Regulatory compliance: technology-enabled solutions for a new age

Learn how AI and proactive strategies can enhance your organization's response to the shifting sands of regulatory compliance.

In brief

• Stay informed: Companies must actively monitor regulatory changes at both federal and state levels to remain compliant, even during times of deregulation.
• Leverage technology: Utilize AI and other tools to enhance monitoring capabilities and automatically map changes and conflicts to business documentation and controls.
• Develop a proactive strategy: Establish a governance framework to analyze and respond to regulatory shifts, ensuring alignment across the organization.
• Engage experts: Consider consulting with regulatory compliance experts to help implement effective compliance solutions and technologies.

Special thanks to the following contributors:

• Tania Petrina, Partner, Risk Technology Consulting, Ernst & Young LLP

Introduction

The regulatory landscape in the United States is undergoing a profound transformation as federal deregulation takes center stage. This shift, while aimed at fostering economic growth and innovation, presents both opportunities and challenges for businesses. As federal oversight diminishes, states are increasingly stepping in to implement their own regulations, particularly in areas such as environmental protection and consumer safety. In light of these changes, companies should carefully consider their strategies and how to effectively adapt to a more fragmented regulatory environment.

Sustainability and climate-related disclosures

For example, on February 11, the US Securities and Exchange Commission (SEC) Acting Chairman Mark Uyeda announced a pause in litigation over the SEC’s climate disclosure rule,¹ indicating a shift in regulatory focus. In response, several states, including Illinois,² New Jersey,³ New York,⁴ Colorado⁵ and Massachusetts,⁶ have introduced legislation requiring climate-related reporting by companies. These state-level initiatives mirror California's laws mandating climate-related disclosures for large companies, highlighting the growing divergence between federal and state regulations.

Cuts to scientific research

In response to anticipated funding cuts and regulatory rollbacks from the Trump administration, California has also proposed the creation of a state-level National Institutes of Health and vaccine program to ensure continued support for scientific research and public health.⁷ The bill aims to establish the California Institute for Scientific Research to provide grants and loans in critical areas targeted for federal cuts, such as biomedicine and climate change, and directs the state's existing CalRX program to enhance vaccine access. This initiative reflects California's proactive approach to safeguarding scientific integrity and public health amidst federal challenges, reminiscent of previous efforts during the Trump administration to independently review COVID-19 vaccines.

AI regulation

Deregulating artificial intelligence (AI) has also been an area of interest to the Trump administration with the signing of the Executive Order “Removing barriers to American Leadership in Artificial Intelligence”, which has led several states to introduce new legislation governing its use. States such as Connecticut,⁸ Virginia, Texas and Colorado⁹ are advancing bills aimed at imposing a duty of care on employers to address and mitigate algorithmic discrimination while also granting individuals rights concerning decisions made by AI systems. Additionally, California,¹⁰ Massachusetts,¹¹ New Jersey,¹² New York¹³ and Vermont¹⁴ have reintroduced AI-related worker protection bills that did not pass previously, with some modifications intended to enhance their chances of success. Other states, including Alabama, Arkansas and Illinois,¹⁵ are also exploring similar legislative measures to ensure responsible AI use and protect workers and consumers.¹⁶

These state-by-state responses have drawn attention to the implications of federalism in the US, as states act as "laboratories of democracy" to address pressing local issues in ways that may diverge from national directives. The resulting patchwork of laws could complicate policy implementation, particularly as states navigate their responses to federal initiatives that many perceive as overreach or misalignment with local values.

How companies should respond

To effectively navigate this new regulatory environment, companies should consider implementing technology-led compliance solutions that can address the following:

1. Regulatory compliance strategy and governance: Organizations will need to develop a governance framework and overall strategy for analyzing the immediate and long-term consequences of changes in regulations, including any benefits they may be able to reap and potential conflicts with state and local regulations.
   
   
2. Regulatory horizon scanning: With changes at both the federal and state levels happening more frequently, it is essential for clients to stay informed about these changes with technology-enabled tools that can identify relevant regulations, parse out obligations in simple language, evaluate the potential impact to the business and alert the right people in the organization.
   
   
3. Mapping regulatory changes to compliance documentation: After relevant compliance requirements are defined, these obligations will need to be mapped to applicable risks, policies, procedures and controls. AI-enabled solutions can assist with these mappings, including identifying coverage from existing policies, procedures and controls and gaps where the specific documentation needs to be changed, and also generate suggested changes that can be implemented.
   
   
4. Performing control testing and issues management: To evaluate whether these regulatory compliance changes have been embedded in both the business documentation and actual business processes, control testing should be performed to identify potential exceptions and control failures. Technology can also be used to automate testing or perform data analysis across key controls from operational and IT systems.
   
   
5. Reporting and continuous monitoring: Technology-enabled compliance tools make frequent and up-to-date compliance reporting easier than ever and facilitate improved continuous monitoring.

The range of technology capabilities that can support a compliance program includes regulatory content providers; horizon-scanning tools; governance, risk and compliance (GRC) technology providers; continuous control monitoring tools; generative AI (GenAI) scripts and capabilities; and industry-specific solutions. Related capabilities also include tools for policy management and document governance. These technologies can be organized into an integrated capability suite to provide end-to-end coverage or can be utilized to augment specific components of the process.

Some important considerations when looking at the technology strategy for regulatory compliance include:

• What are the sources of data for compliance obligations, and how are these changing?
• Will technology be used primarily for operating controls, testing controls or reporting compliance (or all three)?
• How will data and systems be architected and leveraged across the entire program to better plan and understand my compliance posture and compliance gaps?

Across industries, there is increased demand to leverage technology to better identify, manage and report on regulatory compliance needs. Through integrated technology and data solutions, organizations can gain 15%-30% savings on operating their compliance processes.¹⁷ ¹⁸

As the US navigates the complexities of federal deregulation and the rise of state-level regulations, organizations must act now to streamline and automate their compliance functions. By leveraging technology such as AI and machine learning, businesses can lower costs and enhance their responsiveness to regulatory changes. Staying vigilant and adaptable is crucial; companies that embrace these strategies will not only survive but thrive in this dynamic environment. Engaging technology providers and consultants will further strengthen companies’ ability to navigate these changes effectively, ensuring compliance and optimizing resources in an increasingly complex regulatory landscape.

The views reflected in this article are the views of the authors and do not necessarily reflect the views of Ernst & Young LLP or other members of the global EY organization.