CCI staff share recent surveys, reports and analysis on risk, compliance, governance, infosec and leadership issues. Share details of your survey with us: editor@corporatecomplianceinsights.com.
59% of companies ‘always’ compromise on compliance due to business pressures
Business pressures and competitive threats are leading companies to regularly bypass compliance requirements, according to new research from Creditsafe, a global credit monitoring and risk management firm. A survey of more than 200 U.S. accounting, legal, supply chain and consulting professionals found that 59% “always” compromise on compliance due to business pressures, while another 16% do so frequently.
The study reveals widespread gaps in compliance programs, with 79% of respondents admitting they’ve skipped compliance checks on customers or suppliers due to existing good relationships. Additionally, compliance violations are increasing across multiple areas, with 67% reporting more data privacy violations in 2024 than 2023, and 64% seeing more financial accounting and tax compliance violations.
Key findings include:
- 43% assess their compliance maturity at the lowest level.
- 64% find it “very challenging” to recruit qualified compliance staff.
- 85% say team size affects their ability to manage compliance proactively.
- 51% cite lack of compliance leadership as the primary cause of failures.
80% of companies lack dedicated plan for generative AI risks
Organizations are struggling to address AI-driven threats even as cybersecurity becomes their top risk concern, according to Riskonnect’s 2024 “New Generation of Risk Report.” The survey of more than 200 risk, compliance and resilience professionals found that 72% report cybersecurity risks having significant or severe impacts on their organization, up from 47% last year, and while cybersecurity risks have become more pressing, 80% of organizations lack a dedicated plan to address generative AI risks.
Nearly a quarter of respondents (24%) believe AI-powered cybersecurity threats like ransomware, phishing and deepfakes will have the biggest business impact over the next 12 months, according to the survey by the risk management software provider. Yet only 8% feel ready for AI and AI-governance risks, while 65% lack policies governing generative AI use by partners and suppliers. Additionally, 61% have no plan for managing risks related to future geopolitical tensions.
Key findings include:
- 90% have increased or maintained risk management technology budgets.
- 62% currently use or plan to use AI in risk management.
- 56% haven’t simulated their worst-case scenarios.
“Cybersecurity has jumped to the forefront of concerns. Our research shows that organizations are acutely aware of the impact of these risks, but aren’t evolving their risk management strategies fast enough,” said Jim Wetekamp, CEO of Riskonnect.
Only 12% of finserv firms using AI have risk management frameworks
Financial services firms are rushing to adopt artificial intelligence without proper governance and oversight measures in place, according to a new survey from GRC advisory ACA Group and the National Society of Compliance Professionals. The study of more than 200 compliance leaders found that while 75% of firms are using or exploring AI, just 12% of those using AI have adopted a risk management framework.
The gaps in AI governance are particularly evident in third-party oversight, with 92% of respondents lacking policies to govern AI use by service providers. Additionally, only 18% have established formal testing programs for AI tools, potentially leaving firms exposed to cybersecurity, privacy and operational risks.
Key findings include:
- 37% have already adopted AI tools for internal use.
- 52% of AI users employ public tools like ChatGPT.
- 68% report AI tools have had “no impact” on their compliance program.
“The survey’s most concerning finding is the lack of policies governing third-party AI use,” said Carlo di Florio, president at ACA Group. “Regulators are heavily emphasizing third-party risk management, as we saw with the SEC’s cyber rule and the EU’s Digital Operational Resilience Act.”
About one-third of directors cite enterprise risk management as top governance focus for 2025
Corporate board directors are balancing growth initiatives with risk management amid ongoing economic pressures, according to a new survey from global accounting and advisory firm BDO. The study of nearly 250 public company directors found that while driving growth remains their top strategic priority, 31% expect to spend most time on enterprise risk management in 2025.
Directors identified multiple areas of concern, with monetary policy (33%) and inflation (31%) emerging as their top issues ahead of the 2024 presidential election. Technology presents both opportunities and challenges, as 51% plan to increase investment in emerging tech, while 27% cite lagging implementation as a significant risk.
Key findings include:
- Directors spend an average of 285 hours annually on their most challenging board.
- 41% will increase investment in cybersecurity, data privacy and governance.
- 43% regularly review compliance materials in board meetings.
- 40% discuss company-specific fraud risk factors.
“Directors have both the opportunity and responsibility to guide management’s execution of strategy to deliver on sustainable growth metrics while minimizing risk to the organization,” said Amy Rojik, BDO USA’s national managing principal.
One-quarter of global executives cite employer risk as top threat
Employee-related risks have overtaken other business concerns as the biggest threat facing companies, according to new research from specialty insurer Beazley. The firm’s “Risk & Resilience” report, which surveyed 3,500 global business leaders, found that 23% rank employer risk as their primary concern, up from 18% in 2022, yet nearly a quarter feel unprepared to handle it.
The survey reveals growing unease about multiple risk factors, with 42% of executives saying they operate in a high-risk environment, up from 31% last year. Reputational concerns are also rising, with 20% citing potential brand and trust damage as their top risk, compared to 17% in 2023.
Key findings include:
- 26% plan to review hiring policies to boost diversity and inclusion.
- 67% say ESG regulation is too complex for their business.
- 70% want more regulatory guidance on ESG requirements.
- 25% of financial services executives rank reputational damage as their top concern.
“While macroeconomic conditions appear to be stabilizing, (directors and officers liability risks) are still front of mind for global business leaders,” said Bethany Greenwood, global head of specialty risks at Beazley. “The threat landscape has fragmented and become increasingly multifaceted with executives left scrambling to protect themselves.”
Half of companies boost resources for geopolitical risk management
Companies are ramping up their response to global geopolitical threats, according to new research from the Association of Corporate Counsel (ACC), a global legal association representing more than 48,000 in-house counsel. The survey of 200 law department leaders found that 50% of companies have allocated additional resources to manage geopolitical risk over the past five years.
The study, conducted with Harvard Business School and the U.S. Chamber of Commerce Foundation, identified 72 countries posing significant risk, with China, Russia, Mexico and the United States leading the list. While most companies plan to maintain or increase engagement with high-risk countries, Russia proves an exception, with 53% of respondents planning to cease engagement entirely.
Key findings include:
- 49% initiated new due diligence processes.
- 45% implemented new risk-related training.
- 43% began scenario planning for risks.
“Legal officers have a ‘whole-of-firm’ view, and they are now leading their companies not only in novel compliance requirements but forward-looking processes for protecting company assets and reputations,” said Meg Rithmire, James E. Robinson professor of business, government and the international economy at Harvard Business School.
