"AI is spotting risks before we do, data is telling stories we didn’t know existed, and regulations are changing faster than we can update our manuals"
You’ve worked across very different industries. What’s one perspective on compliance that stayed with you across every industry?
This perspective was shared with me by a leader that I worked with, and it has stayed with me ever since. What stood out was how they described compliance at the workplace: a small group are consistently driven to champion ethical behaviour, a very small minority may choose to disregard the rules, but the overwhelming majority are ethical and compliant yet often take their cues from those around them.
As compliance professionals, I think our real purpose is to inspire that larger group not just to comply quietly , but to feel empowered to set a standard and encourage ethical behaviour throughout the organization.
In highly regulated industries, like health and chemicals, how do you personally define “impact” in a compliance role?
In highly regulated industries, particularly in regions like India and across APAC, where corruption risks remain a persistent challenge, the most meaningful and lasting impact stems from genuine human connection. Too often, compliance is seen as a barrier to business rather than a catalyst for sustainable growth. That perception can only be changed by building trust, and trust begins with empathy. Empathy means truly listening to employees, to third parties, and to the broader ecosystem in which we operate. It means understanding their pressures, their concerns, and what keeps them up at night. Ethics and compliance should never feel like an external imposition; they must be a shared commitment, rooted in mutual respect and understanding.
That’s why I prioritize visibility and approachability. I foster open, ongoing dialogue and create safe spaces where people feel supported and empowered to make the right choices. Training and onboarding are not just check-the-box exercises, they are opportunities to connect, to contextualize, and to inspire. I lead these sessions, often in local languages, using real-world scenarios and even pop culture analogies to bring ethical dilemmas to life. This approach helps both employees and third parties internalize ethical standards, even when external pressures are intense.
Ultimately, compliance is not about control, it’s about partnership. By embedding integrity into the fabric of our business relationships, we don’t just mitigate risk, we build a culture of trust, resilience, and long-term collaboration.
In your view, what regulatory blind spots do you think companies are still underestimating, especially in digital-heavy sectors?
As digital regulations evolve rapidly, companies in tech-heavy sectors are at risk of underestimating key compliance challenges. Beyond headline laws, several blind spots are emerging:
(i) Enforcement Gaps: Regulations like the GDPR are often inconsistently applied. Firms may assume compliance without verifying how rules function in practice.
(ii) Regulatory Fragmentation: Cross-border operations face conflicting data and platform rules (e.g., GDPR vs. India’s DPDP Act), increasing legal complexity and compliance costs.
(iii) Platform Dominance: Laws such as the EU’s DMA address competition but fall short of tackling the deeper infrastructural power of Big Tech in shaping access and influence.
(iv) Legacy Privacy Models: Outdated data protection systems, especially in finance, can hinder innovation and leave firms exposed to modern privacy risks.
(v) Marketing Data Gaps: Stricter cookie laws and browser restrictions are reducing visibility into user behavior, affecting both compliance and campaign performance.
(vi)Overbroad Regulation: Uniform rules for all platforms can disproportionately burden smaller players and expose executives to personal liability.
Legal and compliance leaders must move beyond checkbox compliance. A proactive, risk-based approach, aligned with operational realities and regulatory nuance, is essential to safeguard against emerging digital risks
As AI-generated fraud evolves, what are some lesser-known vulnerabilities companies should already be looking out for?
As generative AI becomes more advanced, so too do the tactics of cybercriminals. Traditional security systems are increasingly outmatched by sophisticated, AI-powered fraud that exploits human trust and systemic vulnerabilities. In a striking 2024 case, an employee at Arup, a global engineering firm, was tricked into transferring over $25 million after a video call featuring deepfake avatars of company executives, including a fabricated CFO. The attackers used real-time AI-generated audio and video to simulate authority and urgency, hallmarks of social engineering, making the deception nearly undetectable.
AI is also enabling long-term, low-visibility fraud. In Shanghai, an HR manager created 22 fake employee profiles using synthetic identities and forged credentials. Over the course of eight years, they embezzled $2.2 million, which was only discovered when a “perfect attendance” record raised red flags.
Meanwhile, AI-enhanced malware is becoming harder to detect. In France, cybersecurity experts uncovered malicious code that was cleanly structured, well-documented, and indistinguishable from legitimate software, a likely product of generative AI. Its sophistication allowed it to bypass conventional detection tools with ease.
Phishing attacks have also evolved. In 2024, over 51% of phishing emails were AI-generated, mimicking company tone and communication styles with alarming precision. In Europe, attackers deployed malware that altered invoice PDFs in real time, rerouting payments without detection, exposing a new frontier in business process fraud.
These incidents underscore a critical truth: AI is not just accelerating fraud, it’s transforming it. The barrier to entry for cybercrime is lower than ever, and the potential damage is exponentially greater. Organizations must urgently rethink their defences, including: (i) authentication protocols that go beyond voice and video verification; (ii) payment authorization workflows with multi-layered checks; and (iii) hiring and HR systems fortified against synthetic identities.
How do you balance global standards with on-the-ground realities, especially in countries with grey areas or evolving enforcement, in tightly regulated sectors?
Companies, especially, multinationals, now increasingly adopt hybrid models that combine centralized global oversight with decentralized and locally tailored practice. This means that there is consistency in core compliance principles, while also allowing for flexibility to adapt to local laws, enforcement levels, and cultural norms. Additionally, companies conduct risk-based prioritization – this means that companies assess regional risk profiles-for example, corruption risk, enforcement rigor, or data protection maturity. Post-assessment, compliance resources are allocated accordingly. So, in jurisdictions with high enforcement or reputational risk, stricter controls may be applied. Companies also engage with local legal and regulatory experts to help navigate grey areas and evolving regulations. This is especially critical in countries where the enforcement is inconsistent or where informal practices influence regulatory outcomes.
Companies also participate or align with international harmonization initiatives, or are part of global industry bodies that reduce any friction between global and local standards.
In high-risk sectors like health, chemicals, or manufacturing, what do you see as the biggest disruptor to traditional compliance models in the next decade?
In high-risk sectors, compliance is no longer just about ticking boxes. What used to be a rearview mirror is now becoming a dashboard. AI is spotting risks before we do, data is telling stories we didn’t know existed, and regulations are changing faster than we can update our manuals.
Add to that the pressure from ESG and cybersecurity, and it’s clear: the next decade will demand compliance teams that are not just watchdogs, but co-pilots in strategy and innovation.
i.AI and Automation – Intelligent systems will increasingly handle monitoring, reporting, and risk detection, reducing manual oversight but demanding new governance frameworks.
ii. Real-Time Data and Predictive Analytics – Compliance will shift from reactive to predictive, using live data to anticipate and prevent breaches before they occur.
iii. Global Regulatory Fragmentation – As jurisdictions evolve at different paces, compliance teams will need agile, tech-enabled solutions to manage complex, overlapping regulations.
iv. Cybersecurity and Data Privacy – With rising digital integration, protecting sensitive data will become a core compliance function, not just an IT concern.
v. ESG and Ethical Governance – Stakeholders are demanding transparency and accountability beyond legal compliance, pushing companies to embed ethics into operational DNA.
*Disclaimer: The views expressed in this interview are solely of the interviewee and do not represent the views of any organization with which they are or have been associated with.
About Anghrija Chakraborty:
Anghrija Chakraborty is a Compliance Counsel with over 18 years of experience helping global companies navigate the complex world of risk and regulation. Her journey, from a small town and a middle-class family to the boardrooms of multinational corporations, has shaped a grounded, people-first approach to compliance. With degrees in English Literature and Law, Anghrija blends storytelling with strategy, believing that compliance isn’t just about ticking boxes, it’s about building cultures rooted in integrity and smart decision-making.
She’s worked across law firms, consulting giants, and corporate teams, always focused on turning compliance into a strategic advantage. Whether leading agile teams or collaborating across regions, Anghrija thrives on building trust, inspiring performance, and keeping the bigger picture in focus. Her work is driven by a simple belief: when integrity and ambition align, businesses don’t just stay compliant, they grow stronger.
