AI may be able to detect risk faster than any compliance team—but it still cannot own accountability.

I used to say that I would not sacrifice speed for accuracy. The philosophy still holds, but AI has changed the math. Traditionally, speed and accuracy were treated as a trade-off: move faster and risk more errors, or slow down to protect precision.

With AI, that dynamic is changing. The new mandate is not speed versus accuracy. It is precision at the speed of compliance.

Cherud Wilkerson

That is the real tension facing compliance leaders today. As artificial intelligence becomes embedded in transaction monitoring, third-party due diligence, regulatory change management, surveillance, and reporting, many teams are asking a practical question: Are we still driving the compliance program, or are we simply riding shotgun while AI takes the wheel?

The answer matters because regulators, boards, and stakeholders are not likely to accept “the system said so” as a sufficient explanation. AI can accelerate compliance work, but human judgment still has to set the direction, challenge the output, and own the decision.

AI is changing the speed of compliance

For years, compliance has been a highly manual discipline. Teams reviewed alerts, sorted through transaction logs, monitored communications, interpreted regulatory updates, and mapped policy changes across the business. Much of that work was necessary—but slow.

AI changes that equation by bringing speed, scale, and pattern recognition to areas where humans have traditionally been constrained by volume.

  • Predictive risk detection: Instead of discovering a policy violation months after the fact during an audit, machine learning algorithms can analyze patterns in real time to flag anomalies—such as potential insider trading, bribery, or money laundering—before they escalate.
  • Regulatory horizon scanning: Thousands of pages of regulatory updates are published globally every day. Natural Language Processing (NLP) tools can ingest, analyze, and summarize these updates, immediately alerting teams to which specific internal controls need to be modified.
  • Automated due diligence: Background checks and third-party risk assessments that used to take weeks can now be completed in minutes, parsing through global sanctions lists and adverse media simultaneously.

In other words, AI is very good at scanning the road ahead. But seeing a hazard is not the same as deciding what to do about it.

Consider a third-party risk review. An AI tool may flag a vendor because of adverse media, sanctions proximity, ownership complexity, or unusual transaction patterns. That alert is useful. But a compliance professional still has to determine whether the risk is current, material, explainable, remediable, or severe enough to escalate. That is not just data processing—it is judgment.

The risk of putting compliance on autopilot

The efficiency of AI is compelling. But treating AI as an autonomous compliance function creates real governance risk. A responsible program needs more than automation; it needs explainability, documentation, escalation, and human oversight.

  • The “Black Box” problem and explainability

Regulators will not accept “the AI told us to do it” as a defense. If a model flags a transaction, clears a customer, ranks a third party, or supports a regulatory report, the organization must be able to explain the decision path, the controls around the model, and the human review applied.

The EU AI Act reflects a broader global movement toward risk-based AI governance, transparency, and human oversight. In the U.S., the landscape is more fragmented, but voluntary frameworks such as the NIST AI Risk Management Framework and state-level laws like the Colorado AI Act point in the same direction: organizations need documented governance, risk management, transparency, and human oversight around AI.

  • Hallucinations and data drifts

Generative AI can produce confident but inaccurate answers. Models can also degrade over time as business activity, customer behavior, markets, and typologies change. Without validation, monitoring, and challenge, yesterday’s useful model can become tomorrow’s control failure.

  • Institutional bias

AI learns from historical data. If that data reflects flawed assumptions, inconsistent investigations, or biased patterns, the model may scale those weaknesses across the enterprise. Compliance is not only about detecting risk; it is also about fairness, proportionality, and ethical decision-making.

The new role of compliance: Co-pilot, not passenger

The goal is not to reject AI. It is to govern it well. Compliance teams should think of themselves as co-pilots: close enough to benefit from the technology, experienced enough to question it, and accountable enough to intervene when the route no longer makes sense.

  • Calibration and governance
    Humans set the risk appetite, ethical boundaries, and compliance thresholds. AI executes searches and monitoring within those defined guardrails.
  • Contextual judgment
    Humans understand nuance, intent, and cultural context behind a flagged anomaly. AI spots statistical deviations and patterns across massive datasets.
  • Accountability
    Humans sign off on regulatory reports and own the ultimate liability. AI generates documentation and audit trails to support the sign-off.

AI can identify correlation. Humans still have to determine context, causation, intent, and accountability.

What compliance teams should do now

  • Create an AI inventory: Know where AI is being used across compliance, legal, audit, risk, operations, and third-party platforms.
  • Define ownership: Assign clear accountability for model use, approval, monitoring, and escalation.
  • Require explainability: Make sure teams can explain how AI-supported decisions are made and reviewed.
  • Monitor model performance: Test for accuracy, drift, false positives, false negatives, and unintended outcomes.
  • Document human review: Keep evidence of challenge, override, escalation, and final decision-making.

Final thought

This is not a call to slow innovation. It is a call to govern it deliberately.

The question for compliance leaders is no longer whether AI belongs in the program. It is whether the organization has built the governance, judgment, and accountability needed to use it responsibly.

So, are we riding shotgun with AI? Maybe. But in compliance, the person riding shotgun still needs the map, the authority to challenge the route, and the courage to say, “Pull over.”


Cherud Wilkerson, CRCM, is the founder of RegLeader and a seasoned compliance risk executive with 25 years of experience leading enterprise compliance, regulatory change management, and operational governance. He brings a distinctive systems-level perspective to risk management, shaped by his academic background in Biology, Physics and his service as a U.S. Navy officer.