Skip to Main Content


Don’t Do the Crime if You Can’t Pay the Fine


Risks from non-compliance with legislative requirements can be costly: fines, lawsuits, damaged reputation – even prison. Even worse, doing the wrong thing is just as bad as doing nothing. To avoid these issues, it’s important to understand what it means to be compliant and ensure that the company has the processes in place to verify and maintain that compliance.

There are essentially three lines of defense against non-compliance. First, high-level management needs to set direction and provide guidance. This is done by promoting a strong culture of risk compliance, by setting up strategies for compliance, and by providing clear statements on risk appetite. Secondly, a company needs people who can implement the strategies and tie the risks to the processes. They must also ensure that the risks have controls associated with them. Lastly, a company needs to hold internal audits on the appropriate recurring schedules and have automated workflows in place to raise alerts. At all levels it is important to be able to view reports of the current state of overall risk, as well as any gaps that may exist.

While companies are much more likely to be faced with a regulatory challenge than a full compliance audit (a specific challenge is much cheaper to perform than generalized audits), they can still yield high fines. A challenge typically starts with a request for information from the auditor. Failure to provide the information usually triggers a much larger, punitive audit. By having all of a company’s data in a centralized repository, the company will be unlikely to fail an audit for this reason. To this end, scheduled internal audits are a necessary part of a solid compliance plan. These internal audits will quickly locate any gaps, which can then be filled with the necessary missing data.

Compliance might sound like a lot of work for no real gain other than the avoidance of punitive damages, but this is far from the case. There are many benefits to being compliant: it shows commitment to doing business the right way and in an ethical manner, it tends to improve operational processes and their maturity levels, it helps achieve transparency, and it establishes better information governance (via the storing of data and good record keeping). All of these things contribute to a better bottom line for the business. In the end, it’s always cheaper to just be compliant.

More on Risk Management

Related Posts

Business Modeling During & After Major Disruptions

  • clock 26. February 2021
  • author-icon Ed Maddock

When it comes to business modeling during and after major disruptions, you can safely assume new regulations are going to come into play. We can...

Read More

Can Technology Help with Risk Management?

  • clock 24. February 2021
  • author-icon Ed Maddock

Can technology such as process mining help with Risk Management? The answer is both Yes and No. Process Mining Process Mining is a fantastic tool...

Read More

The Key Components of a Business Model

  • clock 17. February 2021
  • author-icon Ed Maddock

The first and most obvious component is creating the process landscape itself. To do so, we must understand if these processes: Are end-to-end flows like...

Read More

Leave a Reply

Your email address will not be published.