CCI staff share recent surveys, reports and analysis on risk, compliance, governance, infosec and leadership issues. Share details of your survey with us: editor@corporatecomplianceinsights.com.
Shadow AI & other AI governance topics move up list of business risks
The low-growth economic environment, driven by tariff-related trade tensions and other conditions, has moved into the top rank of emerging risks for the third quarter of 2025, according to a survey from Gartner.
The survey of 184 senior risk and assurance executives found mounting concern around AI, with AI-related information governance risks moving from fourth place in the second quarter to second place in the third quarter. Shadow AI — the use of unauthorized AI tools by employees — moved from fifth to third place as organizations face challenges in effectively monitoring its use.
Extreme weather frequency and severity ranked fourth, while deglobalization rounded out the top five emerging risks. The survey found that while 72% of enterprise risk management leaders say taking timely action on emerging risks is highly important, only 15% feel confident in determining what information to spotlight for stakeholders.
Dealmakers expect US M&A market to strengthen in next 12 months
Some 74% of M&A professionals expect the US mergers and acquisitions market to strengthen over the next 12 months, with strategic acquisitions and mitigating economic uncertainty emerging as top priorities, according to a survey from law firm Dykema.
The survey of 216 executives, bankers, private equity leaders and advisers found that 69% of respondents anticipate making acquisitions in the coming year, up from 61% in 2024. Private equity continues to be a driving force, with 83% of respondents anticipating that private equity activity will boost deal volume. Technology, media and telecom lead anticipated deal activity, with AI-enabled businesses attracting particular interest.
Dealmakers are emphasizing due diligence, ESG risk screening and the use of representation and warranties insurance, particularly in complex or high-value transactions. However, tariffs, economic conditions and valuation gaps are expected to be top obstacles to dealmaking.
Other key findings:
- Joint ventures (52%) and sales (50%) reflect increased activity compared to prior periods.
- Healthcare M&A is expected to be strategic and private equity-backed, focusing on tech-driven services, efficiency and specialty care platforms.
- Representation and warranties insurance is projected to rise in frequency, particularly in high-complexity transactions.
42% of finserv firms cite keeping pace with regulations as top compliance challenge
Staying current with evolving regulations is the top compliance challenge for 42% of US financial services executives, while more than a third (36%) say they lack sufficient internal expertise to meet regulatory mandates, according to a survey from managed IT and cybersecurity services provider Omega Systems.
The survey of more than 300 US financial services executives found significant disconnects between financial and technical leadership. Some 53% of CFOs rank evolving regulations as a top concern compared to 38% of CIOs, revealing misalignment between financial and technical teams on compliance priorities.
The survey included leaders from family offices, registered investment advisers, wealth managers, hedge funds, private equity and investment advisory firms with assets under management ranging from $10 million to more than $10 billion.
Analysis finds financial services sector best at aligning cyber policy and practice
The financial services industry has achieved a near 1:1 ratio between written cybersecurity policies and real-world practice, outperforming all other UK sectors analyzed, according to a survey from compliance training provider Skillcast.
The company analyzed the gap between cybersecurity policies and operational practice across the largest UK businesses in multiple sectors. Financial services scored 162 out of 260 for policy and 157 for practice, representing a 0.97 ratio. By contrast, the energy and utilities sector scored 154 for policy but only 59 for practice, a 0.38 ratio.
All financial services businesses analyzed employ a dedicated chief information security office (CISO) or head of cyber, and privacy policies are updated every six months on average, the most frequent refresh cycle of any industry studied. This contrasts sharply with manufacturing, where updates occur roughly every 30 months.
Firms capturing ChatGPT communications surged nearly 3,000% in past year
The number of financial institutions capturing ChatGPT data for compliance purposes increased nearly 3,000% between 2024 and 2025, with all firms doing so based in North America, according to a report from archiving software provider Global Relay.
The report, based on data from more than 12,000 financial institutions across more than 200 communications channels, found significant shifts in compliance priorities driven by regulatory enforcement actions. Firms also increased capture of TikTok data by more than 2,000% year-over-year and Apple Messages by 114%.
Traditional business communications channels continue to dominate overall capture rates, with email at 89%, LinkedIn personal accounts at 23% and Microsoft Teams at 23%. However, the surge in emerging channel capture suggests firms are responding to recent regulatory themes. WhatsApp capture increased 36% year-over-year, with 89% of those firms based in North America, following years of aggressive regulatory enforcement around off-channel communications. Social media channel capture increased 33%.
