CCO Insight: AI in Focus
The Role of Compliance in AI Governance
“A common concern amongst compliance officers as they strive to implement AI governance and frameworks throughout the organization is trying to manage a new class of risks—including regulatory—using tools, structures and instincts built for a different era.”
Laura Byerly
Managing Director
What is top-of-mind for risk and compliance leaders as they reflect on the role of Compliance in AI governance?
KPMG asks Chief Compliance Officers (CCOs) about AI’s value, its visibility within their organization, and the volume of challenges they experience as their companies continue integrating AI into the business.
Highlights include:
Value:
- Development: Encouraging employees to develop AI tools for varying use cases.
- Use Cases: Identifying new use cases following development and deployment of AI tools including document translation, interview summaries, internal investigations, and suspicious activity monitoring.
- ROI: Measuring value expected to be derived from significant technology and AI investments.
Visibility:
- Oversight: Board and Compliance involvement in creating AI governance committees to provide strategic guidance and focus on areas including risk, innovation, and resilience.
- Monitoring: Visibility into new tools created by employees throughout the firm.
Volume of Challenges:
- Aligning the pace of technological change (e.g., AI‑native capabilities in governance, risk, and compliance) with appropriate frameworks.
- Increasing volume of state AI legislation.
- Scaling the accelerated pace of development with oversight and monitoring.
KPMG Perspective
Compliance, management, and boards face significant pressure to keep pace with, and manage, the impact of AI and other disruptive technologies on the business model. It is critical to understand the firm’s AI strategy and its related risks and opportunities, and to closely monitor governance structures and talent needs associated with these technologies—especially given the growing lag between technology advancement and enterprise adoption.
A disconnect between aspirations and achievement*
US firms’ tech journeys have slipped back slightly year-on-year, especially in scaling AI use cases. While 34 percent of respondents say their tech strategy is funded and supported, only 10 percent describe their tech implementation progress, on average, as fully scaled and their approach continually evolving.
AI-first enterprise ambitions*
US companies aim to become AI-first, integrating AI into every aspect of operations. Only 31 percent claim they are innovating and deploying AI use cases at scale, delivering ROI across multiple use cases, expected to reach 79 percent by year-end 2026.
For more compliance-related insights and perspectives, see “Relevant Thought Leadership” below.
Relevant Thought Leadership
State AI Safety Laws: California and New York
Safety Protocols, Incident Reporting, Civil Penalties
Cybersecurity: NIST Draft Cybersecurity Framework for AI
AI-specific considerations layered into the CSF 2.0
Data governance in the age of AI
Examining the shifting paradigm to a united governance umbrella
KPMG 2026 US Technology Survey report
In today's rapidly evolving digital landscape, data and technology leaders face unprecedented opportunities and complex challenges.
Subscribe to receive regulatory and compliance transformation insights
By registering you will periodically receive additional compliance-related communications from KPMG.
Explore more
Regulatory and compliance transformation
Building an innovative compliance risk management program for tomorrow requires an investment today
Ten Key Regulatory Challenges: 2025 Mid-Year Report
Growing regulatory divergence and fragmentation are key trends to watch in second half of 2025, according to KPMG's latest report.
First 100 Days: Where (De?)Regulation Goes from Here
Navigating regulatory uncertainty