In a world that moves at break-neck speed, corporate legal and compliance teams have never faced greater pressure to stay ahead of the game. The result is a function that is not just reactive to risk, but increasingly proactive in shaping corporate behavior and decision-making.
Partner|Washington, DC
Partner|Los Angeles
Partner|London
This year’s Global Compliance Risk Benchmarking Survey offers a timely snapshot—based on insights from 265 senior compliance, legal and risk professionals worldwide—of how today’s legal and compliance leaders are adapting to new technologies, regulatory expectations and cultural shifts in business conduct.
The themes explored in this year’s survey reflect the changing nature of legal and compliance risk management. Artificial intelligence (AI) is becoming an operational reality within legal and compliance teams. Our findings show that while a growing number of organizations are deploying AI to drive efficiency and clarity in investigations and reporting, concerns about accuracy, governance and data privacy remain significant. As adoption increases, so does the need for guardrails to ensure that the use of AI enhances—rather than undermines—operational integrity.
We explore not only whether organizations are using AI, but also how long they have been doing so; the primary motivations driving adoption; the specific uses being prioritized; and the perceived advantages gained by users. Crucially, we also investigate the key concerns surrounding AI utilization; the prevalence of governance policies; the integration of AI risk into broader enterprise risk management (ERM) frameworks; and controls being implemented to ensure the trustworthiness and reliability of these tools.
Additionally, we examine the use of off-network messaging applications—tools that are convenient for employees, but often challenging for legal and compliance teams to monitor and access. The findings suggest that while many companies are implementing written policies, only a minority actively collect or audit off-network communications, raising questions about whether they do and, if so, how well these policies are being enforced and whether they are sufficiently comprehensive in scope, as well as emphasizing the importance of clear risk leadership and the right “tone from the top”. Regulators are watching this space closely, and companies must consider whether their current approaches are sufficient in both spirit and substance.
The conversation around compliance incentivization shows promising signs of maturity. Many organizations are now integrating compliance metrics into compensation and performance frameworks. This finding suggests a shift from relying solely on punitive measures toward building a culture where ethical behavior is actively recognized and rewarded. Yet, the effectiveness of these programs depends not just on their existence, but on whether and, if so, how consistently they are implemented and whether they are aligned with broader business goals. The survey sheds light on the growing use of compliance-linked key performance indicators (KPIs) and how these are shaping both corporate culture and accountability.
In the final section, the report explores how companies are approaching voluntary self-disclosure to the United States Department of Justice (DOJ). While many companies now have formal processes to assess potential misconduct and to consider self-reporting, concerns about cost, reputational risk and the perceived benefits of disclosure continue to hold some organizations back. These concerns should be considered in the context of the global landscape. It remains to be seen, for example, the extent to which updated UK guidance on corporate self-reporting will factor into the equation for multinational organizations.
Together, these findings offer a nuanced view of how legal and compliance teams are navigating the demands of a digital, distributed and demanding business environment. From emerging technologies to traditional risk domains, the survey provides practical benchmarks and insights for organizations aiming to build resilient, forward-looking compliance programs.
We hope you find this year’s report both informative and thought-provoking.
Key takeaways
Given the far-reaching nature of the survey and the findings within, as well as the changing nature of the compliance function, below are five takeaways that every legal and compliance leader should keep front of mind.
1. AI adoption is accelerating—and governance must keep pace
As more compliance teams deploy AI to streamline investigations and analyze risk, oversight frameworks need to evolve in parallel. Clear internal policies, strong ERM integration and proactive controls are essential to avoid over-reliance and ensure ethical, defensible use of these tools.
2. Managing off-network messaging is now a baseline expectation
Having a policy on off-network messaging is no longer a differentiator—it’s a minimum requirement. Policy enforcement mechanisms, such as backup requirements and audit trails, are the next frontier, and organizations lagging here risk falling short of regulatory expectations.
3. Compliance incentives are working—but must go deeper
Tying compensation and recognition to compliance outcomes is gaining traction and positively shaping behavior. To be effective, however, these programs must apply across employee levels and extend to third parties. Selective or symbolic application risks undermining their impact.
4. Voluntary disclosure is still a difficult choice; decision frameworks help
While concerns about cost, reputational harm and prolonged regulatory scrutiny persist, many organizations are still investigating and remediating misconduct—even when they opt not to self-disclose to the DOJ. The trade-offs are real: Voluntary self-disclosure may lead to reduced penalties and credit for cooperation, but it can also trigger intense external investigation, significant legal fees and public exposure. Building robust internal frameworks to assess these scenarios—and engaging regulators early where appropriate—can help organizations make more confident, consistent decisions.
5. Compliance is becoming a strategic function
As risks grow more complex and digitalized, the compliance function is evolving into a strategic advisor to the business. This shift not only requires more resources, but also a change of mindset—embedding compliance thinking into executive-level planning.
Contacts
Partner|Washington, DC
Partner|Los Angeles
Partner|London
View full image: What is your role within your organization?* (PDF)
View full image: Approximately how many people are employed by your organization? (PDF)
View full image: Where is your organization’s corporate headquarters located?* (PDF)
View full image: Is your organization publicly listed? (PDF)
View full image: Is your organization listed in multiple countries? (PDF)
View full image: Does your organization have a Compliance and Ethics function or equivalent? (PDF)
View full image: In what industry sector does your business primarily operate?* (PDF)
Excluding internal audit, how many people in your company are responsible for carrying out the Compliance and Ethics function?
View full image: What is your organization’s approximate annual revenue in U.S. dollars? (PDF)