Financial institutions are under pressure as regulatory uncertainty and emerging risks — from AI governance to escalating cybersecurity threats — collide with limited staffing and resources.
These are just a few of the takeaways from The Ncontracts 2025 Future of Compliance Survey — a new survey report featuring insights from over 180 banks, credit unions, and mortgage companies with assets from under $250 million to more than $10 billion.
Whether you work in compliance, risk management, or operations, these insights will help you benchmark your compliance program against industry best practices, better understand emerging risks, and evolve your compliance program to meet the demands of a changing regulatory landscape.
Related: For the latest TPRM insights, download our 2025 Third-Party Risk Management Survey.
If you're a compliance officer feeling stretched thin, you’re not alone — nearly four in 10 institutions operate with just one or two compliance professionals. For FIs under $250 million, that number rises to 78%, and in my experience, it's often just one person handling everything.
The pattern holds even as FIs scale. Twenty-five percent of FIs in the $1 billion to $10 billion range still rely on just one to two people to oversee all areas of compliance, from third-party risk and fair lending to Bank Secrecy Act/anti-money laundering (BSA/AML) and cybersecurity — a difficult feat for an FI even half its size. And while most FIs above $10 billion have six or more compliance professionals, nearly one in four are still operating with teams of just three to five.
Related: What Is Compliance Risk?
Twenty-five percent of FIs expect their compliance budgets to increase over the next 12 to 18 months, but 45% expect budgets to stay about the same. A flat budget may seem sustainable — until you consider what's actually changing. Regulatory requirements aren't static. Operational risk is growing. When compliance demands grow but resources don't, your institution can fall behind.
Diving deeper into the data, budget expectations vary by institution size. Smaller FIs with under $250 million are most likely to see flat budgets, with 72% expecting no change. In the $1 billion to $10 billion range, 24% expect budget growth.
On the other end of the spectrum, just 41% of institutions with over $10 billion in assets expect flat budgets. They have been building their compliance programs with automation and staff, recognizing that investing in compliance isn't optional — it's the necessary cost of doing business.
Actionable Insight: For institutions in the $500 million to $5 billion range, a flat budget is a signal to review sustainability with your leadership team. FIs that rely on manual processes face more budget volatility, so investing in the right technology can turn what seems like an expense into a long-term advantage.
Related: 7 Ways to Cut Compliance Costs & Still Stay Compliant
Who manages your FI's compliance risk when the compliance officer retires? It's a timely question, as 24% of institutions say that up to a quarter of their compliance team members are retirement-eligible over the next five years.
The good news is that FIs are operating with proven experience. Over 64% of survey respondents have been in the compliance field for more than 8 years, and 36% have more than 15 years of experience through shifting regulations and exam expectations. But with many of these professionals nearing retirement, the focus is moving to the next generation — and that's full of uncertainty.
In 2021, 56% of institutions struggled to find the right compliance talent; today, it’s 47%. While the decrease may seem reassuring, it's crucial to understand another factor at play — while many FIs can find the talent, 25% can't afford it.
Actionable Insight: If your FI's succession planning processes are lagging, now is the time to give them your attention. Document processes and create comprehensive compliance manuals. FIs that treat automated tools as knowledge preservation systems will better weather the talent transition storm ahead.
Listen: Compliance is a Team Effort: Training the Next Generation
Four years ago, the top compliance risks were BSA/AML (57%) and cybersecurity (50%). Today, these two risks have shifted from emerging concerns to operational norms, and a new crop of challenges is top of mind.
The number one concern is regulatory uncertainty (38%), which is not surprising given the current environment. Fair lending comes in second at 33%, followed by limited resources and inadequately trained staff, both at 30%. Third-party vendors and artificial intelligence (which wasn't even cited in the 2021 survey) are also on compliance officers' radars at 14% each.
Compliance responsibilities are also growing. Lending compliance remains the top responsibility at 83%, but third-party risk management jumped from 31% to 41% between 2021 and 2025 — cementing the importance of strong vendor management. Information security involvement tripled — from 6% to 19% — underscoring the convergence of compliance and IT risks.
One of the most telling findings of the survey is that automated tools can make the difference between a satisfied compliance department and a struggling one.
FIs that rely on manual processes — spreadsheets and emails — reported 7x more examiner questions and concerns and 4x lower satisfaction with staffing and their role in strategy.
Only 10% of FIs use a fully automated compliance management system. The majority (58%) use a hybrid approach combining automated tools with spreadsheets and email, and nearly one-third (31%) are still primarily using spreadsheets and email.
While 82% of compliance professionals say they have board support, only 63% are satisfied with their actual resources. This gap reveals a critical disconnect — and automation is the key differentiator. Those using automated tools report 74% satisfaction compared to just 42% for those relying on manual processes.
Actionable Insight: If your compliance officer says they have support from the top but need more resources, take notice. The cost of replacing good compliance talent far exceeds the cost of providing them with proper tools.
As virtual assessments become the norm and regulators face staffing challenges, examinations are evolving.
Nearly half (49%) of our respondents said that their recent exams have been focused on specific areas, including cybersecurity and TPRM. Given regulators' risk-focused approach, this finding isn't surprising.
The second-largest change, at 43%, is the increased use of remote or virtual exam methods. Many examinations now start with extensive data requests and remote document review before examiners arrive on-site, if they come at all. But what's more concerning is that 39% of FIs report seeing newer or less knowledgeable examiners. In other words, today's examiners may have less practical experience than those from five years ago.
Actionable Insight: Institutions in the $1 billion to $10 billion range experience these trends most frequently. Systems that clearly demonstrate processes and controls help examiners — who may have less experience and time — quickly understand an institution’s compliance story.
Related: What You Need to Know Ahead of Your FI's Next Exam
The compliance function has changed in recent years. When asked how their responsibilities have changed since 2021, FIs revealed:
AI adoption in the compliance function varies significantly by institution size. 32% aren't using AI or machine learning at all, while 26% are exploring or piloting solutions, and 32% have limited implementation. For smaller institutions, 56% aren't using AI at all. Among institutions with over $10 billion, only 12% have broad implementation. In other words, the industry is still in its early stages.
Top AI concerns center on data quality and accuracy, followed by regulatory uncertainty and data privacy, especially when customer data is being fed into AI systems or vendor platforms.
Meanwhile, 64% of institutions say regulatory burden has increased over the past five years. However, even if a rule or guidance goes away, that doesn't mean the risk has disappeared.
Actionable Insight: FIs advancing in all three areas — embedding compliance into culture, breaking down silos, and adopting modern technology — are positioning themselves for sustainable compliance programs that can scale with regulatory complexity. Don't assume regulatory relief means scaling back compliance rigor. Build programs around actual risks, not just around the rulebook.
Want more insights and best practices from our survey?