Organisations are under enormous pressure to adopt AI. Yet MIT research shows that 95% of enterprise GenAI pilots, defined as custom or vendor-sold tools deployed for specific business workflows, never reach production with measurable business impact. For compliance teams, the 5% that do succeed present a real opportunity to turn due diligence from a cost centre into a competitive advantage.

In our recent webinar, Nicola Mollat from EY, and Jess Denny and Natalia Rivas from Xapien discuss how to navigate this moment, and what separates the success stories from the rest.

Foundations come first

Nicola opened by describing some of the problems her clients are facing in due diligence today. Third-party ecosystems are increasingly complex, regulation is shifting, and cost pressures within businesses are mounting. At the same time, boards are demanding the adoption of AI, often before the groundwork is in place.

“Clients bow to that pressure without getting their foundations right first. They deploy AI, which doesn’t really deliver what they think it will.” — Nicola, EY

Before thinking about vendors, Nicola urges teams to ask some fundamental questions: Who is in scope for your programme? Which third parties need deep due diligence versus a lighter-touch approach? What risks are you actually trying to manage? AI expands the capacity of lean due diligence teams, but she stressed that the underlying logic and process must be sound.

AI isn’t a magic button

Jess shared that the risk she sees most often is what she calls “rushing to failure.” Companies sometimes adopt AI as a bolt-on to an existing process rather than rethinking the process itself.

She also drew an important distinction between the different types of AI at play in a due diligence workflow: general-purpose LLMs (like ChatGPT) are good at summarising large volumes of information, but that covers only a small part of the full risk management cycle. Entity resolution, name disambiguation, and data aggregation each require purpose-built models. The right model differs depending on whether you’re working with company names or individual people.

Crucially, both Jess and Nicola agreed that AI today still cannot make the final decision. Regulators are clear: you cannot outsource your accountability to AI. Automated platforms can surface the right information faster, allowing compliance teams to make better decisions across a larger proportion of their third-party population.

95%

of generative AI pilots in large global corporations have failed, per MIT research

67%

of the successful 5% were delivered in partnership with a specialist vendor or partner

Jess referenced the above major MIT research study from July 2025. The research found that one of the primary reasons for AI pilot failure is integration. Teams that treated AI as a standalone tool, rather than something woven into their workflow, struggled to get lasting traction.

Partner, not vendor

This brought the conversation to the most important point: there is a major difference between buying a tool and working with a partner. The MIT research shows that 67% of successful pilots were delivered in partnership with a specialist vendor, not through off-the-shelf tools deployed alone.

Nicola explained that many AI tools in the compliance space look similar on the surface. However, there are key differences. A genuine partner will take the time to understand your objectives, explain the technology’s limitations honestly, and tell you where human judgment is still essential.

“I’m still quite sceptical of anyone who tells me it’s 100% automated, no human input required,” Nicola said. “I haven’t seen anything that’s satisfied my scepticism there yet.”

Jess added a related point: a good partner won’t just build what you ask for. They’ll take the time to understand and diagnose the real problem. Organisations often request “faster reports” when what they actually need is a fundamentally reimagined process.

What to look for when evaluating a partner

  • Do they take time to understand your specific context and risk framework, rather than forcing their product into your process?
  • Can they explain clearly how the technology works and, importantly, where it falls short?
  • Can you test it against real use cases by running names, comparing outputs, standing up a proof of concept?
  • Do they have a track record of delivering similar outcomes for other organisations, even if not identical to your situation?
  • Will they move and evolve with you, so you’re not stuck with a solution that’s obsolete in year two of a three-year contract?

Key takeaways for compliance leaders

In closing, both speakers offered practical starting points for teams at the beginning of their AI journey.

From Nicola, look at your foundations first. Is your current process delivering the right segmentation and outcomes? If not, that’s where you start, before any vendor conversation. And when you do engage vendors, treat it as a learning exercise. Talk to peers, meet partners, and go in with an open mind.

From Jess, teams should focus on three things:

  • Accuracy: is the tool actually reliable in a regulated context?
  • Explainability: can you articulate to regulators and your board exactly what the AI is doing?
  • Consistency: can you make repeatable decisions from its outputs, and will it still serve you in five years as the technology evolves?

“Working with a product company isn’t just about getting a tool delivered, it’s about reimagining how you do things.” — Jess Denny

Continue the conversation

This webinar is part of The Definitive Guide to Future-Ready Third Party Due Diligence. You can read Part 1, A Buyer’s Guide to AI in Due Diligence, here. Keep an eye out for Part 2, which will feature contributions from Nicola. This component will be released later this year, and will go into detail on choosing an AI partner and how to integrate the system into your current process.

You can also watch the full webinar with Nicola here.