Overbuilt and underdelivering: Transforming payer compliance

Healthcare payers are spending an increasing amount on compliance but continue to experience audit failures and corrective actions, risking their reputation and eroding trust. Historically, payers have thrown additional resources and stop-gaps at the problems, but that’s no longer sustainable, nor efficient. The time is now to deconstruct the model that’s been built over time and look to embed compliance into operations and technology — reducing risk, improving member satisfaction and cutting costs.

Rising costs and shrinking funding is raising compliance complexity: Payers face escalating costs, intensifying compliance demands, and nearly $1T in OBBBA-driven Medicaid reductions through 2034.¹ Yet they already spend ~ $8M annually on compliance, more than providers (~$5M) or pharma (~$6M).² Still, many still have compliance challenges and remain exposed to audits, reputational damage, and inefficient systems that can amplify risk, create member and provider abrasion, and erode trust.

Oversight is tightening: Health Insurance Portability and Accountability Act (HIPAA) breaches, expanded scope of regulatory audits, and the Centers for Medicare and Medicaid Services’ (CMS’s) Interoperability and Prior Authorization rule are raising the stakes, making compliance a strategic lever for cost and growth.³ To keep pace, compliance departments should operationalize regulatory and contractual compliance across the industry value chain. By embedding it into operational practices, compliance becomes a source of efficiency, trust, and long-term growth rather than just a regulatory obligation.

Overbuilt yet underdelivering: To assess how organizations are adapting, PwC and a global research firm surveyed 200+ senior executives in spring 2025.² Results show payers are overbuilt yet underdelivering. While 97% see risk management as critical, only 63% feel successful. 60% percent fall into the Laggard category—citing fragmented oversight and outdated processes—while just 10% qualify as Leaders, defined by integrated dashboards, real-time risk tracking, and proactive regulatory readiness.

Payers remain compliance laggards among healthcare sectors

_{Survey results show payers lag peers with 60% falling behind on compliance maturity vs. 23% pharma, 29% providers and 19% medical device.
Source: PwC's 2025 US Risk Assessment in Healthcare Services.}

Reimagining compliance as catalyst of change: Viewing compliance as a reactive cost center can be an expensive mistake. The solution isn’t spending more, but spending smarter—using AI, automation, and integrated governance models to further embed it into operational practices, shifting compliance from a burden to an enabler. While 93% of payers believe AI can improve risk management, adoption remains limited to training and monitoring, leaving high-impact areas underutilized (e.g., operational audit and monitoring, regulatory change management, remediation activities and policy management).²

For example, today, policy management remains a missed opportunity. AI can draft new policies, edit existing policies, and review them to confirm new requirements are embedded, yet these capabilities are rarely tapped into. Extending AI in this way can increase accuracy and strengthens compliance agility, creating the foundation for embedding compliance into operations across claims, prior authorizations, enrollment and member communications. It can help to reduce friction, safeguard margins, improve member trust and reduce the need for significant resource allocation to react to inquiries, audits and corrective action plans.

Redesigning compliance to strengthen member trust, enhance efficiency and drive sustainable growth

_{While compliance functions traditionally help payers avoid fines and breaches, their true value emerges when they’re designed to elevate the member experience. By bridging this gap, compliance shifts from overhead to value creation— enhancing operational efficiency, reducing costs, strengthening market advantage, and, most importantly, making members’ trust and satisfaction the engine of sustainable growth.
Source: PwC's 2025 US Risk Assessment in Healthcare Services.}

Executives today have an opportunity to reimagine compliance not as a reactive obligation, but as a strategic driver of performance, resilience and enterprise value. When embedded effectively, compliance can improve member experience by enhancing trust, helping reduce cost by reducing rework and remediation, and safeguard margins by preventing penalties and audit risk. Embedding compliance controls into daily workflows (e.g., appeals, grievances, claims, enrollment, pharmacy and care management) can eliminate duplicative manual reviews, reduces errors, and speed up turnaround times. These controls, coupled with automated monitoring and AI-enabled dashboards, can reduce rework by flagging issues in real time (e.g., enrollment errors leading to medication denials). This prevents downstream disruptions and preserves member trust.

Doing so requires a deliberate shift — resetting the foundation, embedding visibility, and deploying advanced tools that scale. The following three steps- Fix, Embed and Deploy- show how payers can put this model into action.

Integrated risk transformation, delivered through six capabilities

_{PwC’s Integrated risk transformation framework defines the core capabilities for a future-ready compliance model, providing the foundation for the fix, embed and deploy roadmap.}

1. Fix the model first: Many payers have “overbuilt” compliance functions that might appear mature but lack alignment with daily operations. While 70% use AI, only 16% report cost savings.² For example, some compliance programs have deployed chatbots to support clinical reviews but haven’t effectively integrated AI use into operational reporting metrics. Leaders should reset the model to be lean, thorough, and tied to business objectives before adding more technology.
2. Embed risk tracking: Continuous monitoring platforms (e.g., Our performance excellence capabilities) embed compliance into daily operations, providing leadership with real-time visibility into performance, risk and cost drivers.
   
   Technology should act as a force multiplier, automating routine monitoring and freeing staff for higher-value work. Leading payers are integrating real-time dashboards that track metrics across enrollment, utilization, pharmacy and appeals, providing visibility into compliance’s impact. For instance, AI-enabled dashboards can flag case-aging hot spots and cross-departmental delays in prior authorization workflows. These tools can also help to identify spikes in claim activities, network disruption, provider claims reprocessing signaling systemic edit and errors and fraud, waste, and abuse (FWA) triggers for recoupment.
   
   Furthermore, embedding compliance into complex technology workflows and systems like enrollment can help to identify medication rejections in real time, and surface discrepancies instantly, thus preventing member abrasion and improving trust while maintaining compliance. This integrated approach moves beyond silos, enabling executives to connect compliance directly to enterprise outcomes.
3. Deploy advanced tools: With the foundation in place, advanced AI solutions can scale impact. Regulation-to-Action transformers and RegTech NLP monitor the speed of regulatory change management, while governance models simulate compliance adjustments. AI dashboards and reporting give executives immediate visibility into key performance indicators.

The path forward isn’t layering tools onto broken models, it's restructuring compliance for thoroughness and efficiency and then applying technology to scale.

Problem: A national Medicaid managed care organization recognized that simply reacting to compliance gaps (over 100 internal and external corrective actions) after they surfaced was unsustainable. In anticipation of an upcoming regulatory audit, the organization wanted to transform compliance from a back-end policing function into a forward-looking driver of business resilience. Instead of waiting for findings to expose weaknesses, leadership sought to embed compliance directly into operational processes, making it inseparable from how the business runs day-to-day. The challenge was clear: move from a fragmented, reactive posture to a bold, proactive model that positioned operational compliance as both a safeguard and a catalyst for efficiency, trust and growth.

Solution: To achieve this shift, the organization was committed to addressing issues at their root rather than treating symptoms. Compliance teams collaborated with business operations to integrate regulatory expectations into workflows, decision points and performance measures across utilization management, claims, pharmacy, appeals and care coordination. PwC developed AI-enabled dashboards and real-time monitoring tools to provide user visibility, while cross-functional collaboration established compliance as a shared responsibility rather than a siloed obligation. For example, pharmacy enrollment processes and tools were embedded within the solution to help identify inappropriate rejections in near-real time and facilitate outreach activities to enable timely correction. This tool and process was praised by CMS and resulted in positive audit results. The framework elevated compliance from an afterthought to an embedded operational competency.

Outcome: The results were both measurable and transformative. The organization advanced from a reactive compliance posture to an industry leader in embedded compliance operations.

The future of compliance for payers isn’t about scale, but about precision and integration. Those that reset their models and deploy advanced technology can safeguard margins, strengthen trust and position their organizations for sustained success.

PwC conducted a study that captured cost drivers and metrics associated with risk and compliance maintenance across American healthcare organizations. Fieldwork took place from March–April 2025 through interviews, with a total of 206 completions. Respondents included C-level executives and other senior leaders from a cross-section of the industry—spanning across pharmaceutical manufacturers, medical device companies, regional and national payers, as well as multiple Fortune 500 healthcare organizations. The study examined cost areas applied to risk and compliance, how organizations structured monitoring and management of risk issues, and comparisons between stronger and weaker performers on compliance efficiency.