Picture a Tuesday afternoon. There are three policy reviews waiting, a vendor onboarding process that has stalled because no one can agree on the right steps, and a meeting request from legal that needs a summary of your current approval workflow – which lives, currently, across four different documents and a email chain from March. You know what needs doing. You just don’t have the hours to do all of it well.
This is the part of compliance work that rarely gets talked about: not the decisions themselves, but the enormous amount of structural, administrative, and organisational effort required to support them. And it is exactly the part where AI is already changing the game for professionals who have started using it.
The shift is not dramatic or complicated. Compliance and risk managers who are getting real value from AI are not doing anything technical – they are simply describing their problems clearly to a tool like ChatGPT or Claude, and letting it do the heavy lifting on structure, drafting, and organisation. The expertise still comes entirely from them. What changes is how quickly that expertise gets translated into something usable.
Where the Hours Actually Go
Think about the last time you built an internal workflow from scratch. Or rewrote a process document because the old one had gaps. Or tried to standardise something across a team that had been doing it four different ways. Each of those tasks requires you to hold a lot of context in your head, translate it into clear written steps, anticipate edge cases, assign accountability, and make it legible to people who weren’t in the room when the decisions were made. That is genuinely hard, skilled work – and it is also the kind of work that AI can support at every stage.
A compliance manager dealing with a new third-party vendor onboarding process, for example, could open Claude or ChatGPT and use a prompt like this one:
“I am a compliance manager at a mid-sized financial services firm and we are onboarding a new third-party vendor. I need you to build a detailed, step-by-step internal compliance workflow that takes us from initial risk assessment all the way through to final approval and ongoing monitoring. For each step, please include the name of the step, who is responsible, what documentation or evidence is required, what the approval criteria are, and any important compliance considerations or flags to be aware of. Format this as a structured table or numbered process so it is easy to share with the team and adapt to our specific requirements.”
What comes back is not a finished document – it is a strong first draft that would previously have taken ninety minutes to produce from scratch. From there, you adapt it to your firm’s specifics, add the institutional knowledge only you hold, and share it. The AI handled the skeleton. You provided the substance.
That distinction matters, because it is where a lot of people get AI wrong. The tool is not replacing your judgement. It is handling the blank-page problem so that your judgement has something to work with immediately.
The same logic applies when something already exists but needs a critical eye. Compliance documentation has a way of drifting – language becomes ambiguous, accountability gaps appear, processes get amended informally without being updated formally. Running an existing workflow through an AI review catches things that human familiarity tends to miss. A prompt that works well for this is:
“I am going to share an internal compliance process document with you. I need you to review it thoroughly and identify any steps where accountability is unclear or unassigned, any language that is ambiguous or open to interpretation, any stages where required documentation is not specified, any logical gaps in the sequence where something could fall through the cracks, and any areas where the process could be misread by someone unfamiliar with our organisation. Please present your findings clearly, with a specific explanation of each issue and a concrete suggestion for how it could be improved.”
This is not a task that requires technical knowledge. It requires knowing what good compliance documentation looks like – which you already do. The AI is simply a rigorous, tireless second pair of eyes that has read an enormous amount of process documentation and knows how to interrogate structure.
What This Means for How You Develop Professionally
The compliance and risk managers who will have the most capacity for high-value strategic work over the next few years are the ones building these habits now. Not because AI will do their jobs for them, but because the professionals who know how to use it well will be able to operate at a level of output and quality that was not previously possible for a single person or small team. That is a significant professional advantage, and it compounds quickly.
Knowing how to prompt well, what tasks to delegate to AI and what to retain, how to verify outputs against regulatory standards, and how to integrate these tools into a compliance function – this is a practical skill set, and one that is genuinely learnable.
If you are ready to build it properly, the AI for Compliance & Risk Managers course at the Workplace AI Institute walks you through exactly this – hands-on, role-specific, and designed for professionals who want to work at a higher level without needing a background in technology. The Tuesday afternoon described at the start of this article does not have to be that complicated. It just requires knowing where to start.
