By Aaron Nicodemus, 7 April 2025
Top regulatory compliance challenges and priorities have been revealed in an in-depth survey.
The Compliance Week survey, sponsored by Resolver, a Kroll business that provides risk intelligence solutions to protect over 1,000 of the world’s largest organisations, sought to learn more about regulatory compliance trends, the challenges posed to organisations by the pace of regulatory change, and how firms’ compliance function is handling those challenges. [1]
Of the 102 compliance professionals polled between August and September last year, 32% ranked regulatory change as their top challenge, although only 20% said that they’re taking a highly proactive approach to compliance.
Meanwhile 21% said monitoring and assessing future potential regulatory impacts was a top concern, followed by accessing and integrating internal data, at 17%.
In addition to financial services companies (37%) the survey represented insights from compliance professionals in manufacturing (11%), technology (9%), healthcare (8%); education, government (each 4%); software, and energy/utilities (each 3%).
About 11% of survey respondents had titles of chief compliance officers, 12% said they were compliance managers, and 4% held the title of chief compliance and ethics officer. Many other compliance leadership titles were also represented, as well as leadership in risk, internal audit, and finance.
Horizon scanning for regulations
Experts said that knowing what’s coming in terms of regulations is almost as important as knowing how to respond to regulations already in place.
‘Compliance teams may not have been expected to get ahead and respond to the regulatory changes in the past. Now they are being asked by their organisations, “How will regulatory changes impact our business going forward?”’ said Amanda Cohen, Resolver’s Governance, Risk and Compliance (GRC) Division Head.
‘The trend is for compliance to understand how regulatory changes will affect the way the business operates, and then help the business make decisions that will move the business forward. Those expectations are reflected in what we’re hearing in conversations with customers.’
Take for example the EU Artificial Intelligence Act, which took effect in August and applies to large companies doing business in Europe. If your organisation is US-based, the act may not have direct implications for your business, for now. But the law offers a good framework for high-risk, medium-risk, and low-risk applications of AI tools, Cohen said. And there are risks that misuse of those tools could result in penalties for firms, from multiple jurisdictions.
Applying lessons learned from keeping on top of regulatory change, like the EU AI Act, requires compliance teams to work closely with other divisions within their organisation.
Respondents said they thought they might collaborate more with information security (65%), followed by enterprise risk management (60%); legal and regulatory affairs (56%), and internal audit (51%).
Compliance’s strategic priorities for 2024–25
The survey also asked respondents about their firm’s strategic priorities for 2024–25.
Top priorities for compliance teams included:
- Improve cross-team collaboration across all lines of business (54%)
- Strengthen regulatory processes and controls (52%)
- Streamline compliance reporting (40%)
Top regulatory compliance concerns* were:
- Handling privacy concerns (78%)
- Human resources/employment (51%)
- Financial reporting (49%)
- Anti money laundering (48%)
*Respondents could choose all the concerns that applied.
Financial services firms, however, placed AML regulatory compliance concerns at the top of their compliance list, at 86%. Privacy (75%) and financial reporting (42%) followed.
Proactive or reactive?
Not all compliance teams operate at the same speed, the survey found.
Indeed 53% of respondents categorised their compliance management approach as moderately proactive, defined as prioritising compliance but sometimes reacting to immediate needs. Meanwhile 21% of respondents called their firm’s compliance management approach moderately reactive, which the survey defined as primarily responding to regulatory changes as they occur.
So, how are compliance teams approaching these challenges? The data shows a clear divide between proactive and reactive strategies.
In response 20% called their compliance team “highly proactive,” defined as being able to anticipate regulatory changes and take pre-emptive measures. Only 7% said their firm’s approach was highly reactive, only addressing compliance issues when they become urgent or mandatory.
In another indicator of how quickly respondents thought they could produce a report in response to an emerging compliance issue, 60% said they could produce a report within days, while 27% said within a few weeks, and 7% responded, ‘within minutes.’
‘If so much of your time is being spent monitoring, there are easier and cheaper ways to do that,’ Cohen said.
Highly proactive approaches typically have good or excellent integration between their risk and compliance functions, said Pooja Azhalavan, Senior Manager, Product Marketing at Resolver.
‘The future of compliance lies in risk-based practices. Organisations must provide clear, documented evidence that they are not only meeting regulatory requirements but also achieving the intended outcomes of those regulations,’ she said. ‘This means demonstrating reduced incidents, improved audit results, and maintaining comprehensive records and audit trails. It also requires conducting regular tests and verifying that controls are effective.’
Time spent monitoring regulatory change/adopting compliance procedures
- 200-300 hours per year – 25%
- More than 400 hours per year – 22%
For financial services firms, 28% of respondents said they spent 400 hours or more on such tasks annually, but even more – a combined 44% –said they spent less than 200 hours a year.
Finding efficiencies in monitoring regulatory change should be a priority for compliance teams of any size and any industry, experts say.
AI use in compliance
Respondents were asked in what areas were they considering using tools powered by AI.
With AI tools being considered to drive efficiencies in regulatory reporting (19%), policy generation (17%), scoping obligations into assessments (16%) and controls suggestions and mapping (15%), compliance teams can spend less time reacting and more time planning ahead.
Azhalavan called automation ‘a superpower for compliance teams.’
‘You simply can’t manage today’s compliance needs with spreadsheets,’ she said. ‘Organisations using integrated GRC platforms report up to 75% improvement in compliance testing efficiency. This shift will encourage chief information security officers to rethink their tech architecture, driving the adoption of new capabilities they may not have previously considered.’
This article has been republished with permission from Compliance Week, a US-based information service on corporate governance, risk, and compliance. www.complianceweek.com