Without wanting to over-simplify, Risk and Compliance management are the set of policies and tools that help to keep your business out of hot water. Common areas where you need Risk and Compliance management are:

  • Being compliant with PCI-DSS (for payment cards),
  • Ensuring your standard of data protection is in line with GDPR
  • Managing the risks to your business caused by changing marketing conditions.

Remember that in some industries e.g. banking, you have to have a minimum framework in place and this may be set by a regulatory body such as the Financial Conduct Authority. That’s not even taking into account for large companies, your customers may expect it of you regardless of the industry you operate in.

In one role, I developed a Risk and Compliance management framework that created a common standard for the customer’s ten B2B & B2C brand companies in the UK (covering 1600 staff). It would manage the risk and compliance issues associated with the Group IT department’s infrastructure, as well as other area such as the Group’s annual PCI recertification audit.

The framework I created for my customer included:

  • The Risk and Compliance manual – defining their ‘risk universe’, the process for risk treatment and linking back to their company’s strategic business objectives, to ensure the ‘right’ risks were being considered.
  • Job Descriptions – for new roles such as a Risk and Compliance Manager and support staff.
  • Governance Framework – with Terms of Reference, to ensure that the right people would manage Risk and Compliance at the right time.
  • Risk Appetite statement – a document that shows in a transparent way, the amount and type of risk that an organisation is willing to take in order to meet its strategic objectives.


The benefits my work brought to the customer meant that for the first time, Group and company-wide risks could be collated together and assessed by one group of people, rather than piecemeal, giving the Group’s Executive Team a more accurate picture of what was happening on the ground.

Risk and Compliance management may not sound any sexier now than it did at the start of the post but it has a clear role for those companies whose need improved governance.

If you think your company could also benefit in the way this customer did, why don’t you message me?