Dun & Bradstreet outlines seven key compliance trends

Dun & Bradstreet has set out seven compliance trends it expects to shape corporate risk and regulatory activity in 2026, with sanctions screening, data quality and AI governance at the centre of its outlook.

Stuart Swindell, Head of Third Party Risk & Compliance, Europe at Dun & Bradstreet, said the pace of geopolitical change and the growth of regulation had raised expectations for how organisations monitor suppliers, partners and ownership structures.

Sanctions pressure

The company said sanctions regimes were expanding in scope and complexity as geopolitical blocs became more defined. It mentioned regulators wanted greater visibility across supply chains and corporate ownership.

Dun & Bradstreet said organisations now faced the task of tracing goods, data and ownership through multiple layers of supply chains rather than focusing on direct relationships. It said this increased the risk of inadvertent breaches and raised demands on compliance teams.

It also pointed to recent enforcement activity in the Nordic region. It said individual executives had faced personal liability for compliance failures.

Dun & Bradstreet cited the emergence of new rules such as BIS 50. It stated that these rules would require screening of affiliated entities and shareholders and would increase demand for tools that map ownership structures across jurisdictions.

Wider regulation

The company said regulatory expectations in 2026 would become more demanding and interconnected. It stated that regulators would look for proactive efforts to seek and validate information about partners and supply chains.

It added that a lack of data or visibility would count as a risk in itself. That approach would increase pressure on companies that rely on periodic reviews or static compliance files.

Dun & Bradstreet said the EU Omnibus Directive would continue to examine thresholds linked to the Corporate Sustainability Reporting Directive and the Corporate Sustainability Due Diligence Directive. It said changes could make reporting easier for small and medium-sized businesses, while large enterprises would still face strict standards.

It also said voluntary ESG reporting would become routine and that a new anti-money laundering package would set higher standards for ownership transparency and continuous data validation.

Need for agility

Dun & Bradstreet described agility as a defining trait for compliance teams in 2026. It said sudden regulatory changes, global disruptions and new sanctions would drive unexpected workloads and rapid reprioritisation.

It said compliance teams would need to update controls and processes quickly and keep decision records in a defensible format. It also said organisations should prepare for rapid re-screening of counterparties, changes to risk thresholds and faster internal escalation.

AI governance

The company said artificial intelligence would play a larger role in compliance work, but it warned that organisations would face stricter requirements for governance and data standards.

It cited the EU AI Act and said its requirements would change how compliance teams use AI. Dun & Bradstreet said companies would need to show how AI systems reached decisions and maintain records on the data used.

It said incomplete or out-of-date data would raise the risk of incorrect results. It added that regulators would expect organisations to demonstrate that processes were robust.

Dun & Bradstreet said AI could reduce false alerts and speed up risk detection, but human judgment would remain essential in decision-making.

Fraud and cyber

Dun & Bradstreet said fraud and cyber risk were converging as leading compliance concerns. It said sophisticated fraud schemes increasingly overlapped with cyber-attacks that targeted supply chains, identity systems and financial operations.

It also said ransomware and data breaches continued to disrupt operations. It said organisations would face greater scrutiny over how quickly they identify threats and how they demonstrate the effectiveness of controls.

The company said real-time monitoring, stronger identity checks and improved data quality would become central elements of compliance programmes. It also said organisations would move towards unified approaches that link fraud controls with cybersecurity measures.

Data access rules

Dun & Bradstreet said international businesses would face growing complexity from diverging rules on data access and ownership across regions. It said ESG expectations and other regulatory standards would vary by market, including within Europe.

It also noted that more non-EU countries were likely to report ESG data voluntarily as commercial expectations change. It said organisations would need to adapt to local requirements and respond transparently.

Skills and judgement

Dun & Bradstreet said compliance teams would rely on a blend of technology and human expertise. It said automation would handle routine tasks, while professionals would focus on complex interpretation, ethical questions and defensible decisions.

It also stated that continual training will become increasingly vital as rules change and companies consider how much to rely on algorithms. AI can help teams identify dangers faster and reduce false alarms, but it will not replace human judgment.

They noted that the most effective compliance teams will combine clean data, clear oversight, and practical knowledge to fulfil new regulatory requirements and avoid costly mistakes.