Navigating the

AI landscape
INSIGHTS FROM COMPLIANCE
AND RISK MANAGEMENT LEADERS

01 Navigating the AI landscape | moodys.com/kyc MOODYS.COM/KYC

 KEITH BERRY

Executive Summary
The findings of this extensive study into the attitudes, adoption, and uses for AI in
the world of risk management and compliance are fascinating. What emerges for me
first is that of the 550 leaders who engaged in the study, representing companies from
67 countries, everyone is on a journey to learn more, understand, and implement AI.

Some sectors appear to be further forward along the The paradox is that AI could be the very solution
path, banking and fintech most notably, but almost to resolve issues with internal data. Perhaps this
70% of respondents believe AI will be transformative conundrum is still to be answered, but I certainly
or have a major impact within the next 3 years. look forward to having the conversation with our
And, almost 90% of respondents are interested in customers.
the integration of AI tools by providers of risk and
compliance solutions. The study also highlights the importance AI experts
and risk and compliance leaders place on regulation
AI technology has many facets, as listed by the in this space. There’s 79% consensus that new
experts who were interviewed for this study. legislation in use of AI is important to the profession.
AI solutions range from machine learning to robotics This points to the need for ongoing dialogue and
to large language models and generative AI. collaboration between regulators and the industry to
What emerges, however, is where people see these allay concerns, particularly around global standards,
variants having most impact in risk management and data privacy, and explainability of AI models.
compliance – it boils down to three specific areas:
Finally, while the study suggests AI technologies,
1) Transaction monitoring and risk detection
particularly GenAI and large language models (LLMs),
2) Individual and entity profiling and screening have yet to enjoy widespread adoption in risk and
compliance functions, the potential to enhance
3) Automation of manual tasks and efficiency
capabilities is obviously being recognized. And there is
improvements
broad agreement on the benefits of using AI for core
The message is clear that use of AI is about risk and compliance activity.
strengthening and enhancing the work that risk
As demand for AI-augmented solutions grows, it
management and compliance professionals are
becomes imperative for providers, like Moody’s, to
accountable for each day. The findings show that the
support the transformation and clearly communicate
places early adopters or those trialing AI feel the most
how we can help organize and secure data, ensure
positive impact are in replacing manual processes
accuracy, and deliver the kind of quality solutions
(17%); augmenting staff performance (27%); or a
needed to serve risk management and compliance
combination of both (56%). And a vast majority
leaders. These will be the guiding principles that
(90%) of early adopters report AI is positively
will help organizations worldwide trust and adopt
impacting the work they do in risk and compliance.
AI solutions, embedding them into the risk and
The correlation between data management and compliance landscape.
successful adoption of AI is, however, noteworthy.
Data is so often at the heart of risk and compliance, Keith Berry
and poor internal data could pose a barrier for many General Manager,
organizations navigating the AI technology landscape. KYC Solutions at Moody’s Analytics

01 Navigating the AI landscape | moodys.com/kyc

 SECTION ONE

About the research

CONTEXT & OBJECTIVES METHOD

This changes, everything? We partnered with an independent research

While elements of Artificial Intelligence (AI) such consultancy, Context Consulting, to design and conduct
as Machine Learning (ML) and ‘big data’ analytics the research. The study included multiple phases to
have been busily progressing in the background for arrive at a balanced and robust set of learnings.
decades – indeed, the term ‘Machine Learning’ was
coined as far back as 1959 by Arthur Samuel of In phase 1, we conducted one-to-one interviews
IBM – 2023 was the year AI went truly mainstream. with experts from the worlds of academia,
consultancy, and technology to build hypotheses
The acceleration of Generative AI programs like and inform survey development. Phase 2 involved
ChatGPT, Midjourney, and DALL-E, has pushed an online survey which was completed by 550 risk
the topic into the public consciousness, promising and compliance professionals from a range of sectors
to revolutionize the way the world works. From across 67 countries. And phase 3 saw in-depth follow-
healthcare to legal services and to transportation, up interviews with 10 survey participants in Europe,
AI has been touted as primed to send shockwaves the Americas and APAC to discuss findings of the
through almost every industry. The fields of risk survey and provide additional insight.
and compliance are no exception.
SAMPLE
This raises key questions. We conducted primary
research with a view to finding out more and Our research was broad, deep, and global in its scope
exploring attitudes towards AI within a range – including people from a wide range of sectors and
of target audiences and regions, covering the roles to get a full picture of how AI is impacting risk
following topics: and compliance today.

• Is AI a passing trend in risk and compliance, REGION n=

or here to stay?
Europe & Africa 338
• Where will its impact be felt most across Americas 101
risk management and compliance? APAC 92
• How do risk and compliance professionals Rest of world 19
view its potential?
SECTOR n=
• What are the risks and benefits, barriers
and opportunities involved in adopting AI Banking 219
in these fields? Other financial services 131
Asset & Wealth Mgmt. 40
• What effect is AI having on risk management
and compliance practices across different Insurance 48
industries today? Fintech 43
Non-financial services 200
• What are the regulatory challenges?
Professional services 54
• When is AI expected to go mainstream Corporates 114
in risk and compliance, if at all? Government 24
Other 8

TOTAL 550

02 Navigating the AI landscape | moodys.com/kyc

 SECTION TWO

Background: A double-edged sword

The proliferation of AI technologies into different Doing nothing in relation to AI adoption is equally
areas of life represents both a risk and an opportunity risky – allowing competitors to steal a march in
for businesses of every size in every sector. On the cost savings, efficiency, and overall performance.
downside, new technologies, including AI, have the AI could open competitive threats to incumbent
potential to help hide criminal activity, circumvent players, as tech-enabled disruptors enter the market,
tried and tested risk infrastructures, and defraud working in faster, smarter, and more engaging ways.
businesses and individuals on an unforeseen scale.
On the positive side, those who adopt the right
As with any new technology, when it is implemented technologies first can power ahead. In an increasingly
but not fully understood, AI also offers the possibility fast-paced, complex, and data-driven world, AI allows
of unintended consequences. It can, for example, businesses to do more with less, adapt efficiently to
provide a false sense of security, meaning that change, and deliver the next generation of services,
companies relying on AI could miss issues that detection, and protection. These paradigm-shifting
would have been picked up by human operatives. benefits enhance the effectiveness of risk
management while ensuring compliance.

03 Navigating the AI landscape | moodys.com/kyc

 SECTION THREE

Clarifying the conversation:

AI terms in risk and compliance
How well is AI understood within the fields of risk
What is your understanding of the relevance and
management and compliance? Despite the noise, application of AI in risk management and compliance?
the picture, for many, remains unclear, with survey
respondents reporting relatively low understanding
of AI’s relevance to risk management and compliance 44%
across regions, roles, and sectors.
Just over one quarter (26%) of respondents rate their
knowledge as “high” or “very high” – less than the
29% of respondents who define their knowledge of
AI as “low” or “very low.” 20% 19%
Almost half of respondents claim only moderate
knowledge. Subsequent interviews suggest that this 9%
7%
describes those with a surface-level awareness of AI
and related terminology, but who lack understanding Very low Quite low Moderate Quite high Very high

of how it relates to their function and the business Base: Total (n=550)
case for adoption.

SIZE MATTERS

Digging deeper into the detail is revealing. The size of company where a respondent works shows a marked difference
in how they rate their understanding of the relevance and application of AI. More people in smaller companies
(<1,000 FTEs), rate their knowledge as ‘low’ than those in larger ones, and conversely, more people in larger
firms rate their knowledge higher than those in smaller firms.

How would you rate your understanding of the relevance and <1,000 FTEs This can, in part, be explained by
application of AI in the context of risk management and compliance? the level of AI adoption in these
>10,000 FTEs
different sizes of firms. While we
tend to think of smaller firms as
36% of those in smaller 46% 34% of those in the largest nimble, digital innovators, the
firms rate their knowledge firms feel they have ‘high’ relative newness of AI, and the high
41%
‘low’ vs. 20% in the understanding vs. 24% in
larger companies smaller firms costs involved, may be prohibitive
to them, causing hesitancy when
evaluating which AI technologies
25% 24% to adopt.
Larger firms with bigger budgets
16% and headcounts looking for
14%
11% 10% efficiency gains are more inclined to
8% seek out tech-enabled opportunities
6%
to reduce costs, and they have the
Very low Quite low Moderate Quite high Very high
resources to put them into practice.
Base: Total (n=550), <1,000 FTEs (n=212), >10,000 FTEs (n=185)

04 Navigating the AI landscape | moodys.com/kyc

DECODING THE CONFUSION

Whatever the size of firm, knowledge of AI’s relevance to the risk and compliance function currently remains moderate
to low. Part of the confusion centers around the sheer variety of terms used in the field and the fact AI is not one thing.
From AI to ML, NLPs, LLMs and GANs – to name but a few – people can quickly drown in a sea of acronyms.
(That’s Artificial Intelligence, Machine Learning, Natural Language Processing, Large Language Models and Generative
Adversarial Networks, to you and me.)
With so many terms and technologies to get to grips with, it’s little wonder the majority of people don’t rate their
understanding of AI’s role in risk and compliance as “high” yet.

Which of the following terminologies do you associate with AI?

Machine learning 83%

Generative AI (Gen AI) 74%

Natural Language Processing (NLP) 51%

Deep learning 51%

Supervised machine learning 50%

Robotics 43%

Neural networks 42%

Large Language Models (LLMs) 41%

Unsupervised learning 29%

Reinforcement learning 22%

Generative Adversarial Networks (GANs) 17%

Autoencoders 11%

Base: Total (n=550)

05 Navigating the AI landscape | moodys.com/kyc

THREE KEY THEMES

We asked the professionals surveyed to provide a definition, in their own words, of how AI can be
applied to risk and compliance. From the hundreds of resulting descriptions, three key themes emerged:

1) Transaction monitoring and detection

The uses in this field are widespread, including:
• Identifying risks through pattern recognition
Currently our transaction
monitoring system is using
• Automating AML monitoring and fraud detection
AI to do outlier detection for
• Identifying money laundering and terrorist transactions. We are looking to
financing activities
get our own instance of GPT4
• Financial crime and sanctions prevention, to be used for code review and
unauthorized trading detection, and compliance compliance review of policies,
breaches
guidelines, and procedures.
• Advanced outlier detection when calculating fund
product limits or compliance review of policies

2) Customer and entity profiling

Another core pillar of any compliance and risk function
AI enables financial institutions is understanding the people and organizations to
which you’re connected and have potential exposure.
to study the behavior of There are clear roles for AI to assist in improving
customers to understand profiling capabilities, such as:
their transaction patterns and • Real-time customer due diligence and compliance
predict any abnormalities. gap detection
• More accurately predicting outcomes based on
past data
• Analyzing vast datasets from vendors, customers,
market trends, and industry regulatory updates
• Streamlining processes, reducing human errors,
and minimizing expenses
• Enhancing processes and reducing manual controls
• Analyzing policyholder information, claims
histories, and market trends

06 Navigating the AI landscape | moodys.com/kyc

3) Automation and efficiency improvement
Finally, as in other business areas, one of the
core benefits of using AI for risk and compliance We don’t use AI today, but
is the automation of repetitive tasks to improve
efficiency, for instance:
hopefully it will be able to
make our processes more
• Providing answers to compliance-related
questions and composing communications efficient, and we can reduce
• Modeling business situations, and managing
the number of manual controls.
regulatory requirements
• Reviewing documents for quality assurance
and performing regular maintenance duties
• Employing generative transformers such as
ChatGPT and AI-driven code recommendation
tools such as Kite or GitHub Copilot

ADOPTION What is the current level of implementation of AI within your

company for the purpose of compliance or risk management?
Clearly, it is still early days in AI’s diffusion into the
world of risk and compliance. To find out just how 9% AI is actively being utilized
widespread its use is, we asked participants about
their current level of implementation. We discovered 21% AI is in a trial or pilot phase
that around one in three organizations are actively
using or trialing AI in compliance and risk management 49% We are considering the use of AI
– with 9% being active users and 21% in the trial or
pilot phase. Just under half of firms are considering 21% AI is not being considered
its use, while 21% are not.
Base: Total (n=550)

The banking and fintech sectors are leading the charge with 40% and 36% respectively using or trialing AI,
while insurance, asset and wealth management are playing catch-up.

Fintech 18% 18% 45% 18%

Banking 12% 28% 46% 14%
Insurance, asset &
wealth management 3% 11% 55% 32%

Larger companies are significantly more likely to be using or trialing AI at 42% vs only 23% of small companies.
This suggests that those with large headcounts and big budgets are using their spending power to drive a shift
towards AI, seeking efficiency gains, standardization of performance, and headcount reduction.

<1000 FTEs 8% 15% 46% 31%

1000-9999 FTEs 6% 20% 58% 17%

>10,000+ FTEs 13% 29% 45% 13%

Base: Total (n=550), Fintech (n=35), Banking (n=209), Insurance, Asset & W. Mgt. (n=87), Less than 1000 FTEs (n=192), 1000-9999 FTEs (n=125), 10,000 FTEs (n=164)

07 Navigating the AI landscape | moodys.com/kyc

THE DEVIL IS IN THE DATA

It is widely recognized that one of the preconditions Everyone is at a different stage in their AI journey.
of a firm’s ability to adopt AI is the quality, consistency Understanding data maturity and rectifying gaps
and organization of its internal data. It is incredibly is key to a firm’s readiness to adopt AI it seems.
hard to implement AI effectively with poor quality, So, we asked participants to identify the maturity
disorganized data. level of their internal data across a five-point scale:

Superior High quality Clean Inconsistent Fragmented

Superior data Clean, structured Clean, structured Data is structured Fragmented

infrastructure data. Occasional data. Occasional but contains and unstructured
with real-time quality checks in quality checks in inconsistencies. data. Significant
refinement. place. Moderate place. Moderate Manual cleansing cleansing required
Seamlessly breadth and depth. breadth and depth. often necessary. for meaningful
integrates into Limited breadth use.
decision-making. and depth.
Unparalleled
breadth and depth.

2% 12% 19% 44% 23%

The fact that two thirds of respondents rate their firm’s data
quality in the two lowest categories helps explain why the 2 out of 3 respondents believe their
majority are yet to start using AI for risk and compliance. organization has low data quality
Base: Total (n=550)

CHICKEN OR EGG?
The question then becomes, are early adopters of 36% of those already using AI rate their internal
AI able to do so because they have better internal data as high-quality or superior, compared with
data, or are they using AI for the purpose of only 9% of those not considering AI.
improving their data?
At the other end of the scale, 75% of those not
It is clear a data-maturity gap exists between those considering AI think their data is inconsistent or
companies already using AI and the rest of the field. fragmented, compared with a still far-from-perfect
46% of existing users.

Which of the following statements best describes your organization’s data maturity in the context of compliance?

Using AI 5% 31% 19% 36% 10%

Training AI 3% 13% 21% 41% 22%

Considering AI 2% 8% 20% 49% 22%

Not considering AI 2% 7% 16% 39% 36%

Base: Total (n=550), Using AI (n=42), Trialing AI (n=95), Considering AI (n=225), Not Considering AI (n=83)

With 55% of those using AI rating their data as “clean” or better, there appears to be a powerful link between
high-quality internal data and early adoption of AI.

08 Navigating the AI landscape | moodys.com/kyc

 SECTION FOUR

Voices from the vanguard:

insights from early AI adopters
PUTTING AI TO WORK We wanted to understand which of the following
types of AI models were being used:
Understanding where AI is being implemented
today is key to seeing how it will impact risk and
Statistical or stochastic models are primarily
compliance tomorrow.
based on statistical methods and often used for
Unsurprisingly, as teams are forced to deal with forecasting, pattern recognition, or anomaly detection.
ever-increasing levels of information, 63% of
companies actively using or in a trial phase with Traditional language models are designed for
AI are using it for data analysis and interpretation. tasks like text classification, sentiment analysis,
and named entity recognition.
Areas in which AI is being used (existing users / trialists only)
ML models on tabular data are designed for
Data analysis and structured data, such as those used in finance,
interpretation
63%
healthcare, and retail for tasks like prediction
and clustering.
Risk management 53%
Generative language models generate
Fraud detection
coherent and contextually relevant text over
51%
extended passages.

Process automation 46%

Our research identified that, on average, those using or
Customer screening
trialing AI were using an average of 1.8 different models,
45%
reinforcing the idea that AI is a multi-faceted technology.

Predictive analysis 40%

AI model types being used / trialed:

Regulatory Statistical or
compliance 34% 45%
stochastic models

Base: Using/ Trialing AI (n=144)

Traditional
language models 35%

Risk management and fraud protection, particularly ML models on

tabular data 35%
in banking, come next on the list. Other priorities like
automation, screening, and regulatory compliance
are being applied and will likely grow as more AI Generative
language models 28%
technologies become commonplace.
The different AI models an organization uses provide Base: Using/ Trialing AI (n=144)
insights into a range of areas like the level of its
data maturity, the specialized nature of tools it has
developed, and the specific intelligence it requires.

09 Navigating the AI landscape | moodys.com/kyc

The prominence of statistical or stochastic models AI model types being
Using AI Trialing AI
reflects both the breadth of demand for pattern used / trialed:
recognition and anomaly detection, as well as the fact
such models are more established forms of AI. Statistical or 56%
stochastic models 45%
However, when comparing current users of AI with
those trialing AI, we see the latter are more likely to Traditional 28%
language models 38%
be trying out traditional language models, ML models,
and generative language models. ML models on 28%
tabular data 38%
This is most likely due to the recent advancements in
LLMs, like ChatGPT, which have shifted awareness and Generative 26%
become more accessible, versus the complexity and language models 30%
more specialized nature of stochastic models, which
were a feature of early-mover investment. Base: Using/ Trialing AI (n=144)

CHARTING INTENT VS. OUTCOME

What has been your primary intent in implementing AI?
Meeting desired outcomes and successful
implementation of AI today will shape the role it
can play in risk and compliance in years to come.
17%
Replacing manual
When implementing AI, what is the primary processes
intent for organizations? What has the impact
56% Augmenting staff
of AI been to date? We posed these questions to
27% performance
early adopters to understand what their initial aims
were and whether they were currently being met. Doing both

Replacing manual processes can be considered Base: Using AI (n=43)

akin to seeking efficiency, i.e. doing the same tasks
more quickly and at lower cost, and potentially
using fewer staff. By contrast, augmenting staff
performance speaks to a desire for qualitative
improvement and achieving superior outcomes
as a result of using different AI technologies.
Our results suggest that for most early adopters,
their aim is to use AI to achieve both at the same
time. If anything, they are more likely to be seeing
quality improvements than pure efficiency.

10 Navigating the AI landscape | moodys.com/kyc

When it comes to the impact of AI, early adopters Drilling deeper, the early adopters of AI identify
are highly positive. 91% of respondents feel AI has benefits across five key areas:
had significant or moderate impact on risk and
compliance, compared with 9% who claim it 1) E fficiency gains
has had minimal or no impact. Automation of repetitive tasks like anti-money
laundering (AML) reduces workloads, allowing
them to focus on what’s important.
What has been AI’s impact to date?
2) E nhanced risk identification
Significant impact Improved transaction AML reporting and
32% Major improvements in efficiency monitoring. More timely identification of risks
or outcomes informing better decisions.
3) Tighter fraud detection
Reducing fraud, including impersonation fraud,
Moderate impact
59% and enhancing threat detection in cybersecurity.
Noticeable improvements in some areas
4) Cost saving and error reduction
Minimizing errors and irregularities to reduce full
Minimal impact time employees (FTEs) and infrastructure upkeep.
7% Slight improvements but less
than expected 5) Data processing and quality gains
Improving how data is collected, organized and
analyzed, allowing for deep and extensive insights.
No impact
2% No significant change in efficiency
or outcomes

Base: Using AI (n=43)

With a small compliance team,

we are leveraging AI to operate
best-in-class transaction
reporting monitoring for
money laundering, market
abuse, and best execution.

11 Navigating the AI landscape | moodys.com/kyc

 SECTION FIVE

The balancing act: how risk and

compliance professionals view AI
Looking beyond early adopters to the wider audience, There is clear interest among firms of all sizes in
we see a story of cautious optimism. A balancing act. developing “co-pilot” LLMs trained specifically on
their proprietary data, and as such avoiding data
Minds are still being made up around the best policies privacy and security pitfalls.
to adopt on AI tools such as LLMs. But, while most
firms are yet to implement the technology, there is Despite cautiousness and reticence, the overall
broad agreement AI will deliver advantages for risk outlook for AI in the broader spectrum is optimistic.
and compliance teams in the long run. 82% of respondents either agreed or strongly agreed
that AI will deliver significant advantages within the
When it comes specifically to LLMs like ChatGPT, risk and compliance function. Only 5% demurred.
only around 1 in 4 firms (28%) take a positive stance,
and 25% are “actively discouraging” or “prohibiting” Overall, do you agree there are significant advantages of
its use. However, the fact the largest group (46%) using AI within risk and compliance functions?
has yet to adopt a policy speaks to the relative
newness of the technology. 28% Strongly agree

Digging into the detail, fintechs, perhaps expectedly,

54% Agree
are the most open to LLMs with 54% taking a
positive stance. This contrasts with banks, potentially
13% Neutral
more mindful of reputational risk and data privacy,
with 25% taking a negative stance.
2% Disagree
Here again we identified a difference by company
size. Whereas 70% of firms with more than 10,000 3% Strongly disagree
FTEs have devised a policy, only 43% of firms with
fewer than 1,000 FTEs have done so. The policies Base: Total (n=550)

devised by large firms are as likely to impose a

negative stance as a positive one, 35% in both cases. This sentiment is consistent across all types of
organizations, both financial and non-financial,
and in those who were using AI and those who
weren’t considering it at all.

EXTRA CREDIT
Awareness of the benefits of AI are well recognized When asked to home in on one main benefit of AI,
across both those considering and those not 25% chose efficiency while 19% opted for speed.
considering its use.
More “qualitative” benefits, like the reduction
We therefore asked respondents to identify the key of false positives or enhanced accuracy, are less
benefits of AI in risk and compliance in their view, widely perceived at present, though these are likely
and to specify one single key benefit. to grow as awareness of AI’s potential improves
and technologies become more embedded in risk
Among the benefits listed, efficiency and speed were and compliance processes.
most cited, in both cases by 72% of respondents.

12 Navigating the AI landscape | moodys.com/kyc

Perceived advantages of AI Top advantage Advantages

Improved efficiency 25% 72%

‘Efficiency’ gains
appear to be more Increased speed 19% 72%
eye catching

Cost savings 11% 66%

Scalability for
larger data sets
12% 61%

Enhanced accuracy 12% 51%

Awareness of
‘qualitative’ benefits
likely to grow in time Reduction in false
positives/negatives 11% 49%

Ability to tackle more

complex issues 10% 45%

Base: Total (n=550)

RIGHT PLACE, RIGHT TIME

AI appears to be well placed to address the growing challenges faced by many risk and compliance teams.
In a world where efficiency is paramount and teams are being continually streamlined, many feel they are creaking
under the weight of exponentially growing datasets and ever-evolving regulatory requirements.
AI presents the opportunity to solve the conundrum of being asked to do more with less.

I think at the moment we spend As a relatively small financial

too much time on repetitive, institution, compared to the big
non-complex issues that could banks, we are usually behind
be outsourced to an AI tool. in innovation and automation.
AI is a chance to close that
gap to some extent, leading to
more “best-in-class” processes,
especially in terms of speed.

13 Navigating the AI landscape | moodys.com/kyc

RAISING CONCERNS
If the benefits of AI are widely understood, so too are its risks. We asked respondents which concerns they had over
the use of AI in risk and compliance, and to state which one they considered the biggest concern.

Perceived concerns of AI Top concern Concerns

Data privacy and confidentiality issues 14% 55%

Lack of transparency in decision-making 15% 55%

Misuse or misunderstanding 13% 53%

Over-reliance on AI 17% 52%

Legal and regulatory implications 8% 48%

Potential for bias and discrimination 9% 48%

Security risks 8% 46%

Ethical challenges 6% 40%

Use of fraud within AI 4% 39%

Conflicting regulations across markets 3% 33%

Displacement of jobs 3% 16%

Base: Total (n=550)

Data privacy fears and the lack of transparency in At the other end of the scale, people are less
AI-driven decision-making are the most frequently worried about AI displacing jobs or navigating
stated concerns, being cited by 55% of respondents. different regulatory environments.
The next most common concern is the misuse
or misunderstanding of AI, cited by 53% of
respondents overall.
Industrial espionage risk is high
and it’s difficult to know how
AI could expose the company
at this point. AI is only as good as the person
building it and employing it.
It will not serve as a replacement
for individuals that are weak
or uninformed regarding AML,
compliance or fraud issues.
The black box nature of
the decision making is very
unsettling as it will not lead
to consistent nor explainable
outcomes.

14 Navigating the AI landscape | moodys.com/kyc

Over-reliance on AI ranks fourth overall, being named
by 52% of respondents. However, this is the factor
most likely to be named as the single main worry, for
17% of respondents, meaning its significance should
not be underestimated.
This reflects two separate but connected concerns.
On one hand lies a fear that companies will entrust
so much decision making to AI that human judgement Relying too much on AI could
no longer reigns supreme. On the other, there is a lead to a decrease in awareness
sense that AI’s role could make it difficult for the that the final decision should
next generation of professionals to develop the
intuition and nuanced reasoning needed to make always be taken by a human
difficult calls in the future. being. AI should only be a tool,
The telling nature of these concerns is that they are not a decision-maker.
not just the voice of those reluctant or unwilling to
take up AI. In many cases they are live concerns for
people using or trialing AI technologies.
Clearly additional reassurance is needed to ensure
risk and compliance professionals as a whole can
have faith in processes and decisions powered by AI.

LET’S BE CLEAR
So, what can be done to allay existing fears? What safeguards can be put in place to ensure the reasonable and
responsible introduction of AI technologies within risk management and compliance operations?
Most cited, 51%, was ensuring transparency in AI decision making. Developing a comprehensive AI governance
framework and regular AI testing were also seen as key to providing confidence in new technologies at 48% and
45% respectively.

Which safeguards are required around AI in risk and compliance?

51%
48%
45%
39% 38%
34%

13%

Ensuring Developing a Regular testing Establishing clear Implementing Providing Collaborating

transparency and comprehensive and auditing for accountability robust data comprehensive with external
explainability AI governance bias and fairness and oversight privacy and training to staff experts or
framework mechanisms protection advisory bodies
measures
Base: Total (n=550)

15 Navigating the AI landscape | moodys.com/kyc

 SECTION SIX

Walking the tightrope:

regulatory perceptions
While AI continues its march into the world of risk Even when looking at different segments, regulatory
and compliance, what regulation has been developed awareness needs work. Among early adopters and
or is needed to support safe entry? And how aware those trialing AI, only a quarter of respondents claim
were our survey participants of the evolving regulatory to have good awareness of regulation.
conditions related to AI in their sector?
These findings contrast with the perceived importance
Only 15% of respondents claimed to be well aware of regulations in this space. With 79% of respondents
or fully aware of current regulations, and one third agreeing regulation of AI is important, there is clearly
admitted to not knowing anything. a desire for authorities to act. This view is reflected
across all sectors and almost as much by those not
How aware are you of the current AI-related regulations in using AI (75%) as those already using it (83%).
your sector?
The concerns most survey participants shared in the
5% I am fully aware previous section mirror the priorities people believed
regulators should address first.
10% I am well aware with some gaps

21% I am somewhat familiar

34% I know a little

32% I don’t know anything

Base: Total (n=550)

Focus of regulatory actions Top focus area Focus areas

Ensuring data privacy and protection standards 21% 65%

Defining accountability and legal responsibilities 21% 62%

Promoting transparency and explainability 20% 62%

Ensuring robust security measures 11% 54%

Preventing bias in AI algorithms and outcomes 13% 53%

Addressing ethical concerns 10% 46%

Base: Total (n=550)

16 Navigating the AI landscape | moodys.com/kyc

 CREATING A FRAMEWORK FOR SUCCESS
Professionals clearly want regulators to implement globally consistent, forward-looking rules, that enshrine
human accountability in the use of AI. Some of the topics that consistently came up include:

Standardization and Transparency, accountability,

global collaboration and human oversight
to create a consistent and to ensure decision-making is clear.
standardized regulatory Individuals should be held accountable
framework, avoiding piecemeal for outcomes. And there should be
country- or state-level versions. involvement of humans in AI-driven
decisions at all times.

Ethical deployment and data Regulators need to grow Legislation needs to be

privacy are paramount, understanding through education, flexible and adaptable,
especially regarding potential with precise terminology and by recognizing the rapid advancement
bias in AI. Regulations should educating the public to foster trust of AI. While there’s a need for rules,
protect data privacy, given AI’s and address skepticism around AI. a principle-based approach might
use of vast datasets. serve better than being overly
prescriptive as AI matures.

17 Navigating the AI landscape | moodys.com/kyc

 SECTION SEVEN

In the spotlight: the solution

vendors shaping the AI landscape
If the rapid development of AI is putting pressure on Specifically, our study found that technology
regulators, our survey found that another group facing partners must prioritize demonstrating how their
growing expectations is solution vendors. offerings address key areas including:
When asked about their interest in vendors introducing Transparency
AI tools into their risk and compliance offerings, the Understanding how AI-driven outcomes are
results were unequivocal. 97% of respondents are achieved and providing insights into the decision-
interested to some degree – 48% being very interested making processes of AI systems. Stakeholders
– with a high degree of consensus across industries, need to understand their partners can explain
regions, and risk and compliance roles. how systems work with confidence and clarity.
Transparency helps prevent “black-box” scenarios
where users question the reasoning behind decisions.
How interested are you in vendors introducing AI tools Accuracy and reliability
into risk and compliance offerings? AI models will need to deliver consistent results
with high accuracy, robustness, and reliability.
Mistakes or inconsistencies have significant
Very 48% repercussions, particularly in the field of risk
management and compliance, ranging from
financial penalties to reputational damage.
Moderately 29%
Bias control and ethical use
Overcoming inherent bias in AI models was cited
by many respondents, highlighting a need for
Slightly 20%
technology partners to prioritize bias audits,
address disparities, and ensure the ethical use of AI.
Not at all 2% Data security and protection
It’s paramount that AI solutions guarantee the
protection of sensitive data and information
Base: Total (n=550) associated with risk and compliance. Many express
concerns about ensuring confidentiality and security
of company, customer, and staff data, especially in
external platforms.
However, vendors will need to reassure customers
by demonstrating any AI-powered tools meet high Efficiency and optimization
standards and can be relied on in the high-stakes Cost and speed are important, but these shouldn’t be
realms of risk and compliance. achieved at the expense of accuracy or transparency.

18 Navigating the AI landscape | moodys.com/kyc

IN-HOUSE OR OUTSOURCE?
Do you lean towards building in-house or buying
We next asked respondents whether they lean pre-built AI solutions?
towards building AI solutions in-house or purchasing
pre-built tools.
Overall, a blended approach was most preferred 16%
(54%), with 30% buying pre-built solutions and
only 16% building in-house.
However, digging into the results provides additional
insight. Pre-built solutions are most favored by smaller 54%
firms with fewer than 1,000 FTEs, not least because
these companies are less likely to have the technical 30%
skills needed.
By contrast, those who adopted AI early are more likely
to prefer systems built in-house, while later adopters
are often using pre-built and off-the-shelf solutions.
These findings hint at the changing face of AI – Build in-house
that more bespoke and specialized AI solutions,
Buy pre-built solutions
like statistical and stochastic models, were developed
by first movers in-house, whereas evolving A blend of both
technologies like LLMs are becoming increasingly Base: Total (n=550)
widespread, democratized, and outsourced. There’s
clearly an increasing role for third-party partners
to create AI-led solutions for risk and compliance
functions if they get the fundamentals right.

SECTION EIGHT

Looking ahead: predictions and

projections from the frontlines
While AI is deepening its reach into everyday risk
and compliance tasks, the transition won’t happen Expected timeline for the widespread adoption of AI usage
within the risk and compliance field?
overnight. Very few predict widespread adoption of
AI in risk and compliance within the next 12 months.
83% expect adoption within 1-5 years
Most people we spoke to – 83% – see a more
realistic timeline being over the next 1-5 years.
45%
38%

5% 13%
Within the 1-3 3-5 Over
next year years years 5 years
Base: Total (n=550)

19 Navigating the AI landscape | moodys.com/kyc

So, did risk and compliance professionals expect AI
to be adopted at a different rate within their function Do you expect AI adoption in risk management and
compliance to occur faster or slower than other
as compared to other business functions?
business functions?
In fact, nearly half of respondents anticipate a slower
adoption in risk and compliance than other business
areas, with a much smaller proportion expecting the 21%
Faster
reverse. What lies behind this expectation?
Same rate
46%
Slower

Base: Total (n=550)

33%

PERCEPTION OR REALITY?

Our respondents highlighted a mix of practical,

cultural, and regulatory challenges that are Leaders do not see compliance
expected to slow adoption of AI technologies and risk as a contributor to
in risk and compliance compared to other areas.
profit and performance.
• Budget allocation tends to go to revenue- They will likely prefer to
generating units first, with risk and compliance invest in functions that are
functions viewed as cost-centers
seen to enhance competitive
• Compliance and risk management are also edge and growth.
heavily regulated areas so the speed of
regulation could dictate the pace of uptake

• The complexity and requirement for nuance

in many risk and compliance decisions makes
it less open to the use of AI, as a high level of
human judgement is often required Risk management is about
judgement, which AI is not
• Risk and compliance people, by their nature, particularly good at.
are generally more risk-averse, which may
mean they are slower to change, and more
resistant to adopting new technologies than
other business areas

• Technical and practical issues feature too,

with some feeling current AI systems won’t Risk and compliance are
understand the intricacies of interpreting inherently change adverse and
and analyzing risk and compliance data,
particularly when the stakes are high will need to consider privacy
and other considerations.

20 Navigating the AI landscape | moodys.com/kyc

But despite reservations, almost 70% of firms expect AI will exert a transformative or major impact on risk and
compliance in future, which rises to 77% in banking and 74% in fintech.

Expected impact of introducing AI on risk & compliance Transformative Major Moderate Minimal None

Total 22% 47% 28%

Banking 24% 53% 21%

Fintech 19% 55% 26%

Asset & wealth

management 22% 30% 43%

Insurance 17% 32% 36% 13%

Base: Total (n=550), Banking (n=219), Fintech (n=43), Asset & WM (n=40), Insurance (n=48)

21 Navigating the AI landscape | moodys.com/kyc

 SECTION NINE

Wrapping things up:

six key takeaways
While it is still early days for the impact of AI technology to be felt across risk and compliance, one thing is certain:
change is coming. In what shape and what ways remains to be seen, but those who are most alive to the risks and
opportunities now will be those most able to adapt, avoid pitfalls, and take advantage of the benefits it promises.
These six takeaways should help anyone working in risk and compliance get a better understanding of the AI landscape
today, and how it could change tomorrow:

9 in 10 early adopters of AI report that it is having a positive impact on risk and compliance, delivering an
1 impressive range of benefits

Outside of the early adopters, most firms have yet to embrace use of LLMs, but there is broad agreement:
2 AI technologies, including GenAI, will deliver advantages for risk and compliance

With two thirds of respondents describing their data as fragmented or containing inconsistencies, the poor
3 quality of internal data could be a barrier to AI implementation if firms can’t get a firmer handle on it

There is a stark gap between the lack of awareness of AI-related regulation and the common agreement that
4 new legislation is needed; therefore, those in the industry need to engage in dialogue with regulators

As the clamor for AI-augmented solutions grows, vendors need to communicate how they ensure data security,
5 explainability, and quality of outputs

Widespread adoption of AI is predicted in the medium term, though perhaps less quickly than in other business
6 areas, so risk and compliance leaders who perceive there to be speed and efficiency gains to be had from use
of AI need to build their business case based on evidence from early adopters

Whether you are in the vanguard of change or reluctant to adopt AI, it pays to understand what is happening in the
field. It will undoubtedly be a key driver of progress and could influence competitive advantage. It does create entirely
new opportunities and challenges for risk and compliance professionals – whether leading change or resisting it –
for the foreseeable future, so developing understanding, continuing to participate in the conversation, and beginning
to navigate the AI landscape are essential.

22 Navigating the AI landscape | moodys.com/kyc

 GET IN TOUCH

Contact
information
To find out how Moody’s can help you
unlock the potential of AI in your world
of compliance and risk management,
please visit moodys.com/kyc/ai-study
or get in touch.

AMERICAS
+1.212.553.1653
clientservices@moodys.com
EUROPE
+44.20.7772.5454
clientservices.emea@moodys.com
ASIA (EXCLUDING JAPAN)
+852.3551.3077
clientservices.asia@moodys.com
JAPAN
+81.3.5408.4100
clientservices.japan@moodys.com

23 Navigating the AI landscape | moodys.com/kyc MOODYS.COM/KYC