Nice to meet you.

Enter your email to receive our weekly G2 Tea newsletter with the hottest marketing news, trends, and expert opinions.
Industry Insights

Balancing Innovation With Risk Management: Insights from a GRC Expert

April 9, 2025

Tanushree Verma photo by Tanushree Verma  /  April 9, 2025

governance and marketing carole switzer

Welcome to the new frontier of marketing, where creativity meets risk management, and AI is both your greatest ally and potential Achilles' heel. This is a time when marketing teams aren’t just creating catchy slogans but also tackling the complex challenges of digital regulations, AI risks, and data privacy concerns. 

"Marketing is no longer just about creative messaging — it's about responsible performance," says Carole Switzer, co-founder of OCEG, a sentiment that encapsulates the profound shift happening in corporate governance.

In my recent conversation with her, she talks about the critical role of proactive integration between marketing, technology, and compliance. We also discuss the common mistakes that organizations are making and what the future of GRC in marketing looks like. 

This interview is part of G2’s Q&A series. For more content like this, subscribe to G2 Tea, a newsletter with SaaS-y news and entertainment.  

Inside the industry with Carole Switzer

As a co-founder of OCEG, could you share how your perspective on governance, risk, and compliance (GRC) has evolved when it comes to MarTech and operations?

Sure. So, in the beginning, GRC focused primarily on process development — creating standardized approaches to address various aspects of risk and compliance while ensuring the information gathered supported organizational governance.

But over time, it has moved from just thinking about processes to really understanding how GRC capabilities flow through the organization through different roles, teams, and technologies. This evolution has driven the development of a comprehensive technology infrastructure or ecosystem that standardizes and shares decision-relevant data throughout the organization.

"Today, organizations are at a pivotal point where they're not only addressing emerging risks like AI implementation but also exploring how AI can enhance GRC capabilities themselves." 

Carole Switzer
Co-founder of OCEG

And that's really where we are today. 

And these risks now manifest across various organizational functions, including marketing — an area that has historically operated somewhat independently from GRC concerns.

Thus, the growing recognition that marketing activities must be integrated under the GRC umbrella, particularly given the concerns around data privacy. This integration represents an important shift toward ensuring that all business aspects, including marketing, operate under principles of responsible performance.

Data privacy regulations continue to evolve globally. How should marketing teams approach data governance within their tech stacks?

I believe approval and oversight are essential for any AI use in marketing. An individual in marketing might want to craft some new messaging and just pull up ChatGPT, go back and forth, and help craft something. But it gets more complicated than that in the MarTech context because you're managing a lot of relationships and contacts. 

And so, it's very important that any use of AI within the marketing team be approved to properly protect both external data (from targets and customers) and internal organizational information.

"Part of the problem that we see right now is that people are using AI without their organization really having a framework approach to how they do so." 

Carole Switzer
Co-founder of OCEG

At OCEG, we've developed several resources addressing these challenges. Our "Essential Guide to AI Governance" provides foundational guidance, complemented by a series of more in-depth discussions exploring protective AI implementation structures.

We also recognize the importance of technical expertise for teams building AI capabilities. To address this need, we've developed an Integrated AI Professional certification program, currently being pilot-tested and scheduled for release in the coming weeks.

Ultimately, having designated team members responsible for overseeing AI-related decision-making and implementation processes is critical for effective governance.

Sign up for G2 Tea.

Marketing news brewed fresh every week just for you. Subscribe here

In your experience, what common mistakes do organizations make when incorporating GRC principles into their MarTech decisions, and how can marketing and compliance teams collaborate to avoid these pitfalls?

In marketing teams, common mistakes often stem from failing to inform risk management or compliance teams about emerging issues. This may happen because marketing professionals don't recognize when something might trigger compliance or risk concerns.

Take the health industry sector as an example. There are a lot of compliance rules about what you can and cannot say about medical devices, pharmaceuticals, and treatment efficacy. These regulations evolve over time and vary significantly across different markets.

We see an organization that's used to working in a certain market and they understand the rules. But now they're being asked to do something in a new market and no one has informed them that there are different rules or different requirements. So this is where they have to work really closely with the compliance team. 

This highlights the critical importance of proactive collaboration between marketing and compliance teams. If marketing professionals aren't receiving guidance about new markets, they should take the initiative to ask, "Is there anything I need to know? Are there different regulations in this market regarding privacy management or messaging constraints?"

I saw a post you reposted on LinkedIn about what transparency really means in AI governance. With AI playing a growing role in marketing, how can teams ensure transparency in their AI-driven strategies while staying compliant?

Transparency is one of the underlying principles of AI. And typically, what that means is not necessarily the transparency of saying, “Hey, everybody, we're using AI.” Or, “This blog was written by AI.” But really, it's about understanding the underlying data and information that the AI is using to do its work. 

I think maybe it's less of an issue when you're talking about using AI as an editor, for example. But if you're using it to analyze a body of data, say a survey or existing data of the organization — transparency becomes crucial.

In these analytical contexts, it's essential that someone verifies that the AI isn't perpetuating biases inherited from the organization's past actions or from patterns in the underlying data. Additionally, there must be absolute clarity regarding the scope of what the AI system is considering in its analysis and review process.

With AI and automation becoming central to marketing operations, what new GRC challenges and opportunities are emerging?

In a marketing context, there's absolutely an opportunity to utilize AI to get things done more quickly. 

In my own organization, for example, we are currently running a GRC maturity survey. And when we're done with that, we will have responses to about 50 questions from probably 500 people. We can then go ahead and prepare a report by downloading all of that data into an Excel spreadsheet and manipulating it or viewing it through different lenses. It's also really helpful to provide that spreadsheet to an AI assistant and ask, “What insights do you find in here?”

And AI can provide those insights immediately and accurately because we're asking it to analyze a specific set of information and data. I can ask AI to help draft initial reports and even create blog posts with specific calls-to-action, greatly accelerating our content creation while maintaining strategic goals.

On the other side, organizations with rich customer data can leverage AI to determine which messages resonate with target segments, identifying effective approaches and comparing results across similar product bases. The real value comes from both the insights generated and the messaging assistance.

The main challenge, I feel, is that AI still hallucinates frequently. Even when you carefully prompt it by defining its role (like "You are an experienced marketing director"), it may provide convincing but fabricated information. When asked for citations or sources, it often fails to deliver verifiable references. Despite feeling like you're working with a human colleague, verification remains essential. AI seems more reliable when analyzing specific data you provide than when conducting open-ended research.

"Regarding marketing departments and GRC understanding, there's often a knowledge gap about risks and compliance requirements relevant to marketing activities." 

Carole Switzer
Co-founder of OCEG

People typically associate compliance with manufacturing or sales, overlooking important marketing-specific regulations.. What makes GRC unique is its focus on managing uncertainty — identifying both potential problems and opportunities that marketing teams might spot before anyone else does.

Looking ahead, what specific strategies would you recommend for marketing teams to proactively address emerging GRC requirements rather than constantly reacting to regulatory changes?

In the context of the GRC framework, we focus on maintaining oversight of three critical areas:

First, what's happening in the external environment that might impact your strategy or outcomes? Are new regulations being proposed? Are there significant geopolitical events, climate developments, or disasters occurring? Are new competitors entering your market, or are alternative products emerging? 

This external awareness is crucial. While the marketing department typically isn't responsible for this monitoring — other GRC capabilities handle it. The problem is you're often informed only when the company has already decided to make a change. Having this information earlier allows you to craft better messaging, plan reactions, and contribute meaningfully to strategic planning.

Second, stay informed about internal developments. Is the organization restructuring? Expanding into new markets or geographies? Planning for products that won't launch for several years? Understanding these internal dynamics is equally important for effective marketing alignment.

And then the third is considering broader stakeholder interests — not just shareholders or immediate internal clients. But society at large. This includes the communities where you operate, your current customer base, and potential customers. For instance, concerns about climate change have significantly impacted marketing approaches. What position does your organization take on important social issues that matter to your potential customers? These considerations are increasingly relevant.

All of this information should be proactively integrated into your marketing planning process.

If you enjoyed this insightful conversation, subscribe to G2 Tea for the latest tech and marketing thought leadership.

Follow Carole Switzer on LinkedIn to learn more about the GRC implementation and upcoming opportunities. 

Edited by Supanna Das
Tanushree Verma
Tanushree Verma

Tanushree is an Editorial Content Specialist at G2, bringing over 3 years of experience in content writing and marketing to the team. Outside of work, she finds joy in reading fiction and indulging in a good rom-com or horror movie (only with friends). She is an enthusiastic dancer, a lover of cat reels, and likes to paint. A dedicated Swiftie, Tanushree also has a deep love for Hindi music.

Recommended Articles

Want more articles like this?

Subscribe to G2 Tea and get the latest marketing news and trends delivered straight to your inbox.

Get this exclusive AI content editing guide.

By downloading this guide, you are also subscribing to the weekly G2 Tea newsletter to receive marketing news and trends. You can learn more about G2's privacy policy here.