Skip to content

AI in Compliance: can ChatGPT help whistleblowers?

Exploring the world of AI

AI, the opportunities the AI gives you, and the shortcomings of AI (such as lack of privacy) are everywhere. Of course, we couldn’t resist the temptation to ask ourselves what AI can do for compliance officers. And most importantly - can AI take the job of a compliance officer? We reckon it can’t so far. Let’s go through a thought experiment with us and ask ChatGPT to investigate a case for us.

a confused man surrounded by laptops

Plot: an anonymous whistleblower submits a report that mentions a leak of chemical hazard in the river by a respectable company in the region. There is only one day before the information goes public. How would you proceed with the case being a compliance officer?

What ChatGPT is saying:

As a compliance officer, the first step would be to follow the company's internal protocols for handling potential environmental incidents. This may involve immediately notifying senior management, legal counsel, and other relevant stakeholders. It's important to act quickly and efficiently to mitigate any damage to the company's reputation and minimize any potential harm to the environment.

a hand holding a folder

Here are some specific steps that can be taken:

  1. Verify the accuracy of the report: The first step would be to verify the accuracy of the report. This can be done by gathering more information from the whistleblower, reviewing the company's records and conducting an investigation into the incident.
  2. Assess the situation: Once the report is verified, the next step would be to assess the situation. This may involve contacting the relevant environmental authorities and gathering information on the potential impact of the chemical hazard leak.
  3. Take immediate action: If there is an immediate threat to public health or the environment, the company must take immediate action to contain the leak and mitigate any damage.
  4. Notify the relevant authorities: Depending on the severity of the incident, the company may be required to notify local, state, or federal environmental authorities. Compliance officers must be familiar with the applicable regulations and ensure that the company is complying with all reporting requirements.
  5. Conduct an investigation: The company must conduct an investigation into the incident to determine the cause of the leak and identify any potential violations of environmental regulations. This may involve interviewing employees, reviewing records, and analyzing data.
  6. Communicate with stakeholders: As the investigation progresses, the company must communicate with stakeholders, including employees, customers, suppliers, and the public. It's important to be transparent and provide accurate information about the incident and the company's response.
  7. Implement corrective actions: Once the investigation is complete, the company must implement corrective actions to prevent similar incidents from occurring in the future. This may involve updating policies and procedures, providing additional training to employees, and investing in new technology and equipment.

Overall, the key to handling this situation is to act quickly and responsibly to mitigate any damage and ensure compliance with environmental regulations. By following the appropriate protocols and communicating effectively with stakeholders, the company can protect its reputation and demonstrate its commitment to responsible environmental stewardship.

AI vs Compliance officer

a table with checkmarksSurprising, right? Not only is the plan precise but it is generally correct. However, it is the nuances that define the success of the whole investigation and the case resolution. And one important detail: the AI’s script follows the legal balance between the public interest and private (whistleblower vs company).

A compliance officer is more flexible in choosing whose interest to protect, so the order of the steps might be very different in case of a real investigation. What can we pick up from this though experiment that favours AI?





  • Timely response: AI is not restricted by working hours, lack of human resources etc.
  • Impartiality. Even with the strictest precautions there is a chance that the investigator has a personal interest in the case.
  • Does everything according to the SOP and has access to all databases with the data protection laws, whistleblowing principles and more.
  • In a situation where a compliance officer is newly hired and lacks experience, AI will do the same or better job in drafting documents, responding to whistleblowers, reporting on performance.
  • AI is definitely a cheaper way to access professional knowledge, not to mention the costs of hiring a professional.


  • Lack of context for AI: if the situation is out of the usual scope (emergency), a human investigator might react better and understand what is at stake for both the company, and the whistleblower.
  • Can’t provide human experience. Reports in person are not as popular as reports through a hotline or web-platform, however, they still take place. A human investigator can show sympathy, listen actively and make the whistleblower feel heard and understood.
  • Might not adapt quickly or at all to work in a team with compliance professionals (if the team is closely collaborating on site).
  • Both AI and humans learn and advance, however, for work with whistleblowers knowledge of human psychology is a prerequisite in which humans are stronger (as for now). Understanding the motives of whistleblowers and violators, catching a hint of manipulation and resentment are all important for leading the investigation in the right direction.

Part 2 is coming! AI is an amazing tool that helps to complete tasks efficiently, and it is crucial to know how to use it for the benefits of compliance. Skilful use of AI instead of blind replacement of real professionals is a way to go - we are going to discover real cases further. And let’s see how well AI can perform!