Organizations must elevate risk management capabilities to achieve meaningful returns on generative AI investments, according to new research from Parker & Lawrence examining AI adoption in risk and compliance functions.

The report identifies an "ROI paradox" where 95% of organizations see zero return despite $US30-40 billion in enterprise GenAI investment. Firms default to low-risk use cases like summarization and chatbots that deliver limited strategic value while carrying GenAI's relatively high costs.

"Most organizations fall on the wrong side of the GenAI Divide. Adoption is high, but disruption is low," MIT researchers noted in findings cited by the report.

Survey data from 224 senior risk and compliance professionals across the UK and US revealed 98.2% report GenAI presents new or increased challenges. Financial crime, compliance management and cybersecurity face the greatest financial impact from both GenAI opportunities and risks.

Less than half of respondents feel "very confident" in their organization's ability to control GenAI risks. Data quality and availability issues topped implementation barriers at 45.3%, followed by cost concerns.

The research found organizations experiencing highest ROI are more likely to require technical staff have GenAI risk mitigation skills (68% versus 34% for low-ROI organizations) and maintain clear processes for embedding risk controls (44% versus 23%).

"Getting better at being able to manage AI risks allows you to deploy those solutions quicker and with a lot more confidence," said Kristof Horompoly, VP of AI Risk Management at ValidMind.

Parker & Lawrence evaluated 620 GenAI applications across risk and compliance workflows, identifying 47 transformative use cases primarily involving advanced reasoning capabilities. Data generation and structuring showed greatest breadth of applications, while constraint-based evaluation and hypothesis generation delivered most transformative impacts.

The report examined seven technology vendors demonstrating effective GenAI integration in areas including fraud detection, transaction monitoring, compliance assurance, regulatory obligations mapping, identity management, operational resilience and trade surveillance.

Industry experts interviewed emphasized that effective governance must move beyond principles to embedded practice. "AI governance cannot be fulfilled by simply publishing a white paper. It must be embedded across controls, practices, and processes," said Anna Nicolis, risk management consultant at Shapes First.

The research identifies three critical priorities: applying GenAI to decision-critical problems rather than incremental efficiencies, adopting holistic approaches addressing multiple concurrent risks, and treating risk management as strategic infrastructure rather than bottleneck.

Organizations at the "risk optimization" stage - representing approximately 22% of firms - actively scale AI across core functions while building frameworks enabling higher-value use cases through formalized governance and standardized validation protocols.

The full report is available here.