Since the start of the year, geopolitical pressures have combined with trade negotiations and deregulation efforts to create heightened volatility for business. And as we begin the fourth quarter of the year, that instability shows little sign of improvement.
Business risk is surging, according to legal and compliance leaders surveyed by Corporate Board Member as part of our Q3 Business Risk Index, which is a survey of general counsel, compliance leaders and audit members conducted in partnership with Diligent Institute.
Legal and compliance chiefs are rating the level of risk in the current business environment at 7.9 out of 10, on a scale where 1 is Negligible and 10 is Significant. That number has been rising significantly since Q1, when business risk was rated just 5.8 out of 10––an increase of 36 percent since then.
Those polled say they find heightened risk amid the continued disruption of the Trump administration’s tariffs decisions, ongoing geopolitical conflicts and sticky inflation.
“The convergence of these factors keeps risk levels high and requires businesses to invest more in proactive compliance, risk management, scenario planning and governance frameworks,” says Taras Lytovchenko, the chief legal and compliance officer at Trinitex.
Many others who participated in the September survey echoed Lytovchenko’s sentiment, citing “tariff games by the administration” and “macroeconomic forces” as pertinent to this high-risk environment.
Interestingly, while the majority also cited the unpredictability of the regulatory environment as one of the top risks for business right now, that proportion is down 10 percentage points since last quarter. Kristy Grant-Hart, vice president and head of advisory services for Spark Compliance, a Diligent Brand, says companies may feel more prepared to navigate regulatory uncertainty thanks to proactive compliance measures and increased investment in monitoring and risk management.
“As organizations grow more confident in their regulatory frameworks, attention is turning toward more specific business risks like shifting tariffs and global volatility. This could reflect a positive trend in compliance maturity, where legal and compliance teams have built robust processes that allow them to respond to regulatory changes with more agility,” she says.
According to the survey, legal and compliance teams are indeed working to strengthen their companies’ ability to insulate themselves from these impacts and withstand a continuation of the uncertainty in the year ahead. Of the measures they are taking to do so, most list the increasing use of technology, including artificial intelligence, for monitoring and regulatory tracking purposes.
Overall, however, every aspect of compliance is being reinforced, including compliance/ethics training for employees and policy/procedural reviews. The only aspect not expected to increase in priority in the near term is “whistleblower or reporting channels,” which was flat year over year.
“Organizations leading the way in compliance are leveraging technology and procedural reviews not just to meet regulatory obligations but also to strengthen their overall risk posture,” says Grant-Hart. “When companies prioritize advanced compliance tools and ongoing risk assessments, they’re better equipped to anticipate regulatory changes and minimize exposure to emerging risks.”
NAVIGATING GLOBAL VOLATILITY
Respondents are divided in their management of geopolitical uncertainty—a divide that’s likely driven by their level of exposure to the turbulence of international trade and tariff stressors.
On one side, the data shows some companies have also been more proactive than others in creating a response plan early on: nearly one-third (27 percent) say they have either expanded their monitoring of cross-border trade or have consulted external advisors on global regulations.
On the other side, data shows 43 percent are not changing their compliance priorities at all in response to increased geopolitical instability. This is unexpected—and alarming—as respondents ranked “geopolitical conflicts” as the third-most-pressing risk for business right now. True compliance resilience means actively reassessing policies and controls considering new global developments rather than waiting for risk to materialize. Proactive compliance planning enables organizations to adapt swiftly in an environment where regulatory expectations are constantly evolving.
ARTIFICIAL INTELLIGENCE INFLUENCE
When it comes to managing AI-related risks, the survey finds most legal and compliance teams have begun crafting some form of governing policies or usage guidelines: 29 percent say their company has a comprehensive plan for governing the use of AI, and another 38 percent say the guidelines are being drafted as we speak.
This ongoing process in a space that is rapidly evolving is perhaps why, though companies are increasing their efforts surrounding AI use, most say they are not “very confident” in their effectiveness: 44 percent report their policies need some refinement, while 33 percent say they are entirely insufficient.
This highlights the strain of AI adoption. While many companies feel an internal pressure to adopt these technologies for various uses, they are also adding complexity to the mix. Effective compliance in the AI era is about more than following the rules, Grant-Hart says, it’s about building transparency and trust in how these technologies are managed.
Legal chiefs’ lack of confidence in their ability to manage AI risk may also explain why directors remain hesitant about adopting such technologies for themselves. In Corporate Board Member’s Q3 Director Confidence Index, just 10 percent of directors surveyed said they use AI regularly for oversight purposes, and 32 percent don’t use it at all.
“This disconnect between thorough AI planning by compliance professionals and limited AI adoption at the board level points to the broader challenge of ensuring boards fully grasp both the risks and benefits of AI from a compliance perspective,” says Grant-Hart. “Bridging this gap takes ongoing board education and open dialogue, so directors are empowered to govern emerging technologies in alignment with sound compliance principles.”
