35 ChatGPT Prompts for Compliance Officers: Save Hours Every Week

#ai #chatgpt #productivity #compliance

Compliance officers are responsible for protecting organizations from regulatory risk, ethical lapses, and reputational harm, often with limited staff and endless documentation requirements. AI tools can help you draft policies, prepare training materials, and structure complex analyses faster than ever. These 35 prompts are designed for the day-to-day realities of a compliance professional.

1. Policy & Procedure Drafting

Draft a corporate code of conduct policy section on conflicts of interest. Cover the definition of a conflict, examples (financial interests, outside employment, personal relationships with vendors), disclosure requirements, and the process for obtaining a waiver. Write for a mid-size financial services company.

Write a data privacy policy for employee data under GDPR for a European subsidiary of a US-based company. Cover lawful basis for processing, employee rights (access, erasure, portability), data retention schedules, and the process for handling employee data requests.

Create a gifts and entertainment policy for a healthcare company subject to the Anti-Kickback Statute. Include permitted and prohibited gifts, monetary thresholds, documentation requirements, approval process, and disciplinary consequences for violations.

Draft a whistleblower protection policy for a publicly traded company. Include protected activities, reporting channels (hotline, direct to compliance, anonymous), investigation process, anti-retaliation protections, and disciplinary actions for retaliation.

Write a third-party due diligence policy for an international company with operations in high-risk jurisdictions under the FCPA and UK Bribery Act. Include risk tiering criteria, required due diligence steps per tier, approval workflows, and ongoing monitoring requirements.

2. Risk Assessment & Gap Analysis

Create a compliance risk assessment template for an annual enterprise compliance review. Include columns for: risk area, applicable regulation, inherent risk rating (High/Medium/Low), current controls, residual risk rating, control gap identified, and remediation owner. Format as a table.

Write a framework for conducting a gap analysis comparing our current AML (Anti-Money Laundering) program against FinCEN's five pillars of BSA compliance. For each pillar, describe what a strong program looks like and list the questions I should ask to identify gaps.

Draft a regulatory change management process document. Include steps for: monitoring regulatory updates, impact assessment, policy revision, stakeholder notification, training updates, and documentation of the change review.

Create a compliance program maturity model with five levels (Initial, Developing, Defined, Managed, Optimized) for key program elements: policies, training, monitoring, investigations, and reporting. Include a self-assessment checklist for each level.

Write a scope document for a compliance risk assessment of a company's third-party vendor program. Include the objectives, methodology (document review, interviews, sampling), population of vendors to assess, key risks to evaluate, and deliverables.

3. Training & Awareness

Create a 20-question multiple-choice quiz on insider trading prohibitions for employees at a publicly traded company. Include questions on material non-public information, blackout periods, pre-clearance requirements, and the consequences of violations. Provide an answer key.

Write a scenario-based training module on recognizing and reporting bribery and corruption. Include three realistic workplace scenarios (vendor relationship, government official interaction, facilitation payment request), discussion questions for each, and the correct compliance response.

Draft a 500-word training article on social media compliance for financial services employees. Cover prohibited content, pre-approval requirements, personal vs. professional account rules, record retention, and consequences of non-compliance.

Create an onboarding compliance checklist for new employees at a company in a heavily regulated industry (choose healthcare or financial services). Include required training modules, policy acknowledgments, system access certifications, and completion deadlines.

Write a manager's guide to compliance responsibilities. Cover what managers are accountable for (team training completion, escalating concerns, leading by example), how to handle a report of potential misconduct from a team member, and how to avoid creating a culture of retaliation.

4. Investigations & Incident Response

Create an investigation intake form template for compliance hotline reports. Include fields for: date received, reporting channel, reporter anonymity status, allegation summary, business unit involved, initial risk rating, assigned investigator, and timeline for preliminary review.

Draft an investigation plan template for a workplace misconduct allegation. Include: allegation summary, applicable policies and regulations, key documents to collect, witnesses to interview (in order), interview topics for each witness, and potential disciplinary or remediation outcomes.

Write a witness interview guide for investigating a potential expense report fraud allegation. Include an introduction script, open-ended questions to establish the employee's role, specific questions about the expenses in question, and closing questions about awareness of the policy.

Create an investigation close-out report template. Include sections for: executive summary, allegations investigated, methodology, key findings of fact, policy violations identified, root cause analysis, recommended disciplinary action, and remediation steps to prevent recurrence.

Draft a data breach incident response checklist for a compliance and legal team. Cover first 24 hours (containment, legal notification), 72-hour GDPR notification window, internal stakeholder communication, regulatory reporting obligations, and post-incident review.

5. Regulatory Reporting & Correspondence

Write a template response letter to a regulatory examination information request (IDR). Include an acknowledgment of receipt, confirmation of the responding team, a request for clarification on scope if needed, a proposed timeline for production, and a professional closing.

Draft a Board of Directors compliance committee report template. Include sections for: program highlights since last report, key regulatory developments, metrics (training completion, hotline reports, investigations opened/closed), significant matters, and upcoming priorities.

Create a regulatory change tracker for financial services. Include columns for: regulation/rule name, issuing agency, effective date, summary of change, business impact (High/Medium/Low), owner, required actions, and completion status. Format as a table.

Write a voluntary self-disclosure letter template to a regulatory agency for a compliance violation that was identified internally and remediated. Cover: description of the issue, when it was discovered, root cause, steps taken to remediate, and controls added to prevent recurrence.

Draft a compliance attestation memo for business unit leaders to sign annually. The memo should confirm their unit's compliance with the code of conduct, completion of required training, disclosure of any known violations, and no current or pending conflicts of interest.

6. Monitoring & Testing

Create a compliance monitoring plan for an annual testing cycle. Include a sample of control areas to test (expense reports, vendor payments, trading activity, HIPAA access logs), testing methodology for each, sample size guidance, and how to document and escalate findings.

Write a data analytics testing plan for detecting potential FCPA red flags in accounts payable transactions. Include the data fields to pull, the queries or filters to apply (round-dollar payments, payments to government-adjacent vendors, unusual geographies), and how to investigate flagged items.

Draft a compliance testing workpaper template for documenting a single control test. Include: control description, test objective, population, sample selection method, testing steps performed, exceptions found, root cause of exceptions, and overall control rating.

Create a key compliance metrics dashboard template for monthly management reporting. Include metrics for: hotline report volume and type, training completion rates by department, open investigation aging, third-party due diligence pipeline, and policy update status.

Write a continuous monitoring program description for anti-money laundering transaction monitoring. Cover: data sources, rule/scenario categories, alert generation process, alert review and disposition, escalation to SAR filing, and program governance.

7. Stakeholder Communication & Culture

Write a compliance newsletter article (300 words) for employees on the importance of speaking up when they see something wrong. Cover psychological safety, available reporting channels, what happens after a report is made, and a real-world (anonymized) example of how a report led to a positive outcome.

Draft talking points for a compliance officer presenting to a skeptical C-suite on the business case for investing in the compliance program. Cover regulatory fine avoidance, reputational protection, employee trust, and competitive advantage. Include three data points or statistics to look up and verify.

Create a compliance culture survey (15 questions) for employees. Cover: awareness of reporting channels, comfort level speaking up, perception of leadership ethics, understanding of key policies, and whether compliance is seen as a business enabler or barrier.

Write a "tone at the top" message from the CEO to all employees reinforcing the company's commitment to ethical conduct, describing the compliance program, and encouraging use of the reporting hotline. Keep it under 300 words.

Draft a communication plan for rolling out a major policy update across a 5,000-person organization. Include channels (email, intranet, town hall, manager cascade), timeline, key messages per audience segment, acknowledgment collection process, and a FAQ document.