Key insights:

• • • SAR volume is significantly underreported — Continuing and amended filings add approximately 20% to the official count yet remain invisible in trend analyses.

    • Filing activity is highly concentrated — A few large financial institutions dominate SARs volume, meaning trends reflect their practices more than systemic changes.

    • Agentic AI will drive a surge in SARs — Agentic AI risks increased noise over actionable intelligence, without addressing the unresolved question of whether current filings yield meaningful law enforcement outcomes.

The Suspicious Activity Reports (SAR) that financial institutions file with the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) provide valuable insight, although they may not offer a comprehensive picture.

Prior to meaningful discussions regarding the future of SARs, it is essential for the financial crime community to clarify what is being measured. In 2025, for example, SAR filings of more than 4.1 million, representing an almost 8% increase compared to the total number of SARs filed in 2024.

Every figure FinCEN has published reflects original SARs only. Continuing activity SARs, which represent roughly 15% of all filings, are submitted under the original Bank Secrecy Act (BSA) identification number and never appear as new filings. Corrected and amended SARs add another 5% on top of that. This makes the real volume of SARs activity approximately 20% higher than what is reported.

The average community bank files fewer than one SAR a week, while the largest institutions file more than 500 a day.

Recent FinCEN guidance giving financial institutions more flexibility around continuing activity SARs sounds significant on paper, but as former Wells Fargo BSA/AML chief Jim Richards points out: “It won’t change the reported numbers — because those filings were never counted to begin with.” Financial crime professionals need to keep that gap in mind every time a trend line gets cited.

2025 was steady, not spectacular

There were roughly 300,000 SARs filed every single month of 2025, and the most notable thing is that nothing notable happened. That is likely a first on the volume side and worth acknowledging, but beyond that milestone the year did not hand financial crime professionals anything noteworthy. In a space that has dealt with pandemic distortions, crypto chaos, and fraud spikes that seemed to come out of nowhere, steady volume and predictable patterns are a little surprising. A quiet data set, however, is not the same as a quiet landscape, and financial crime professionals who are reading stability as stagnation may find themselves flat-footed when the numbers start moving again.

For example, one of the most underleveraged insights in the SARs space is just how concentrated filing activity really is. The numbers are stark: The top four banks file more SARs in a single day than 80% of the rest of the banks file in 10 years, according to 2019 data from a .

The average community bank files fewer than one SAR a week, while the largest institutions file more than 500 a day. “50 a year versus 500 a day,” notes Wells Fargo’s Richards, adding that such asymmetry has real implications for how the financial industry interprets trends. Meaningful movement in SARs data, up or down, is almost entirely dependent on what a handful of mega-institutions decide to do.

Not surprisingly, money services businesses (MSBs) are the second largest filing category, and virtual currency exchanges are almost certainly driving recent growth there, even if outdated category definitions make that difficult to confirm directly. Credit unions round out the top three.

The filing philosophy hasn’t changed and shouldn’t

Regulatory noise occasionally suggests that institutions should be more selective about what they file. However, compliance and legal reality have not shifted. No institution has ever faced serious consequences for filing too many SARs, and the cases that result in enforcement actions, reputational damage, and regulatory scrutiny are consistently about missed filings or late ones.

“You’re not going to get in trouble from filing too much,” Richards says. “Nobody ever has, and I doubt if anyone ever will.” For financial crime professionals, the calculus remains exactly what it has always been — when in doubt, file. That posture isn’t going to change, and frankly it shouldn’t.

Yet, here is where the SARs space gets genuinely interesting. Agentic AI use in SARs filings — systems in which multiple AI agents work through a case from screening to decision to documentation — is beginning to move from concept to deployment. The impact on filing volume likely will be significant.

The risk is a system flooded with AI-generated SARs of variable quality, creating more noise for law enforcement to sort through rather than sharper intelligence to act upon.

Whereas a small team today might work through a handful of cases a week, AI-assisted workflows could push that into the dozens. Multiply that across institutions already inclined to file rather than miss something, and the result is a coming surge in SARs volume that could play out over the next two to four years.

“Agentic AI has the potential to be a game changer on how we do our work,” Richards explains. “But I believe it’ll guarantee that there will be more SARs filed and not necessarily better and fewer SARs filed.” Indeed, the critical point for the financial crime community to internalize is exactly that.

The risk is a system flooded with AI-generated SARs of variable quality, creating more noise for law enforcement to sort through rather than sharper intelligence to act upon. Once the largest institutions adopt agentic AI as a best practice, others will follow quickly, and regulators will likely be several steps behind.

The value question can’t wait

The has been in place since 2014. Yet after 12 years of filings, the financial crime community still lacks a clear public accounting of whether that data has produced actionable law enforcement outcomes.

So, the question Richards is asking is one the entire industry should be asking: “Has anybody asked law enforcement?”

This question reflects a larger challenge that the industry needs to confront more aggressively, especially as AI technology is set to dramatically increase filing volume across the board. Increasing the volume without improving how the information is used does not represent progress. If SARs are not generating real investigative value, the solution is not to file more of them faster — instead, the pipeline should be fixed before it grows any bigger.

Please add your voice to ��������’ flagship , a global study exploring how the professional landscape continues to change.��

Key insights:

• • • Non-compliance is significantly more expensive than compliance — Data consistently shows the cost of non-compliance can be greater than proactive compliance investments.

    • Reputational damage and hidden costs often outweigh direct fines — Beyond financial penalties, the damage from legal fees, loss of customer trust, and operational disruptions from non-compliance can inflict long-term harm.

    • Strategic investment in compliance yields a competitive advantage — A robust compliance program builds trust, attracts investors, and demonstrates greater operational resilience in a complex regulatory landscape.

There’s a persistent myth in the business world that compliance programs are a necessary burden, a line item to be minimized and managed rather than invested in strategically. The data tells a very different story, however, and it has for quite some time. For organizations still treating compliance as an overhead expense, it’s time to reconsider the math and view the broader strategic picture.

The numbers don’t lie: Non-compliance costs more

Non-compliance costs are 2.65-times the cost of compliance itself, a finding that dates back to the of multinational organizations. While the average cost of compliance for the organizations in that study was $3.5 million, the cost of non-compliance was much greater. That means simply by investing in compliance activities, organizations can help avoid problems such as business disruption, reduced productivity, fees, penalties, and other legal and non-legal settlement costs.

According to a later report from from 2017 (the most recent set of analytical data on the subject), the numbers have only grown more striking. The study showed that average cost of compliance increased 43% from 2011 to 2017, totaling $5.47 million annually. However, the average cost of non-compliance increased 45% during the same time frame, adding up to $14.82 million annually. The costs associated with business disruption, productivity losses, lost revenue, fines, penalties, and settlement costs add up to 2.71-times the cost of compliance.

And these non-compliance costs from business disruption, productivity losses, fines, penalties, and settlement costs, among others aren’t simply abstract risks. They’re real, recurring, and measurable, and they don’t stop with the fine itself.

Beyond the fines themselves, legal costs are a significant and often underestimated component of non-compliance.

This gap between compliance and non-compliance provides evidence that organizations do not spend enough of their resources on core compliance activities. If companies spent more on compliance in areas such as audits, enabling technologies, training, expert staffing, and more, they would recoup those expenditures and possibly more through a reduction in non-compliance cost.

While the math here is straightforward, the strategic case is even clearer. Compliance isn’t overhead; rather, it’s an investment with a measurable, proven return.

The hidden costs: Legal fees, fines & reputational fallout

Regulatory fines get the headlines, but they represent only part of what non-compliance actually costs an organization — a cost that has only risen over time. As of February, a total of 2,394 fines of around €5.65 billion have been recorded in the database, which lists the fines and penalties levied by European Union authorities in connection with its General Data Protection Regulation (GDPR).

Beyond the fines themselves, legal costs are a significant and often underestimated component of non-compliance. Regulatory norms are shifting constantly and navigating them requires specialized expertise. As quickly as the rules change, outside counsel and compliance specialists must keep pace, and that knowledge comes at a price. Every alleged compliance violation triggers an immediate need to engage qualified counsel, adding to a cost burden that compounds quickly and unpredictably.

Then there is reputational damage, perhaps the most enduring consequence of all. The cost of business disruption, including lost productivity, lost revenue, lost customer trust, and operational expenses related to cleanup efforts, can far exceed regulatory fines and penalties. Consider , whose compliance failures around its anti-money laundering (AML) efforts became a cautionary tale for the industry. TD Bank’s massive $3 billion in fines from US authorities wasn’t just the result of a few missteps; rather, it was caused by years of deep-rooted failures in its AML program, pointing to a culture that prioritized profit over compliance.

The findings from both the 2011 and 2017 studies provide strong evidence that it pays to invest in compliance.

TD Bank’s failure to make compliance a priority not only led to a huge fine but also seriously damaged its reputation, with revising TD’s outlook to negative in May 2024, where it remains. This is the kind of a reputational stigma that can take years to repair.

Leveraging compliance as a competitive advantage

There is also a positive side of the ledger that often goes unacknowledged. A robust compliance program signals to investors, partners, and clients that an organization is well-governed and trustworthy. That reputation doesn’t just retain market value; it actively attracts it.

Organizations that cut corners in compliance risk engaging in a short-sighted, high-risk strategy that will ultimately result in a negative outcome for the organization. Businesses that take compliance seriously tend to operate with greater predictability, fewer surprises, and stronger stakeholder confidence.

The 2017 Ponemon and Globalscape and study found that, on average, only 14.3% of total IT budgets were spent on compliance then, not much of an increase from the 11.8% reported in 2011. This clearly indicates that organizations are underspending on core compliance activities in the short term and aren’t prepared to allot further resources as the years go on. That gap represents not just risk, but a clear missed opportunity.

“The findings from both the 2011 and 2017 studies provide strong evidence that it pays to invest in compliance,” explains Dr. Larry Ponemon, Chairman and Founder of the Ponemon Institute. “With the passage of more data protection regulations that can result in costly penalties and fines, it makes good business sense to allocate resources to such activities as audits and assessments, enabling technologies, training, and in-house expertise.”

The organizations that recognize compliance as a strategic function, not a reactive one, are the ones that will earn the trust of clients, the confidence of investors, and the operational resilience to weather an increasingly complex regulatory environment. The data is clear, and the choice is a critical one.

Please add your voice to ��������’ flagship , a global study exploring how the professional landscape continues to change.��

Key takeaways:

• • • Human trafficking is a financial crime — Without the financial system, human trafficking networks cannot operate at scale. Banks, compliance officers, money transmitters, and casinos are uniquely positioned to detect suspicious patterns.

    • The 2026 World Cup amplifies existing risks — With 5.5 million additional visitors expected in Mexico City alone, criminal networks will exploit the surge in cash flows, new customers, and cross-border movement.

    • Red flags are observable in financial behavior — Human trafficking networks often leave detectable financial footprints, which is why financial institutions must update monitoring systems and stay alert to unusual transaction spikes during the tournament.

MEXICO CITY — As the 2026 FIFA World Cup get ready to hold its tournament in June and July across three North American countries, anti-human trafficking experts are meeting as well and attempting to address the challenges facing the three host countries of the largest World Cup in history.

To that end, the Association of Certified Anti-Money Laundering Specialists (ACAMS), in partnership with ��������, organized one such event, focused on the scourge of human trafficking that often surrounds large sporting events like the World Cup.

One speaker at the event noted an important clarification in the difference between human trafficking and human smuggling — two terms that are frequently confused yet carry vastly different legal and humanitarian implications. The key distinction lies in consent and the nature of the crime. In human smuggling, the individual being transported across borders consents to the movement, typically driven by socioeconomic necessity, and the offense is considered a crime against the state. Human trafficking, by contrast, is a crime committed directly against the victim, often involving exploitation through force, coercion, threats, or deception, and does not require the crossing of any international border.

The ACAMS event challenged the common belief is that human trafficking is exclusively sexual in nature. In fact, there are 10 additional forms of exploitation beyond sexual abuse, including slavery, forced labor or services, use of minors in criminal activities, forced marriage, servitude, labor exploitation, forced begging, illegal adoption of minors, organ trafficking, and illicit biomedical experimentation on human beings.

As the World Cup approaches, financial institutions’ compliance teams must recognize that the same operational conditions that make major sporting events exciting are precisely the conditions that money launderers and traffickers seek to exploit.

Still, sexual exploitation remains the dominant form of human trafficking. Indeed, it is the second most lucrative illicit business in the world after drug trafficking, with every 15 minutes of sexual abuse of a trafficking victim generating approximately $30.

Of course, without clients, there is no demand, said one speaker from the ÁGAPE Foundation, an organization that works to raise awareness against gender-based violence and human trafficking.

Financial sector as a key line of defense

When identifying human trafficking, it’s wisest to examine it from a financial perspective to find important indicators, according to several speakers. Indeed, the financial sector plays a critical role given its capacity to detect suspicious accounts and payments, shell companies, cash movements, digital platforms, and commercial operations.

For example, when a customer opens an account or conducts a transaction, certain red flags can be visible, including whether the customer needs to consult notes to answer basic questions such as their address or occupation, or that their responses are not spontaneous or natural. Also, another indicator is if the customer’s profile is inconsistent with the type or volume of transactions being conducted.

For financial institutions, there are other patterns that have triggered alerts in illicit activity in the past, including near-immediate deposits and withdrawals with no clear justification for the cash flow, or multiple individuals registered at the same address or linked to the same account.

Similarly, another red flag would be if there’s a high number of accounts opened from the same state or municipality with similar patterns, particularly in areas identified as origin points for trafficking networks; or, payment of multiple short-term rentals or payments abroad to unverifiable recruiters or employment agencies.

Financial institutions should be on the lookout for companies that file no tax returns or invoice simulated transactions, or that use of front men to open accounts or conduct operations.

Also, new businesses whose declared activity does not correspond to their financial operations should be flagged, as well as any frequent, large-volume purchases of condoms, lingerie, or women’s clothing inconsistent with the declared business activity.

Indicators at the 2026 World Cup

In the context of major sporting events such as the World Cup, existing risks are significantly amplified, several speakers pointed out. Sexual tourism, including the commercial sexual exploitation of children and adolescents, is a known and serious threat. Indicators that are relevant not only for the financial and banking sectors, but also for the real estate, tourism, transportation, hospitality, and restaurant industries including unusual accommodation requests, such as deactivating security cameras, delivering keys through third parties, or inquiring about the presence of neighboring guests.

When identifying human trafficking, it’s wisest to examine it from a financial perspective to find important indicators, and the financial sector plays a critical role given its capacity to detect suspicious accounts.

These industries should also be on the lookout for any adult or group of adults traveling with an unusually large number of minors, or individuals who travel in silence and are accompanied by someone who appears to exercise visible control over them.

As the World Cup approaches, financial institutions’ compliance teams must recognize that the same operational conditions that make major sporting events exciting — high transaction volumes, new customers, cross-border flows, and institutional attention diverted toward the event itself — are precisely the conditions that money launderers and traffickers seek to exploit.

For these compliance teams, monitoring systems must be updated, know-your-customer processes must go beyond documentation and reflect a genuine understanding of the client’s activity and context, and on-site verification visits must be conducted by personnel who know exactly what they are looking for.

The financial sector does not need to become an investigative body; however, it does need to remain alert, informed, and willing to report. Indeed, this is exactly what the compliance function exists for, and in the context of human trafficking, the cost of silence is measured not in fines or reputational damage, but in human lives.

Please add your voice to ��������’ flagship , a global study exploring how the professional landscape continues to change.��

Key insights:

• • • Convenience has outpaced consumer understanding —��Many users treat apps, prepaid accounts, and rewards programs as simple payment tools, remaining unaware they are entrusting their money to entities with few safeguards.

    • Risk is no longer confined to traditional banks — Some of the most significant financial activities now occur within platforms and brands that do not resemble banks at all.

    • Opacity enables systemic vulnerability — The less transparent an institution’s obligations, leverage, and oversight, the easier it is for financial fragility, misconduct, and systemic risk to grow unchecked.

When you think of where money is held, you generally think of a bank. However, as we look at the financial landscape today, money is being held at a wide range of institutions that often have varying levels of safety and oversight. Entities from Starbucks to Visa to Coinbase hold money for individuals, effectively serving as a bank, but often without the regulatory framework that comes with it.

Behind the scenes, it can seem like . In its daily operation, it collects prepaid funds that resemble deposits, holds them as liabilities, and uses them internally — all without offering interest, cash withdrawals, or FDIC insurance. Starbucks’ rewards program holds $1.8 billion in customer cash, and if it were a bank, that would make it bigger, , than 85% of chartered banks, making the coffee chain one of the .

This dynamic extends well beyond coffee shops. “Popular digital payment apps are increasingly used as substitutes for a traditional bank or credit union account but lack the same protections to ensure that funds are safe,” warns the . If a nonbank payment app’s business fails, your money is likely lost or tied up in a long bankruptcy process.

Shadow banking

Think of a Starbucks gift card as a financial instrument. Technically it is one, but no one seriously worries about it being weaponized for any large-scale financial crimes. Most people’s concerns about a gift card is either losing it. The real concern lies not in lost gift cards, however, but in the broader trend: Nonbank institutions managing vast sums without commensurate oversight — and scale matters. A lost gift card is a personal inconvenience; but an unregulated institution managing billions of consumer dollars in leveraged capital is a systemic one.

Shadow banking encompasses credit and lending activities by institutions that are not traditional banks, and crucially, they do not have access to central bank funding or public sector credit guarantees. And because they are not subject to the same prudential regulations as depository banks, they do not need to hold as high financial reserves relative to their market exposure, allowing for very high levels of leverage which in turn can magnify profits during boom periods and compound losses during downturns.

The shadow banking ecosystem is diverse, and each segment of it presents distinct risks:

• • Hedge funds and private equity firms��— Firms like Blackstone, KKR, and Apollo manage vast capital pools using leveraged strategies under limited oversight. Their size and borrowing levels may mean that market reversals can trigger rapid deleveraging, spilling risk into broader markets.
  • Family offices��— A private company or advisory firm that manages the wealth of high-net-worth families, these can operate with even less transparency and often outside direct regulatory scrutiny, enabling them to engage in extreme leveraging and posing risks of sudden collapse.
  • Nonbank mortgage lenders and FinTechs��— This group faces lower capital requirements than traditional banks, leaving thinner buffers to absorb losses during downturns, which can be especially concerning considering this sector’s rapid growth.
  • Crypto exchanges��— Like much of the cryptocurrency ecosystem, these exchanges operate in jurisdictional gray zones, complicating enforcement and enabling illicit financial flows.
  • Money market funds — While these are generally perceived as safe, they can suffer runs if confidence in underlying assets erodes, which can force fire sales that destabilize related markets.
  • Special Purpose Vehicles (SPVs) and Structured Investment Vehicles (SIVs)��— These investment instruments allow large institutions to move risk off their balance sheets, rendering such activity invisible to regulators.

Shadow banking may be the single greatest challenge facing financial regulation. These non-traditional institutions act like banks, but without the safeguards that make banks accountable. And where accountability is absent, opportunity often fills the void.

The same opacity that makes shadow banking difficult to regulate also makes it attractive to those with less legitimate intentions. Without mandatory reporting requirements, standardized oversight, or the threat of deposit insurance revocation, these institutions can become conduits for money laundering, fraud, terrorist financing, and sanctions evasion in ways that traditional banks simply cannot. The question is no longer whether these vulnerabilities exist, but how they continue to be exploited.

The challenge of regulation

The global financial system has always evolved faster than the rules designed to govern it. What began as a coffee loyalty program and a few alternative lending platforms has quietly morphed into a parallel financial universe, one that moves trillions of dollars with a fraction of the transparency that traditional banking requires. That gap between innovation and oversight is not just a regulatory inconvenience, it’s an open door for illicit actors.

Closing that door will require more than periodic enforcement actions or piecemeal legislation. It will require regulators, lawmakers, and institutions to reckon honestly with how broadly the definition of a financial institution has expanded, and who bears the risk when things go wrong. Because historically, it has not been the institutions themselves; rather it has been the customers, the investors, and ultimately the public.

The first step, of course, is awareness. Recognizing that your money does not need to be in a bank to be at risk and that the custodians of that money need not be offshore shell companies to operate in shadows, can transform how we think about financial safety.

The line between a convenient app and an unaccountable financial intermediary is thinner than most realize. And in the world of financial crime, thin lines have a way of vanishing entirely.

You can learn more about the��many challenges facing financial institutions today��here

Key insights:

• • • Nature-related risks underreported — Companies’ nature-related interfaces are underreported across industries, despite being increasingly seen as decision-useful information for investors and regulators.

    • Stricter requirements for disclosure growing — Both voluntary and mandatory frameworks are increasing their requirements for nature-related disclosure.

    • Organizations should be proactive — Getting ahead of disclosure trends means that organizations should be measuring their nature-related interface as well as integrating nature-positive transition planning to their business strategy.

As the impacts of nature loss become more prevalent, companies are on business risk and performance. This is due to both physical nature-related impacts and increasing stakeholder pressure on organizations to integrate long-term nature-positive strategies. Managing nature-related impacts and dependencies is a framework-driven mandate for all boards of directors to consider.

Why nature matters

All businesses impact and depend on the four realms of nature: land, freshwater, ocean, and atmosphere to some extent, with the highest impact sectors being . These dependencies could include the provision of water supply to an organization, or services provided by nature to a business, such as flood mitigation. A could result in a $2.7 trillion GDP decline annually by 2030. In turn, most businesses also positively and negatively impact nature.

Financial flows that were determined to be harmful to biodiversity reached , including private investment in high impact sectors, with only $213.8 billion (€184.6 billion) invested in conservation and restoration. Despite this financing gap, less than 1% of publicly reporting companies currently disclose biodiversity impacts, indicating the need to align incentives and policies with nature-related outcomes.

Indeed, nature does not have a single indicator, like greenhouse gas (GHG) emissions; instead, its measurement involves multiple complex, location-specific factors. Despite this, disclosure of nature-related risks and impacts are increasingly being required by regulators.

Regulatory incentives to disclose

The disclosures being driven by regulatory frameworks include material information on all nature-related risks, particularly those requested by the International Sustainability Standards Board (ISSB) and European Sustainability Reporting Standards (ESRS). The ISSB Biodiversity Ecosystem and Ecosystem Services project (BEES) was initially considered a research workplan but was modified to a standard-setting approach.

Through its work, the ISSB due to: i) the deficiencies in the type of information on nature-related risks and opportunities reported by entities, which are identified as important in investor decision-making; and ii) the requirement of nature-related information that is not included in climate-related disclosures, including location-specific information on nature-related interface and nature-related transition planning.

On Jan. 28, all 12 ISSB members voted to , which included two important implications. One is that standard setting is to cover all material information on nature-related risks and opportunities that could be expected to affect an entity’s prospects. And two, it mandated that entities applying International Financial Reporting Standards��S1 and S2 for climate-related disclosures supplement these with nature-related risks and opportunities disclosures as well.

Similar to the ISSB requirements to report material nature-related risks and opportunities, the ESRS also requires information to be disclosed for material impacts, risks, and opportunities found in an entity’s double-materiality assessment. The Task Force on Nature-related Financial Disclosures (TNFD) and its European counterparts have been in close collaboration since 2022, and all 14 TNFD recommendations have been incorporated throughout the ESRS environmental standards.

Companies that are required to comply with the EU’s sustainability reporting mandate also will be required to collect similar data for their future ESRS data points disclosure.

Alongside regulatory requirements, there are voluntary requirements and investor pressure to consider for many organizations. These include investor coordination initiatives on nature such as Nature Action 100 and considering which investors look at Carbon Disclosure Project (CDP) data.

To use the CDP as an example, 650 investors with $127 trillion in assets they needed in 2025. Further, the CDP is increasing its disclosure requirements for nature-related data in its questionnaire as it progresses to . This includes, for example, requiring disclosures on environmental impacts and dependencies for disclosers, enhancing commodities included in the forests questionnaire, and introducing oceans-related questions in 2026.

All of these heightened requirements underscore the need to measure a company’s nature-related impacts and proximity to its nature-related issues.

Implications for company boards

To align with these additional requirements and investor expectations, corporate decision-makers should consider the questions they are asking related to nature, as well as what data is being collected in relation to the organization’s impact on nature. The following steps can give leaders a starting point for how boards should consider this information:

Track relevant developments in regulatory and investor standards — Ensure there is a management-level understanding of how nature is considered in relevant standards for the company based on its current and anticipated locations of operation and specific industry.

Measure nature-related risks and opportunities — Given that identifying material nature-risks, with a particular focus on location specificity, is a common first step across current mandatory and voluntary regulatory frameworks, organizations should conduct a regularly updated, location-specific assessment on the company’s interface with nature, especially in instances in which these issues are material. Organizational leaders should also produce financial quantification of these risks within an overall materiality assessment and corporate risk register. For guidance, the best practice across these regulatory and disclosure frameworks is to utilize the .

Make further disclosure of any material nature-related information, including financial quantification — Frameworks such as the ESRS require further disclosure of any risks that are found to be material, including financial quantification and scale of the risk.

Integrate mitigation of nature-related risks in business strategies — Upcoming standards and research, such as that from the ISSB, indicates that missing disclosure includes company’s nature-positive transition planning. Consider how to integrate nature into long-term business strategies for full alignment with upcoming regulations and standards, including establishing nature-related governance.

Adopting these processes and integrating nature into corporate decision-making will provide corporations with a more future-proof and resilient business model. The increased adoption of nature within these frameworks is driven by the clear economic impact that our current loss of nature is having. This will only continue to become more of a priority as the impacts of nature loss are increasingly felt worldwide.

You can find out more about the��sustainability issues companies are facing around the environment��here

Key insights:

• • • Geopolitical crises fuel financial volatility and illicit activity — Conflicts have traditionally accelerated capital shifts and flows, creating cover for bad actors.

    • Predictable patterns emerge — Financial institutions should watch for sudden cross-border activity, unusual cash deposits, and transactions from border areas.

    • Conflict zones enable black market expansion — They also should adapt their compliance systems to detect more sophisticated methods used by criminals, tightening screening and enhancing staff training.

While business and international politics may appear cold and calculating, these things are often driven by emotion, especially fear — and fear of instability often drives market volatility.

So it goes as the United States attacks one of the world’s largest militaries and supporters of regional terror groups, causing deepening instability in a Middle East already beset by violence. It is certain that there is already a surge of money flowing in and out of the region for different reasons. Legitimate and illegitimate actors alike will seek to both run away from the crisis and profit from it. However, there are some anti-money laundering specific thoughts that financial institutions need to consider during a time of global uncertainty.

The bottom line — lots of money is on the move. Funding will send aid groups towards the crisis; it will also send logistical supplies, war material, and other necessities. All of these cost money, and defense sectors in multiple countries will be pumping out munitions to refill stockpiles in any country that is related to or in the neighborhood of the conflict.

Not every large transaction is an unusual, reportable event, but financial institutions now need to look one or two layers below the surface. What does not seem related on the surface is always a red flag. Look at beneficial ownership of companies and vessels, look at relations of the owners, not just the ��(OFAC) results of those people themselves. The financial system will, and should, allow the legitimate funds to flow. However, financial investigators must remain diligent to catch bad actors that take advantage of the surge in non-profit activity or the urgency with which legitimate businesses operate in a conflict zone.

Risk Factor 1: Capital flight from regime change

Just as the fall of the Al-Assad regime in Syria caused family funds to flow to as regime members fled the country, you will see the same with politically exposed persons (PEPs) who are inevitably fleeing regime change in Iran. A political crackdown will come. Whether the victors are on the side of the West or not remains to be seen, but some factions are going to flee the country and take family wealth with them.

Banks and other financial services should watch for anyone connected to people moving money through neighboring countries in which they may have literally hiked or driven before depositing cash into a financial institution. There are stories of refugees leaving places with gold bands on their arms, cash and false bottom purses, and diamonds in the lining of sweaters. These things will be converted to cash in neighboring countries and put into financial systems less affected by the conflict. An influx of cash throughout the region, therefore, could indicate this type of capital flight.

Risk Factor 2: Illicit finance and black markets

Since the fall of Syria, we have also become aware of that helps fuel addiction and armed conflict. There are certainly other substances and drug trafficking networks about which we know very little on this side of the secrecy veil.

Therefore, this instability will be seen as a time of opportunity for criminal groups. Indeed, with Assad’s security forces no longer controlling middle eastern captagon and other narcotics trade and various armed groups looking for funding sources, this is an illicit business opportunity.

Financial institutions can expect rapid movement of money between unrelated shell corporations, new corporations, and shadow vessels. They also should expect the black market to boom with drugs, contraband Iranian oil, and funds tied to narcotics that they have only yet to discover. Illegal arms will also generate funding, so all of the methods, both formal and informal, used to transfer value will become active.

In fact, large portions of such funding will flow through financial institutions; and peer to peer payment providers, FinTechs, and money transmitters should be especially wary of funds moving rapidly through their platforms. A burst in conflict means a burst in activity from illicit sources; therefore, enhanced, targeted monitoring is a must.

How financial institutions’ risk & compliance teams should respond

First, all financial institutions’ risk & compliance departments need to assess their institutions’ OFAC and sanctions screening search parameters. This is a good time to dial up fuzzy logic capability and reduce match percentage thresholds. In other words, risk tolerance should go down while the metaphorical dragnet gets wider. Surge the department’s personnel capability to compensate if you have to, because that is better than a strict-liability OFAC fine. Remember, OFAC sanctions are closely tied to national security, especially when it comes to Iran. This is not an arena in which leniency can be expected. Compliance teams should look at monitoring systems and thresholds immediately, create geographical targeting models to cover the conflict zone, and consider a command center approach to deal with the fluidity of the situation until things settle.

If your institution has not already taken the hint from regulators, this also is an opportunity to double down on Customer Due Diligence and identity verification. Front line staff and embedded business compliance personnel should receive updated training and job aids to increase awareness and hone internal reporting. Indeed, it is an advanced business skill to understand complex corporate beneficial ownership, much less to detect when it may be tied to illicit activity or corrupt regimes. Now is the time to increase that level of knowledge and thereby make the culture of compliance more robust.

In every crisis there is opportunity as well as risk: Managing the risk allows every company to take advantage of the opportunity, shore up its mission, and strengthen the institution.

You can find out more about��the geopolitical and economic outlook for 2026��here

Key highlights:

• • • Map risks before building— Distinguish between foreseeable harms that may be embedded in your product’s design and potential misuse by bad actors.

    • Safety processes need real authority— An AI safety framework is only credible if it has the power to delay launches, halt deployments, or mandate redesigns when human rights risks outweigh business incentives.

    • Triggers enable proactive intervention— Define clear, automatic review triggers such as product updates, geographic expansion, or emerging patterns in user reports to ensure your safety processes adapt as risks evolve rather than reacting after harm occurs.

In recent months, the human cost of AI has become impossible to ignore. after interacting with AI chatbots, while generative AI (GenAI) tools have been weaponized to create that digitally undress women and children. These tragedies underscore that the gap between stated values around AI and actual safeguards remains wide, despite major tech companies publishing responsible AI principles.

, a senior associate at , who works at the intersection of technology and human rights, argues that closing this gap requires companies to: i) systematically assess both foreseeable harms from intended AI use and plausible misuse by bad actors; and ii) build safety processes powerful enough to actually stop launches when risks to people outweigh commercial incentives.

Detailing the two-step framework for anticipating and addressing AI risks

To build effective AI safety processes, companies must first understand what they’re protecting against, then establish credible mechanisms to act on that knowledge.

Step 1: Mapping foreseeable arms and intentional misuse

When mapping AI risks during “responsible foresight workshops” with clients, Richard-Carvajal says she takes them through a process that identifies:

• • foreseeable harms that emerge from a product’s design itself. For example, algorithm-driven recommender systems — which often are used by social media platforms to keep users on the site — are designed to drive engagement through personalized content, and are well-documented in amplifying sensationalist, polarizing, and emotionally harmful content, according to Richard-Carvajal.

• • intentional misuse that involves bad actors who may weaponize technology beyond its purpose. Richard-Carvajal points to the example of Bluetooth tracking devices, which initially were designed to help people find lost items, but were quickly exploited by stalkers, who placed them in victims’ handbags in order to track their movements and in some cases, to follow them home.

Tactically, the role-playing use of “bad actor personas” by Richard-Carvajal and her colleagues can help clients imagine misuse scenarios and help ensure companies anticipate harm before it occurs rather than responding after people have been hurt.

Step 2: Building a credible AI safety process

Once risks are identified, Richard-Carvajal says she advises that companies identify mechanisms to address them.��The components of a legitimate AI safety framework mirror the structure of robust human rights due diligence by centering on the risks to people.

Indeed, Richard-Carvajal identifies core components of this framework, which include: i) hazard analysis and to anticipate both foreseeable harms and potential misuse; ii) incident response mechanisms that allow users to report problems; and iii) ongoing review protocols that adapt as risks evolve.

Continual evaluation of new emerging risks is needed

As AI capabilities advance and deployment contexts expand, companies must continuously reassess whether their existing safeguards remain adequate against evolving threats to privacy, vulnerable populations, human autonomy, and explainability. Richard-Carvajal discusses each one of these factors in depth.

Privacy — Traditional privacy mitigations, such as removing information that leads to identifying specific individuals, are no longer sufficient as AI systems can now re-identify individuals by linking supposedly anonymized data back to specific people or using synthetic training data that still enables re-identification. The rise of personalized AI — in which sensitive information from emails, calendars, and health data aggregates into comprehensive profiles shared across third-party providers — can create new privacy vulnerabilities.

Children — Companies must apply a heightened risk lens for vulnerable populations, such as children, because young users lack the same capacity as adults to critically assess AI outputs. Indeed, the growing concerns around AI usage and children are warranted because of AI-generated deepfakes involving real children are being created without their consent. In fact, Richard-Carvajal says that current guidance calls for specific child rights impact assessments and emphasizes the need to engage children, caregivers, educators, and communities.

Cognitive decay — A growing concern is that too much AI usage can harm human autonomy and contribute to a decline in critical thinking. This occurs when , and it has the potential to undermine their human rights in regard to work, education, and informed civic participation.

Meaningful explainability — Companies’ commitment to explainability as a core tenet of their responsible AI programs was always a challenge. As synthetic AI-generated data increasingly trains new models, explainability becomes even more critical because engineers may struggle to trace decision-making through these layered systems. To make explainability meaningful in these contexts, companies must disclose AI limitations and appropriate use contexts, while maintaining human-in-the-loop oversight for consequential decisions. Likewise, testing explanations should require engagement with actual rights holders instead of just relying on internal reviews.

Moving forward safely

While no universal checklist exists for AI safety, the systematic approach itself is non-negotiable. Success means empowering engineers to identify and address human-centered risks early, maintaining ongoing stakeholder engagement, and building safety processes that have genuine authority to delay launches, halt deployments, or mandate redesigns when human rights outweigh commercial pressures to ship products.

If your company builds or deploys AI, take action now: Give your engineers and risk teams the authority and resources to identify harms early, keep continuous engagement with affected people and independent stakeholders, and create governance that have the power to keep harm from happening.

Indeed, companies need to make sure these steps go beyond simple best practices on paper and make these protective processes operational, measurable, and enforceable before their next product release.

You can find more about human rights considerations around AI in our ongoing��Human Layer of AI series��here

Key insights:

• • • Crypto crime is likely much bigger than it appears — Blockchain forensics firms only report what they can prove with 99%-plus accuracy, meaning the true scale of crypto crime is likely far larger than official reports suggest.

    • False negatives are still a problem — While achieving incredibly low false positive rates, these strict standards result in significant false negatives, with firms missing up to 75% of known criminal addresses in tested datasets.

    • This reporting gap reveals hidden losses — FBI data shows higher losses than do forensic reports and when accounting for the 85% of fraud victims who never report crimes, actual losses could exceed $110 billion annually.

Law enforcement has known about crypto-related crime for more than 14 years now. Five years ago, I felt these industry reports left a lot to be desired. A lot has happened in since then, however, and I have learned that clarity is becoming more important than caveats, because even my own are being taken out of context by the cryptocurrency ATM industry.

The myth of “crypto crime”

Nick Furneaux points out — spoiler: it’s all just financial crime. Yet, the blockchain forensics industry still has the annual tradition of issuing crypto crime reports that end up getting reviewed . However, my previous post showed how the prevailing reports appeared to prove Nick’s point, stating that crypto crime represented just — effectively, a rounding error.

I wrote that these reports needed to be heavily caveated, as the figures identified were clearly smaller than the figures that may have been reasonably expected. In fairness to the industry, reports have since incorporated caveats on nearly all stated figures. However, this has still not stopped the industry from cherry picking figures that support the argument that there is no such thing as crypto crime.

The ironically good news in this year’s reports has been that the official figures for illicit activity across the industry has increased to of all crypto activity for the . This increase is an indicator that the industry has gotten better at identifying criminal activity; and while there is still room for improvement, we are moving in the right direction.

Art vs. science

The companies producing these reports continue to hold some of the largest datasets on crypto-crime and blockchain metadata in the world. They are ideally placed to speak to these trends in illicit activity in the crypto ecosystem. However, one of the early arguments in blockchain forensics was that it is not as effective as some people were claiming.

In the landmark case, (colloquially known as the Bitcoin Fog case), blockchain intelligence platform CipherTrace claimed that blockchain forensics was more of an art than a science. Based on evidence from Chainalysis, the case’s acknowledged blockchain forensic evidence was admissible in criminal court to based on the methods used.

Understanding the limits of these reports requires an understanding of the core audience for these forensic firms: Law enforcement, which has a high burden of proof to achieve before going to court with any evidence.

Chainalysis has been doing this for 12 years at this stage and has been one of the only services to undergo a of its data, albeit a tiny sample size of its overall dataset. In the last five years, competitor TRM Labs has become an industry leader based on its focus on blockchain intelligence and law enforcement support.

The accuracy trap

Understanding the limits of these reports requires an understanding of the core audience for Chainalysis and TRM Labs: Law enforcement, which has a high burden of proof to achieve before going to court with any evidence. As such, the standard held by industry leading companies is that a data model should achieve an accuracy level of 99%-plus. However, as with any machine learning algorithm, it is incredibly difficult to guarantee 100% accuracy. Still, 99% accuracy is higher than human-based systems are expected to have.

Despite this commitment to high standards, the blockchain forensics industry has come under fire for false negatives. In the academic research of Chainalysis’ data, researchers found its false positive rate to be 0.01%, 0.15%, and 0.11%, respectively across the three datasets, or at least 99.85% accuracy for what was in their tool. Obviously, this is much more scalable and accurate in the modern world in which criminals are using AI than having humans unravelling these datasets manually. However, this level of certainty does paradoxically result in a surprising level of false negatives.

Indeed, Alison Jimenez, of Dynamic Securities Analytics, pointed out that Chainalysis missed a significant percentage of all addresses in the three sample datasets. The study looked at coverage of three known illicit services: BestMixer, Hansa Market, and Wall Street Market.

Chainalysis was found to have been able to identify 25%, 79%, and 95% of the sampled addresses, respectively. While this may seem like the company is negligent to suggest they can identify crime when it missed 75% of Best Mixer addresses, a service designed to obfuscate the flow of funds, the reality is that identifying any of these services is pretty difficult in the first place — especially in a world in which criminals are actively trying to escape surveillance. And remember, this is just the data that made it to production; Forensics firms are still able to assist law enforcement to make informed decisions on their investigations based on a range of additional data that never gets surfaced in the tool or in reports.

The reporting gap

These forensic companies are unable to publish informed estimates of the level of crime, but they are saying that they have identified at least $154 billion dollars in illicit activity in 2025. These tools also assist law enforcement with investigations which they may not always have permission to include in their datasets. Yet, investigators can still use the technology to carry out their investigations safe in the knowledge that their evidence will be admissible in court. That means, the $154 billion figure is effectively a floor, not a ceiling for the potential effectiveness of blockchain forensics.

The FBI counts what victims report, whereas forensic firms count what they can prove on-chain. When you consider that academic research suggests 85% of fraud victims never report their crimes to anyone, the scale of the problem becomes staggering.

The discrepancy between forensic reports and law enforcement data is where the caveats become most visible. The for 2024 (released in late 2025) pegged crypto-related scam losses at $16.6 billion. This figure is 67% higher than Chainalysis’s estimate, and 55% higher than TRM Lab’s for the same category.

Why the gap? Because the FBI counts what victims report, whereas forensic firms count what they can prove on-chain. When you consider that academic research suggests 85% of fraud victims never report their crimes to anyone, the scale of the problem becomes staggering. If we extrapolate the FBI’s reported figures to account for this silent 85%, the potential loss to crypto scams could be as high as $110 billion. While not an academically rigorous calculation, this figure would not surprise many industry analysts.

What will these reports look like in another 5 years?

The critique I have of these reports is that they underestimate the size of the problem in order to be able to accurately stand by their data. This isn’t a bad thing, it just results in unfortunate outcomes. There may be a day when these reports are combined with academic research to make a more informed estimation of how big the crypto crime problem really is.

Thankfully, those in the blockchain forensics industry can’t speak in theories or artistic interpretation. They have to be able to prove their statements and back them up with verifiable data. Right now, these reports are effectively looking at the tip of the iceberg and showing what they know about what they can see — the caveat now is that this is just the known knowns. The challenge continues to be identifying the known unknowns. Fortunately, we are getting better at identifying criminal activity every year.

You can find more of our coverage of the cryptocurrency industry here

Key insights:

• • • Pushing innovation in the financial sector — The OCC is actively enabling innovation among financial service institutions, not resisting it.

• • • Regulation is being refocused, not removed — Priorities may change with each administration, but oversight remains, and crypto is increasingly central.

    • Compliance is a growth requirement — Regulations around the BSA, sanctions, and KYC still apply, so durable controls and experienced teams do matter, even with AI.

Shortly after being named Acting Director of the Comptroller of the Currency in early 2025, Rodney E.��Hood in the financial sector. Hood spoke about improving bank-fintech partnerships and providing regulatory frameworks for digital asset activities.

As expected, the Hon. Jonathan V. Gould was sworn in as the 32nd on July 15, 2025. Under his leadership of the Office of the Comptroller of the Currency (OCC), the spigot of technology-enabled financial innovation is set to remain wide-open, with blockchain-based products at the forefront.

In his speech to the , Comptroller Gould laid out a road map to a future that includes more de novo charters, with many of them coming from the ranks of blockchain and digital or virtual asset service providers (VASP). He refuted notions that these things cannot be done under current rules and reaffirmed the agency’s ability to regulate such institutions.

Register now for The 2026 Future of AI and Technology Forum, a cutting-edge conference that will explore the latest advancements in GenAI and their potential to revolutionize compliance, legal, and tax practices

Institutions that fail to embrace these emerging technologies as they arise risk falling behind, Gould said, describing how any legal framework that treats digital assets differently than existing electronic means is risking “a recipe for irrelevance.” Such an antiquated approach keeps companies, institutions, and indeed the nation’s entire financial system, mired in the past, he added.

Digi-mon go!

In word and deed, the current OCC continues to offer a green light to VASPs as well as to traditional financial institutions that are looking to dabble with blockchain, stablecoins, and the like. Regulatory action in the past year mostly served to end prior enforcement against traditional institutions while putting ancillary companies in check. For example, of US/Mexican border casinos, crypto ATM-style terminals, and armored car companies demonstrates the regulatory shift that takes place after each change in administration.

Government rarely gives up its authority, but it does shift the focus. Border cash is out, crypto is in. Clear regulation for this sector is important, necessary, and will continue to create an entirely new set of financial products & services.

Institutions that fail to embrace these emerging technologies as they arise risk falling behind… [and] any legal framework that treats digital assets differently than existing electronic means is risking ‘a recipe for irrelevance.’

Normally I advocate more caution but, in this case, having any regulation is better than having no regulation. Blockchain is here to stay and having any kind of clarity around it is the right way to begin. Those who legislate have an opportunity to improve the regulatory framework over this technology as it evolves — as long as a framework exists. It’s sort of like the slippery slope argument in reverse: When we build a foundation on regulations that encourage innovation while protecting consumers, including the companies themselves, we create a healthier economy. These rules can always be improved and adjusted as we understand better what we have unleashed upon the world.

Compliance is on the “can’t cut” list

Rumors are swirling of cuts to many corporate compliance budgets. Many compliance pros think this administration will let companies do as they please! Let a professional risk manager urge caution here instead. The power of the Bank Secrecy Act (BSA), the extraterritorial reach of sanctions, and the requirements to know your customers (KYC) are not going anywhere. Regulations are refocused, not removed. A proliferation of nouveau financial institutions will provide a target-rich environment for the regulators of today and tomorrow to find things they dislike and prosecute those offenses. A business that hopes to make it big should be built to withstand the winds of change and weather different regulatory conditions over time.

Therefore, smart compliance professionals will keep an eye on the horizon and keep their risk controls tight. Yes, it may be a good time to start a crypto company; but no, that does not mean you can process drug cash, ignore sanctions, or fail to collect basic personally identifying information.

With increasingly ubiquitous AI tools, your humans in the loop are more important than ever. As entry level jobs become automated, depth of experience becomes more valuable. Retain talent and institutional knowledge on your compliance teams because those individuals will train the AI as well as the investigators of tomorrow.

Indeed, no matter who is in charge of the government’s regulations, enforcement will come when you let your guard down and ignore basic risk management principles.

You can find more about how government agencies are managing various risk, fraud, and compliance issues here

Key highlights:

• • • The governance-implementation gap is alarming — While nearly half of companies have AI strategies and 71% include ethical principles, a massive disconnect in execution persists.

    • AI governance is now a material investor risk — AI disclosure among S&P 500 companies jumped to 72% in 2025 from 12% in 2023, and investors are treating AI governance as a critical factor in overall corporate governance.

    • Regional disparities signal competitive risks — European, Middle Eastern, and African companies are leading in AI governance (driven by regulatory pressure), while only 38% of US companies have published AI policies despite being innovation leaders.

of 1,000 companies indicates a between the speed at which businesses are embracing AI and their preparedness to govern it effectively. These findings from , which offers a panoramic view across 13 sectors, are a wake-up call for every CEO, board member, and investor.

Indeed, nearly half (48%) of the companies sampled disclosed that they had AI strategies or guidelines in place, yet significant transparency gaps related to the environmental, social and governance (ESG) impacts of AI adoption remain.

When “ethical” principles lack substance

It is encouraging to see that 71% of companies with an AI strategy include principles around AI that include concepts such as ethical, safe, or trustworthy because this signals an awareness of the critical conversations happening around responsible AI. However, the AICDI data reveals a significant gap between stated principles and actual practice, more specifically:

• • • Environmental blind spots — A staggering 97% of companies failed to consider the environmental impact of their AI systems, such as energy consumption and carbon footprint, when making deployment decisions. As AI models grow in complexity and scale, their energy demands will only increase. In addition, investors are likely to adopt green AI as a non-negotiable concept in the future.

• • • Narrow social lens could open up reputational issues — More than two-thirds (68%) of companies with AI strategies did not adequately assess the broader societal implications of their AI technologies. Failure to understand and mitigate potential negative impacts on communities, vulnerable populations, or democratic processes is a recipe for reputational damage and legal challenges on the full spectrum of the human side of AI. Indeed, investors are growing more sophisticated in their understanding of these systemic risks.
    • Governance on paper and not in practice��— While 76% of companies with an AI strategy reported management-level oversight, only 41% made their AI policies accessible to employees or required their acknowledgement. That means these policies are just words on paper if they are not understood, embraced, and actively practiced by those on the front lines of AI development and deployment. This gap in governance can lead to inconsistencies, unforeseen risks, and a fundamental breakdown in trust, both internally and externally.

Gaps in AI governance exist across regions and sectors

The AICDI data reveals fascinating regional and sectoral differences as well. For instance, companies in Europe, the Middle East, and Africa are generally ahead in publishing AI policies and establishing dedicated AI governance teams — action that is likely driven by the European Union’s looming AI Act. This highlights the proactive stance some regions are taking and offers a glimpse into what might become a global standard.

Despite the United States being a hub for AI innovation, only 38% of companies in the Americas published an AI policy. This discrepancy suggests a potential future competitive disadvantage for those lagging in governance.

Not surprisingly, sectors also varied in corporate oversight of AI initiatives. Financial, communication services, and information technology firms were more likely to have responsible AI teams than companies in energy and materials. This makes sense given their direct engagement with data and often consumer-facing AI applications, but it again points to a broader need for cross-sectoral AI governance best practices.

How companies can meet investor expectations

AI has rapidly become a mainstream enterprise risk. Fully 72% of S&P 500 companies disclosed at least one material AI risk in 2025, up from just 12% in 2023, according to the Harvard Law School Forum on Corporate Governance.

To attract and retain investor confidence, companies need to take concrete steps, including:

1. 1. 1. Conducting a comprehensive AI audit — Companies need a thorough understanding of where AI is currently deployed across their products, operations, and services. The AICDI offers a to help with this, which allows companies to evaluate current AI governance maturity and benchmark themselves against peers.
      2. Establishing robust, transparent, and accessible AI governance frameworks — Companies need to move beyond vague principles by developing clear, actionable policies that address environmental impact, societal implications, data privacy, fairness, and accountability. Critically, these policies must be accessible to��all��employees, and their acknowledgement should be a requirement. Training and continuous education are paramount in order to embed these principles into daily operations.
      3. Proactively disclosing AI governance practices —��Companies should seek to anticipate investors’ concerns by incorporating specific disclosures on AI oversight mechanisms, transparency measures (including environmental and risk assessments), and how they’re preparing for evolving regulatory landscapes. Companies that showcase their commitment to responsible A as a strategic advantage will gain stakeholder trust.
      4. Embracing industry standards and collaboration —��By using global frameworks, such as the (which grounds the AICDI’s work), companies can strengthen standardization efforts. They should also participate in collaborative efforts and industry forums to share best practices and collectively raise the bar for responsible AI.
      5. Comparing your performance with peers —Companies can benchmark their responses against sector and regional peers. Also, they need to identify leaders and laggards to understand where a company stands and where it needs to improve. AI is an evolving field, and therefore, corporate AI governance frameworks must evolve as well — and the key ingredient for this is responsible innovation.

By any measure, AI is transforming our world; however, its benefits will only be fully realized if companies prioritize their responsible governance. For investors, AI governance is fast becoming a material risk and opportunity. And for companies, it’s no longer an option but rather a strategic imperative that can go a long way toward building trust, mitigating risks, and securing a sustainable future.

You can learn more about the , the corporate foundation of ��������, here