CCI staff share recent surveys, reports and analysis on risk, compliance, governance, infosec and leadership issues. Share details of your survey with us: editor@corporatecomplianceinsights.com.
Companies struggle to keep up with the use of AI tools
Nearly two in three audit, GRC and IT decision-makers (62%) say they are worried about employees inputting sensitive data into AI tools, and 59% are concerned about “shadow AI,” employees using unapproved tools, according to a survey by GRC software provider Optro, formerly AuditBoard
The survey of 822 leaders at companies with at least $100 million in annual revenue and 250 employees found that despite their worries about how AI is being used at their companies, only 18% are in organizations where unauthorized AI domains are actively blocked, only 34% have an AI model inventory, and just 31% have AI incident response procedures.
The concerns about AI tools don’t stop there.
“They’re daily behavior patterns happening right now, across every function, in tools often invisible to governance teams,” Optro said in the report on the survey. “And this is directly leading to a significant uptick in AI-enabled attacks.”
Of respondents, 82% reported an increase over the past year of AI-enabled attacks with 39% saying attacks have significantly increased. The kind of attack is changing, too. Social engineering is the top threat, and 61% said it has increased.
More work, same team in governance
Governance professionals are facing increased workloads with many having to shoulder that burden without a coordinating increase in team members, according to a recent survey by GRC software company Diligent.
Nearly three out of four (74%) governance professionals surveyed reported the scope of their work has expanded in the past two years, and almost half (46%) reported that workloads had increased without headcount going up.
Diligent surveyed 309 senior governance practitioners from North America, Latin America, Asia Pacific, the Middle East and Europe.
Technology gaps and regulatory complexity are compounding the workload, according to the survey, with about 47% citing those two issues as the biggest barrier.
Other key findings:
- 64% said AI governance was the most critical skill for the next three years, ranking it above every traditional legal capability.
- Asked if they would be comfortable with AI completing basic actions without approval, 38% said they would be and 36% said they wouldn’t be.
- 56% of governance professionals said they saw themselves as strategic advisers to the board, but only 17% believe their board sees them that way.
- 52% said boards underestimate the complexity of governance, often viewing it as administrative rather than strategic.
UK organizations: Ready or not for new AML rules?
More than half of UK compliance professionals don’t see their organizations being on solid footing when it comes to new national AML rules, according to a survey by VinciWorks, a compliance eLearning and software provider.
Of compliance professionals polled, 57% said their organizations have not started preparing or were unsure of their preparations for 2026 amendments to money laundering and terrorist financing regulations, which are expected to come into force in late June or early July. Only about 4% said they had new policies ready.
VinciWorks surveyed 334 compliance professionals across the UK’s legal, financial services and accounting sectors.
Despite unsure preparations for AML rule changes, organizations’ compliance leaders are confident that their current AML training could adapt to the 2026 amendments, the survey found. More than three quarters (77%) of respondents said they are fairly or very confident the changes can be addressed by today’s AML training.
“The confidence figures look reassuring until you set them alongside the readiness data,” Nick Henderson-Mayo, head of compliance at VinciWorks, said in the survey report. “That gap could be where firms get caught. Regulators do not accept good intentions as a defence.”
Chief legal officers getting that money
Chief legal officers (CLOs) among S&P 500 and Russell 3000 companies had double-digit percentage increases in pay from 2022 to 2025, according to a survey by The Conference Board, Major, Lindsey & Africa and ESGAUGE.
Median compensation for CLOs at S&P 500 companies rose from $3.3 million to $4.2 million, or 27%, and at Russell 3000 companies $1.9 million to $2.1 million, or 11%, in that time period, the survey said.
The study also found that these companies are increasingly hiring CLOs from the outside rather than the inside. External hires rose from 50% to nearly 60%.
The survey also looked at gender and found the share of women CLOs barely moved, staying around 40% for S&P 500 companies and modestly increased from 33% to 35% at Russell 3000 companies. Among S&P 500 companies, women CLOs made less than men (a median of $3.8 million compared to $4.2 million), while women and men earned the same at the median, $2.1 million, at Russell 3000 companies.
