Modern Compliance Management in Times of Constant Change

What Compliance and Risk Management Means for Companies Today

Compliance is evolving. The topic is no longer confined to the financial and insurance industry, it has become the cornerstone of organizations across all industries. Compliance and risk management covers a wide range of business areas, whether it’s data protection issues in the HR department, tax and corruption guidelines in sales and finance, or website compliance in online marketing – today, a variety of regulations, directives, and laws shape a company’s everyday operations both inside and outside.

Because compliance violations can quickly lead to penalties, reputational damage, or even public scandals, there is a lot at stake. Today, organizations from all sectors are confronted with questions such as:

  • How do I reduce and control the various risks in my company?
  • How can I integrate all regulatory standards into my operational processes and easily adapt to change?
  • Why is it important to convert my compliance guidelines from the collection of handwritten notes and computer-based tables into an IT-based company-wide compliance management system?

These questions show the importance of modern compliance and risk management for companies in all sectors. Only organizations that integrate regulations into their daily business processes and identify risks can react flexibly to changing regulatory requirements. This is one factor that will determine a company’s success.

This white paper focuses on the complex concept of compliance. It answers the question of what a modern compliance management in times of digital change really means. Modern compliance management means in the tension between digitalization, innovation and regulation. It is changing in the same way as the different markets it affects. Thus, compliance creates numerous challenges for companies.

1. How compliance has shifted from the banking environment to the heart of organizations

1.1 A brief conceptual history

There are numerous definitions for compliance that are as diverse as their fields of application. But in general, compliance means conforming to a rule or law. Regulatory compliance is when organizations take actions in order to comply to a law, regulation, and/or policy.

Originally, compliance was founded in the American financial sector. The main focus was on the legal regulation of securities trading: compliance served as a trust-building measure between the capital markets and their market participants. It was considered the best way to prevent insider trading by securities trading service providers. Since complying with this regulation exists for all publicly listed companies, compliance has gradually become more and more central to many organizations’ daily operations.

1.2 Compliance today – a broad field

Compliance has shifted from being confined to the banking environment to being at the heart of organizations from all sectors. Today, the term covers all measures designed to prevent business risks. Compliance, therefore, includes all processes and systems that enable an organization to act in accordance with applicable laws, regulations, and standards, while protecting the business model and reputation of the organization. In this sense, compliance management, according to Deloitte, includes encompasses both operational compliance and legal/regulatory compliance risks.1

All of these compliance activities have been embedded in the various departments of organizations and include regulations to address fraud, corruption, contract law, product liability, data protection, and IT compliance, among other concerns. Often a company’s compliance strategy will include risk management and internal corporate culture guidelines.

Today, compliance managers are faced with the task of establishing, documenting, observing, and communicating all these measures, processes, and steps across departments in their organization. Thus, modern compliance management aims to:

  • reduce business risks
  • promote due diligence in management
  • avoid penalties due to violations
  • prevent reputational damage
  • prevent fraud and economic crime
  • create more transparent business processes
  • enhance productivity and competitiveness

A brief look at the conceptual history shows the complexity of compliance. Especially in times of increasing sanctions, it is important to establish compliance-focused behavior at all levels of an organization. This poses numerous challenges for managers and leadership across organizations.

2.1 Permanent change as a constant

The spectrum of the various laws and rules that characterize compliance in an organization is constantly changing in our globalized and digitized world. In 2016, the media group Thomson Reuters found that more than 50,000 regulatory changes existed worldwide. In the United States alone, companies need to adhere to a wide range of regulations, including antitrust and competition laws, environmental regulations, healthcare laws, employment and labor laws, security laws, political activities and contribution laws, and regulations regarding trade secrets and confidential information.

This changing regulatory landscape is one of the most important challenges for company compliance officers. Only those who are up-to-date can reduce the risks of penalties and reputational damage through risk-reducing behavior within their organization.

Many companies have recognized this challenge, as a Thomson Reuters survey shows: one-third of all companies spend a whole working day per week on monitoring and evaluating regulatory change. And 75% of compliance leaders expect compliance management to require more attention — with many saying that additional spending will be required.

In this sense, modern compliance management means that organizations from all industries must adapt to the rapid changes in the regulatory landscape. The fact that there will be change has become one of the few constants in business today.

2.2 Digitization and disruption – using the example of the highly regulated banking sector

An important driver of these changes is digitalisation. Its most apparent in the banking sector, which originally defined the concept of compliance. Due to the sector’s high number of regulations, banks are seen as less innovative than organizations in other sectors.

But because of digitization, new technologies are emerging at ever shorter intervals, which in turn enable the development of innovative products. These change the customer experience: whether it is mobile payment transactions, crowdlending platforms, or cryptocurrencies and blockchain technology. New service providers are entering the market with innovative solutions that are competing with the classic banking model. These new competitors include FinTech start-ups, such as the new mobile banks like Number26, and established IT corporations like Paypal. Their business models are very different from most banks as they’re based solely on a part of the value chain. Yet customers appreciate these new models and increasingly expect digital products even from traditional banks. Thus, the banking industry is being forced to reconsider its ways of interacting with customers.

Digitization is changing the whole market and having a major impact on regulatory compliance as well.Companies need to recognize this at an early stage and take a holistic approach to compliance.

2.3 A holistic enterprise task

In addition to technical and operational challenges, digital products and services also pose new risks for established banks. These include, for example, needing to adhere to regulations in areas such as data protection and IT security. Even though the demand for digital financial products is increasing, the security of all the sensitive data that clients commit must still be ensured.

This is only possible if the individual departments work closely together to make the new digital products compliant with all existing requirements. If a bank develops an app for digital financial transactions, it should bundle the knowledge from product management, customer support, IT, compliance officers and any other relevant bodies. Here, a holistic understanding of compliance is crucial: as individual areas of compliance are interrelated, changes in one can directly affect the other.

The auditing firm PwC pointed out the importance of a holistic compliance approach in a study in 2013, saying the compliance management of the banks increasingly regards the areas of customer experience, product management and sales channels; They are increasingly difficult to control for banks. However, the holistic approach is crucial – in all sectors.

2.4 Dedicated compliance departments

The subject of compliance covers all departments of a company. An increasing number of organizations today recognize the importance of central compliance management. Deloitte’s report, “In Focus: 2016 Compliance Trends Survey,” provides some insights into current trends.2 For example, 60% of the companies they surveyed expected their total compliance budget to increase.

This trend is accompanied by the development of new roles. More and more organizations are using Chief Compliance Officers or establishing entire compliance departments within their organization. According to Deloitte, 33% of companies they surveyed had a designated Chief Compliance Officer position. Compliance is becoming increasingly important: in times of change and globally organized, increasingly digitized corporate processes, it is important to clearly define compliance responsibilities and processes in order to reduce the risk of legal violations across hierarchical levels. In order to have a holistic compliance management strategy throughout the organization, the business needs to connect the corresponding processes, IT systems, and trained employees. Only by incorporating compliance into all of these aspects can a company create the foundation for a compliance culture.

2.5 A changed perspective: compliance costs as a long-term investment

As requirements for staying in compliance increase, the investments need to increase as well. The authors of the McKinsey Working Paper “Compliance and Control 2.0” estimated in 2012 that the costs of an effective compliance and control system were already three to five times as high as they were ten years ago.3 In this context, they also observed that the costs of compliance violations are also steadily increasing, be it through lack of transparency or inadequate quality control of individual processes and systems.

The new focus on increasing investments around compliance efforts show that a systematic and holistic compliance management strategy for organizations of all industries means more than just additional costs. It’s a critical investment that can help organizations achieve significant process improvements and greater transparency and efficiency along with an optimized customer experience. These are results that might not be quantifiable in hard data, but pay off in the long term. However, this vision requires companies to understand compliance as a holistic program and to bring it into line with their overall business strategy. Individual investments in the compliance culture or the corresponding technologies will then pay off in the long term.

3. From paper to digital operations: three benefits of IT-based compliance management systems

As a look at the conceptual history, the objectives and the challenges of modern compliance management has shown, Compliance is today:

  • a requirement in organizations of all industries
  • complex and far-reaching
  • in a constant state of change due to rapid regulatory, technological and global growth
  • a holistic enterprise and part of corporate culture
  • a strategic investment

In order to cope with the complexity of this reality, more and more organizations are using IT-based compliance management. This approach offers various advantages to businesses who employ it.

3.1 Manual effort is reduced

In recent years, compliance has shifted from a paper-based approach to digital operations. Today it is possible to map compliance-relevant measures and processes in an organization using digital technologies. This can save manual effort and reduce the incidence of errors: instead of paper, in various folders, digital PDFs or tables, compliance-relevant business processes can be bundled in an IT-supported system and thus simplified. In times of constant change, companies can thus integrate regulatory or operational changes more flexibly into their workflows.

KPMG observes the trend towards compliance technologies in the article “The compliance investment”. The company predicts this: By means of technological compliance solutions, which also include data analyzes, organizations are able to better prevent, detect or even predict non-compliant behavior in the future. However, this requires an enterprise-wide IT infrastructure, which provides compliance officers with access to all necessary information, including from the adjacent departments.

3.2 The process approach: compliance across department and hierarchical boundaries

A software-based business process management (BPM) is a suitable digital basis for compliance activities throughout the organization. In this way, a modern BPM software allows to bundle and display compliance-relevant information transparently.

With a modeling tool that supports the BPMN 2.0 standard, software users are able to map all relevant business processes and make them accessible for the entire team in a uniform manner. Signavios Business Transformation Suite provides its users with the opportunity to attach compliance-relevant corporate risks and controls to business processes. In this way, all employees who are going through the relevant process receive a notification at the right time. A typical example in manufacturing is the risk of “incorrect item taken” and the associated control is “Check serial number.” This helps employees beyond departmental and hierarchical boundaries to act in accordance with compliance standards.

3.3 Better document business decisions

Another aspect of modern management systems is the modeling of risk-based business decisions. The standard of decision management is the modeling language DMN:

Figure 2
Figure 2: Example scenario for gift guidelines: decision logic in DMN (Signavio Process Manager)

The respective decision diagrams can even be integrated directly into processes with some software solutions. On the basis of decision-relevant questions, employees are guided through a consistent decision-making process. Corporate risks are avoided in the long term.

Modern solutions, such as Signavio Business Transformation Suite with its collaborative approach, offer far more possibilities for organization-wide compliance management. A process history, the internal control system (ICS) or the modeling and automation of critical business decisions make Signavio one of the most modern management systems in the world. If you want to learn more about how Signavio can assist you with compliance, download our free 7 Step guide to Risk and Compliance. Or, if you’re ready, take our products for a test drive with a free personalized demo.

1See Deloitte, Enterprise Compliace Services, web page:

Deloitte, In Focus: 2016 Compliance Trends Survey, available at:

McKinsey, Working Paper: Compliance and Control 2.0, available at:

Mark McGregor

A former Research Director at leading IT industry analysis firm Gartner, Mark has an extensive background in enterprise architecture, business process management and change management, having held executive positions with a number of technology companies. Since retiring from Gartner he now works as an independent consultant with clients such as Changepoint, Erwin, Mega, Planview, Signavio and LeanIX. Mark has authored or co-authored four books on business and process management, including “Thrive! How to Succeed in the Age of the Customer” and “In Search of BPM Excellence” and “People Centric Process Management. Widely respected for his knowledge and views on business change, he is the creator of “Next Practice” and has variously been described as a ”BPM Guru”, a “Thought Leader” and a “Master of Mindset”. Mark is passionate about the people aspects of change, he has spent much of the last fifteen years travelling the world, learning, teaching and researching the cultural aspects of change and how executives perceive business and process improvement In this capacity he has literally taught hundreds of people and been fortunate to interview and interact with many CEO’s. Mark holds certifications in Six Sigma, PRINCE2, Sales, Neuro-Linguistic Programming and Hypnosis! Mark suggests that it is the variety of his studies, which provide the depth he offers to his clients, in his words “It is the difference that makes the difference”. Connect with Mark via LinkedIn:


Leave a Reply

Your email address will not be published. Required fields are marked *