Governance, Risk & Compliance: GRC
Three Things GRC and Training Leaders are Talking About: CustomerConnect Chicago Recap
As risk landscapes grow more intricate and regulatory demands intensify, outdated, siloed approaches to ethics, governance, risk, and compliance (GRC) can no longer keep up. Organizations need adaptive, integrated strategies to stay resilient.
At SAI360’s CustomerConnect event in Chicago, GRC and Ethics & Compliance professionals gathered over two days in November to discuss these challenges openly. One of several global events recently hosted by SAI360, the goal was to help companies confront the real gaps and emerging needs in GRC and discuss the potential impact on organizational resilience.
Chatting with our customers and colleagues, we heard many stories of commonly faced setbacks.
As Christine Brown, Vice President, Learning Product, SAI360, told attendees:
“The people in your organization are your biggest risk.”
It’s a key theme we heard many times over. One cybersecurity expert, for instance, shared an eye-opening experience. Despite his expertise, he clicked on a phishing email that was so convincing it even deceived him. Although he did the right thing by immediately reporting it, he remains fascinated by hackers’ evolving techniques and their ability to target even the most cybersecurity-savvy individuals. He said if he could be fooled, anyone could.
Meanwhile, a compliance leader recounted the struggles her organization faced while managing GRC initiatives through paper-based spreadsheets. This outdated method had become messy, tedious, and inefficient, underscoring the need for a more cohesive, tech-driven approach.
These stories heard in passing illustrate why companies must evolve. CustomerConnect emphasized while technology plays a key role, technology alone is not enough—people and processes are essential to navigating today’s complex GRC landscape. Therefore technology must be paired with strong ethics, compliance training, and ongoing learning initiatives to foster a culture of accountability and proactive compliance.
“Risk is everyone’s job. … Firms must develop proactive strategies to mitigate the new global risk landscape.” — Katelyn Johnson, PhD, Senior Manager, Verdantix
Here are just a few key takeaways of many from our CustomerConnect Chicago event:
Artificial intelligence (AI) is reshaping how organizations manage compliance and support ongoing training.
Thought leaders shared how AI enables real-time, data-driven insights. But also how it enhances employee learning by providing tailored compliance scenarios and practical simulations. By supporting adaptive learning, AI ensures compliance remains a continuous effort where teams stay well-informed and prepared to manage evolving risks.
Emerging regulations regarding AI was also a topic of discussion. In the U.S, it’s important to pay attention to what prosecutors will be looking at. “The Department of Justice is encouraging companies to use AI for risk assessments and to enhance compliance monitoring,” shared Christine Brown. “You’re expected to have processes in place. This is coming down the line. We want to make sure your company is supported in this.”
Christine added that because we are a global economy, The EU AI Act will also have a wide-reaching impact. It is important that companies, even those not based in the EU, follow this closely.
“AI is only as good as the human behind it,” Tim Tyler, International Compliance Association
Attendees noted various AI-centric concerns and opportunities, such as:
- It may feel easier to ask AI a question versus talking to a colleague
- AI could reduce headcount and drive a cultural shift across a given workplace
- AI could also be leveraged to attract a more innovative workforce
- AI raises “garbage in, garbage out” fears if those leveraging it lack training and critical thought around actionable data
- AI is perhaps causing some to become too dependent on LLM-type tools, meaning human brains are taking a backseat
- There is hesitation around AI because not everyone wants to or knows how to use it effectively
“A lot of people fear what they don’t know. … Science is not going to wait. Robots will be running everything soon. Don’t you want to be at the head instead of left behind?” Lisa D. Norris, MBA, MJ, ABB
An effective GRC strategy goes beyond managing risks and includes fostering an ethical, transparent culture.
Integrating ethics training into GRC practices helps instill shared values and empowers employees to make principled decisions in complex scenarios. Companies with strong ethics and compliance learning programs use real-world case studies, situational judgment tests, and discussion-based training sessions to encourage ethical decision-making. By prioritizing ethics education, organizations build a culture of trust and accountability that supports resilience across all levels.
These same companies leverage technology to track metrics related to ethics and compliance training. Resources like SAI360’s Performance Dashboard, for example, enable compliance teams to visualize risk, track learning progress, and report on results related to specific risk areas.
Effective compliance requires more than one-off training sessions; it’s about making compliance a regular part of the employee experience.
CustomerConnect highlighted how organizations are using flexible formats like microlearning, scenario-based modules, and gamified elements to ensure compliance training is engaging and accessible.
“Compliance must work with operational leaders to make the program effective.” Carrie Kusserow, President, Strategic Management Services
Some compliance leaders said they are developing ongoing training programs that include regular refreshers, situational updates, and assessments to keep employees’ knowledge current and their skills sharp.
By making training continuous and accessible, companies foster an environment where compliance awareness becomes second nature.
Final Thoughts
The discussions at CustomerConnect Chicago—and the many other CustomerConnect events we hold around the world from London to Zurich—underscore that a resilient GRC framework relies on more than technical tools. It needs a foundation of learning, ethical accountability, and proactive compliance.
By integrating training into every aspect of GRC, supported by AI-driven insights, organizations can build a culture where compliance and ethics aren’t just obligations but guiding principles.
This proactive, people-centered approach ensures teams are well-equipped to face risks and uphold the organization’s values in a rapidly changing regulatory landscape.
For more information on our CustomerConnect events, follow us on LinkedIn for the latest news.
Let’s Start a Conversation
Schedule a virtual coffee with a team member:
