Volume 8 (2024-25)

Each volume of Journal of Financial Compliance consists of four 100-page issues.

Articles scheduled for Volume 8 include:

Volume 8 Number 3

Editorial
Mario J. Difiore, Editor
Financial Compliance Papers
Compliance, technology and data risk: Electronic communications and the modernisation of data governance control structures
Therese Craparo, Partner, Anthony J. Diana, Partner, Philip H. Thomas, Partner, Christian Leuthner, Partner, Samantha M. Walsh, Associate, Karim Alhassan, Associate, and Ryan J. Fitzpatrick, E-Discovery Attorney, Reed Smith

Record-keeping and supervision rules regarding electronic communications (eComms) for financial institutions have been in place for as long as eComms have existed. The underpinning of these regulations is the view that the security, reliability, integrity and availability of information reflecting a financial institution’s activities are fundamental to the integrity of the financial markets. Over the last few years, the financial regulators have powerfully reminded the financial industry of the importance of the eComms record-keeping rules, launching dozens of off-channel eComms enforcement actions that have resulted in more than US$2bn of fines to date. With the rise in the variety and availability of individual eComms applications and the use of collaboration tools and generative AI (GenAI), the number and variety of channels available to employees for communications purposes are, however, growing exponentially. Even for sophisticated financial institutions, the resources required to effectively manage the pace of technological development and adapt compliance processes in this space can be overwhelming. This paper explores the regulatory approach to eComms compliance in a changing technology world and how financial institutions can appropriately manage eComms risk. It is possible to establish a robust control structure that meets regulatory expectations, accommodates business needs and keeps pace with changing technology. An effective eComms governance structure must, however, encapsulate processes that engage all key stakeholders, embrace innovation and integrate legal, compliance and IT reasoning that moves beyond reliance on individual employees and detection technology and incorporates data governance as a fundamental principle in business operations and technology development.
Keywords: branding; co-creation; community marketing; market research
Can you hear us now? Deciphering regulators’ messaging around financial services companies’ electronic communications compliance
Amy Jane Longo, Partner, Daniel O’Connor, Partner, Shannon Capone Kirk, Managing Principal & Global Head E-Discovery and AI Strategy, Cole A. Goodman, Associate, and Jacob Barr, Associate, Ropes & Gray

Over US$2bn in fines imposed by the US Securities and Exchange Commission (SEC) alone for record-keeping failures related to the so-called ‘off-channel’ communications have sent shockwaves throughout the industry. What began as a single announced settlement in December 2021 has exploded into an industry-wide sweep that has impacted more than 75 companies ranging from Wall Street’s largest banks to niche broker–dealers. Compliance professionals are looking for answers. They are seeking to strike a difficult balance between enabling employees to communicate effectively using the latest available technologies and ensuring compliance with ageing record-keeping rules. Add a regulatory pressure cooker that has produced a staggering number of eight and nine-figure penalties and it is easy to see why this issue has been dominating headlines and keeping compliance professionals up at night. This paper explores the recent surge in off-channel enforcement and offers some considerations and potential solutions for compliance professionals seeking to meet these challenges head-on. While there are no ‘silver bullets’ or ‘one-size-fits-all’ solutions, there are practical considerations that compliance professionals should consider weighing with respect to the compliance programmes they are charged with overseeing. Specifically, this paper identifies potential solutions as they relate to policies and procedures, training, technology and monitoring and testing. In an area that is inherently specific to each organisation and ever-changing, this paper equips compliance professionals with a toolkit to address one of the most pressing regulatory challenges of our time.
Keywords: off-channel; communications; enforcement; SEC; text message; sweep; texting; text
Six years of regulation and supervision of crypto-assets in Malta: The approach and lessons learned
Christopher P. Buttigieg, Chief Officer for Supervision, Malta Financial Services Authority, Associate Professor, University of Malta, and Samantha Cuyle, Assistant Manager, Malta Financial Services Authority

This paper aims to provide a concise overview of key milestones in the development of Malta’s regulatory and supervisory framework for crypto-assets. It outlines the Malta Financial Services Authority’s (MFSA) regulatory approach, grounded in the principle of ‘same activity, same risk, same standard of regulation and supervision’. This posed a unique challenge, as the crypto-asset sector was unregulated at the time, leaving the MFSA to rely on its experience in traditional sectors. This paper also explores the challenges faced in authorising and supervising crypto-asset service providers, comparing the Maltese Virtual Financial Assets Act with the Markets in Crypto-Assets Regulation, and concludes with a critical reflection on lessons learned.
Keywords: crypto-assets; Malta Financial Services Authority; financial regulation; financial supervision; virtual financial assets
Social media as a compliance risk for financial services: Exploring emerging risks and finding solutions to mitigate harm
Robert Mason, Director, Regulatory Intelligence, and Jennifer Clarke, Head of Content, Global Relay

A recent industry report by Global Relay revealed that 55 per cent of compliance executives consider social media to be an emerging compliance risk. In this paper, Rob Mason explores the four key challenges that social media presents to financial services: market risk, marketing and advertising risk, record-keeping risk and consumer harm. This paper unpicks regulatory approaches across the globe to understand how regulatory bodies are adjusting existing guardrails to acknowledge and mitigate social media risks, as well as how regulators are enforcing new expectations — from marketing rules to warnings for ‘finfluencers’. Finally, this paper sets out the critical steps companies should consider to comply with the emerging social media regulatory landscape and prevent harm to business, the consumer and the wider economy.
Keywords: social media risk; regulatory compliance; records and information management; marketing rules; consumer duty
Digital assets and tax transparency: Navigating the new US tax reporting regime
Jill Dymtrow, Director of Tax Information Reporting, Chris Saveri, Global Head of Tax, Gemini Trust Company

The US digital asset industry has been growing at a significant pace since 2012 when the first mainstream digital asset exchange offered the opportunity for customers to buy and sell the first digital asset, bitcoin, through bank transfers. Digital assets, or ‘cryptocurrency’ as it is commonly known, quickly outgrew its status as a niche alternative investment. According to a Pew Research Center survey, almost 20 per cent of American adults owned cryptocurrency in 2023.1 Along with growth in popularity, bitcoin (the original cryptocurrency) has grown in value. On 31st December, 2012, the closing price for a single bitcoin was US$13.45, compared to its all-time high of US$108,135 (as of 17th December, 2024). Based on this, it is fair to assume that long-term investors made some significant gains in bitcoin trading. Since digital asset exchanges are not subject to the same tax information reporting requirements as traditional financial institutions, there has been speculation by digital asset investors that sales of digital assets were not subject to the same taxation regimes as traditional financial investments. The US Internal Revenue Service (IRS) issued its first notice regarding the taxation of ‘virtual currency’ in 2014 (Notice 2014–21).2 The exclusion of tax information reporting guidance on digital asset sales, however, made it difficult for the IRS to identify taxable gains recognised by investors. This paper will set the stage by first diving into the history of both US tax information reporting and the evolution of digital assets. We will then address the recent US tax legislation and regulations issued by the US Government to attempt to mitigate the perceived tax gap for digital asset sales. We will then conclude by highlighting the challenges that these rules pose to digital asset exchanges and taxpayers, and what we can collectively do to prepare for their implementation.
Keywords: social media risk; regulatory compliance; records and information management; marketing rules; consumer duty
Russian sanctions evasion
Owais Arshad, Director, Global Economic Sanctions Advisory, Royal Bank of Canada

This paper explores the three main axes by which Russia has evaded Western sanctions: geopolitical realignment, de-dollarisation and export control circumvention. By analysing these evasive techniques, this paper provides recommendations for financial institutions on how to effectively address these risks. It argues that, while banks and financial intermediaries play a key role in detecting illicit activities, the complexity of the task requires a concerted effort involving regulatory bodies, national security agencies and improved information-sharing networks.
Keywords: sanctions; export controls; evasion; Russia; trade; BRICS; payments; proliferation; sovereignty; sanctions evasion
Managing the intersection of export controls and economic sanctions: Implications for legal and compliance teams and best practises for strengthening cross-departmental coordination
Graeme Hamilton, Partner, Rambod Behboodi, Senior Counsel, and Nasra Moumin, Associate, BLG

Navigating the complex, varying and, at times, conflicting regimes governing export controls and economic sanctions presents unique compliance challenges for globalised businesses. Export controls and economic sanctions address related, but distinct, public policy objectives. This paper explores the intersection between the two and proffers best practises for businesses to manage their export control and economic sanctions risks. Section 2 sets out a brief taxonomy of terms and concepts. Section 3 explains the global context for the measures discussed, the Canadian regulatory frameworks and the intersection between the two regulatory regimes. Section 4 discusses ‘best practices’ for counsel and businesses to manage the complex compliance issues arising out of these measures.
Keywords: economic sanctions; export controls; legal compliance; international trade

Volume 8 Number 2

Editorial
Mario J. Difiore, Editor
Practice Papers
Are the old ways of transaction monitoring dead?
Carrie Gilson, Senior Vice President, Director of Financial Intelligence Unit, U.S. Bank

Financial institutions continue to face the challenge of demonstrating a comprehensive anti-money laundering (AML) transaction monitoring programme that is designed to detect, and aligns with, relevant Federal Financial Institutions Examinations Council (FFIEC) red flags without explicit, consistent confirmation on whether the escalations (ie Suspicious Activity Report [SAR] filings) are correct or valuable. Historically, this led most banks to adopt the use of typology-based if/then rules, resulting in a significant volume of alerts to be reviewed and dispositioned, with only a small portion being identified as potentially suspicious. While machine learning models are touted as an obvious fix to this problem, many banks may find such solutions to be far too expensive, complex and/or resource intensive. In order to answer the question, ‘are the old ways of transaction monitoring dead?’, this paper offers and evaluates various practical solutions, ranging from simple to sophisticated, to reduce false positive alerts generated by traditional AML transaction monitoring applications.
Keywords: transaction monitoring; machine learning; suspicious activity; false positive; rules-based; prioritisation; data quality
Identifying and addressing the risks of AI through regulations, compliance controls and technical design
Sudhanshu Bahadur, Head of Technology for Global Asset Management, BMO Financial Group and Kuno Tucker, Chief Compliance Officer at Manulife Wealth and Adjunct Professor, Corporate Governance, York University

This paper will identify and examine the various aspects of artificial intelligence (AI), surface the risks associated with AI, and provide compelling governance, compliance and technical solutions to mitigate those risks. AI is destined to accelerate the pace of change and development in multiple fields; however, with its great advances come great risks that need to be addressed.
Keywords: artificial intelligence; compliance; regulations; risk management; controls; GenAI; LLMs
Keeping up with the regulators: How to build an effective compliance programme to satisfy the Best Interest care obligation
Stephanie Nicolas, Partner and Joshua Nathanson, Associate, WilmerHale

Over the past couple of years, the Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA) have significantly increased their Regulation Best Interest (Reg BI) enforcement efforts. Broker-dealers will need to act fast, as the pace of enforcement picks up and regulators issue guidance regarding their expectations for broker-dealers and their associated persons. This paper is intended for legal and compliance professionals designing a Reg BI compliance programme. It draws from recent SEC and FINRA guidance and enforcement actions, and it highlights some practical issues as well as potential solutions. The paper begins by discussing the differences between Reg BI and the Advisers Act fiduciary standard. It then provides some general considerations regarding the scope and application of Reg BI. The paper continues with an analysis of recent guidance and enforcement actions related to the care obligation, which has been a focus for both the SEC and FINRA. Finally, the paper concludes with some commentary on Reg BI issues related to the use of artificial intelligence by broker-dealers.
Keywords: Regulation Best Interest; broker-dealers; investment recommendations; artificial intelligence; Securities and Exchange Commission; FINRA
EMIR Refit implementation: Practical advice and considerations for trade reporting obligations
Nik Volpe, Founder, Laurellis Associates, Avinash Shamdasani, Global Head of Transaction Reporting, BGC Group and Kalyan Deshpande, Founder & CEO, Reg-X Innovations

EMIR (European Market Infrastructure Regulation) trade reporting is a fundamental regulatory requirement for firms trading derivatives within the EU and UK. Introduced in 2014, EMIR mandates the reporting of derivative trades to authorised trade repositories to enhance market transparency and enable regulatory oversight. The recent EMIR Refit introduces new complexities, requiring firms to navigate the increased number of data fields, new XML reporting formats and different implementation dates between the EU and UK. This paper addresses three primary challenges of EMIR Refit: oversight and control of trade reporting, delegated reporting to brokers and third parties and updating legacy EMIR trades. This paper discusses the necessity for robust daily controls, governance structures and accurate data reconciliation to ensure compliance and mitigate risks. Firms must adapt to dual reporting obligations due to divergent implementation dates, maintaining separate systems for EU and UK reporting standards. Delegated reporting, while operationally beneficial, requires vigilant oversight to ensure third party compliance with regulatory standards. Updating legacy EMIR trades to align with EMIR Refit standards is crucial to maintaining data integrity and regulatory compliance. This paper provides practical guidance for firms to enhance their trade reporting processes, ensuring adherence to EMIR Refit requirements and safeguarding market stability. Through proactive planning and robust controls, firms can effectively manage the challenges posed by EMIR Refit, maintaining compliance and operational efficiency in the evolving regulatory landscape.
Keywords: EMIR Refit UK; EMIR Refit go live; EMIR compliance; EMIR FCA guidelines; EMIR Refit implementation; EMIR Refit schema; EMIR reporting xml conversion; EMIR Refit changes; EMIR regulatory updates; EMIR impact
Why depository institutions, with or without affiliated securities firms, can and should manage employee use of personal devices for work-related communications
Richard H. Harvey, Jr, Executive Vice President, General Counsel and Director of Compliance Risk, Beneficial State Bank, Michael J. Leotta, Partner, WilmerHale and Gautam Sachdev, Partner, AlixPartners

This paper shows how the failure to monitor for and prevent off-channel communications poses risk to traditional depository institutions that are not subject to the jurisdiction of securities-law regulators and shows how those institutions can mitigate that risk. US securities regulators have cracked down on broker-dealer, investment-adviser and futures commission merchant employees' use of unapproved personal devices and applications for business communications, imposing over US$2.8bn in penalties between December 2021 and April 2024. However, because there have not, at the time of writing this paper, been similar enforcement actions against traditional depository institutions that do not have securities affiliates, many traditional banks without securities affiliates have continued with business as usual. Nonetheless, the OCC has recognised that electronic communications can constitute records that must be retained pursuant to specific rules and that banks' failure to maintain adequate record retention systems in general can create significant reputation, transaction, credit and compliance risks. This paper aims to illuminate those risks and offers suggestions about how to address them.
Keywords: off-channel communications; business communications; personal devices; text messaging; record keeping; e-communications surveillance
An AI adoption strategy for financial crime prevention
Colin Whitmore, Strategy and Innovation, Financial Crime, NatWest Group

Faced with a bewildering array of FinTech vendors and innovative approaches what direction and approach should you take? How can you adopt and use the latest innovative techniques to better detect and prevent financial crime? Do you buy or build? Do you replace or augment current systems? What about ensuring machine learning models are safe and unbiased? What about the role of the person — the human in the loop? What about generative artificial intelligence? What role does or should that play in your strategy? Can you trust it and use it? Given the potential artificial intelligence (AI) has to revolutionise the way you work, can you afford to ignore it? This paper will explore an AI adoption strategy, from the basics upwards, explaining how and where you can use and deploy AI. The paper defines the different techniques, considering both short, medium and longer time frames. It will consider how you can build a roadmap where you can consider both the longer-term goals, at the same time as building your foundations. It is not easy to keep up with the rapidly changing landscape of AI and innovative solutions but having a clear direction and strategy is a great place to start.
Keywords: AI in financial crime; financial crime prevention; AML; financial crime; AI strategy
The ISO 37008 Internal investigation standard framework and what this means for financial services institutions
Steve Young, Chief Executive Officer and Simon Scales, Chief Education & Development Officer, ACi

ISO 37008 provides companies with a way to standardise their reporting and investigations protocols while providing a framework to tailor these processes to manage key requirements in new and existing compliance and ESG regulations. The Association of Corporate Investigators (ACi) played an integral part in developing this ISO 37008 ‘Internal Investigations of Organizations — Guidance’, which looks at the full cycle of an internal investigation for organisations. It covers the establishment of investigative policies and procedures, implementation of the investigation process, the reporting of the investigation result and the performance of remedial measures. Readers will see that financial services institutions of all types and sizes may have occasions where they want to set up an internal investigation. This may be necessitated by matters coming to their attention that require immediate response and include internal misconduct, significant financial irregularity and risk, together with compliance breaches. An internal investigation which is properly carried out may help organisations negate or mitigate the effects, and with the foresight gained through an investigation, an organisation can then develop timely remedial measures to resolve these breaches. This ISO standard lays out the essential aspects of an internal investigation with a view to practical application and overlays the ACi Investigation Principles. Drafted generically, it can be tailored to meet different organisational needs, and a detailed case study helps to guide readers through the benefits of setting up a well-rounded investigative process ready to be deployed when breaches happen.
Keywords: ISO 37008; investigations; governance; compliance; risk

Volume 8 Number 1

Editorial
Mario J. Difiore, Editor
Practice Papers
Machine learning and compliance: A consumer-led approach
Matthew Connell, Director of Policy and Public Affairs, Chartered Insurance Institute

For compliance professionals, addressing the risks and opportunities of technologies such as machine learning is a huge challenge. This paper examines the issues involved with machine learning and insurance, by combining known regulatory concerns from international and UK supervisors with the results of consumer research, to identify key risks and how they can be mitigated. The paper finds that blending consumer research and wider risk management analysis can lead to a holistic compliance approach to machine learning. This builds from the individual, through job role design, individual accountability and training, to organisational systems and controls including governance, pricing policies and data management, through to sector-wide systems and initiatives including management of third parties and consistent standards for model transparency. In particular, it can help focus financial services firms on elements that consumers consider to be highly important, such as pricing according to risk rather than other factors (for example, price elasticity of demand). Conversely, it can help firms take a more proportionate approach to societal factors, such as exclusion of high-risk groups, that insurers alone cannot resolve without partnership with civic authorities.
Keywords: machine learning; compliance; consumer perception; AI; ethics; outcomes
Strengthening governance practices of TCSPS in the EU’s smallest member state
Christopher P. Buttigieg, Chief Officer Supervision, and Petra Camilleri, Deputy Head, Trust and Company Service Providers Supervision, Malta Financial Services Authority, Triq L-Imdina

In Malta, Trust and Company Service Providers (TCSPs) are subject to sector-specific legislation and regulation, overseen by the Malta Financial Services Authority (MFSA) responsible for their authorisation and prudential supervision. TCSPs act as gatekeepers to Malta's financial system, playing a pivotal role in ensuring the integrity of financial services. The paper evaluates the outcomes of the MFSA TCSP governance and compliance thematic review within the context of financial supervision in Malta. It aims to: (a) analyse international reports on TCSP risks, informing the rationale for sector regulation; (b) explore the significance of thematic reviews in the MFSA's supervisory framework; (c) evaluate governance and compliance importance in the MFSA's supervisory approach and (d) examine principal findings of the review and their sector implications. Contributing to the debate on the nature of financial supervision, the paper argues that the TCSP governance and compliance thematic review underscores a growing recognition among TCSPs of the need for robust compliance culture. However, it highlights persistent deficiencies warranting attention. This academic study sheds light on TCSP regulation and supervision in Malta, emphasising the oversight approach in the EU's smallest member state.
Keywords: regulation; supervision; TCSP; MFSA; compliance; EU
Is DORA the dawn of a new era for cybersecurity compliance in the EU’s financial sector?
Antonio Giannino, Chief Risk and Compliance Officer, and Francesca Valenti, Legal and Regulatory Adviser, Amagis Capital Group, and Federico Sertori, Legal and Compliance Officer, Cargolux Italia

This paper aims to set out the application of Regulation (EU) 2022/2254, the Digital Operational Resilience Act (DORA), to analyse its main obligations, its impacts on the current financial ecosystem and on the future culture around cybersecurity in the financial sector. The paper focuses on the main pillars around which the regulation has been built, and its aim is to assist compliance officers and non-technical personnel to assess the impact of DORA within their organisation. The authors offer an overview of DORA because the first step to address the implementation of a new regulation is having a clear view on all areas involved and the intensity of the changes. DORA will require a deep review of current documentation and processes: legal departments will have to ensure the agreements in place with IT providers comply with the new requirements, which entails new processes and the ability to follow the new contractual obligations; risk officers will need to work closely with the IT department, middle-back office and the compliance department to ensure they are all proactively involved in the implementation and monitoring of the new processes and that such procedures and the IT tools integrated are constantly suitable to serve the organisation's need. Furthermore, management will be involved in DORA implementation and will bear responsibility for information and communication technology topics and, consequently, it will be incentivised to pay attention to and invest in information security. Meanwhile, carrying out a pre-assessment at organisational level to understand business impacts and drafting an implementation plan so as to be ready for January 2025, when DORA comes into effect is highly recommended.
Keywords: cybersecurity; compliance; European digital finance package; financial industry
How to maintain a strong compliance function in a remote/hybrid working environment, using ESG as both the objective and the driver
Jessica Ramos, Head of Regulatory and Financial Affairs, Ella Adler, Regulatory and Oversight Affairs Counsel, and Erietta Exarchopoulou, Regulatory and Oversight Affairs Adviser, EBA Clearing

The new realities of the workplace have had a significant impact on how compliance experts are engaging staff in organisations across all sectors and in particular in the financial services sector. Remote/hybrid working arrangements as well as flexible hours have changed the way people interact with each other and how they live and absorb the company's culture. It has also led to an increase of existing risks, such as cyber risks, and created new risks, such as inspections from authorities of staff members' homes. In addition, an increased focus on Environmental, Social and Governance (ESG) principles in the corporate space presents challenges for companies from a regulatory point of view, in terms of dealing with new compliance requirements, requiring additional resources to cover reporting requirements and exposure to reputational or litigation risk. However, this paper sets out a number of opportunities that companies can benefit from by leveraging their ESG activities to attract and retain talent. This paper details the abovementioned challenges, laying out the main consequences that have been observed. It also offers a number of practical tips to leverage creative and novel methods to cultivate a culture of compliance, despite the challenges of the new realities of the workplace, and it gives insights on how to leverage ESG to promote compliance and general staff engagement.
Keywords: compliance culture; ESG; remote working; employee engagement
From data to decisions: How emerging technologies can enhance ESG assessments and reporting
William Nelson, Associate General Counsel, Investment Adviser Association, Washington, DC

This paper presents a comparison of the environmental, social and governance (ESG) regulatory landscape across California, the European Union (EU) and the US Securities and Exchange Commission (SEC). It highlights both the similarities and key differences within these regulations, empowering companies with practical insights. Specifically, the paper explores how companies can leverage data and analytics, alongside emerging technologies like artificial intelligence and blockchain, to gain a deeper understanding of their ESG risks and opportunities. The paper also delves into how these technologies can facilitate ongoing progress monitoring and enhance transparency in communicating ESG performance to stakeholders.
Keywords: environmental; social and governance; ESG; artificial intelligence; AI; blockchain; GHG emissions
Risk-based customer due diligence is the key to effectively managing financial crime risk
Ola Tucker, Founder, Compliance Notes

Customer due diligence (CDD) processes and procedures are a required component of a financial institution's anti-money laundering (AML) compliance programme in the US and in many other countries. Solid CDD policies and procedures are key to meeting regulatory expectations as well as effectively managing money laundering/terrorist financing (ML/TF) risk. However, there are many nuances to conducting risk-based CDD and it is critical that financial institutions understand the specific risks they face and tailor their programme accordingly, as well as update it regularly to account for evolving threats and updates in legislation. This paper discusses the importance of CDD for risk management in financial institutions. It starts with an introduction to CDD, defines the three basic types of due diligence and explains the requirement to identify beneficial owners of legal entity customers. The paper goes on to discuss regulatory expectations as well as some of the more common compliance violations related to CDD incurred by financial institutions. The paper also highlights a case study examining the regulatory enforcement action against Deutsche Bank related to its AML compliance failures involving Jeffrey Epstein. Finally, the paper concludes with a list of best practices and recommendations for banks and other financial institutions.
Keywords: customer due diligence; enhanced due diligence; anti-money laundering; compliance; beneficial ownership; know your customer
A consideration of the evolving role visibility and prominence of compliance play in strategic planning and protecting brand and reputation
Catherine Vaughan, Global Financial Crime, Ethics and Compliance Leader, Ernst & Young

Compliance has progressively evolved from a mere legal and regulatory necessity to a strategic imperative for organisations. In today's fast-paced and interconnected business environment, compliance plays a crucial role in protecting an organisation's brand and reputation. Looking at the relationship between compliance and key function heads such as the Chief Operating Officer, Chief Financial Officer, Human Resources Executives and the increasingly visible Chief Trust Officer, this paper explores the shifting landscape of compliance, its increasing visibility and prominence, particularly in strategic planning. It emphasises the crucial interconnection between compliance and a company's brand and reputation, demonstrating how adherence to legal and ethical standards has become a core aspect of protecting and enhancing organisational success. While there is a leaning towards larger organisations, the concepts and insights explored in this paper have equal relevance to smaller firms, for whom brand and reputation is as equally important as for larger ones. For any organisation which relies on a reputation of trust, the relationship between compliance and strategy explored in this paper is crucial regardless of size, industry or sector.
Keywords: compliance; brand; reputation; strategy; protection; growth; board; trust; culture; evolution