Transform regulatory compliance to accelerate growth

Many Canadian companies have plans to strengthen their long-term viability in response to US trade measures. Our PwC Canada Tariff Impact Survey found this includes expanding into new markets (mentioned by 55% of respondents), pursuing mergers, acquisitions and partnerships (30%) and accelerating productivity enhancements (28%). This comes on top of moves already underway to significantly change the way Canadian companies create, capture and deliver value by reinventing their business models. For example, our Global CEO Survey found that 37% of Canadian respondents (38% globally) say their company started to compete in new sectors in the last five years.

These moves can involve significant compliance risks as companies change their workforces, systems, data, operations and sales channels. For example, more than three-quarters of Canadian respondents to our Global Compliance Survey highlighted digital transformation as a key initiative requiring compliance skills. And more than half say they’ll need support with partnerships and alliances (see chart).

Yet most respondents say compliance complexity has negatively affected their companies across several areas that create growth—namely, implementing and maintaining IT systems and data (cited by 92% of Canadian respondents and 88% globally), business transformation and change (92%, versus 81% globally) and senior management’s attention and focus (86% versus 82%). This highlights the necessity for companies to evolve compliance to mitigate the commercial impact and unlock its potential for value creation.

Start by integrating compliance specialists into strategic initiatives. This lets the business anticipate compliance implications before committing. Compliance then helps the business understand the risks, weighing the costs of compliance against potential penalties. By being upfront about potential pitfalls and documenting accepted risks, companies can make informed decisions and build a robust compliance framework that supports growth, not hinders it.

Fragmented compliance activities make it hard to unlock savings and performance gains as regulatory costs and complexity increase. Consider, for instance, the finance function grappling with rising sustainability reporting requirements, while the chief information security officer manages new data protection responsibilities and the human resources function navigates increasingly sophisticated workforce risks. Additionally, tax faces new Pillar Two requirements, which tax professionals expect will increase compliance burdens and generate more inquiries and disputesOpens in a new window.

Without a coordinated approach, these distinct compliance obligations could easily become siloed, hindering collaboration and creating inefficiencies. The good news? In our survey, 49% of Canadian respondents (versus 50% globally) say they’ve centralized compliance activities within their organization. An additional 28% (versus 37% globally) say they have a coordinated network of compliance activities. And all these respondents say effective coordination of compliance activities is yielding benefits (see chart).

Realizing benefits from connected compliance 

New standards from the Institute of Internal AuditorsOpens in a new window, emphasizing collaboration between internal audit, compliance and operational teams, will further accelerate this move toward coordinated compliance. But while many organizations have made strides in centralizing and coordinating compliance activities, there’s still room for growth in building a truly robust and efficient compliance ecosystem.

This means going beyond just coordinating the second and third lines—compliance, risk and internal audit—and making the first line, the operational teams, engaged compliance partners. Equipping the teams closest to the work with the knowledge and resources needed to understand their unique risks, comply with regulations and bring in specialists when needed helps them contribute more effectively to overall compliance efforts. This frees compliance teams to focus on strategic initiatives and creates a more proactive and responsive approach to compliance management.

For most organizations, creating a truly connected compliance ecosystem will require additional skills and digital capabilities. As these talent and technology pressures grow, many companies are looking beyond their organization: 72% of respondents (70% globally) use external advisers or third-party providers to support compliance activities.

This currently tends to be mostly ad-hoc or specialist advice and co-sourcing support. But a growing number of companies are achieving tangible compliance outcomes and greater operational efficiency through managed services. At PwC Canada, we’ve seen the benefits when organizations move beyond traditional outsourcing arrangements. Our compliance managed services combine the industry-specific insights of our compliance specialists with proprietary AI-powered technology to help organizations build a culture of proactive compliance.

This includes our automated horizon scanning and regulatory change management processes, which track and monitor emerging regulatory changes in near real-time. This proactive approach to compliance will become critical in the current geopolitical environment, particularly as the US administration’s push for deregulation puts added pressure on compliance teams to stay abreast of ongoing changes, understand the implications and adjust compliance efforts accordingly.

Most Canadian companies use technology and data to automate and enhance various compliance activities, with many planning additional investments (see chart). Compliance technologies are already helping companies move faster, navigate complexity and avoid hazards. This includes gaining better visibility into risks and risk management activities (cited by 75% of Canadian respondents, versus 64% globally), faster and more confident decision making (56%, versus 46% globally) and increased productivity and cost savings (56%, versus 43% globally). 

Growing momentum toward digitizing compliance models

Fewer companies are using AI for compliance activities. But there’s no shortage of interest, with 49% of Canadian respondents planning to use AI for risk assessments (versus 34% globally), controls testing (33% globally) and data and predictive analytics (32% globally). We also see organizations preparing to use AI tools in other areas including anti-money laundering and sanctions compliance.

Despite their enthusiasm, companies aren’t blind to the risks. Respondents say they’re concerned about data privacy and security (96%, versus 89% globally), AI governance (93% versus 88% globally) and data validity (89% versus 88% globally).

Taking full advantage of GenAI, both within the compliance function and in other parts of the organization, requires managing these risks in accordance with the AI guidelines, frameworks and rules emerging around the world. While AI-specific regulations don’t yet exist in Canada, other jurisdictions including the European Union are already governing the use of AI, creating new compliance challenges.

The rise of AI necessitates a shift in how organizations approach risk management. Gone are the days when digital transformations could be solely IT-driven. AI’s impact on data privacy, security and ethical considerations requires a broader, collaborative perspective. This is where the compliance function plays a critical role, working alongside legal, IT and other stakeholders to embed responsible AI practices from the outset, aligning AI deployments with ethical guidelines and legal frameworks. This helps establish the trust organizations need to get the most of their AI opportunities.