- 32% are ‘in the early stages of incorporating AI into their compliance framework’
- 32% have not yet adopted AI for compliance purposes
- 51% view ‘advancements in AI and technology’ as the biggest driver for change in compliance over the next five years
21 July 2025, London, United Kingdom – Only 1.6% of firms have ‘fully integrated’ AI into governance, risk and compliance (GRC) processes despite more than half (51%) viewing ‘advancements in AI and technology’ as the biggest driver for change in GRC over the next five years, according to a new report from the International Compliance Association (ICA), the leading professional body for the global regulatory and financial crime compliance community.
Drawing on insights from 383 compliance professionals across 87 countries, “Navigating the future: The role of governance, risk and compliance in modern business” reveals that although respondents overwhelmingly viewed technology as a solution to rising GRC costs, with 47% planning to increase investment in automation, the majority remained in the early stages of AI implementation. The results suggest that AI uptake in GRC is proceeding at a slower pace than in some other business units.
According to the report, 32% of those questioned were ‘in the early stages of incorporating AI into [their] compliance framework’, and another 32% had not yet adopted AI for GRC purposes. Significantly, 41.3% of respondents were ‘not concerned at all’ about GRC jobs being displaced by AI, compared with 11.3% being ‘very concerned’.
Despite economic pressures, 68.5% of respondents reported a slight or significant increase in their GRC budgets over the past three years, with many firms prioritising automation and strategic reprioritisation of compliance strategies over cuts.
Regulatory change was highlighted as the single biggest challenge for respondents, with 38.7% citing ‘keeping up with new regulations’ as the number one issue when it comes to managing costs.
Only 4.7% of those surveyed reported that ‘activity is underway to remove governance, risk and compliance controls’ in response to moves to reduce the regulatory burden, whereas 48.4% reported that these measures have had ‘no impact at all’ on them.
Within a climate of deregulation, 28% of those questioned ranked ‘understanding the business’ as the single most important compliance activity, followed by ‘educating the business’ (17.2%) and ‘interpreting and applying regulatory requirements’ (15.6%).
ICA Vice President, Tim Tyler, commented: “This report offers valuable insight to the challenges we face within the compliance profession. One statistic stands out, at 1.6% the tiny proportion of firms that have fully integrated AI into compliance processes. This is, perhaps a good thing however. AI is evolving at a staggering rate. It presents many risks, but perhaps the greatest of these is that we adopt in haste, developing undercooked solutions that fail to address the core issues or create new and unseen threats.”
Rosalind Dixon-Burnett, Global Lead and Course Director, Governance, Risk & Compliance, ICA, added: “ICA’s latest report reveals the ongoing evolution of GRC professionals — from technical specialists to strategic business enablers. Today, relationship management is emerging as the defining skill, with GRC leaders increasingly valuing the ability to build trust and influence across the organisation as essential for future success."