‘value creation’.
3. Companies have to tailor compliance models that are right for them, but ‘connected compliance’ is important for better decision-making, transparency and culture. 59% of respondents cited greater confidence in compliance decision-making because of better coordination.
4. Compliance technology is already helping companies move faster, navigate complexity, and avoid hazards. For compliance, this includes better visibility of risks and risk management activities (64%), faster identification and proactive response to compliance issues (53%), higher quality/more insightful reporting (48%), and increased productivity and cost savings (43%).
5. There is a sense of urgency and an opportunity to accelerate transformation and pioneer new approaches. Only 7% of respondents currently consider themselves to be leading in compliance, yet 38% aim to be leading within three years. 

This web report contains the summary version. Download our report for the full version.

In today’s world, regulation pervades most areas of a company, and new requirements are emerging with increasing velocity. Regulation is shaping standards relating to products and services, governance and transparency, reporting, tax, sustainability, IT systems and data, ethics and behaviours, workforce, health and safety, and trade and sanctions, amongst others. This is creating a multidimensional risk environment for leaders that operates like an ‘eco-system’ – dynamic and changing and connected across the organisation, value chain, and industry.

Our survey asked executives to rank their top five compliance risk priorities across the regulatory spectrum. Technology is top of the agenda, with cybersecurity and data protection and privacy cited as key priorities for over half of respondents. PwC’s 2025 Global Digital Trust Insights Survey reinforced these priorities. It found that even Chief Information Security Officers (CISOs), who are on the cybersecurity front line, feel less certain than CEOs about cyber compliance capabilities, noting the biggest gaps relate to AI, resilience and critical infrastructure.

Of the priorities listed, corporate governance (40%), Anti-Bribery/Anti-Corruption (ABAC), Anti-Money Laundering (AML) and fraud risks (38%) also ranked high. Whilst these are not new topics, their elevated ranking may reflect the changes underway in various countries and industries to reinforce corporate conduct and transparency rules and to address an uptick in AML and ABAC-related matters, potentially driven by broader economic pressures on companies and individuals. PwC’s Global Economic Crime Survey 2024 found, for example, that 41% of respondents feel anti-corruption laws and enforcement are increasing and becoming more robust in the countries in which they operate. For corporate governance, this may reflect the increased accountability – with real penalties – that Board members, Directors and Non-Executive Directors are subject to and the spectrum of risks they are being asked to manage. Nearly 90% of survey respondents reported their breadth of compliance responsibilities has increased in the last three years.

Despite the importance of regulation in a healthy corporate ecosystem, PwC’s 27th Global CEO Survey (PDF) (file size: 9.7 MB) found that the regulatory environment was the number one barrier to re-invention, with 64% agreeing that it inhibits their company from delivering value. One significant factor is complexity.

It is not surprising that 85% of survey respondents stated that compliance requirements have become more complex in the last three years. This was a trend that was consistently felt across industries, with those in the financial services (FS) (90%), industrials and services (86%), consumer markets (83%), health industries (84%) and TMT (81%) all experiencing the impact of rising regulation. Half of survey respondents have a global remit and must navigate different laws and regulations across multiple jurisdictions, which amplifies compliance complexity. Companies in mature jurisdictions, and with strong, centralised Compliance functions, may find it easier to set minimum standards, but many struggle on how to implement and monitor them consistently across their organisation. 

Understanding complexity is important, but it’s just the first step. Arguably the more relevant focus is addressing the negative impact it’s creating. The majority of respondents (77%) stated that their company had been negatively impacted to some or a great extent in five or more areas that can drive growth.-

Driving new decisions

All of this presents a conundrum: If regulation is intended to protect market and industry ecosystems and help them thrive, is the complexity that it has created actually doing the opposite?

Answering this question requires understanding what value can be unlocked by approaching compliance differently, and what companies are doing to reinvent their compliance models. Many companies are relooking at their compliance models to help keep pace with regulation, minimise risk, manage costs, and respond to issues.

PwC is seeing companies change their approach to compliance in a variety of ways, from incremental improvement to more wide-ranging transformation. This includes:

• Centralising and aligning compliance activities, including coordination across first, second and third line
• Leveraging new technology, including AI, to automate compliance activities and generate new insights
• Consolidating and using data differently to help see and manage compliance risks, and support better decision-making
• Embedding compliance mechanisms earlier in product development and strategic initiatives address issues sooner and increase speed-to-market
• Changing the compliance talent model and bringing in new capabilities and specialist skills

PwC US’s Risk and Compliance Reimagined paper explores other ideas on how companies are changing their risk and compliance models to unlock hidden savings and performance gains as costs and complexity increase

Some companies have taken the opportunity to relook at the demarcation between the traditional organisational lines in their compliance model, including responsibilities between the first and second lines to reinforce a ‘culture of compliance’ and raise awareness. This has been a focus of companies and regulators in several sectors, particularly FS where there has been an emphasis on conduct and culture.

Earlier involvement of Compliance is one way companies are unlocking the value it can provide, positioning them as an advisor to the business to help identify risks and avoid issues sooner. This may be beneficial for companies with significant research and development (R&D) activities, where competition is increasing pressure to speed up development and bring new products and services to market faster.

With increasing value chains, volumes of data, costs, and regulatory complexity, it is no longer practical for companies to manage compliance manually. Compliance functions have been compelled to incorporate technology into their operational models just to remain relevant and keep pace with broader business change. PwC’s Global Investor Survey 2024 found that over 70% of investors identified technological change as the most important factor in encouraging companies to change the way they create, deliver and capture value.

Companies are increasingly using technology to automate, optimise and speed up a range of compliance activities. Our survey found that 49% of respondents are using technology for 11 or more compliance activities. Training (82%), risk assessment (76%), and compliance and transaction monitoring (75%) comprised the top three areas of technology use. This was closely followed by customer due diligence/assessments (75%) and regulatory disclosures and reporting (72%). On average, 82% of companies are planning on investing more in at least one technology to automate and optimise compliance activities, indicating continuing momentum in digitising compliance models. 

Our survey showed that technology investment has benefited company compliance activities in a variety of ways. These include better visibility of risks and risk management activities (64%), faster identification and response to compliance issues (53%), higher quality/more insightful reporting (48%), faster/more confident decision-making (46%) and increased productivity, efficiencies and cost savings (43%). Each is important in enabling compliance to help companies move faster in the market, navigate complexity, and avoid hazards.

If these benefits are to be realised, many organisations face a common challenge: data. Whilst technology infrastructure and applications provide the compliance ecosystem backbone, it relies on the flow of accurate, timely and consistent data to function effectively. 63% of respondents, however, said that the complexity and disaggregated nature of data across the organisation made compliance more difficult (this rose to 70% North America). Respondents also cited the reliability and quality (56%) and availability (47%) of data as challenging, along with a lack of skills and experience (47%) to manage and use the data.

Augmented with AI

AI is driving changes to business models, increasing competition, and creating demand for new skills from the workforce. PwC’s 28th Global CEO Survey found that almost half of CEOs say that their biggest priorities over the next three years are integrating AI (including generative AI (GenAI)) into technology platforms as well as business processes and workflows. It also found that those using GenAI report efficiencies in how employees use their time and increases in revenue and profitability.

This brings new opportunities for compliance too. Our survey found that the majority of respondents (71%) believe that AI will have a net positive impact overall on compliance. Currently just under half (46%) reported piloting or using AI in data and predictive analytics and 36% are piloting or using it for fraud detection. We are seeing examples of sophisticated AI being used in this area as approaches that were pioneered in FS companies are deployed more widely, such as in payment service providers, to analyse and target transactions. There is also significant opportunity to apply such techniques to help non-FS sectors focus on higher risk fraud and compliance scenarios

Compliance is critical to every part of an organisation. It helps to define its culture, build trust with customers, suppliers, investors, regulators and other stakeholders and gives it a license to operate in a global market that expects transparency and the highest standards from leaders and employees. This means the human dimension of compliance is evolving as quickly as the regulations.

Of the factors companies considered most important in creating a strong compliance culture, senior management sponsorship/’tone at the top’ (55%), employee training and communication (48%), and coordination with compliance teams (37%) were ranked at the top.

Interestingly, Compliance function resources was ranked lower in importance (19%), perhaps indicating the continued shift in responsibility towards the first line rather than reliance on Compliance functions alone. This might also support the view that compliance resourcing in the new risk environment is less about increasing traditional capabilities and capacity, and more about refocusing skills and capabilities.

Leading companies are looking beyond the more one-dimensional talent model and traditional legal, risk and audit backgrounds to incorporate more technology, data, risk modelling, behavioural science, and strategic business experience. Specialist knowledge (53%) and data management (43%) are seen as key skills to maintain effective compliance. More than half of those identifying these skill needs as critical believe their company will have a skills shortage in these areas in the next 12 months.

To unlock real value, compliance professionals need to operate in three dimensions, collaborating with others across the organisation and externally, connect-the-dots, and articulate the upside of compliance in supporting strategic initiatives and transformation.

For Compliance Leaders, the stakes are higher than ever. In some regulated industries, like FS, Compliance Officers have a high degree of liability. In the past, institutions were fined; now, in some jurisdictions, there are personal liabilities that include being disbarred and fined. From a commercial perspective, the stakes are different but arguably just as serious - the risk of being irrelevant.

This is putting the ‘Strategic Compliance Officer’ at the centre of compliance model reinvention – someone who can help companies see risk, take risk, and manage risk effectively to both protect value and create value.

Looking forward, Compliance has numerous opportunities to demonstrate its value. Survey respondents indicated their companies are planning substantial business changes in the next three years that might require Compliance involvement. Nearly three-quarters (71%), for example, highlighted digital transformation as a key initiative requiring compliance skills, including helping to address cyber and data regulations.

The Rise of the Compliance Pioneer

Our survey shows it is possible – and the right time – to reimagine and reframe compliance to protect the organisation, add more strategic value and be fit for the future. When asked to describe their own level of compliance maturity, just 7% of companies currently consider themselves to be leading, and only 31% classify themselves as mature - yet 84% aim to be leading or mature within three years. This highlights both a sense of urgency and an opportunity to accelerate transformation and pioneer new approaches.

Approximately 10% of respondents are embracing transformation and giving rise to the 'Compliance Pioneer'. These are respondents who state that compliance leadership have a significant level of influence on business decisions, use technology to optimise compliance activities across a high number of areas and report multiple benefits of technology use. This group is more likely to (percentages are Compliance Pioneers vs all others): 

• Have broad responsibilities - are responsible for a wider number of compliance areas and report that their responsibilities have increased in the last three years (60% vs 41%)
• Offer advice - feel that their company’s Compliance function always offers proactive advice (58% vs 31%)
• Get involved - have more strategic initiatives planned in the next three years that involve compliance input and involve compliance at all stages of the development of new products and services
• Bring in skills - use third-party providers for a range of compliance activities (to bolster capabilities and coverage)
• Invest more - plan to invest in tech to optimise/automate compliance and see data management and analytics (56% vs 42%), tech (52% vs 39%) and AI capabilities (30% vs 22%) as important
• Use AI - use AI across multiple areas already and are more likely to see AI’s net benefit (88% vs 69%)
• Be highly regulated - come from Banking and Capital Markets compared to other sectors (24% vs 15%)

The level of regulatory change, shifting stakeholder expectations, and changes in industry ecosystems and macro risks, means that responding in a ‘traditional way’ – more people, more controls – is unlikely to be sustainable. New problems call for new thinking. This requires ‘compliance by design’ that brings together new technology, talent, and a strategic mindset to connect-the-dots across functions and build the data flows into the DNA of the organisation.

Done well, such a design can enable companies to ‘see around corners’ to predict threats and empower the business with confidence to navigate the compliance risk landscape faster, avoid hazards, and maintain trust. Ultimately this is the only way that companies can stay ahead of the regulatory changes and issues that will continue to disrupt the market – and win the race.