By Ty Francis, article first published in The Data Administration Newsletter.
Compliance today isn’t just about keeping pace with rules and regulations; it’s about keeping pace with culture. Globalisation, geopolitical uncertainty, and rapid shifts in technology mean the risks companies face are more complex than ever. Yet too many organisations are still relying on legacy systems, outdated processes, and once-a-year, check-a-box training to protect their people and their reputations.
This year, my company reported in its 2025 Programme Effectiveness Report that for two consecutive years, the top challenges businesses face when handling ethics and compliance (E&C) have remained unchanged. Respondents noted that outdated systems and the regulatory environment have made addressing culture more difficult. As the standard surrounding compliance begins to demand more of companies, a failure to meet growing requirements will have consequences on a company’s bottom line and its reputation.
According to the Spring 2025 edition of the Unified Agenda of Regulatory and Deregulatory Actions, a biannual report that outlines the volume of regulatory changes made over the year, 2025 is expected to have nearly 3,000 changes. Current trends point to near-term regulatory pressures easing in some industries due to a surge in deregulation, while planning for the future is further complicated by a growing backlog of long-term regulatory actions. The current state of the world doesn’t allow for organisations to disregard such a fluid state of regulation, and companies must remain vigilant of these changes and react proactively to ensure risk-adverse operations.
The cost of poor compliance
As pressure to meet rising expectations tightens operations, compliance can often fall to the wayside, with changing regulations and a failure to meet requirements often to blame. A recent example of this comes from the Paxos Trust Company, which recently announced a $48.5 million settlement, concluding a multi-year investigation into the company’s anti-money laundering and due diligence practices. As part of the settlement, Paxos needed to invest $22 million to strengthen its compliance infrastructure. This is just one example of how companies need to invest in compliance before a costly mistake can be made. This extends to more than just the culture of a company; while intrinsic to compliance, many companies suffer from ineffective data collection, storage, and processing.
A recent survey conducted in 2025 revealed that 74% of businesses consider data quality as a critical or high priority. While the adage, “If it’s not broken, don’t fix it,” lends itself to a lot of situations, compliance is not one of them. Storage trapped in legacy systems can cost companies thousands of dollars. Data silos, or data stored in isolation that is unavailable to other parts of the organisation or their systems, are a common issue facing outdated technology. In addition to making data less accessible, keeping these systems up to date can be costly for companies.
Let’s not forget that only a year ago, the DOJ announced via its update to its Evaluation of Corporate Compliance Programs Memorandum (ECCP) that it expects organisations to have mechanisms in place to measure the commercial value of their compliance investments. The new guidance also asked whether resources dedicated to the compliance function are proportionate to the size and scope of the business, highlighting a shift toward scrutinising whether compliance is adequately resourced relative to business operations.
Compliance and soft data
Many see onboarding a new employee as one of the only needed touch points to instill company culture into new hires, with many leaving compliance to each employee’s discretion. This shift is observed in our 2025 Global Study on E&C Programme Maturity, which found that only 38% of businesses provide specific guidance on integrating ethics into business decisions. This is confounded by one of the hurdles in tracking compliance, and that is how much of the data is soft data. Instead of hard numbers and tick boxes, ethics exists in patterns and behaviour, which involves a deeper understanding of staff decision-making processes. The same report also found that this aspect is lacking, with only 44% of companies measuring training effectiveness through comprehension testing, and just 37% tracking misconduct trends post-training. With so few following up to see the effectiveness of training, this data underscores the need for a cultural shift towards more effective and more detailed tracking of data.
This lack of follow-through weakens the integrity of compliance programmes and signals a broader disconnect between stated values and actual practices. A failure to embed ethics into daily operations and decision-making risks fostering a culture where compliance is seen as a formality rather than a shared responsibility. Without measurement and accountability structures, even well-intentioned training can become performative, leaving organisations blind to emerging risks. Building a truly ethical culture requires ongoing engagement, reinforcement, and technology that captures the nuances of behaviour over time. To close the gap, organisations must evolve from static, checkbox-driven approaches to dynamic, feedback-informed systems that integrate E&C into the living fabric of the workplace environment.
Creating more resilient systems
AI has revolutionised many fields, with compliance management being one of them. By equipping organisations with tools to navigate increasingly complex regulatory landscapes with greater agility and accuracy, they can create bandwidth for more comprehensive information gathering surrounding compliance, as well as the storage and comprehension of that information. AI solutions offer real-time monitoring of regulatory changes and leverage predictive analytics to notify compliance teams of emerging rules and potential risks, thereby reducing the likelihood of delayed responses.
These technologies also streamline traditionally time-consuming tasks such as document reviews, audit logging, risk assessments, and transaction monitoring, which improves operational efficiency and mitigates human error. AI-driven compliance systems also leverage natural language processing to analyse new legal texts, ensuring that compliance checklists and policies remain up to date in real-time as regulations evolve. These platforms also often feature centralised dashboards with built-in analytics and visualisations that help governance teams identify gaps, monitor control effectiveness, and continuously track their risk posture. By equipping compliance teams with tools that expedite their ability to make high-level decisions, companies can digest and take advantage of data that previously lay unused or lost.
The new standard
AI and data-driven tools can help compliance leaders see around corners. But technology alone won’t build resilience. The real differentiator is how leaders use that data to embed ethics into decision-making and hold themselves accountable.
Boards, regulators, employees, and investors are no longer willing to accept the familiar but outdated check-the-box approach to compliance. They expect a culture of integrity, backed by clear metrics and meaningful follow-through. The organisations that recognise this shift and invest early in smarter systems, sharper insights, and stronger cultures won’t just avoid the next headline. They’ll set the standard for trust and long-term success.
