Modern approaches to compliance requires that these functions pay much more attention to their contribution to the business. They are essential, but funding is not unlimited.
The tide is turning on the recent unrelenting increases in funding for ‘compliance’ functions. It’s no longer enough for compliance teams to justify their existence by simply being a mitigator of regulatory risk, although of course that’s essential.
Compliance functions need to be measuring and reporting to the board a measure of that mitigation and more than that, how and by how much they are returning on the investment made.
So, Think about that for a moment...
...compliance functions need to get much better at demonstrating to its board how it’s supporting strategic initiatives by developing frameworks where it can measure the effectiveness of its mitigation programmes so a business can accept more inherent risk but keeps its residual risk at a similar level.
The pressure on businesses in an increasingly regulated sector will not allow for continued increases in funding for compliance functions, at least, not without a much clearer view of the return on investment.