Printer Friendly, PDF & Email

Beyond risk mitigation: Implementing effective compliance programs for today's workplace

Giovanni Gallo ( is Co-CEO and Chief Development Officer at ComplianceLine in Charlotte, North Carolina, USA.

Mention the word “compliance,” and most business execs would likely say it means risk mitigation. That’s certainly part of it, but there’s more to compliance than preventing negative incidents and cleaning up after them. Compliance professionals are responsible for ensuring everything goes right, day in and day out. If problems occur, they carry the weight of potentially staggering losses due to bad actors, data breaches, legal or regulatory infractions, and more. It’s a huge, daunting, and often thankless task.

The full scope of these responsibilities isn’t always clearly defined, and they’re constantly moving targets as new regulations are passed, people find new ways to game the system, and public attitudes evolve. The issues are far more complex than in the past, yet compliance budgets typically account for a small percentage of a company’s budget. This all requires compliance teams to do more with less.

Compliance isn’t an issue that pertains only to large corporations, though obviously the stakes climb as organizations grow bigger, and there’s exponentially more money at risk. But the relative impact of a problem can be more severe for a small company than for a huge organization with deep pockets. If the owner of a startup with three employees messes up, there might not be enormous sums of money at stake, but it could take the whole company down or irreparably damage the culture. By contrast, a negative incident involving the CEO of a multinational bank might cost hundreds of millions of dollars, but the company will likely be strong enough to weather the storm.

This document is only available to members. Please log in or become a member.