Moving faster: Reinventing compliance to speed up, not trip up

Winning through compliance innovation

Global regulation – driven by myriad macro forces and crises – is adding unprecedented complexity and cost to companies. Against a backdrop of commercial pressures, some have adapted and become ‘compliance pioneers’, evolving their processes, technology and talent model to mitigate risks, manage cost and offer new insights. For others, this complexity has diverted management attention and resources and undermined confidence, causing them to lose their balance and momentum in pursuing strategic and competitive goals.

But what if there was a different way? A way to reinvent compliance to navigate complexity, build trust, and take risk intelligently to speed up – and stay in the race.

The insights shared in this report can help you to:

Amongst the findings in our survey

1. The compliance ecosystem is more complex and connected than ever before, driven by transformation, cross-industry reinvention and new business models. The common denominator is the focus on technology compliance risks, particularly cyber security and data privacy and protection – a top priority for 51% of respondents.
2. A majority of respondents (77%) stated that their company had been negatively impacted to some or a great extent across several areas that drive growth. This creates an imperative for companies to evolve compliance to alleviate the commercial impact and unlock its upside potential for ‘value creation’.
3. Companies have to tailor compliance models that are right for them, but ‘connected compliance’ is important for better decision-making, transparency and culture. 59% of respondents cited greater confidence in compliance decision-making because of better coordination.
4. Compliance technology is already helping companies move faster, navigate complexity, and avoid hazards. For compliance, this includes better visibility of risks and risk management activities (64%), faster identification and proactive response to compliance issues (53%), higher quality/more insightful reporting (48%), and increased productivity and cost savings (43%).
5. There is a sense of urgency and an opportunity to accelerate transformation and pioneer new approaches. Only 7% of respondents currently consider themselves to be leading in compliance, yet 38% aim to be leading within three years. 

This web report contains the summary version. Download our report for the full version.

In today’s world, regulation pervades most areas of a company, and new requirements are emerging with increasing velocity. Regulation is shaping standards relating to products and services, governance and transparency, reporting, tax, sustainability, IT systems and data, ethics and behaviours, workforce, health and safety, and trade and sanctions, amongst others. This is creating a multidimensional risk environment for leaders that operates like an ‘eco-system’ – dynamic and changing and connected across the organisation, value chain, and industry.

Our survey asked executives to rank their top five compliance risk priorities across the regulatory spectrum. Technology is top of the agenda, with cybersecurity and data protection and privacy cited as key priorities for over half of respondents. PwC’s 2025 Global Digital Trust Insights Survey reinforced these priorities. It found that even Chief Information Security Officers (CISOs), who are on the cybersecurity front line, feel less certain than CEOs about cyber compliance capabilities, noting the biggest gaps relate to AI, resilience and critical infrastructure.

Of the priorities listed, corporate governance (40%), Anti-Bribery/Anti-Corruption (ABAC), Anti-Money Laundering (AML) and fraud risks (38%) also ranked high. Whilst these are not new topics, their elevated ranking may reflect the changes underway in various countries and industries to reinforce corporate conduct and transparency rules and to address an uptick in AML and ABAC-related matters, potentially driven by broader economic pressures on companies and individuals. PwC’s Global Economic Crime Survey 2024 found that 41% of respondents believe anti-corruption laws are strengthening. In Ukraine, 84% noted steady or improving enforcement efforts. For corporate governance, increased accountability is highlighted, with real penalties for Board members and expanded risk management duties. Nearly 90% of global respondents reported an increase in compliance responsibilities over the past three years. Moreover, the CEE Edition of the PwC’s EMEA AML Survey 2024 reveals rising AML compliance costs in the region, driven by inflation, salaries, and tech investments. CEE financial institutions plan to allocate over 10% of their budgets to new technologies, surpassing most EMEA counterparts.

Despite the importance of regulation in a healthy corporate ecosystem, PwC’s 27th Global CEO Survey found that the regulatory environment was the number one barrier to re-invention, with 64% agreeing that it inhibits their company from delivering value. One significant factor is complexity.

It is not surprising that 85% of survey respondents stated that compliance requirements have become more complex in the last three years. This was a trend that was consistently felt across industries, with those in the financial services (FS) (90%), industrials and services (86%), consumer markets (83%), health industries (84%) and TMT (81%) all experiencing the impact of rising regulation. Half of survey respondents have a global remit and must navigate different laws and regulations across multiple jurisdictions, which amplifies compliance complexity. Companies in mature jurisdictions, and with strong, centralised Compliance functions, may find it easier to set minimum standards, but many struggle on how to implement and monitor them consistently across their organisation. 

Understanding complexity is important, but it’s just the first step. Arguably the more relevant focus is addressing the negative impact it’s creating. The majority of respondents (77%) stated that their company had been negatively impacted to some or a great extent in five or more areas that can drive growth.

Driving new decisions

All of this presents a conundrum: If regulation is intended to protect market and industry ecosystems and help them thrive, is the complexity that it has created actually doing the opposite?

Answering this question requires understanding what value can be unlocked by approaching compliance differently, and what companies are doing to reinvent their compliance models. Many companies are relooking at their compliance models to help keep pace with regulation, minimise risk, manage costs, and respond to issues.

PwC is seeing companies change their approach to compliance in a variety of ways, from incremental improvement to more wide-ranging transformation. This includes:

• Centralising and aligning compliance activities, including coordination across first, second and third line
• Leveraging new technology, including AI, to automate compliance activities and generate new insights
• Consolidating and using data differently to help see and manage compliance risks, and support better decision-making
• Embedding compliance mechanisms earlier in product development and strategic initiatives address issues sooner and increase speed-to-market
• Changing the compliance talent model and bringing in new capabilities and specialist skills

PwC US’s Risk and Compliance Reimagined paper explores other ideas on how companies are changing their risk and compliance models to unlock hidden savings and performance gains as costs and complexity increase

Some companies have taken the opportunity to relook at the demarcation between the traditional organisational lines in their compliance model, including responsibilities between the first and second lines to reinforce a ‘culture of compliance’ and raise awareness. This has been a focus of companies and regulators in several sectors, particularly FS where there has been an emphasis on conduct and culture.

With increasing value chains, volumes of data, costs, and regulatory complexity, it is no longer practical for companies to manage compliance manually. Compliance functions have been compelled to incorporate technology into their operational models just to remain relevant and keep pace with broader business change. PwC’s Global Investor Survey 2024 found that over 70% of investors identified technological change as the most important factor in encouraging companies to change the way they create, deliver and capture value.

Companies are increasingly using technology to automate, optimise and speed up a range of compliance activities. Our survey found that 49% of respondents are using technology for 11 or more compliance activities. Training (82%), risk assessment (76%), and compliance and transaction monitoring (75%) comprised the top three areas of technology use. This was closely followed by customer due diligence/assessments (75%) and regulatory disclosures and reporting (72%). On average, 82% of companies are planning on investing more in at least one technology to automate and optimise compliance activities, indicating continuing momentum in digitising compliance models. 

Our survey showed that technology investment has benefited company compliance activities in a variety of ways. These include better visibility of risks and risk management activities (64%), faster identification and response to compliance issues (53%), higher quality/more insightful reporting (48%), faster/more confident decision-making (46%) and increased productivity, efficiencies and cost savings (43%). Each is important in enabling compliance to help companies move faster in the market, navigate complexity, and avoid hazards.

If these benefits are to be realised, many organisations face a common challenge: data. Whilst technology infrastructure and applications provide the compliance ecosystem backbone, it relies on the flow of accurate, timely and consistent data to function effectively. 63% of respondents, however, said that the complexity and disaggregated nature of data across the organisation made compliance more difficult (this rose to 70% North America). Respondents also cited the reliability and quality (56%) and availability (47%) of data as challenging, along with a lack of skills and experience (47%) to manage and use the data.

Augmented with AI

AI is driving changes to business models, increasing competition, and creating demand for new skills from the workforce. PwC’s 28th Global CEO Survey found that almost half of CEOs say that their biggest priorities over the next three years are integrating AI (including generative AI (GenAI)) into technology platforms as well as business processes and workflows. It also found that those using GenAI report efficiencies in how employees use their time and increases in revenue and profitability.

This brings new opportunities for compliance too. Our survey found that the majority of respondents (71%) believe that AI will have a net positive impact overall on compliance. Currently just under half (46%) reported piloting or using AI in data and predictive analytics and 36% are piloting or using it for fraud detection. We are seeing examples of sophisticated AI being used in this area as approaches that were pioneered in FS companies are deployed more widely, such as in payment service providers, to analyse and target transactions. There is also significant opportunity to apply such techniques to help non-FS sectors focus on higher risk fraud and compliance scenarios.

Compliance is critical to every part of an organisation. It helps to define its culture, build trust with customers, suppliers, investors, regulators and other stakeholders and gives it a license to operate in a global market that expects transparency and the highest standards from leaders and employees. This means the human dimension of compliance is evolving as quickly as the regulations.

Of the factors companies considered most important in creating a strong compliance culture, senior management sponsorship/’tone at the top’ (55%), employee training and communication (48%), and coordination with compliance teams (37%) were ranked at the top.

Interestingly, Compliance function resources was ranked lower in importance (19%), perhaps indicating the continued shift in responsibility towards the first line rather than reliance on Compliance functions alone. This might also support the view that compliance resourcing in the new risk environment is less about increasing traditional capabilities and capacity, and more about refocusing skills and capabilities.

Leading companies are looking beyond the more one-dimensional talent model and traditional legal, risk and audit backgrounds to incorporate more technology, data, risk modelling, behavioural science, and strategic business experience. Specialist knowledge (53%) and data management (43%) are seen as key skills to maintain effective compliance. More than half of those identifying these skill needs as critical believe their company will have a skills shortage in these areas in the next 12 months.

To unlock real value, compliance professionals need to operate in three dimensions, collaborating with others across the organisation and externally, connect-the-dots, and articulate the upside of compliance in supporting strategic initiatives and transformation.

For Compliance Leaders, the stakes are higher than ever. In some regulated industries, like FS, Compliance Officers have a high degree of liability. In the past, institutions were fined; now, in some jurisdictions, there are personal liabilities that include being disbarred and fined. From a commercial perspective, the stakes are different but arguably just as serious - the risk of being irrelevant.

This is putting the ‘Strategic Compliance Officer’ at the centre of compliance model reinvention – someone who can help companies see risk, take risk, and manage risk effectively to both protect value and create value.

Looking forward, Compliance has numerous opportunities to demonstrate its value. Survey respondents indicated their companies are planning substantial business changes in the next three years that might require Compliance involvement. Nearly three-quarters (71%), for example, highlighted digital transformation as a key initiative requiring compliance skills, including helping to address cyber and data regulations.