close icon

Your privacy is our priority. Learn More

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Generative Artificial Intelligence

Use Cases for Ethics & Compliance Programs

Type

Practice Note

Version

1.0

Date

May 2025

Summary

This article explores how compliance professionals can harness generative artificial intelligence (Gen AI) to enhance ethics & compliance programs. It outlines practical applications of Gen AI across all hallmarks of an effective compliance program, including risk management, governance, training, communications, investigations, and third-party management. The article also distinguishes between use cases suitable for in-house development using enterprise AI tools and those that may require third-party solutions (examples of such providers are identified).

By listing these various use cases, we are not recommending you implement them all. Moreover, reading this may spark other ideas, and we would love to hear about them! We intend to update this article as we learn about new Gen AI use cases. If you would like to contribute a new use case scenario, please send details using the feedback button below.

/
Open PDF
Open PDF

Generative Artificial Intelligence Use Cases forEthics & Compliance Programs

Provided it is used responsibly, in a secure, compliant and context-appropriate manner, generative artificial intelligence (Gen AI) has the potential to transform ethics & compliance programs. While traditional data analytics and visualization tools rely primarily on structured data (e.g., rows and columns in databases), generative AI can process and generate outputs from both structured and unstructured data - including free text, images, and scanned documents - by responding to natural language prompts.

Enterprise versions of Gen AI query tools (e.g., Microsoft Copilot, Google Gemini, Open AI GPT, Perplexity) are now being made available to ethics & compliance teams. How should can these tools be used? If we reflect on the various activities undertaken by an ethics & compliance professional, Gen AI has the potential to augment many. For example:

  • Interpreter: Gen AI can convert complex legal or policy language into clear, accessible summaries, noting that this is obviously not a substitute for legal advice.
  • Drafter: Gen AI can support compliance teams with the drafting or supplementing of governance documents, training materials, communications and reports, each tailored in tone, format and complexity to the intended audience.
  • Researcher: Gen AI excels in assimilating and identifying similarities and differences between different documents. If configured correctly, it can serve as an effective assistant when conducting due diligence or investigations. For example, it can spot inconsistencies between (a) a questionnaire completed by a business partner; (b) an internal form completed by the internal sponsor of that third party; (c) results of third-party screening and due diligence; and (d) draft contracts, including compensation structures and other less obvious incentives. And since Gen AI does not tire, it is able to review additional documents that a compliance team might not otherwise have the time to review. Continuing the due diligence example, this might include a review of the relevant competitive sourcing or sole source documentation which can often be voluminous.
  • Data Analyst: The availability of data analytics tools, either in-house (e.g. PowerBI, Tableau) or via compliance tech vendors, have elevated the expectations of prosecutors/regulators and the abilities of compliance teams to test and report on the effectiveness of their programs. The development of these visualizations often required the assistance of data scientists or analysts, creating a skills-related barrier to utilisation. Gen AI reduces this barrier converting your text-based instructions into the analytics and visualizations you require. Moreover, it is able to undertake analytics across a broader set of both structured and unstructured data.
  • Monitor, Investigator & Auditor: With access to relevant information, and the right configuration, Gen AI can undertake an effectiveness assessment of your controls. Building on traditional rules-based transaction testing and machine-learning, it is able to identify evidence of potential fraud, corruption or anti-competitive behavior in company transaction data. And supplementing existing neuro-linguistic capabilities, it is able to identify evidence of problematic conduct in employee communications and negative changes in employee sentiment.

However, in these early days, ethics & compliance teams are facing a knowledge and resourcing gap. Companies are directing most of their AI investment in use cases that directly support their business, such as sales and supply chain. Compliance teams are being provided with access to the same technology, told to make their programs more effective and efficient, but are receiving less support in the identification and deployment of appropriate AI use cases.

This article is designed to help ethics and compliance professionals explore practical applications of data Gen AI across all elements of an ethics & compliance program. For a more in-depth narrative on the potential that AI has for ethics & compliance teams, we recommend the following book, published in April 2025, to which the Integrity Bridge CEO contributed:

Upping Your Game: How Compliance and Risk Management Move to 2030 & Beyond, Tom Fox (2025)

The focus of this article is on the use of enterprise versions of Gen AI query tools (QT) to automate, enhance, or reimagine program components. These are marked with the symbol ⌂. In addition, we identify:

  • How Gen AI QTs may be used in conjunction with pre-existing sets of structured data and analytics.
  • More advanced Gen AI use cases that are being offered by third-party service providers (while noting that as compliance teams become more confident with using Gen AI, such use cases could potentially be brought in-house).

Third-party service providers identified as offering relevant technologies are cited for illustrative purposes only, so that you may learn more about the relevant use cases. Integrity Bridge makes no representation as to the scope, quality, or effectiveness of their services. Unless otherwise indicated, Integrity Bridge has no commercial relationship with compliance technology vendors. Integrity Bridge receives no sales commissions from vendors.

The utilization of Gen AI to support your ethics & compliance program requires care. Responsible use involves ensuring that each use case (a) works correctly as intended and does not, for example, hallucinate; (b) operates in a secure environment, with appropriate access controls; (c) processes data in an appropriate manner, in accordance with data security, data privacy and responsible AI laws and your company’s responsible AI governance and core values. Each of the use cases listed will give rise to unique risks that will need to be thoroughly assessed and managed.

This article organizes the Gen AI use cases by the standard compliance program hallmarks. By listing these, we are not recommending you implement them all. Moreover, reading this may spark other ideas, and we would love to hear about them! We intend to update this article as we learn about new Gen AI use cases. If you would like to contribute a new use case scenario, please send details to info@integritybridge.com

Integrity Bridge supports ethics & compliance teams with the identification, prioritization and development of Gen AI use cases, utilizing their company’s Enterprise AI tools.

Enterprise (Compliance) Risk Management

  • Global Regulatory Tracking: Monitor for global regulatory updates, assessing their impact on company risks, governance & operations.1
  • Scenario Analysis and Simulation: Simulate multiple "what-if" scenarios such as regulatory changes, market crises, or internal fraud events, to assess potential impact.2
  • Predictive Risk Analytics: Analyze internal and external data to predict emerging/increasing compliance/cultural health risks.3
  • Democratized Risk Analytics: Join other third parties utilizing the same federated machine learning/generative AI to predict emerging/increasing compliance risks.4
  • ⌂ Risk Consistency Assessment: Review ERM register, 10-K Risk Factors summary, CSRD double materiality assessment, insurance risk assessment and any other internal risk lists for consistency of taxonomy and description.
  • ⌂ Tailored Risk Reporting: Generate tailored ERM reports for senior leadership/board with flagging of emerging risks, risks with increasing impact/likelihood/velocity and material risks with controls in need of improvement.5
  • ⌂ Substantive Review of Compliance Risk Assessment: Review draft global/local compliance risk assessment report for (a) completeness; (b) consistency with other risk reports; (c) identification of recurring themes between reports. Integrity Bridge does not recommend uploading legally privileged materials to Gen AI QTs, including enterprise versions, without speaking to legal counsel beforehand.

Policies & Procedures

  • ⌂ Governance Gap Analysis: Undertake a gap analysis of company policies against applicable regulatory requirements, industry standards and the company’s policy-on-policy requirements.6
  • ⌂ Benchmarking: Compare your code of conduct/policies with those of other companies in your market sector/region.
  • ⌂ Policy Drafting: Review and supplement your draft policies, and prepare associated change management communication, each tailored to the voice of the target audience.7
  • ⌂ Tracking Policy Engagement: Track employee access to Code of Conduct and ethics & compliance policies, procedures and guidance (at an aggregate level). Utilize dashboards to show or have Gen AI proactively identify (a) low employee engagement in specific business units or locations; or (b) potential workplace culture concerns due to high levels of interest in a particular topic (e.g., workplace harassment).
  • ⌂ AI Policy Chatbots: Develop chatbots to provide employees with real-time guidance on the application of the Code of Conduct and ethics & compliance policies to scenarios posed by employees. An interim “testing phase” could involve making the policy chatbot available to the compliance team to support the drafting of responses to employee questions.8
  • ⌂ Enhanced Policy Management: Link the company’s policy management platform to other company data sources to support policy management. For example, develop a dashboard/ AI QT that links the platform to a company’s HR Information System to enable notifications to be sent to appropriate stakeholders when a policy owner or other stakeholder leaves the company or changes role.
  • ⌂ Development of A “Note to File” for New Code/Policy Launches: Based on supporting materials, utilize an AI QT to prepare a narrative summarizing the (a) development of a new Code/policy; (b) consultation on the new Code/policy; (c) launch of the new policy, including details of tone from the top/middle communications; (d) employee engagement with the Code/Policy during launch phase; and (e) completion of relevant training.

Controls

  • ⌂ Control Design: Translate regulation into auditable controls/performance standards.9
  • ⌂ Control Testing: Review sufficiency of control testing documentation.10
  • ⌂ Tailored Controls Reporting: Generate tailored control effectiveness reports for senior leadership/board, flagging material risks with controls in need of improvement.11
  • Integrated Compliance System Controls: Link gating controls across compliance, ERP, CRM, and contract management systems to prevent a compliance-sensitive activity going ahead without appropriate clearance e.g., preventing transactions with a third-party being completed in company’s ERP/CRM if a key compliance approval or other requirement (e.g., training non-completion, out of date certification, expired contract) has not been met.

Training

  • ⌂ Identification of At-Risk Employees: Extract role profiles from HR Information System and ask AI QT to enrich the descriptions of the work each role does (if not clear from the original role descriptions). Upload the draft training material and ask AI QT to identify those (additional) roles that should receive the training.
  • ⌂ Identification of Appropriate Topics to Address in Training Plan: Review metrics/compliance reporting/audit reports to identify suitable topics for training.
  • Expedited Translation of Training Materials & Audio Tracks: Utilize AI-powered translation services to swiftly and cost-effectively translate training content and audio tracks.12
  • Use of AI Avatars: Incorporate AI-generated avatars to create engaging and personalized training videos.13
  • ⌂ AI-Generation of Training Modules: Utilize AI to tailor training module visuals based on role/location (e.g., manufacturing, laboratory, office).14
  • ⌂ Hyper-Personalized Training Allocation: Develop a library of very specific, real-life training scenarios and allocate to employees based on their roles, locations, prior compliance engagement, prior compliance training performance and behavioral history.15
  • ⌂ Training Effectiveness Analysis: Conduct advanced analytics on the impact of training on employee behavior (e.g., Code/policy compliance, number of questions asked, willingness to speak up).
  • ⌂ Identification of Cultural Health Proxies in Training Data: Extract those metrics - beyond training completion - that speak to cultural health. For example, (a) speed of training completion in a particular business unit or site; (b) timely completion of training by management; (c) number of attempts to complete.
  • ⌂ “Note to File” Reflecting Completion of a Training Campaign: Utilize AI QT to prepare a self-contained report on the effectiveness of a specific training campaign, utilizing training metrics, materials and other supporting evidence.

Communications

  • ⌂ Communications Metadata: Extract key metadata in (e.g., tone from the top) compliance communications and upload to LMS or other database/visualization tool to assess effectiveness of communications on e.g., training completion, compliance with controls, speak up rates.
  • CRM Communications Tools to Track Employee Engagement: Track the extent of employee engagement with a communication (e.g., is the email opened? How much of the email is read? How long is the email open?).16
  • Just-in-Time Compliance Nudges: Develop in-system compliance guidance within ERP, CRM, T&E, Supplier Management and other platforms reminding employees of relevant compliance requirements (e.g., pre-approval, provision of supporting documentation).17
  • ⌂ AI-Generated Podcasts: Utilize AI-generated podcast to help explain any uploaded document (e.g., a policy, training material).18
  • ⌂ AI-Generated Videos: Generate personalized short videos for inclusion in company social media platforms.19
  • ⌂ Personalized Compliance Communications: Create tailored compliance communications based on employee’s role, risk and behavioral performance.20
  • ⌂ AI-generated visual compliance reminders: Develop infographics, short videos and screen for use in digital platforms.21

Conflicts of Interest

  • Detection of Third-Party/Employee Conflicts of Interest: Compare contact (address, phone number, email) and bank account information between third parties and employees to identify non-disclosed conflicts of interest (subject to data privacy impact assessment).
  • Substantive Assessment of Disclosed Conflicts: Review COI disclosures over a period of time to identify (a) emerging trends from disclosed conflicts; and (b) consistency of Compliance’s response and remediation.
  • Conflicts Disclosure Workflow: Develop a customized conflicts of interest disclosure workflow that not only administers disclosures but also undertakes the first-line substantive review of such disclosures, and approves or escalates accordingly.

Gifts & Hospitality

  • ⌂ Employee Gifts & Hospitality Analytics: Analyze gifts & expense amounts reported in employee expense management system to assess whether a change in disclosure/approval thresholds are needed.
  • Third Party Gifts & Hospitality Analytics: Review total value of gifts & expenses received over time by (a) business partners and other third parties; (b) individual employees within these third parties to identify fraud, conflicts of interest or overspend.22
  • Review of public payments data: Review public payment disclosures made by companies for fraud, overpayment and/or conflicts of interest.23

Third-Party Risk Management

Screening

  • Master Data Enrichment: Validate/enhance company master data using third-party information from multiple sources.24
  • ⌂ AI-Driven Third-Party Screening: Use AI QT to conduct initial due diligence by assimilating financial data, regulatory filings, public records, completed questionnaires and adverse media, and identify flags, information gaps and inconsistencies.
  • Relationship-Mapping: Utilize AI QT to detect indirect links between employees, third parties and government officials (subject to responsible AI/data privacy impact assessment).25

Due Diligence

  • Pre-Populated Due Diligence Questionnaires: Extract data from third party websites, other public sources and prior engagements to pre-fill third-party due diligence questionnaires.26
  • AI Agents for Supplementary Inquiries: Deploy agentic AI to conduct additional factual queries during the due diligence process, enhancing the depth of information gathered.
  • ⌂ Generation of Interview/Training Topics: Use AI QT to generate a list of topics for discussion with third parties during interviews or training sessions, based on materials provided.
  • ⌂ Draft Risk Assessment Compilation: Use AI QT to prepare first draft of a third-party compliance risk assessment based on all materials collated during diligence (e.g., internal and third-party questionnaires, screening reports, due diligence reports, draft contracts), identifying any inconsistencies or information gaps.

Contract Management

  • ⌂ Contract Review: Use AI QT to review and analyze contracts for (a) compliance with regulatory requirements; (b) inclusion of required compliance terms; (c) compensation structures that incentivise third parties and/or employees to act in violation of the law or a company’s core values/code of conduct/applicable policies.27

Accounts Payable

  • ⌂ Autonomous invoice capture and General Ledger Account coding.
  • ⌂ Enhanced 3-way match (PO, invoice, goods receipt/service entry).28

Transaction Monitoring

  • ⌂ Sales: Monitoring of pricing, discounts, rebates, credit memos and commissions for fraud, corruption and/or antitrust violations.
  • ⌂ Procurement: Monitor accounts payable and corporate p-card transactions for (a) undisclosed high-risk vendors; (b) undisclosed high-risk materials (e.g., forced labor); (c) overspend; (d) fraud; (e) corruption; and (f) conflicts of interest.
  • ⌂ Identification of Bid Rigging by Vendors: Identify irregular bidding behavior by prospective suppliers.
  • ⌂ Employee Expenses: Monitor employee expenses in near-real time for (a) violation of travel policy; (b) violation of gifts & hospitality policy; (c) violation of employee expense management policy; (d) excessive spending; (e) fraud/corruption; and (f) gifts & hospitality for politically exposed persons.29

Forced Labor Analytics

  • ⌂ Public Transaction Data: Review customs and other publicly available trade data to identify sourcing from vendors/countries with high forced labor risk.30
  • ⌂ Virtual Bill of Materials: Construct full virtual bill of materials for a company’s product utilizing public trade data and other information sources.

Combining Data Sources to Enhance Third-party Monitoring

  • ⌂ Integrated Third-Party Monitoring: Utilize AI to combine and assimilate third-party adverse media monitoring, internal transaction monitoring, public transaction monitoring and employee communications to identify fraud, antitrust, conflicts of interest and other compliance risks.

Workplace Culture

  • ⌂ Sentiment Analysis
    • Conduct workplace sentiment analysis based on e.g., (a) employee communications; (b) employee comments made on e.g., Glassdoor; (c) survey responses.31
    • Identify public false narratives that are undermining the company’s reputation.32
  • Communications Monitoring33
    • Audit emails, chats, and messages for language indicative of bribery, harassment, or other policy violations or precursor indicators.
    • Flag potential compliance risks in communications in real-time, warning employees (a) before sending high-risk messages; and/or (b) of incoming messages of concern from third parties.
  • Insider Threat Monitoring34
    • Monitor for sudden changes in an employee behavior, such as accessing systems at odd hours, erratic attendance.
      Also see Investigations for additional use-cases relevant to workplace culture

Audit

  • ⌂ Compliance Program Effectiveness Assessment: Utilize AI QT to assess the effectiveness of a company’s compliance program against pre-defined design, empowerment and operational standards.35 For more guidance on the assessment of compliance program effectiveness please access this Integrity Bridge article by clicking here.
  • ⌂ Audit Scoping Recommendations: Utilize AI QT to (a) identify areas of audit focus based on ERM risk register, past audit reports and other risk indicators; (b) tailor and supplement compliance audit workplans.
  • ⌂ AI-Generated Audit Reports: Utilize AI QT to prepare first draft of audit report based on materials reviewed during audit.36

Investigations

  • Enhanced Allegation Intake: Utilize AI for first engagement with reporter to enhance the quality of the initial report.37
  • ⌂ Allegation Triage: Triage allegations, using Gen AI to automatically categorizing, prioritizing and assigning employee reports to appropriate SME investigators.38
  • ⌂ Automated Context Analysis: Use AI QT to review of prior investigations, training records, disclosures and transaction history, providing investigators with relevant context to a new allegation.39
  • Translator For Interviews: Use real-time translation services to enhance and expedite the conduct of interviews.40
  • Use of AI Investigation Agents: Deploy AI agents to support or even conduct investigations.41
  • Enhanced E-Discovery & Document Review: Utilize AI to rapidly process and analyze large volumes of documents, emails, and chat records for investigation purposes. Detection of inconsistencies across statements, documents and data.
  • Anonymization: Utilize Gen AI to expedite anonymization of investigation material prior to the conduct of thematic analytics.
  • ⌂ Report Generation: Prepare first draft or review of draft investigation reports, based on evidence acquired during the investigation.
  • ⌂ Tailored Investigations Reporting: Generate tailored investigation summaries for senior leadership/board, including identification of global/local trends.
  • ⌂ Root cause analysis: Utilize AI QT to summarize recurring root cause themes (including control failures) across selected investigation reports. Consider combining with root cause analysis from audit reports and business process monitoring.

Incentives & Consequence Management

  • ⌂ AI-Driven Employee Compliance Performance Scoring: Evaluate employee behavior, training engagement, and policy adherence.
  • ⌂ Discipline Recommendation: Recommend discipline, based on review of investigation report, Discipline Policy and discipline administered in similar cases.
  • ⌂ Monitoring of Discipline Consistency: Review discipline administered (or not) for similar investigations for compliance with discipline policy, consistency and fairness.

Reference Links

1 https://www.compliance.ai/; https://www.regology.com/; https://www.regufy.ai/; https://cube.global/solutions; https://reglabs.ai

2 https://www.ibm.com/think/insights/ai-enhanced-scenario-modeling-horizon-scanning; https://www.fusionrm.com/platform/scenario-simulation-intelligence/

3 https://www.integritylab.com/

4 https://integritydistributed.com/

5 https://www.auditboard.com/platform/ai/;

6 https://www.policyprotect.ai/; www.regufy.ai

7 https://www.doctract.com/doctract-ai

8 https://www.rulebook.ai; https://www.eqs.com/compliance-webinars/inside-cockpit-policy-buddy/

9 https://kpmg.com/au/en/home/technology-solutions/ai-compliance.html

10 https://www.vero-ai.com/

11 https://www.auditboard.com/platform/ai/;

12 https://www.goethena.com/

13 https://www.heygen.com/; https://www.synthesia.io/; https://www.colossyan.com/

14 https://www.vyond.com/solutions/; https://www.goethena.com/; https://www.disco.co/

15 https://www.realizeitlearning.com/workforce; https://www.enthral.ai/ai-powered-learning/

16 https://www.poppulo.com/products/employee-communications; https://cerkl.com/; https://staffbase.com/en/; https://www.microsoft.com/en-us/microsoft-viva; https://www.salesforce.com/service/employee-engagement/

17 https://www.walkme.com/; www.concur.com

18 https://notebooklm.google/

19 https://openai.com/sora/

20 https://www.dynamicyield.com/target/

21 https://www.synthesia.io/use-case/internal-communications;

22 https://www.caseiq.com/compliance-monitoring/; https://konaai.com/compliance-monitoring-software/

23 https://www.conflixus.com (US healthcare sector)

24 https://www.tealbook.com/; https://www.ganintegrity.com/products/integrity-enrich/

25 https://shadowdragon.io/socialnet/

26 https://www.certa.ai/

27 https://www.harvey.ai/

28 https://www.appzen.com

29 https://www.caseiq.com/compliance-monitoring/; https://konaai.com/

30 https://altana.ai/; https://sayari.com/; https://www.exiger.com/products/supply-chain-explorer/

31 https://go.perceptyx.com/platform/analyze/comment-analytics; https://www.qualtrics.com/support/common-use-case/analyzingresults/insight-explorer/

32 https://blackbird.ai/

33 https://www.behavox.com/communications-surveillance/; https://www.globalrelay.com/products/communication-surveillance/; https://swarmdynamics.ai/; https://www.litlingo.com/ NB: Integrity Bridge’s CEO is on the Advisory Board to Litlingo

34 https://www.teramind.co/

35 https://www.vero-ai.com/

36 https://www.auditboard.com/platform/ai/

37 https://www.speakup.com/sienna

38 https://www.eqs.com/platform-compliance-ethics/integrity-line-whistleblower-software/

39 Ibid.

40 https://kudo.ai/solutions/live-speech-translation-online-meeting-platform/

41 https://www.allvoices.co/product/vera-ai-employee-relations; Also see KPMG Concept Video (link)