Tag: GenAI

Categories
Compliance and AI

Compliance and AI: Future-Proofing Compliance with AI: Strategies for 2026 and Beyond

What is the role of Artificial Intelligence in compliance? What about Machine Learning? Are you using ChatGPT? These questions are just three of the many we will explore in this cutting-edge podcast series, Compliance and AI, hosted by Tom Fox, the award-winning Voice of Compliance. Vince Walden, founder and CEO of KonaAI and Dr. Hemma Lomax, Head of Business Integrity at Docusign discuss the evolving landscape of compliance and the increasing role of AI and automation.

They highlight the need to modernize due diligence processes, reducing large, repetitive tasks down to streamlined operations using AI. A key focus is the innovative use of AI agents proposed by Hemma, likening them to digital employees, with personalized job descriptions and onboarding plans aimed at enhancing efficiency and unleashing human talent. Vince shares practical examples of how AI can transform compliance functions by leveraging data insights from various sources like investigations, third-party risks, and employee surveys. The episode encourages compliance professionals to dream big about the future, embrace AI-driven innovation, and crowdsource intelligence to bridge the gap towards more efficient and intelligent compliance practices.

Key highlights:

  • Introduction to Modern Due Diligence
  • The Role of AI in Compliance
  • Creating and Managing AI Agents
  • Empowering Teams with AI
  • Real-World Applications and Examples

Resources:

konaAI

Vince Walden on LinkedIn

Dr. Hemma Lomax on LinkedIn

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
AI Today in 5

AI Today in 5: September 29, 2025, The AI and Blue Collar Jobs Edition

Welcome to AI Today in 5, the newest edition to the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI, so start your day, sit back, enjoy a cup of morning coffee, and listen in to the AI Today In 5, all from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest related to AI.

Top AI stories include:

For more information on the use of AI in Compliance programs, my new book, Upping Your Game. You can purchase a copy of the book on Amazon.com.

Categories
AI Today in 5

AI Today in 5: September 16, 2025, The No Robo Bosses Episode

Welcome to AI Today in 5, the newest edition to the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI, so start your day, sit back, enjoy a cup of morning coffee, and listen in to the AI Today In 5, all from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest related to AI.

Top AI stories include:

For more information on the use of AI in Compliance programs, my new book, Upping Your Game. You can purchase a copy of the book on Amazon.com.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Using AI to Embed Your Compliance Program

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide you with bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we conclude our 5-part series on using compliance in a best practices compliance program by considering how to embed compliance into your business operations with the help of AI.

For more on this topic, check out The Compliance Handbook, a Guide to Operationalizing your Compliance Program, 6th edition, which LexisNexis recently released. It is available here.

Categories
Blog

Using AI to Embed Compliance into Business Operations

Ed. Note: This week, we present a week-long series on the use of GenAI in a best practices compliance program. Additionally, for each blog post, I have created a one-page checklist for each article that you can use in presentations or for easier reference. Email my EA Jaja at jaja@compliancepodcastnetwork.net for a complimentary copy.

Compliance programs have long wrestled with a central challenge: how to move from “bolt-on” to “built-in.” Too often, compliance has been perceived as an overlay, a set of policies and reviews that operate parallel to business activity. The Department of Justice has repeatedly emphasized that compliance should be integrated directly into operations, not treated as an afterthought.

Generative AI offers compliance professionals a new tool to achieve this, as Elisa Farri and Gabriele Rosani argue in an HBR article How AI Can Help Managers Think Through Problems, that AI is not just a productivity enhancer but a thought partner. Instead, it is capable of helping leaders frame problems, test assumptions, and engage in structured dialogues that improve decision-making.

I aim to utilize their article to support compliance officers in leveraging AI to enhance our ability to embed compliance into business processes more effectively. Today, I conclude my five-part blog post series on using GenAI in compliance to explore how AI can assist in building compliance into the business and what it means for the future of compliance programs. I also provide five key takeaways for compliance professionals on how to do so.

1. AI as a Co-Thinking Partner for Embedding Compliance into Workflows

One of the article’s most powerful insights is the concept of “co-thinking”; AI as a partner in structured dialogue rather than just a tool for quick answers. For compliance, this is transformative. Imagine using AI not simply to draft a policy, but to help you think through how that policy should be embedded in day-to-day operations.

For instance, when designing a gifts-and-entertainment approval process, AI can walk compliance through stakeholder perspectives: What does sales need? What would regulators expect? What friction will finance raise? By simulating these perspectives, AI helps compliance professionals design workflows that are practical and embedded, rather than abstract and detached.

This approach also makes compliance more proactive. Instead of reacting to risks after violations occur, AI-enabled co-thinking allows compliance to anticipate where policies may clash with business objectives and design operational solutions upfront. The compliance lesson is to treat AI as a structured dialogue partner to design compliance that lives inside the workflow, policies, and processes that are not just documented but operationalized.

2. Enhancing Stakeholder Engagement Through AI Simulations

Embedding compliance into business operations requires more than rules; it requires buy-in. The article highlights how AI can role-play different stakeholders, challenging managers to anticipate reactions. Compliance can use this capability to stress-test initiatives before rollout.

Suppose compliance is introducing a new due diligence system for third-party onboarding. AI can simulate how procurement might respond (“slows down vendor onboarding”), how business development might object (“hurts competitiveness”), and how regulators might evaluate (“strong demonstration of risk-based management”). This multi-stakeholder dialogue allows compliance teams to refine both process design and messaging before rollout.

The implication for compliance programs is clear: embedding compliance requires deep cultural alignment. AI makes it possible to test and rehearse that alignment at scale, reducing resistance and building smoother adoption. The compliance lesson is to use AI simulations to bring stakeholder voices into the design process, ensuring compliance is not bolted on but built with empathy for business realities.

3. AI-Assisted Root Cause Analysis Strengthens Business Integration

Compliance programs are expected to conduct root cause analysis after misconduct, but too often these reviews remain siloed. AI-enabled co-thinking helps expand root cause analysis into an exercise that strengthens business operations.

For example, when analyzing repeated travel and expense violations, AI can guide compliance through structured questions: Were training gaps to blame? Were approval workflows too weak? Were sales incentives misaligned? Then, critically, AI can help map remediation back into operations—tightening finance approvals, adjusting incentive structures, and embedding compliance flags directly into expense systems.

This is not about AI making the decision. It is about AI helping compliance think through operational integration of lessons learned. Instead of merely complying with regulations by writing a report that sits on a shelf, the outcome becomes operational adjustments inside business processes. The compliance lesson (or rather, perhaps implication) is that the DOJ expects compliance programs to prevent recurrence through systemic fixes. AI co-thinking can ensure those fixes are operational, not theoretical.

4. Scaling Compliance Culture and Mindset Shifts Across the Organization

The article notes how AI can be used to coach managers through mindset shifts, helping them reflect on new behaviors and practices. Compliance can use the same approach to embed cultural expectations directly into business teams. For example, AI can be configured as a compliance coach embedded in daily tools, guiding managers through ethical dilemmas, prompting reflection during approval requests, or reinforcing company values during project planning. Instead of compliance being external and episodic, it becomes internal and continuous.

This democratizes compliance development. A frontline manager in Asia can interact with AI that reinforces compliance culture in real time, rather than waiting for annual training or sporadic compliance visits. It also gives compliance leaders data on where employees are struggling, revealing cultural gaps that can be addressed systemically.

The implication is that embedding compliance is not just about systems but about mindset. AI can make culture-building a daily, distributed activity rather than a centralized, one-time effort.

5. Ensuring Human Judgment Remains Central in AI-Enabled Compliance

Finally, while AI can enhance problem-solving and integration, the article underscores that co-thinking only works when humans stay actively engaged. Compliance cannot abdicate responsibility to machines. This has profound implications for compliance programs. AI can help frame problems, simulate stakeholders, and propose operational fixes, but it cannot weigh reputational risk, interpret regulatory expectations, or balance competing global obligations. Those decisions require human judgment.

The key is balance: AI accelerates and deepens thinking, but compliance leaders must build governance frameworks to ensure outputs are reviewed, validated, and contextualized. Embedding compliance into business operations does not mean letting AI run the show; it means letting AI augment human reasoning so that compliance becomes more practical, strategic, and defensible.

The compliance lesson, based on both the DOJ’s FCPA Resource Guide and the 2024 ECCP, is clear that compliance must be risk-based, well-resourced, and continuously improved. AI helps compliance think through integration, but humans remain accountable for ensuring it meets regulatory standards and ethical expectations.

AI as a Pathway to Embedded Compliance

The future of compliance is embedded, not bolted on. DOJ expects it. Boards demand it. Employees need it. The challenge is figuring out how to make it real. AI offers compliance professionals a powerful new tool: not as an oracle, but as a co-thinker. By helping compliance frame problems, simulate stakeholders, strengthen root cause analysis, scale cultural coaching, and reinforce human judgment, AI can accelerate the shift from compliance as oversight to compliance as an integrated business practice.

The call to action is simple: use AI not just to make compliance faster, but to make compliance inseparable from business. That is how compliance earns trust, drives culture, and meets regulatory expectations in the age of AI.

Categories
AI Today in 5

AI Today in 5: August 21, 2025, The AI Psychosis Episode

Welcome to AI Today in 5, the newest addition to the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the AI Today In 5. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest about AI.

Top stories include:

  • 95% of GenAI is failing. (Fortune)
  • MIT report on AI spooks investors. (IBD)
  • Is AI psychosis real? (BBC)
  • Lutnick insults the Chinese. Chinese stop buying Nvidia chips. (FT)
  • Should quants use AI? (Bloomberg)
Categories
Blog

Co-Thinking with AI: A New Frontier for Compliance Problem-Solving

Ed. Note: This week, we present a week-long series on the use of GenAI in a best practices compliance program. Every other day this week, I have created a one-page checklist for each article that you can use in presentations or for easier reference. However, for today’s blog post, I have made a Compliance AI Dialogue Playbook to illustrate the concepts discussed. If you would like a copy, email my EA, Jaja, at jaja@compliancepodcastnetwork.net.

Compliance officers are, at their core, problem-solvers. We wrestle with thorny questions every day: How do we implement a global gifts-and-entertainment policy across jurisdictions with vastly different cultural norms? How do we balance business pressures with anti-corruption obligations? How do we address new risks like AI itself? Traditionally, compliance officers have relied on their teams, external counsel, and regulators for perspective. But now, there is another partner available: AI as a co-thinker.

Elisa Farri and Gabriele Rosani, in their HBR article, How AI Can Help Managers Think Through Problems, argue that generative AI is not simply a productivity booster but a thought partner that can help managers frame problems, weigh trade-offs, and refine decision-making. For compliance professionals, this opens an exciting frontier. Instead of seeing AI as just a summarization or monitoring tool, we can use it to think with us about compliance challenges.

Today, we consider five key takeaways for compliance professionals, each exploring how AI can and should be trusted as a structured co-thinker in corporate compliance problem-solving.

1. AI Can Help Frame Compliance Problems More Clearly

One of the hardest parts of compliance work is problem framing. Regulators do not hand us neat checklists; instead, they give us principles, expectations, and enforcement actions. It’s up to us to translate these into workable policies and controls.

The authors highlight how AI can act as a sounding board, asking clarifying questions, offering perspectives, and reframing issues. In compliance, this is invaluable. For example, when confronting a possible books-and-records violation, you can ask AI to outline the problem from different angles: the DOJ’s perspective, the auditor’s lens, or the business unit’s operational concerns.

This “co-thinking” dialogue helps compliance officers avoid blind spots. By articulating context and criteria while AI proposes reframings or stakeholder perspectives, the problem becomes clearer. Often, clarity is half the solution.

The compliance lesson: Don’t just throw a problem at AI and expect an answer. Use it to refine the question. A well-framed compliance issue is easier to analyze, explain, and ultimately solve.

2. AI Strengthens Root Cause Analysis in Compliance Investigations

Root cause analysis is central to modern compliance. Regulators do not just want misconduct identified; they want to know why it happened and how you’ll prevent it going forward. Yet too often, root cause analysis gets bogged down in assumptions or limited perspectives.

Farri and Rosani cite managers who use AI dialogues to explore underlying causes systematically. For compliance officers, this can be a game-changer. Imagine an investigation into repeated expense-report fraud. AI can walk you through potential cultural drivers (“tone at the top,” sales pressure), structural flaws (weak approval workflows), and training gaps. It can then push back: “Are you overlooking incentives?” or “What if the issue is inadequate third-party vetting?”

By iterating through hypotheses in a structured dialogue, compliance professionals can avoid premature conclusions and dig deeper. This not only strengthens remediation but also demonstrates to regulators that the company engaged in a thorough, multi-perspective analysis.

The compliance lesson: AI co-thinking transforms root cause analysis from a static checklist into a dynamic dialogue, driving richer insights and more defensible conclusions.

3. AI Helps Anticipate Stakeholder Reactions to Compliance Decisions

Compliance isn’t just about rules; it’s about relationships. A compliance policy that looks perfect on paper can fail if stakeholders resist or misunderstand it. That’s why anticipating reactions is essential.

The article describes a communications manager who used AI to role-play stakeholder perspectives. Compliance teams can apply the same method. Suppose you’re rolling out a new third-party due diligence system. You could ask AI to simulate how sales might react (“This slows down deal velocity“), how finance might respond (“We lack resources for added checks“), and how regulators would view the process (“Demonstrates good faith risk management“).

This kind of dialogue allows compliance officers to refine messaging, anticipate objections, and design mitigation strategies before rollout. It’s essentially stakeholder mapping on steroids.

The compliance lesson: Use AI to run “compliance fire drills.” Let it act as different stakeholders, challenge your assumptions, and highlight where communication or process gaps may derail implementation. Better to hear objections from an AI simulation than from the DOJ or your workforce, after the fact.

4. AI Supports Compliance Leadership and Mindset Shifts

Compliance is not static; it evolves as risks and expectations change. One of the hardest parts of leadership is helping teams adopt new mindsets. Whether it’s embedding ESG into compliance or shifting from reactive investigations to proactive risk management, change is as much about people as it is about rules.

The authors point to managers using AI to coach teams through mindset shifts. Compliance officers can replicate this by designing AI dialogues that help teams reflect on change. For example: “Act as a compliance coach guiding a regional manager through adopting a risk-based mindset for third-party approvals.” AI can then walk the manager through scenarios, pose self-assessment questions, and suggest daily practices to internalize the change.

This turns AI into a scalable leadership development tool for compliance. It’s not replacing human mentorship but supplementing it, ensuring employees across geographies get consistent coaching.

The compliance lesson is straightforward: AI can democratize leadership development in compliance. By embedding coaching into AI assistants, compliance leaders can scale mindset change while reinforcing culture across the enterprise.

5. AI Encourages Reflective and Ethical Decision-Making

Finally, compliance is about judgment. Not every decision can be reduced to a policy or rulebook. Whether deciding how to respond to a gray-area hospitality offer or whether to self-disclose a violation, compliance officers must weigh trade-offs.

Farri and Rosani emphasize that AI, when engaged as a co-thinker, can enhance reflective decision-making. It does so by slowing us down, asking probing questions, and challenging quick assumptions. This is especially important because compliance officers are often under pressure to deliver fast answers to complex problems.

By prompting reflections such as “What risks might we be missing? What would regulators expect? What precedent are we setting? AI ensures compliance officers approach decisions with greater ethical clarity. It’s the Socratic method in digital form.

The compliance lesson: AI should not be seen as replacing compliance judgment but as sharpening it. By making space for reflection, AI helps ensure that compliance decisions are thoughtful, principled, and defensible.

From Automation to Co-Thinking

For too long, compliance has viewed AI as a back-office automation tool: summarizing, monitoring, and drafting. Farri and Rosani remind us that AI can do much more: it can think with us.

By helping frame problems, strengthening root cause analysis, anticipating stakeholder reactions, supporting mindset shifts, and fostering reflective decision-making, AI becomes not just a tool but a thought partner. For compliance officers under increasing pressure from regulators and boards, that partnership could be transformative.

The path forward is clear: stop asking “What can AI do for compliance?” and start asking “How can AI help compliance think better?”

Categories
Blog

Trust and Verify: How Compliance Can Harness AI Agents Safely

Ed. Note: This week, we present a week-long series on the use of GenAI in a best practices compliance program. Additionally, for each blog post, I have created a one-page checklist for each article that you can use in presentations or for easier reference. Email my EA Jaja at jaja@compliancepodcastnetwork.net for a complimentary copy.

When we think of “trust” in compliance, our minds usually go to whistleblowers, employees, or third parties. But increasingly, the question of trust must extend to a new category of actors: AI agents.

As Blair Levin and Larry Downes explain in their provocative Harvard Business Review piece, titled “Can AI Agents Be Trusted?“, AI agents are not just smarter chatbots. They are software systems that can collect data, make decisions, and even act autonomously based on rules and priorities. For compliance professionals, this changes the game. If AI agents can act on our behalf, can they also be trusted to uphold compliance principles?

The answer is yes, but only if we design and monitor them with the same rigor that we apply to employees, third parties, and business partners. Today, we look at five key takeaways from their article to guide compliance professionals in building AI agents into trustworthy components of their programs.

1. Trust Requires Oversight, Just as with Human Agents

The article makes a simple but powerful analogy: think of an AI agent the way you would think of an employee or contractor. Before delegating sensitive responsibilities, you conduct background checks, put controls in place, and possibly even require bonding. The same must hold for AI.

For compliance, this means creating oversight structures before deploying agents into live workflows. If your compliance AI assistant can monitor transactions for red flags, you must ensure that a human compliance officer reviews its outputs. If it can escalate potential whistleblower complaints, you must validate that escalation logic against regulatory requirements.

AI oversight also means testing for vulnerabilities. As Levin and Downes note, AI agents are susceptible to hacking, manipulation, and even misinformation. Compliance should require penetration testing of any agent integrated into company systems, just as IT would test network defenses.

Trust is never blind in compliance. It is built on verification, monitoring, and accountability. AI agents can and should be trusted, but only when they operate within a compliance framework that mirrors the controls we already use for human agents.

2. Recognize and Manage Bias and Conflicts of Interest

One of the major risks highlighted in the article is bias, whether introduced by marketers, advertisers, or flawed training data. Just as a conflicted employee can steer decisions for personal gain, an AI agent can be subtly manipulated to favor sponsors, advertisers, or even certain viewpoints.

For compliance professionals, this should raise alarms. Imagine an AI agent used for third-party due diligence. If biased data shapes its recommendations, you could end up onboarding a high-risk vendor while rejecting a low-risk one. Worse, if regulators discover that your system relied on biased algorithms, you’ll face serious questions about program effectiveness.

The solution is conflict-of-interest monitoring for AI. Just as employees must disclose outside interests, AI agents should be tested and audited for hidden preferences. Compliance should insist on transparency from vendors about training data sources and sponsorship arrangements. In some cases, contracts with AI providers may need explicit clauses guaranteeing independence from commercial influence.

Compliance has always been about spotting and mitigating conflicts. In the age of AI, that vigilance must extend to our digital agents. Only then can we claim that our programs are fair, impartial, and defensible.

3. Treat AI Agents as Fiduciaries of Compliance

Perhaps the most compelling insight from Levin and Downes is that AI agents should be treated as fiduciaries. Just as lawyers, trustees, and board members owe a heightened duty of care to their clients, AI agents entrusted with compliance responsibilities must be designed and governed under similar standards.

For compliance officers, this concept aligns directly with DOJ expectations. The Evaluation of Corporate Compliance Programs (2024 ECCP) emphasizes accountability, transparency, and independence. By treating AI agents as fiduciaries, compliance leaders can extend these principles to technology.

What does fiduciary duty look like in practice?

  • Obedience: AI must follow company policies and regulatory standards.
  • Loyalty: AI must prioritize the company’s compliance objectives over any hidden commercial interests.
  • Confidentiality: AI must protect sensitive compliance data from leaks or misuse.
  • Accountability: AI actions must be traceable, with clear logs and audit trails.

This fiduciary framing provides compliance professionals with a powerful tool. It not only reassures stakeholders that AI can be trusted, but it also sets a benchmark that regulators can understand and evaluate. In short, fiduciary AI is defensible AI.

4. Build Market and Insurance-Based Safeguards

The article notes that beyond regulation, market mechanisms such as insurance and independent oversight will be critical to ensuring AI trustworthiness. For compliance leaders, this presents both a risk management strategy and an opportunity.

Just as identity theft insurance evolved alongside online banking, AI liability insurance will likely become a standard corporate requirement. Compliance officers should begin engaging with insurers to explore coverage for AI-related risks, such as data leaks, wrongful denials of due diligence clearance, or biased decision-making.

Equally important are third-party oversight tools. The article envisions AI “credit bureaus” that could audit agent behavior, set decision thresholds, or freeze activity when risks escalate. For compliance, such independent monitoring could provide an external layer of assurance that your AI systems are behaving as intended.

The takeaway is clear: do not rely solely on internal controls. Pair them with market-based safeguards and external verification. Doing so not only strengthens trust in AI agents but also demonstrates to regulators that your program embraces both proactive and independent oversight.

5. Design for Data Security and Local Control

Finally, Levin and Downes stress the importance of keeping decisions local; that is, ensuring sensitive data stays on company-controlled devices and servers, rather than in external clouds. For compliance professionals, this echoes a familiar principle: control the data, control the risk.

Agentic AI, by definition, processes vast amounts of sensitive information. If compliance agents are reviewing hotline reports, transaction monitoring data, or due diligence files, any data leakage could be catastrophic. That’s why strong encryption, local processing, and secure enclaves are essential.

Compliance officers should demand that AI vendors support:

  • On-device or private cloud processing for sensitive tasks.
  • Encryption of all data in transit and at rest.
  • Independent verification of security claims by external auditors.
  • Full disclosure of sponsorships, promotions, and paid influences.

By designing AI agents with local control and transparency, compliance teams can build systems that are both effective and trustworthy. Data security is not just an IT concern; it is a compliance imperative.

Trust, But Never Blindly

AI agents hold immense potential for compliance programs. They can streamline monitoring, accelerate due diligence, and support real-time risk management. But as Levin and Downes remind us, they must also be carefully governed to prevent bias, manipulation, and misuse.

For compliance leaders, the path forward is to treat AI like any other agent (or channel your inner Ronald Reagan: trust, but verify. With oversight, fiduciary framing, market safeguards, and strong data controls, AI can become a trusted partner in compliance—one that strengthens, rather than weakens, the ethical fabric of the organization.

Categories
Blog

Building Your Own AI Assistant: Compliance Lessons in Customization

Ed. Note: This week, we present a week-long series on the use of GenAI in a best practices compliance program. Additionally, for each blog post, I have created a one-page checklist for each article that you can use in presentations or for easier reference. Email my EA Jaja at jaja@compliancepodcastnetwork.net for a complimentary copy.

In the ever-changing world of compliance, resource constraints remain one of our biggest hurdles. Whether you’re drafting policies, conducting risk assessments, or preparing investigation summaries, the work is often repetitive, labor-intensive, and subject to tight deadlines. Enter the AI assistant, not as a futuristic dream, but as a practical, buildable tool available to compliance professionals right now.

Alexandra Samuel’s article in Harvard Business Review titled How to Build Your Own AI Assistant, makes one point crystal clear: if you can describe a project in plain English, you can build your own AI assistant. And for compliance professionals, this represents a transformative opportunity to reduce administrative burdens while increasing consistency, accuracy, and adaptability.

But building your compliance AI assistant isn’t about chasing efficiency alone—it’s about making intentional design choices that reinforce compliance objectives, protect corporate culture, and ensure regulatory defensibility. Today, we consider five key takeaways for compliance professionals, each showing how you can harness AI assistants to enhance, not replace, your compliance program.

1. Start with the Right Use Cases

Before building, compliance leaders must ask: What problems do we want AI to solve? Samuel notes that AI assistants excel in four domains: writing and communications, troubleshooting, project management, and strategic coaching. For compliance, this translates into use cases like:

  • Drafting first-pass policy updates aligned with global regulations.
  • Summarizing enforcement actions for Board reporting.
  • Automating responses to routine employee compliance questions (e.g., “Can I accept this client gift?”).
  • Tracking investigation timelines and automatically extracting action items from meeting transcripts.

Choosing the right use case ensures your AI assistant is a force multiplier rather than a shiny distraction. Importantly, you want to start with low-risk, high-volume tasks. Drafting an anti-corruption annual training memo? AI can handle the boilerplate. Deciding whether to disclose a potential FCPA violation to the DOJ? That still belongs squarely in the human domain.

The real lesson here: compliance officers should not let “AI hype” dictate priorities. Instead, define pain points within your compliance workflow and build assistants targeted at those specific, recurring problems. Start small, iterate, and scale responsibly.

2. Design Clear Instructions—Your Assistant Is Only as Good as Its Guidance

According to Samuel, the “heart” of a custom AI assistant is the set of instructions you provide. For compliance teams, this is where risk and opportunity intersect. If your assistant doesn’t know who it is, what standards to apply, and what tone to use, it will produce outputs that undermine your credibility.

Think of instructions as your assistant’s Code of Conduct. Instead of saying “you are a compliance assistant,” you can be more precise:

  • “You are a corporate compliance officer drafting policies for a multinational company. You must ensure all content aligns with DOJ guidance on effective compliance programs, uses a professional but approachable tone, and provides practical examples for employees.”

These custom instructions allow you to “bake in” compliance frameworks from day one. For example, you can require the assistant to reference the COSO Framework for Internal Controls, ISO 37001, or the DOJ’s Evaluation of Corporate Compliance Programs whenever relevant.

The key compliance insight: good AI assistants reflect great compliance design. Just as vague compliance policies create ambiguity, vague AI instructions create unreliable outputs. Invest time in precise persona-building for your assistant, and you’ll reap consistent, defensible results.

3. Feed It Knowledge—Without Losing Control of Sensitive Data

Samuel emphasizes that AI assistants become truly powerful when equipped with background documents, such as policies, reports, contracts, or training decks. For compliance, this is both a gold mine and a minefield.

On one hand, uploading prior investigation reports, risk assessments, or compliance training modules allows your assistant to generate outputs that reflect your company’s real history and regulatory environment. Imagine an assistant that can instantly pull together a cross-border risk assessment using your own prior filings and internal guidance.

On the other hand, compliance officers must stay vigilant about data protection, privilege, and confidentiality. Sensitive HR records, whistleblower reports, and privileged investigation materials should never be indiscriminately fed into a platform without proper safeguards.

Here lies the balancing act: compliance teams must create AI assistants that are well-informed but tightly governed. This may involve anonymizing data, working through secure enterprise-grade AI platforms, or restricting inputs to public and non-sensitive internal documents.

The compliance lesson is simple but non-negotiable: context matters, but confidentiality reigns supreme. Building a compliance AI assistant means establishing protocols for what can and cannot be shared.

4. Iterate Constantly—Think Like a Compliance Monitor

Just as compliance programs require continuous improvement, so too do AI assistants. Samuel makes it clear that assistants won’t be perfect out of the box. They require ongoing feedback, refinement, and adjustment.

For compliance professionals, this is second nature. We already think in terms of monitoring, auditing, and revising. Apply the same discipline to your AI assistant:

  • Audit its outputs for accuracy, tone, and regulatory defensibility.
  • Track where it consistently underperforms (e.g., misinterpreting data privacy rules) and feed corrective instructions.
  • Periodically, “refresh” its context files to reflect updated regulations, new enforcement actions, or changes in corporate policy.

Samuel suggests asking your assistant to write their own revised instructions based on your feedback. That’s a compliance monitoring exercise in itself—your assistant becomes both subject and participant in continuous improvement.

The compliance takeaway: treat your AI assistant as a dynamic system, not a static tool. Just as DOJ expects ongoing risk assessments and remediation, regulators will expect that AI tools in compliance are actively managed, not blindly trusted.

5. Embed Ethical Guardrails and Accountability

The most important compliance lesson in building your own AI assistant is ensuring accountability. As Samuel warns, assistants can hallucinate or produce flawed outputs. In compliance, this is not simply an annoyance; more importantly, it is a potential liability.

That means your assistant must operate under ethical guardrails:

  • Always include a human-in-the-loop review before any AI-generated compliance document is finalized.
  • Require disclosures when AI was used in drafting policies, reports, or training.
  • Train employees not to treat AI outputs as gospel but as drafts for critical evaluation.
  • Align your assistant’s objectives with compliance KPIs, accuracy, transparency, and defensibility, rather than raw speed.

This mirrors the DOJ’s emphasis on corporate accountability. An AI assistant may help draft your gifts and entertainment policy, but it cannot stand before prosecutors and defend your compliance program. That responsibility remains squarely with leadership.

The compliance lesson here is unmistakable: AI is a tool, not a scapegoat. Build it to augment compliance decision-making, not to absolve it.

From Experiment to Integration

Building your own AI assistant is not a technical challenge. It is a compliance design challenge. As Alexandra Samuel reminds us, if you can describe your project, you can build your assistant. For compliance officers, that means thinking intentionally about use cases, precision in instructions, safeguards for sensitive data, iteration, and ethical guardrails.

The opportunity is immense. With thoughtfully designed AI assistants, compliance professionals can shift their focus from repetitive drafting to higher-order strategy, from administrative overload to proactive risk management. But the responsibility is equally immense. An AI assistant reflects the design choices of its creators, choices that must always prioritize compliance culture, accountability, and trust.

Categories
Blog

Recalculating AI: Compliance Lessons in Weighing Costs and Benefits of GenAI

Ed. Note: This week, we present a week-long series on the use of GenAI in a best practices compliance program. Additionally, for each blog post, I have created a one-page checklist for each article that you can use in presentations or for easier reference. Email my EA Jaja at jaja@compliancepodcastnetwork.net for a complimentary copy.

For compliance professionals, the rise of generative AI (GenAI) feels like déjà vu. We’ve been here before—with ERP rollouts, e-discovery software, and data analytics tools. Each new technology comes with the same pitch: faster, smarter, cheaper. And each time, compliance officers are tasked with answering a more difficult question: At what cost?

Mark Mortensen’s recent piece in Harvard Business Review titled Calculating the Costs and Benefits of GenAI, provides a framework for thinking about this balancing act. While AI undeniably creates efficiency, Mortensen cautions that organizations risk losing knowledge, engagement, and trust if they fail to evaluate adoption carefully. For compliance leaders, the implications are profound.

Today, we consider five key takeaways from the article for compliance professionals—each one an area where AI’s promise and peril intersect.

1. Efficiency Gains Must Be Weighed Against Knowledge Loss

One of AI’s greatest selling points is speed. It can review contracts in minutes, summarize regulatory changes instantly, and generate risk assessments that previously took weeks. For perpetually under-resourced compliance departments, this is a tantalizing offer.

Yet here lies the first hidden cost: learning. Mortensen reminds us that the process of struggling with a problem involves the back-and-forth revisions of a policy draft, iterative risk-mapping discussions, and even the time spent combing through dense regulations. This cements knowledge and deepens institutional expertise. If compliance teams begin to outsource too much of that process to AI, the organization risks eroding the very expertise it relies on to interpret nuance.

Consider this: an AI might draft your anti-bribery training materials, but without human engagement in the process, your team loses the chance to sharpen its understanding of new FCPA enforcement trends. Over time, this erodes your compliance program’s intellectual resilience.

The lesson for compliance leaders is clear: use AI to accelerate, not replace, your team’s learning. Make sure staff remain actively engaged in the interpretive process. AI should provide information, not serve as the final arbiter of compliance knowledge.

2. Short-Term Problem Solving Can Inhibit Long-Term Skill Development

“Practice makes perfect” is more than just a proverb; it is a professional truth. Drafting compliance reports builds writing skills, testing control frameworks sharpens analytical ability, and grappling with regulatory ambiguity builds judgment.

But if compliance teams lean too heavily on AI to generate audit memos or to identify anomalies in financial data, they risk undermining their development. Mortensen points out that when we hand tasks to AI, we sacrifice the chance to strengthen the very skills we will need tomorrow.

Consider a scenario where AI consistently handles first drafts of risk assessments. Compliance officers may grow accustomed to editing AI output rather than developing their structured thinking. Over time, the skill gap widens. This leaves organizations dependent on tools that cannot be held accountable when regulators ask tough questions.

From a compliance standpoint, this has a direct connection to sustainability. DOJ guidance emphasizes the need for continuous program improvement and the development of compliance capabilities. A department that loses skills to AI outsourcing may look efficient on paper, but it becomes brittle in practice.

Compliance leaders should strike a balance by reserving certain core tasks, like drafting root cause analyses or preparing investigation reports, for human-led execution, even if AI could technically do them faster. These are the muscle-building exercises of compliance, and like any workout, skipping them leads to long-term weakness.

3. AI Risks Weakening Relationships and Organizational Trust

Compliance does not happen in a vacuum. It thrives or fails based on relationships. Internal trust with business units, credibility with senior leadership, and even informal rapport built during brainstorming sessions all matter.

AI, however, threatens to reduce these interactions. Mortensen notes that the computational power of AI allows individuals to solve problems alone that previously required teams. While efficient, this independence comes at a cost: fewer interpersonal touchpoints, weaker social ties, and ultimately, reduced trust.

For compliance, this risk is especially acute. Much of our effectiveness hinges on being seen as collaborative partners, not bureaucratic enforcers. If AI reduces the frequency of conversations around risk assessments, policy updates, or investigations, compliance officers may lose opportunities to build influence. Worse, an “AI does it all” approach may reinforce perceptions that compliance is transactional rather than relational.

The takeaway here is that AI should never replace human dialogue in compliance. Use it to free up time so compliance officers can spend more energy building relationships with line managers, auditors, and employees, rather than less. The culture of compliance is rooted in trust, and no algorithm can generate that.

4. Engagement and Ownership Can Decline with Over-Automation

Engagement matters. Mortensen defines it as being psychologically present in the work. For compliance professionals, engagement translates into vigilance: spotting red flags, questioning anomalies, and challenging assumptions.

But AI introduces a risk of disengagement. When it summarizes investigation interviews or drafts compliance dashboards, humans can become passive consumers rather than active participants. Over time, “good enough” replaces “deep enough.”

This erosion of ownership is dangerous for compliance. Regulators increasingly expect companies to demonstrate not only robust processes but also genuine cultural buy-in. If compliance staff are disengaged because AI has taken over too many cognitive functions, the program risks becoming a paper tiger, form without substance.

To counter this, compliance leaders should intentionally design workflows where humans must interpret and add value to AI outputs. For example, AI can generate a first-pass risk heat map, but compliance officers should validate and adjust it based on local context and business realities. That layer of judgment keeps engagement alive and maintains a sense of accountability.

Ultimately, compliance is about judgment, not just information. AI can support but never substitute for human ownership of ethical decision-making.

5. Homogenization Threatens Compliance Program Uniqueness

Every compliance program reflects its company’s unique culture, risks, and leadership voice. Mortensen warns that because large language models are convergent technologies, they produce standardized answers. Leaders who rely on AI for memos, presentations, or policies risk erasing their distinctive tone and voice.

For compliance professionals, this risk translates into a loss of authenticity. Regulators, employees, and stakeholders can quickly tell the difference between a policy that reflects real company values and one that reads like a generic AI template. Over time, over-reliance on AI can strip a compliance program of its personality and with it, credibility.

The danger goes deeper. If multiple companies rely on AI to draft similar codes of conduct, policies may look indistinguishable. That creates industry-wide convergence at a time when regulators are looking for tailored programs that reflect specific risks. In effect, AI could make compliance programs less defensible, not more.

The path forward is to use AI as a scaffolding tool, not as a finished product. Compliance officers should inject their organization’s unique voice, industry-specific risks, and leadership tone into every AI-assisted document. Authenticity is non-negotiable in compliance. AI can never be allowed to flatten it.

AI Audits for Compliance Leaders

Mortensen’s framework for an “AI value audit” is particularly relevant for compliance. He suggests three steps: (1) determine the types of value a task creates, (2) prioritize and optimize them, and (3) continually reassess with a “milk test” to ensure the value hasn’t expired.

For compliance, this means asking: Does AI enhance our program without undermining knowledge, skills, trust, engagement, or authenticity? If not, the short-term benefits may not be worth the long-term costs.

AI is here to stay, and compliance officers must learn to harness it. But like every tool before it, AI is not a replacement for judgment, culture, and leadership. It is an assistant, not the evangelist for compliance.