NAVEX, a provider of AI-powered governance, risk, and compliance (GRC) software and services, released its Top 10 Trends in Risk and Compliance 2026, outlining where compliance, governance, and ethical pressures are expected to concentrate this year.
The study does not focus on isolated regulatory updates. It examines how technology, regulation, workplace culture, enforcement priorities, and governance expectations are converging to test the maturity of compliance programs. Together, the ten predictions offer a view of 2026 as a year defined by accountability.
1. AI ROI Pressure Forces Compliance Teams to Prove Value
Artificial intelligence is already embedded in everyday compliance work, supporting tasks such as document review, risk prioritization, and policy interpretation. Matt Kelly, CEO of Radical Compliance, a GRC newsletter and advisory firm, argues that while large language models perform well at discrete activities, they still struggle to operate as end-to-end compliance systems.
The prediction is that 2026 will bring sharper scrutiny of AI spending. Executives will demand clear returns on investment, pushing compliance leaders to justify productivity gains, data governance choices, and risk controls rather than relying on experimentation.
2. Supply Chain Integrity Emerges as a Core Business Resilience Requirement
Supply chain diligence is becoming a central focus for companies, requiring visibility into multiple tiers of suppliers and subcontractors. Pierre Berlioz, professor at the University of Paris Cité, argues that resilience must guide supply chain strategy in 2026.
The prediction is that organizations treating supply chain integrity as a strategic lever will gain a competitive advantage. Companies that embed compliance requirements into practical controls and risk management mechanisms will be better positioned to withstand regulatory, operational, and geopolitical pressures.
3. Compliance to Intensify in Europe Across Cyber, Supply Chain, and Whistleblowing
European and UK regulations are converging, creating simultaneous obligations across cyber resilience, supply chain due diligence, and whistleblower protection. Yuval Grauer, international executive vice president and managing director at NAVEX, notes that while some firms try to shift compliance responsibility onto vendors, doing so can increase hidden risks and reduce internal preparedness.
The prediction is that 2026 will demand a reassessment of organizational readiness. Compliance teams that invest in internal oversight will be better positioned to respond to regulatory scrutiny while strengthening operational resilience.
4. Compliance and Ethics Face an Existential Test of Power and Relevance
Compliance and ethics programs continue to struggle with structural gaps in authority, incentives, and government validation. Joe Murphy, a Certified Compliance & Ethics Professional (CCEP), argues that without genuine power and alignment with leadership, even the most sophisticated programs cannot prevent senior-level misconduct.
The prediction is that within the next decade, compliance will either secure meaningful authority or risk fading into irrelevance. Organizations that address these foundational weaknesses will determine whether compliance programs are genuinely effective.
5. Pay Transparency and Labor Rules Push Multinationals Toward Standardization
New labor reforms in the UK and EU are expanding employee protections, pay transparency, and reporting requirements. Cindy Raz, chief people officer at NAVEX, and Ed Mills, partner at Travers Smith, argue these changes create an opportunity for multinationals to build workplace culture while aligning compliance practices globally.
The prediction is that global employers will increasingly adopt consistent approaches to pay reporting and labor policies. Organizations that harmonize standards across countries will gain advantages in employee relations and organizational reputation.
6. Agentic AI Floods the GRC Market—But Most Vendors Won’t Survive
The surge of AI-driven GRC solutions is creating both opportunity and hype in compliance and risk management. Kyle Martin, vice president of GRC Solutions at NAVEX, notes that many organizations feel pressure to adopt the newest tools before mastering foundational risk and compliance practices.
Martin believes 2026 will see a wave of AI-focused GRC providers enter the market, but only a small minority will pass rigorous security and operational reviews. Organizations that prioritize vendors capable of guiding them through core compliance fundamentals will emerge best positioned for lasting success.
7. Rising Workplace Stress Turns Culture and Civility into Compliance Risks
Workplace civility issues and reports of imminent threats are on the rise, signaling growing organizational stress. Sarah Jo Loveday, founder and managing director of Peopleknd, an HR consultancy, emphasizes that civility concerns, retaliation fears, and safety incidents are early warning signs of deeper cultural challenges.
Loveday predicts that employee willingness to speak up will become a key measure of organizational resilience. Compliance leaders who proactively address civility, retaliation, and rapid responses to imminent threats will help their organizations shift from reactive risk management to a culture of trust and accountability.
8. Boards Take a More Active Role in Compliance Oversight and Culture
Board oversight of compliance programs is evolving from periodic review to continuous engagement with organizational risk and ethical culture. Rebecca Walker, partner at Kaplan & Walker LLP, notes that effective boards influence management priorities and employee behavior through clear expectations for integrity and accountability.
The prediction is that in 2026, boards will increasingly act as partners with compliance officers, shaping ethical culture while navigating complex global risks. Organizations that invest in this alignment will stand out for both resilience and excellence in governance.
9. US Enforcement Shifts, but Compliance Fundamentals Remain Critical
Recent changes in US enforcement priorities, including narrowed FCPA focus and revised Corporate Enforcement Policy standards, are reshaping how organizations manage regulatory risk. Sidney Bashago and Daniel Kahn, both partners at Davis Polk & Wardwell LLP, argue that while enforcement emphasis shifts, the core principles of effective compliance programs remain essential.
The authors believe 2026 will reveal how these updated priorities translate into day-to-day enforcement. Companies that maintain strong foundational compliance practices will be better prepared to navigate evolving regulations and minimize exposure.
10. Employee Expectations Redefine What Whistleblowing Programs Look Like
Internal reporting programs are maturing, with rising submission rates, faster case closures, and growing reliance on internal channels. Carrie Penman, NAVEX chief risk and compliance officer, notes that benchmarking over 15 years shows employees increasingly expect transparent, responsive, and protective reporting mechanisms.
The prediction is that employees and third parties will have clearer expectations for whistleblowing programs. Organizations that make reporting easier, ensure protection from retaliation, and leverage analytics to spot risk trends will set the standard for effective compliance and cultural accountability.
Navigating 2026’s Compliance Landscape
The 2026 predictions illustrate a compliance landscape defined by rapid technological adoption, evolving labor and governance expectations, and intensified regulatory scrutiny. AI is reshaping tasks and forcing ROI accountability, while agentic AI vendors must prove value amid security and operational hurdles. Supply chain integrity, cyber resilience, and whistleblowing programs are emerging as strategic levers, not just compliance requirements, demanding proactive oversight and data-driven decision-making.
Workplace culture and civility are now compliance issues, with boards and senior leadership expected to actively shape ethical norms. At the same time, U.S. and European enforcement shifts reinforce that foundational compliance principles—risk assessment, controls, and internal reporting—remain essential.
Across these domains, the NAVEX report shows that 2026 will reward organizations that integrate foresight, culture, and operational rigor, turning regulatory obligations into enduring organizational resilience.
What This Means for ERP Insiders
AI accountability is becoming a new standard. AI is no longer an experimental tool in GRC workflows. ERP-integrated compliance functions will face scrutiny on ROI, requiring measurable impact on risk mitigation, policy adherence, and operational efficiency.
Supply chain risk moves front and center. ERP-based GRC systems now track compliance across suppliers and subcontractors. Organizations that leverage this data gain foresight into vulnerabilities, regulatory gaps, and operational bottlenecks.
Whistleblowing expectations to shape GRC. Employees increasingly expect reporting channels that are fast, protective, and transparent. ERP GRC modules that consolidate ethics, HR, and compliance data provide analytics to spot trends, accelerate responses, and strengthen organizational trust.
