1
00:00:18,434 --> 00:00:19,654
The payments podcast

2
00:00:20,355 --> 00:00:21,574
from Bottom Line.

3
00:00:22,355 --> 00:00:25,074
Welcome to the payments podcast. I'm your host,

4
00:00:25,074 --> 00:00:27,494
Bottom Line managing editor Owen McDonald.

5
00:00:28,429 --> 00:00:28,929
Everquotable

6
00:00:29,230 --> 00:00:29,730
JPMorgan

7
00:00:30,109 --> 00:00:32,850
Chase CEO, Jamie Dimon, once said this,

8
00:00:33,310 --> 00:00:36,030
good regulation should be conducive to business and

9
00:00:36,030 --> 00:00:37,250
to customer protection.

10
00:00:37,630 --> 00:00:38,530
Well said.

11
00:00:39,070 --> 00:00:41,549
Given the growing regulatory burden on b two

12
00:00:41,549 --> 00:00:43,975
b payments, we were captivated by a recent

13
00:00:43,975 --> 00:00:44,795
piece of research

14
00:00:45,174 --> 00:00:46,074
from PWC

15
00:00:46,454 --> 00:00:49,835
called the Global Compliance Survey 2025.

16
00:00:50,454 --> 00:00:53,515
It's a treasure trove of compliance sentiment data.

17
00:00:53,894 --> 00:00:56,149
To give us an idea of how compliance

18
00:00:56,369 --> 00:00:59,409
innovation can improve outcomes, we're very glad to

19
00:00:59,409 --> 00:01:01,109
have with us Rob Stevenson,

20
00:01:01,570 --> 00:01:03,429
director of risk at PWC.

21
00:01:04,129 --> 00:01:06,549
Rob Stevenson, welcome to the payments podcast.

22
00:01:07,250 --> 00:01:08,950
Hi, Owen. Thank you for having me.

23
00:01:09,944 --> 00:01:12,185
We're glad you could be here, Rob. In

24
00:01:12,185 --> 00:01:15,804
this episode, we're examining the growing regulatory compliance

25
00:01:15,944 --> 00:01:16,444
burden.

26
00:01:16,905 --> 00:01:17,405
PWC's

27
00:01:17,784 --> 00:01:20,024
global compliance survey 2025

28
00:01:20,024 --> 00:01:22,584
took the pulse of over 1,800 professionals in

29
00:01:22,584 --> 00:01:23,724
six major verticals.

30
00:01:24,239 --> 00:01:26,659
Rob, what did you learn about how regulatory

31
00:01:26,959 --> 00:01:30,659
load or perhaps overload is impacting businesses?

32
00:01:31,120 --> 00:01:33,200
In broad strokes, what are the very top

33
00:01:33,200 --> 00:01:34,900
compliance trends you observed?

34
00:01:35,599 --> 00:01:36,239
Yeah. I think,

35
00:01:36,814 --> 00:01:39,135
broadly speaking, what we found during the survey

36
00:01:39,135 --> 00:01:41,855
is that there's definitely an overwhelming sense that

37
00:01:41,855 --> 00:01:43,875
the regulatory burden has intensified.

38
00:01:44,974 --> 00:01:48,734
Compliance has become significantly more complicated across virtually

39
00:01:48,734 --> 00:01:50,594
every sector that we spoke to.

40
00:01:50,930 --> 00:01:53,650
And in fact, 85% of the respondents said

41
00:01:53,650 --> 00:01:56,209
compliance requirements have grown more complex in just

42
00:01:56,209 --> 00:01:58,609
the last three years, and that rises to

43
00:01:58,609 --> 00:02:00,549
90% in financial services.

44
00:02:01,650 --> 00:02:03,969
Based on the current geopolitical landscape as well,

45
00:02:03,969 --> 00:02:05,590
I think this is gonna be a continuing

46
00:02:05,649 --> 00:02:06,149
trend.

47
00:02:07,024 --> 00:02:08,944
But what's interesting, Owen, is that it's not

48
00:02:08,944 --> 00:02:10,405
just the volume of issues,

49
00:02:11,185 --> 00:02:13,185
I e more rules that is causing the

50
00:02:13,185 --> 00:02:15,745
real challenges. It's about the complexity and the

51
00:02:15,745 --> 00:02:17,764
velocity of regulation at the moment.

52
00:02:18,064 --> 00:02:21,284
It's also about the overlapping, sometimes conflicting regulations

53
00:02:21,504 --> 00:02:22,004
coming

54
00:02:22,389 --> 00:02:23,129
at organizations

55
00:02:23,430 --> 00:02:25,909
faster than they can adapt. And that creates

56
00:02:25,909 --> 00:02:29,349
real pressure on leadership's time, resourcing, and confidence

57
00:02:29,349 --> 00:02:30,409
in decision making,

58
00:02:30,789 --> 00:02:33,610
which can cripple an organization's strategic ambitions.

59
00:02:34,324 --> 00:02:36,185
It also impacts the organizations

60
00:02:36,485 --> 00:02:36,985
commercially,

61
00:02:37,924 --> 00:02:41,604
slowing down digital transformation, delaying product launches, and

62
00:02:41,604 --> 00:02:43,705
limiting expansions into new markets.

63
00:02:44,164 --> 00:02:45,125
77%

64
00:02:45,125 --> 00:02:47,465
of the responders said that they've already experienced

65
00:02:47,525 --> 00:02:50,330
negative effects in five or more key business

66
00:02:50,330 --> 00:02:51,150
growth areas.

67
00:02:51,930 --> 00:02:54,090
But we are seeing, you know, some firms

68
00:02:54,090 --> 00:02:55,629
that aren't standing still.

69
00:02:56,490 --> 00:02:58,990
We're seeing a more forward thinking group emerge,

70
00:02:59,129 --> 00:03:00,810
what we've called in our report as the

71
00:03:00,810 --> 00:03:01,950
compliance pioneers.

72
00:03:03,164 --> 00:03:05,724
They're using compliance not just to manage risk,

73
00:03:05,724 --> 00:03:08,764
but to accelerate change, drive efficiency, and support

74
00:03:08,764 --> 00:03:09,824
strategic aims.

75
00:03:10,205 --> 00:03:13,905
They're embedding technology, centralizing functions, and treating compliance

76
00:03:13,965 --> 00:03:16,705
as a capability, not just a control function,

77
00:03:17,020 --> 00:03:19,340
and really moving compliance from the background to

78
00:03:19,340 --> 00:03:20,000
the boardroom.

79
00:03:20,300 --> 00:03:22,139
And that's a really important mind shift that

80
00:03:22,139 --> 00:03:23,439
we're starting to see.

81
00:03:24,300 --> 00:03:24,800
Cybersecurity

82
00:03:25,259 --> 00:03:28,539
and data protection slash data privacy tied for

83
00:03:28,539 --> 00:03:31,900
the number one compliance concern among respondents across

84
00:03:31,900 --> 00:03:32,400
industries.

85
00:03:32,915 --> 00:03:33,715
51%

86
00:03:33,715 --> 00:03:36,615
of your sample called the two related functions,

87
00:03:36,835 --> 00:03:37,575
key priorities.

88
00:03:38,275 --> 00:03:40,594
Rob, are these the areas you see getting

89
00:03:40,594 --> 00:03:42,435
the most attention in the near term? And

90
00:03:42,435 --> 00:03:44,694
if so, why? And that's cybersecurity

91
00:03:45,155 --> 00:03:47,575
and data protection slash data privacy.

92
00:03:48,290 --> 00:03:49,030
Yeah. Absolutely.

93
00:03:49,889 --> 00:03:52,150
I think it's because these risks are existential.

94
00:03:52,449 --> 00:03:52,949
So

95
00:03:53,409 --> 00:03:55,490
a cyber attack or a data breach today

96
00:03:55,490 --> 00:03:58,870
doesn't just cause regulatory problems. It erodes trust,

97
00:03:59,009 --> 00:04:01,909
derails operations, and can spark a chain reaction

98
00:04:02,534 --> 00:04:04,794
with regulators, investors and the public.

99
00:04:05,094 --> 00:04:07,175
And that priority came through very clearly in

100
00:04:07,175 --> 00:04:09,495
the research and has done in much of

101
00:04:09,495 --> 00:04:10,215
our research,

102
00:04:10,534 --> 00:04:13,034
that PwC has conducted in the recent years.

103
00:04:14,134 --> 00:04:16,294
Cybersecurity and data protection, as you say, were

104
00:04:16,294 --> 00:04:18,470
named top priorities and over half of the

105
00:04:18,470 --> 00:04:18,970
respondents,

106
00:04:20,149 --> 00:04:20,970
claimed that.

107
00:04:21,669 --> 00:04:24,550
They were number one across every sector except

108
00:04:24,550 --> 00:04:28,149
energy, where environmental compliance edged slightly ahead, but

109
00:04:28,149 --> 00:04:30,009
that's probably for obvious reasons.

110
00:04:30,709 --> 00:04:32,490
And I think there's probably a few

111
00:04:32,845 --> 00:04:35,345
things driving that response around cybersecurity

112
00:04:35,725 --> 00:04:38,925
and, and data protection. First, the threat landscape

113
00:04:38,925 --> 00:04:39,985
has evolved massively.

114
00:04:40,845 --> 00:04:42,865
Cyberattacks are getting more and more sophisticated.

115
00:04:43,245 --> 00:04:45,644
They're more targeted and can have much wider

116
00:04:45,644 --> 00:04:46,625
reaching consequences,

117
00:04:47,209 --> 00:04:49,949
of just financial but reputational as well.

118
00:04:51,529 --> 00:04:54,589
Secondly, the regulatory bar has been raised. So

119
00:04:54,730 --> 00:04:55,230
GDPR,

120
00:04:55,770 --> 00:04:56,270
DORA,

121
00:04:56,970 --> 00:04:59,470
or other data protection roles around the world,

122
00:04:59,935 --> 00:05:01,935
companies are under serious pressure to get this

123
00:05:01,935 --> 00:05:04,014
right. And it varies country by country, so

124
00:05:04,014 --> 00:05:05,235
it's not a simple thing.

125
00:05:06,334 --> 00:05:09,375
Thirdly, for me, it's still an unknown entity

126
00:05:09,375 --> 00:05:12,095
that evolves at pace. And as as humans,

127
00:05:12,095 --> 00:05:14,830
we're inherently worried about the unknown. So for

128
00:05:14,830 --> 00:05:17,330
a lot of business leaders, the technical expertise

129
00:05:17,550 --> 00:05:19,629
just just isn't there yet, and they're reliant

130
00:05:19,629 --> 00:05:22,430
on a small population of, you know, experts

131
00:05:22,430 --> 00:05:25,150
within their organisation who understand the risks. So

132
00:05:25,150 --> 00:05:27,404
it always comes out top whether we're talking

133
00:05:27,404 --> 00:05:29,425
to CEOs or compliance professionals.

134
00:05:30,204 --> 00:05:32,865
And lastly, it's about trust. I think customers,

135
00:05:33,004 --> 00:05:35,584
investors, regulators expect organizations

136
00:05:35,964 --> 00:05:37,824
to treat their data responsibly

137
00:05:38,444 --> 00:05:41,069
and protect it rigorously. So, yeah, I think

138
00:05:41,069 --> 00:05:42,670
these areas are gonna get a lot of

139
00:05:42,670 --> 00:05:43,170
attention,

140
00:05:43,870 --> 00:05:46,350
today, but also going into the future, not

141
00:05:46,350 --> 00:05:49,330
just as compliance issues, but also as strategic

142
00:05:49,470 --> 00:05:49,970
imperatives.

143
00:05:51,149 --> 00:05:52,529
You you preempted me

144
00:05:52,830 --> 00:05:55,064
a moment ago. So I I liked that

145
00:05:55,225 --> 00:05:56,904
stat about the 85%

146
00:05:56,904 --> 00:06:00,024
across all vertical said compliance has become more

147
00:06:00,024 --> 00:06:00,524
complex,

148
00:06:01,064 --> 00:06:04,045
even higher for financial services at 90%.

149
00:06:04,824 --> 00:06:07,305
And in the report, the complexity of cross

150
00:06:07,305 --> 00:06:10,310
border payments was also called out specifically. So,

151
00:06:10,310 --> 00:06:12,490
Rob, give us a glimpse of how PWC

152
00:06:12,629 --> 00:06:15,529
is advising clients who want to avoid regulatory

153
00:06:15,750 --> 00:06:16,250
fatigue,

154
00:06:16,629 --> 00:06:18,889
especially as that relates to payments.

155
00:06:20,069 --> 00:06:22,870
Yeah. Cross border payments has become a real

156
00:06:22,870 --> 00:06:25,435
flashpoint, I think, for for the clients we

157
00:06:25,435 --> 00:06:26,175
speak to.

158
00:06:26,555 --> 00:06:29,835
And companies face layers of AML sanctions, tax,

159
00:06:29,835 --> 00:06:33,194
and financial reporting obligations. And these, again, differ

160
00:06:33,194 --> 00:06:35,375
widely country to country. So

161
00:06:35,754 --> 00:06:38,475
that complexity is draining on resources, trying to

162
00:06:38,475 --> 00:06:39,535
keep up to speed,

163
00:06:40,235 --> 00:06:43,110
and, you know, frankly exhausting teams as they

164
00:06:43,110 --> 00:06:46,050
do this. So again, it comes down to

165
00:06:46,050 --> 00:06:49,009
applying technology to these kind of time and

166
00:06:49,009 --> 00:06:50,629
resource burdensome activities.

167
00:06:51,409 --> 00:06:53,889
It's a much smarter approach reducing the manual

168
00:06:53,889 --> 00:06:56,310
effort and embedding compliance into processes.

169
00:06:57,194 --> 00:07:00,415
So for example, you know, automating sanctions, screening,

170
00:07:00,555 --> 00:07:01,055
integrating

171
00:07:01,514 --> 00:07:03,454
regulatory alerts into workflows,

172
00:07:04,475 --> 00:07:07,194
and using dashboards to monitor exposure in real

173
00:07:07,194 --> 00:07:07,694
time.

174
00:07:08,074 --> 00:07:10,314
So not only does that reduce the burden

175
00:07:10,314 --> 00:07:11,694
and speed up the process,

176
00:07:12,259 --> 00:07:14,740
it allows those resources to spend more time

177
00:07:14,740 --> 00:07:17,300
on the more value add activities, so supporting

178
00:07:17,300 --> 00:07:20,120
the commercial imperatives of the organization as well.

179
00:07:20,979 --> 00:07:23,240
It's also true where we see organizations

180
00:07:23,779 --> 00:07:25,560
centralizing compliance oversight.

181
00:07:26,134 --> 00:07:27,914
So especially for global businesses,

182
00:07:28,294 --> 00:07:29,595
improving that consistency,

183
00:07:29,975 --> 00:07:31,035
enhancing the visibility,

184
00:07:32,134 --> 00:07:34,935
and again reducing the the load of, on

185
00:07:34,935 --> 00:07:36,694
the local teams to allow them to be

186
00:07:36,694 --> 00:07:39,274
more business enabling is is becoming really important.

187
00:07:39,574 --> 00:07:42,319
But, ultimately, it's about, I guess, reducing the

188
00:07:42,319 --> 00:07:43,779
noise and helping organizations

189
00:07:44,319 --> 00:07:45,060
move from

190
00:07:45,600 --> 00:07:48,899
reactive firefighting to a more streamlined, coordinated,

191
00:07:49,839 --> 00:07:51,360
proactive, I think is one of the key

192
00:07:51,360 --> 00:07:51,860
words,

193
00:07:52,240 --> 00:07:55,199
compliance model that supports rather than hinders commercial

194
00:07:55,199 --> 00:07:55,699
agility.

195
00:07:56,285 --> 00:07:58,605
So that kind of providing a breadth of

196
00:07:58,605 --> 00:08:01,084
business insights that no other function really has

197
00:08:01,084 --> 00:08:02,384
access to, and I think

198
00:08:02,845 --> 00:08:04,845
compliance being at the center of that is

199
00:08:04,845 --> 00:08:06,604
is what we talk about in the report.

200
00:08:06,604 --> 00:08:06,845
And,

201
00:08:07,404 --> 00:08:09,884
we talk about the strategic compliance officer really

202
00:08:09,884 --> 00:08:10,944
coming to the fore.

203
00:08:11,850 --> 00:08:13,129
One of the things I loved in the

204
00:08:13,129 --> 00:08:16,110
report was this idea of winning through compliance

205
00:08:16,649 --> 00:08:17,149
innovation.

206
00:08:19,370 --> 00:08:21,870
How does PwC define compliance

207
00:08:22,250 --> 00:08:25,264
innovation, Rob? What is that? I think compliance

208
00:08:25,264 --> 00:08:27,205
innovation is really about transforming

209
00:08:27,745 --> 00:08:29,365
compliance from that reactive

210
00:08:29,904 --> 00:08:30,884
resource heavy

211
00:08:31,425 --> 00:08:33,745
to something much more proactive, something on the

212
00:08:33,745 --> 00:08:36,785
front foot that's efficient and really adds value

213
00:08:36,785 --> 00:08:37,924
back into the organization.

214
00:08:38,960 --> 00:08:43,039
It's, again, predominantly driven by technology, data, and

215
00:08:43,039 --> 00:08:44,259
reimagining processes,

216
00:08:44,960 --> 00:08:46,899
but it's also about the human ecosystem.

217
00:08:47,440 --> 00:08:49,519
So be it the new skills required of

218
00:08:49,519 --> 00:08:52,980
compliance teams such as data analysts, behavioral scientists,

219
00:08:53,759 --> 00:08:54,259
storytelling,

220
00:08:55,574 --> 00:08:58,054
but also the culture across the organization, that

221
00:08:58,054 --> 00:09:01,574
kind of shared accountability for compliance and ethics.

222
00:09:01,574 --> 00:09:02,074
So

223
00:09:02,454 --> 00:09:04,534
if we take we talk about compliance by

224
00:09:04,534 --> 00:09:06,214
design in the report as well. And if

225
00:09:06,214 --> 00:09:08,475
we if we take that as a concept,

226
00:09:08,695 --> 00:09:09,754
it's really about

227
00:09:10,440 --> 00:09:12,679
instead of bolting compliance on at the end

228
00:09:12,679 --> 00:09:14,440
of a process, you embed it at the

229
00:09:14,440 --> 00:09:15,419
outset. So

230
00:09:15,720 --> 00:09:18,440
teams engaging with compliance at the concept stage

231
00:09:18,440 --> 00:09:20,519
of a new product rather than than at

232
00:09:20,519 --> 00:09:21,580
the sign off stage.

233
00:09:22,625 --> 00:09:26,065
Obviously saves time, reduces rework, builds quality and

234
00:09:26,065 --> 00:09:28,325
governance into the process. So

235
00:09:28,945 --> 00:09:31,204
what the report showed is that organizations

236
00:09:31,664 --> 00:09:32,964
that are doing this well,

237
00:09:33,584 --> 00:09:36,644
embedding compliance early and integrating tools, centralizing

238
00:09:36,945 --> 00:09:37,445
data,

239
00:09:38,360 --> 00:09:41,000
are really gaining agility in their operations. They're

240
00:09:41,000 --> 00:09:43,100
able to spot risks much faster,

241
00:09:43,720 --> 00:09:46,779
make quicker, better decisions, and accelerate transformation.

242
00:09:47,639 --> 00:09:49,879
And that's the essence, I think, of compliance

243
00:09:49,879 --> 00:09:50,379
innovation.

244
00:09:51,159 --> 00:09:53,205
And the publication as we talk about is

245
00:09:53,285 --> 00:09:56,325
it's about reinventing compliance to speed up, not

246
00:09:56,325 --> 00:09:57,065
trip up.

247
00:09:57,764 --> 00:09:58,585
Risk mitigation

248
00:09:58,965 --> 00:10:02,345
ranked as the top three influencer of compliance

249
00:10:02,644 --> 00:10:03,144
investment

250
00:10:03,764 --> 00:10:06,345
behind being able to respond to regulatory

251
00:10:06,725 --> 00:10:11,419
issues and regulatory changes at 4442%

252
00:10:11,419 --> 00:10:11,919
respectively.

253
00:10:12,779 --> 00:10:15,600
Rob, how does compliance innovation

254
00:10:16,059 --> 00:10:18,559
lower risk in a volatile market?

255
00:10:19,419 --> 00:10:21,584
It's a great question. I think it's it's

256
00:10:21,584 --> 00:10:24,625
not just about lowering risk. It's it's probably

257
00:10:24,625 --> 00:10:28,144
more about navigating risk as well. So through

258
00:10:28,144 --> 00:10:31,424
that, the early detection, that that visibility and

259
00:10:31,424 --> 00:10:33,424
an insight that you might have across the

260
00:10:33,424 --> 00:10:33,924
organization

261
00:10:34,990 --> 00:10:37,309
gives you that ability, I guess, to see

262
00:10:37,309 --> 00:10:40,450
around corners. So with technology scanning,

263
00:10:41,070 --> 00:10:44,049
AI highlighting red flags, and dashboards showing

264
00:10:44,509 --> 00:10:47,389
risk trends and themes over time, this means

265
00:10:47,389 --> 00:10:49,504
you can you can move much more from

266
00:10:49,504 --> 00:10:52,804
that reacting to problems and into navigating them,

267
00:10:53,584 --> 00:10:56,464
which obviously helps business maintain their momentum and

268
00:10:56,464 --> 00:10:58,004
not be slowed down. So

269
00:10:58,464 --> 00:11:00,464
this is, as we say, the only way

270
00:11:00,464 --> 00:11:02,225
that companies can really stay ahead of the

271
00:11:02,225 --> 00:11:03,204
risks associated

272
00:11:03,980 --> 00:11:04,879
with all the regulatory

273
00:11:05,259 --> 00:11:06,399
changes and issues

274
00:11:06,940 --> 00:11:09,340
that we have now, that we've had in

275
00:11:09,340 --> 00:11:11,580
the recent recent months, and that we will

276
00:11:11,580 --> 00:11:13,840
continue to have that are disrupting the market.

277
00:11:14,700 --> 00:11:16,559
Saving AI for last.

278
00:11:16,934 --> 00:11:19,254
PwC found that 36%

279
00:11:19,254 --> 00:11:22,215
of respondents are already piloting or using AI

280
00:11:22,215 --> 00:11:23,355
for fraud detection,

281
00:11:23,815 --> 00:11:25,335
whereas 32%

282
00:11:25,335 --> 00:11:26,394
are not currently

283
00:11:27,254 --> 00:11:30,875
piloting or using AI for any compliance activities.

284
00:11:31,460 --> 00:11:33,220
With one in three saying they are not

285
00:11:33,220 --> 00:11:35,940
using AI for compliance or even testing it

286
00:11:35,940 --> 00:11:38,840
and a slightly higher number saying they are,

287
00:11:38,899 --> 00:11:41,240
Rob, why is business so bifurcated

288
00:11:41,620 --> 00:11:42,920
about using AI

289
00:11:43,299 --> 00:11:44,360
for fraud detection?

290
00:11:45,345 --> 00:11:47,504
Generally, you know, people argue, is it a

291
00:11:47,504 --> 00:11:48,704
good thing? It's a bad is it a

292
00:11:48,704 --> 00:11:51,024
bad thing? I think the the real question

293
00:11:51,024 --> 00:11:52,544
is it's a thing, and we're just gonna

294
00:11:52,544 --> 00:11:54,464
have to we're gonna have to adopt it

295
00:11:54,464 --> 00:11:55,764
and get on with it. So,

296
00:11:56,464 --> 00:11:58,324
that finding really stood out.

297
00:11:59,370 --> 00:12:01,529
But that that and also the the finding

298
00:12:01,529 --> 00:12:04,250
that the majority of respondents believe AI will

299
00:12:04,250 --> 00:12:07,950
have a net positive impact overall on compliance.

300
00:12:08,490 --> 00:12:10,090
But you're you're right. We're seeing a kind

301
00:12:10,090 --> 00:12:12,615
of two speed world where when it comes

302
00:12:12,615 --> 00:12:15,274
to the adoption of that. And some firms,

303
00:12:15,575 --> 00:12:17,894
particularly in the financial services and the tech

304
00:12:17,894 --> 00:12:21,355
sector, are forging ahead with AI, probably not

305
00:12:21,415 --> 00:12:25,195
unsurprisingly, but especially in fraud detection, predictive analytics,

306
00:12:26,410 --> 00:12:28,970
whereas others are taking a more cautious approach

307
00:12:28,970 --> 00:12:29,550
to that.

308
00:12:29,929 --> 00:12:31,950
And there's probably valid reasons,

309
00:12:33,050 --> 00:12:35,529
and it's it's the usual reasons that many

310
00:12:35,529 --> 00:12:39,149
organizations are still grappling with fragmented data,

311
00:12:39,664 --> 00:12:40,564
legacy systems,

312
00:12:41,264 --> 00:12:43,044
a multitude of different systems.

313
00:12:43,985 --> 00:12:45,664
And then you add on to that the

314
00:12:45,664 --> 00:12:47,924
the concerns around the governance and the control

315
00:12:47,985 --> 00:12:49,904
around that that data and the use of

316
00:12:49,904 --> 00:12:51,345
AI and some of the risks that we

317
00:12:51,345 --> 00:12:52,485
know come with AI.

318
00:12:53,779 --> 00:12:55,299
So I think eight 89%

319
00:12:55,299 --> 00:12:57,860
of survey respondents said they were worried about

320
00:12:57,860 --> 00:13:00,759
data privacy and security risks with AI. So,

321
00:13:01,220 --> 00:13:03,059
you know, that's quite a clear message that

322
00:13:03,059 --> 00:13:05,220
the hesitation is is there and it's it's

323
00:13:05,220 --> 00:13:07,000
probably understandable. But

324
00:13:07,865 --> 00:13:09,245
the the potential is huge.

325
00:13:10,184 --> 00:13:12,924
AI can help spot fraud patterns at scale,

326
00:13:13,384 --> 00:13:15,304
reduce all of the false positives that you

327
00:13:15,304 --> 00:13:16,284
might see previously,

328
00:13:17,144 --> 00:13:18,524
and help speed up investigations,

329
00:13:19,705 --> 00:13:21,725
just through the data analytics approach.

330
00:13:22,169 --> 00:13:24,089
But to do it well, as we said,

331
00:13:24,089 --> 00:13:26,029
you need you need the right data foundation,

332
00:13:26,649 --> 00:13:27,470
and a robust

333
00:13:27,850 --> 00:13:29,870
AI governance framework around it.

334
00:13:30,250 --> 00:13:32,190
So the divide probably comes

335
00:13:32,809 --> 00:13:34,829
down not to desire or willingness,

336
00:13:35,465 --> 00:13:36,924
but probably more the readiness,

337
00:13:37,705 --> 00:13:39,004
technically and culturally.

338
00:13:39,705 --> 00:13:41,785
So I think, you know, what we see

339
00:13:41,785 --> 00:13:44,105
some companies doing is almost testing the water,

340
00:13:44,105 --> 00:13:45,565
doing small pilot initiatives,

341
00:13:46,264 --> 00:13:48,184
building up a bit of confidence, getting the

342
00:13:48,184 --> 00:13:49,725
data right. And then as

343
00:13:50,090 --> 00:13:52,090
as that becomes part of the broader compliance

344
00:13:52,090 --> 00:13:55,210
and risk strategy, you just slowly add additional

345
00:13:55,210 --> 00:13:57,529
risks and new datasets and things like that

346
00:13:57,529 --> 00:14:00,110
and increase the breadth of what you're doing.

347
00:14:00,250 --> 00:14:02,970
But it's it's not just about adopting the

348
00:14:02,970 --> 00:14:03,470
technology.

349
00:14:04,034 --> 00:14:06,914
It's about, obviously, doing doing it responsibly as

350
00:14:06,914 --> 00:14:07,414
well.

351
00:14:07,875 --> 00:14:08,375
Agreed.

352
00:14:09,154 --> 00:14:09,654
Compliance

353
00:14:10,115 --> 00:14:10,615
innovation.

354
00:14:11,154 --> 00:14:13,394
It's a smart new tonic for the old

355
00:14:13,394 --> 00:14:14,694
problem of regulatory

356
00:14:14,995 --> 00:14:15,495
fatigue.

357
00:14:15,954 --> 00:14:18,410
As b two b payments face more regulations

358
00:14:18,410 --> 00:14:20,410
in the months and years to come, we

359
00:14:20,410 --> 00:14:22,429
strongly suggest reading the PWC

360
00:14:22,809 --> 00:14:25,389
global compliance survey 2025,

361
00:14:25,529 --> 00:14:27,950
especially if you wanna know what adjacent verticals

362
00:14:28,009 --> 00:14:28,590
are doing.

363
00:14:28,970 --> 00:14:31,504
Our thanks to a great guest, Rob Stevenson,

364
00:14:31,504 --> 00:14:33,205
director of risk at PwC.

365
00:14:33,825 --> 00:14:35,904
To our audience, the smartest people in b

366
00:14:35,904 --> 00:14:38,725
two b payments, thanks for listening. Hit subscribe.

367
00:14:39,105 --> 00:14:41,445
Catch us again on your favorite podcast platforms,

368
00:14:41,585 --> 00:14:42,965
including Apple and Spotify.

369
00:14:43,424 --> 00:14:44,399
Bye for now.

370
00:14:56,960 --> 00:14:58,340
The payments podcast,

371
00:14:58,960 --> 00:15:00,180
from Bottom Line.