menu
menu
In this episode, Kira Ciccarelli, Senior Research and Programs Manager at the Diligent Institute, shares fresh data on rising regulatory risk and what it means for nonprofit and public-sector boards. She explains where GCs and governance professionals expect to see greater compliance focus in 2026, from policy updates and targeted training to internal audits and monitoring.
We discuss how boards can put the right guardrails around AI in compliance, foster a proactive culture of oversight, and use tools like skills matrices and succession planning to close gaps at both board and C‑suite level. Kira also highlights the role of scenario planning and tabletop exercises in building resilience and protecting stakeholder trust.
Tune in for research-backed, practical advice to help your board prepare for 2026 and beyond.
If you enjoyed this episode, please rate and review the podcast to help others discover it too.
Kira Ciccarelli is Senior Research and Programs Manager at the Diligent Institute, where she leads research into how boards and governance professionals are navigating today’s rapidly evolving risk landscape. In this episode, we explore what nonprofit boards can learn from emerging trends in the corporate world — and how they can apply those insights to strengthen compliance, oversight and stakeholder trust. We discuss why regulatory risk is climbing so sharply and which areas are set to demand even more attention in 2026, from policy and procedure updates to targeted ethics and compliance training and more robust internal monitoring. Kira shares fresh data from the Diligent Institute’s GC Risk Index and explains what it signals for charities, foundations and other mission-driven organizations that are already stretched thin. We also talk through practical steps boards can take to put the right governance around AI, even as they experiment with new technology. We also dig into the fundamentals of future‑ready governance for nonprofits: building and maintaining a clear board skills matrix, planning succession at both board and C‑suite level, leveraging board management platforms like BoardEffect as a single source of truth, and using scenario planning and tabletop exercises to prepare for regulatory shocks before they hit. Throughout, Kira offers concrete advice on fostering a culture of proactive compliance and communicating clearly with donors, regulators and the public to protect and grow stakeholder trust. Stay tuned to the end as Kira shares her best advice for board chairs and governance professionals on future‑proofing their organizations against regulatory uncertainty and staying one step ahead of emerging risks.
Navigate 2026 nonprofit regulations with confidence, download our Regulations outlook guide.
Fundraising regulations: What volunteer boards need to know
Regulations on training trustees: What volunteer boards need to know
Cyber regulations and data protection: What volunteer boards need to know
Jill Holtz: Welcome to the Leading with purpose podcast where we share practical advice for purpose driven work and board leadership and mission focused organizations. I'm your host Jill Holtz from Diligent and in this four part series I talk to different leaders to explore regulations and compliance for nonprofit boards, what's coming in 2026, why oversight matters and how to prepare. We'll cover critical areas of regulation but also how charity and nonprofit boards need to think about managing their oversight and compliance and policy. I hope you enjoy the series.
Today my guest is Kira Ciccarelli who is Senior Research and Programmes Manager at the Diligent Institute who brings rigorous data backed insights from ongoing risk and governance research. Kira shares new findings from the Institute's General Council Risk Index where legal leaders rated the current risk climate at 7.9 out of 10, up markedly since earlier in the year and who also identified changes in the regulatory environment as their top area of concern. Looking ahead to 2026 she highlights expected increases in policy and procedure reviews, more use of AI in regulatory monitoring and the importance of clear guardrails in governance. Listen now as we talk about how to build proactive compliance habits, invest in ongoing director education and strengthen succession planning at the executive level. And do stick around to the end for Kira's top tip for how boards can use some tools to pressure test for regulations and compliance.
Jill Holtz: Welcome Kira.
Kira Ciccarelli: Thank you for having me.
Jill Holtz: So Kira, we have been looking at all the regulations and legislation that nonprofit boards, charities, foundations etc have to comply with. And we have a new guide coming out on this for nonprofit organizations so I wanted to invite you to come talk to me a bit about this topic and get your perspective based on your research. Now I know that most of your research takes place in the corporate space but I feel that's still useful to nonprofit organizations, they like to see what's going on in companies. So to kick us off, can I ask you as you see from the research the Institute does, how are directors and governance professionals thinking about the current risk environment and in their eyes what are the biggest risks?
Kira Ciccarelli: So it's really interesting, we field a quarterly survey of GCs and other legal professionals called our GC Risk Index. We do that in partnership with corporate board member and we have some somewhat alarming data that came out of the Q3 reporting. GCs and legal professionals rated the current risk level faced by US businesses at a 7.9 out of 10. With 1 being a pretty low risk environment and 10 being the highest possible. We've only been fielding this survey specifically for three quarters but I will say it's risen from a 5.8 in Q1 up to a 7.9 in Q3. And it should be noted that when we did field the survey for the first time in Q1 this was right around the time that initial tariff news was kind of dropping in the news cycle.
So that wasn't necessarily a super low risk time either. So definitely seeing that on the rise and we always ask as a follow up for our respondents to tell us what risks are driving this rating and what risks are top of mind for you. So in Q3 changes in the regulatory environment was the number one choice chosen by 56% of our respondents.
In Q2 it was the number one choice as well chosen by two thirds of our respondents. So regulatory environment is definitely top of mind for governance professionals according to our research.
Jill Holtz: That's really interesting. I think when you think about the nonprofit space I'm sure that is top of mind as well. Just the amount of changes come down the tracks and even the divergence between different countries or even within the states, different states approach to things as well. So it's a very uncertain time and I suppose can feel quite overwhelming for boards. But let's talk about what's ahead for 2026. What do governance professionals think should be the areas of focus next year that are things that they're going to pay attention to?
Kira Ciccarelli: Right. So in this Q3 GC risk index that I just mentioned, we took a bit of a compliance focus with some of our bonus questions this time around. And we asked from a list of a couple of different areas of compliance related topics, whether or not our respondents think there will be more focus on those in 2026 compared to 2025.
And the highlight of that question was they think there's going to be a higher focus on pretty much everything. So which is great and super helpful. Right.
So 73 percent expect focus on policy slash procedure reviews and updates to go up next year. The same percentage said the same thing for targeted ethics and compliance training. They think that's going to be a higher priority as well.
Meanwhile, 82 percent think that internal audits and compliance monitoring is going to be a higher priority for their organization next year. So definitely a lot to keep track of, I think, for 2026.
Jill Holtz: So just to recap, really hearing, focusing on policy around if a regulation or mandate is coming, what is our policy then internally? How are we dealing with that? And looking at how those kind of things are done procedurally in the business or in the organization.
And it's really interesting. You mentioned about the targeted ethics and compliance training. So they thought that that's actually a higher priority and that the monitoring of your compliance is really going to be important and how you do your internal audits on that.
And that's certainly the same for the nonprofit space, I think. So that's really interesting to hear. Hot topic of the moment as in our company, in our organization, I'm sure in many is, you know, AI and AI adoption and governance, etc.
So how do you see AI changing the compliance and regulatory landscape? What are you hearing people say?
Kira Ciccarelli: Yeah, exactly. Would be remiss if we didn't talk about it. So in that same question, we also found that 54 percent of our respondents expect to use AI more frequently for regulatory monitoring and tracking in 2026.
So I think that's interesting to keep an eye on. But then the flip side of that and something that is potentially a little bit alarming is that only 29 percent said they have comprehensive AI policies in place for compliance activities. And only 10 percent are very confident in the policies that they do have in place.
So I think my advice there would be AI can be a great tool to incorporate to help you keep up with the sheer amount of information when it comes to the compliance landscape, but really have to ensure that there's proper governance policies in place to make sure that the tools are being used appropriately.
Jill Holtz: Oh, that's so interesting. So while people are using it, there's a gap on the actual kind of governance of the AI use in the corporate sector. And I would imagine that's kind of mirrored in nonprofit as well.
Everybody is using AI. It's just that they haven't really put into place, I guess, the guardrails and the guidelines for what is acceptable use when, you know, I think the thing for me always is you have to have a human checking. So, yes, you can use AI to summarize, but you have to check that summary even, don't you, before you trust it.
How do you think that boards, particularly because we're talking in the nonprofit sector here, can foster a culture of proactive compliance and ethical leadership rather than just reacting to new mandates, especially as so many new mandates come down the tracks? What's your perspective on that, Kira?
Kira Ciccarelli: I think my advice would probably be to, A, get a reporting and update structure in place. So just one place, if possible, to keep track of the necessary information in a pretty streamlined format where everybody knows where they can find the right information, how frequently they need to be updating it, what needs to be included, and just have a robust process there. So I think as a board member, you can ask that of the relevant teams at your organization.
I think this is going to look a little bit differently for everybody, depending on industry, size, what personnel you have in place, etc. Follow up on it and then be able to ask the right questions about what you're seeing.
Jill Holtz: Yeah, and I think that comes across in all sorts of areas of governance, is that the board needs to be asking the right questions, don't they? They need to sort of educate themselves on the topic and then be able to ask the right questions and to kind of follow up that the due diligence is being done on those things. And it's interesting because obviously we sell board effect, that's board management software, and it helps nonprofit boards keep all that information in one place and it's up to date and everybody knows that's the single source of quote, if I can put that in air quotes there.
And I really like that, the fact that if you keep it in one consistent format, it's also easier for everybody as they go in to see what's coming down the tracks and what we need to do about it. And then what steps should nonprofit boards take to ensure that they have the right skills, knowledge and oversight to kind of navigate this huge kind of changing environment when it comes to regulation?
Kira Ciccarelli: So this is sort of a three-piece puzzle to me. Two of them are a little bit more related and aimed at the board level and one is looking at the next layer down at your C-suite. So I think to start off, if you're looking at the skills you currently have on the board, it's probably a good idea to have a handle around what expertise you currently have in-house.
So having a good skills matrix in place and regularly updating that and revising it. I think it's just a good idea to first get a handle on where you're set on expertise and where you're maybe lacking, especially as business plans and your organizational goals might change. So I think the board succession piece is an important part of that too.
I think then once you have identified those gaps, it's a question of can we upskill the directors that we currently have on the board? So the education piece is super important and I know Diligent has a wide variety of director level training and education programs that are sort of customizable based on what you need most and what time you have to devote to upskilling and training. So I would definitely recommend board education as the second piece there.
And then I think another issue that's been top of mind for me for most of this year because I know it's top of mind for our director audience on the corporate side is succession planning at the C-suite level. So we saw this come up a ton in our What Directors Think survey that we do with corporate board member and this year with FDI Consulting. Succession planning was high on the list of items the board wanted to talk about in their next meeting.
It was coming up pretty high as a challenge for the board's oversight. It was showing up in a lot of different places. And I think that piece for the board, especially on the nonprofit side, is important when it comes to making sure you have the right skills and knowledge in place because your CEO especially is going to be a huge part of that strategy for your organization
So it's not something you want to be thinking about at the last minute. And it's not something that should be a taboo subject, I think, for any organization. You just need to make sure that you've got a plan in place in the event of a times departure or in the event of an emergency or last-minute unexpected departure.
Jill Holtz: And one point I can add, I suppose, as well, is when you mentioned the compiling the skills matrix is to also look to your committees because you may have good technical or kind of if you're talking about cyber or AI or financial, obviously, you may have some people on your committees, even if they're not on the main board, that you could tap to either come into that succession or even to help with that education. And I love the mention that you gave there of what we have available on the Diligent One platform because it is all digital learning, which really suits volunteer board members of nonprofits as well. They can do that at times that suit them as well.
And so just moving on to kind of a key area, I suppose, for nonprofits, probably just as much as corporates, but it is the idea of stakeholder trust. So, you know, you've got a lot more scrutiny from regulators, but like your donors matter when it comes to nonprofits that rely on fundraising and the public. How can boards maintain stakeholder trust while they're adapting to kind of all these new compliance and regulation demands?
Kira Ciccarelli: So the first thing that comes to mind for me is a few years ago on our Corporate Director podcast, we had the head of a crisis PR sort of reputational risk firm on the show. And one of the lessons that he was talking about that has really stuck with me and that I think applies to corporates and nonprofits alike is the idea of establishing a track record and sticking to it. So I think it really all goes back to what are your organization's goals?
How are you tracking that? What compliance and regulatory rules are you subject to and how does that kind of line up with your goals and mission as an organization? And just make sure that you are sticking to that all the time.
I think it's a great way to build trust, a great way to establish sort of an image in the public eye and among other your other stakeholders. And I think it kind of holds true across organizations.
Jill Holtz: So, you know, a very simple thing is making sure you're communicating that really well in your annual report, which is always, you know, most nonprofits will have that available on their website, for example. So as you build that out, making sure you're really communicating how you're dealing with compliance, how you're monitoring that, what the board is doing, etc. I think that helps to give that confidence and trust as well.
And as we wrap up, Kira, what advice would you give to board chairs and governance professionals about future proofing their organizations against regulatory uncertainty?
Kira Ciccarelli: I think this is all scenario planning for me. So in our Q3 GC risk index report, we asked all of those questions about what areas do you think are going to be getting increased focus in 2026? Scenario planning was another one where 80% of our respondents think this will be a higher priority next year.
I think when it comes to scenario planning, it's really just your best bet when it comes to future proofing, not only against regulatory uncertainty, but against all types of uncertainty. Right. So I think getting more advanced with it, broadening the scope of the scenarios that you're looking at, making sure that you're always saying one or two steps ahead.
I think that will be incredibly helpful for organizations in 2026 and beyond.
Jill Holtz: Yeah, I love that. You know, doing tabletop exercises, any of the risks that are associated with regulations as well. So if you think about we've got to comply with fundraising regulations as a nonprofit, where are the risks if we don't comply with them?
What does that look like? Who's going to deal with that if we suddenly discovered we hadn't been compliant? So doing that, all that kind of scenario planning and kind of what we call tabletop exercises, I think is really useful.
So thank you so much for taking the time to talk to me today, Ciara. I know you're a really super busy woman and I look forward to talking to you in the future about future research as well. Thank you, Kira.
Kira Ciccarelli: Thank you so much for having me. Thanks for tuning into Leading with Purpose today. I really hope you found today's discussion useful, interesting and insightful.
Jill Holtz: This series supports our nonprofit 2026 regulations outlook, a concise guide to the mandates and trends shaping the year ahead with practical steps boards can act on now. To learn more and download the guide and other resources, go to www.boardeffect.com/leadingwithpurpose. That's www.boardeffect.com forward slash leading with purpose. And we'll put that in the show notes for more boardroom intelligence. Check out our sister diligent podcast, the Corporate Director podcast, the Voice of Modern Governance, where directors and experts regularly share practical insights on governance, strategy, risk and digital transformation. Finally, I wanted to ask you a big favour.
If you enjoyed this episode, then I'd really appreciate it if you'd please take a moment to rate and review our podcast. It helps other people find it. And please do share this episode with any colleagues who are planning 2026 agendas, regulation, compliance and training.
I look forward to bringing you more practical advice for purpose driven work next time.
