Diligent Q&A – Kristy Grant-Hart on Elevating Compliance in an AI-Driven World

Over 700 governance, risk, and compliance leaders from 20+ countries are heading to Atlanta this year for Diligent Elevate 2026, a three-day event focused on hands-on AI innovation. The agenda features 60+ expert-led sessions and practical strategies you can implement immediately.

To get you ready, we sat down with Kristy Grant-Hart, Vice President, Compliance Advisory Services, Spark Compliance, a Diligent Brand, for her unfiltered hot takes on AI governance, risks, and what boards are getting dangerously wrong. These are the hard truths—and smart strategies—you'll explore at Elevate.

Q: What’s a blunt truth you’d tell a board or executive team behind closed doors about compliance and ethics programs?

A: Boards and executive teams don’t understand that their actual risk levels are higher than they think. Ignoring that reality is shortsighted.

Here’s what’s keeping me up at night: many organizations are not paying enough attention to modern slavery risks, despite growing public concern. If companies don't strengthen their approach quickly, modern slavery and supply chain legislation in Europe could materially restrict their ability to do business in the EU starting next year. This isn't a hypothetical compliance issue. It's a real business barrier that's coming faster than most executives realize.

Q: What's one thing most organizations are getting wrong or seriously underestimating about building effective compliance cultures?

A: The AI obsession is creating a dangerous blind spot.

Many companies are so focused on AI that they're not paying enough attention to what's happening in the broader organization. Too many organizations still have CEOs who don't visibly care about compliance culture or speak about it in a meaningful way.

And here's the hard truth: the focus on AI agents replacing people is depressing employees and making them cynical toward management, and that directly affects culture and compliance.

Meanwhile, organizations are underinvesting in training and failing to think through AI accountability. You can't build effective compliance when your workforce feels disposable and leadership is silent on what matters.

Q: Looking 12–24 months ahead, what will look materially different in compliance risk management and regulatory expectations for boards or executives?

A: Boards and executives will need real AI fluency. Basic familiarity will no longer be optional. But AI isn't the only game-changer on the horizon.

Supply chain risk, especially from a modern slavery perspective, is only going to intensify. Bribery risk will still matter, but it's likely to become less central than it has been historically in many compliance conversations.

Today's Excel sheets and static reports won't cut it. In the next two years, executives will demand real-time data and dynamic risk visibility. Organizations that can't deliver will be operating in the dark.

Q: In 3 years, what will be considered table stakes in compliance and ethics that feels optional today?

A: AI adoption across compliance and ethics will be table stakes, not a nice-to-have.

Integrated compliance will become standard, with training records, whistleblower complaints, policy access, Code of Conduct access, and microlearning comprehension data connected in one environment. Organizations will use that integrated data for prevention and risk identification.

AI systems will increasingly surface issues and make recommendations, while human decision-makers remain responsible for judgment and action. Skip this and you've chosen your exit strategy.

Q: Where do you see the biggest blind spot between what compliance leaders think they're doing well and reality?

A: Compliance leaders too often report on activity instead of impact, and they don't realize how much that undermines their influence.

There's a major difference between describing the function’s achievements and showing how it changed the company. When reporting doesn't clearly demonstrate impact, leadership is less likely to pay attention. The blind spot is not recognizing that ineffective reporting weakens influence. You can be doing excellent work, but if you can't articulate the business value you're creating, you're invisible to the people who matter most.

Q: Where is the biggest untapped opportunity for boards and executives on transforming compliance into a business asset?

A: Stop talking about laws. Start talking about business impact.

Boards need to hear about risk in strategic business terms, not just rules and obligations. Given the current geopolitical turbulence, globally effective compliance programs are a true business asset. Many organizations are still not paying enough attention to the strategic value of compliance across jurisdictions. Companies that can demonstrate how their compliance programs enable business, rather than just prevent problems, will unlock board-level support and resources that others can't access.

Q: What's one high-impact, realistic action leaders in compliance and ethics could take in the next 90 days to get ahead?

A: Put AI governance in place now and ensure compliance has a real seat at the table.

At the moment, IT and cybersecurity teams are often trying to be the only voices in the room on AI governance. That's dangerous. Those teams understand IT risk management but not the broader governance and ethical issues AI raises.

AI needs an ethics-centered governance framework, not just a technical control framework. If compliance isn't at that table in the next 90 days, you'll spend the next two years trying to retrofit governance onto systems that are already deployed, and that's infinitely harder than getting it right from the start.

Q: What are the smartest organizations already doing in compliance program effectiveness and culture transformation that others haven't caught up to yet?

A: They measure culture year over year, not just once.

The smartest organizations conduct ethical culture surveys to understand where they truly are, then repeat those surveys annually to track trends and measure real change. That data shows what's actually happening, not what leadership hopes is happening.

They're also building integrated supply chain compliance management systems that bring together anti-bribery, sanctions, modern slavery, adverse media, privacy, and other compliance concerns in one place. The best systems connect due diligence approval to operational workflows; vendors can't get paid until compliance steps are completed.

These aren't pilots. They're operational systems that fundamentally change how compliance works. While others talk about integration, these organizations are living it.