About BWise

Blog

Risk-Based Compliance

September 28, 2015 by
Filed under: Risk Management, Compliance Management

So, what is risk-based compliance? It seems to be a must-have term on any compliance website, and certainly for compliance software vendors. But what does it mean? For many, compliance is not risk related. While they understand the law is in place to protect consumers, investors, and countries against a certain risk, there is no arguing. You simply implement it, and adhere. 

 

In daily practice, some will allow themselves to drive a little too fast because the risk of getting caught is not big. And, if it happens the impact is mostly limited. But I am sure this is not what compliance officers will mean with risk-based compliance. That would mean they would agree that it's OK not to comply as long as you don't get caught. Nobody would say that, not in public at least. And most certainly it wouldn't be the official compliance doctrine of any non-criminal organization.

 

So what is risk-based compliance? What it means is that it's OK to design your compliance controls based on the risk. The same risk may be different in different areas of the business. Bribery is more likely when you're in purchasing, sales, or contracting. Theft is more likely when you have access to money, assets, or goods. The measures you take will therefore differ in different areas of the business.

 

In other words, a compliance risk assessment should have the business context as its starting point, the risk of non-compliance as the risk, and appropriate (indeed risk-based) controls. The term risk-based compliance measures is probably more correct than risk-based compliance, leaving risk-based compliance for us people knowingly driving too fast.  That said, I am pretty sure risk-based compliance will stick as the "official" term.

Tags: Risk

More Information

What is GRC?

Read the definition of Governance, Risk and Compliance


Gartner ORM report

Nasdaq's BWise has been positioned as a Leader in Gartner's Magic Quadrant for Operational Risk Management Report, 2015. 


Forrester report

Forrester positioned Nasdaq BWise as a Leader in New Report, The Forrester Wave™: Governance, Risk, And Compliance Platforms, Q1 2016.


Why BWise

Download the brochure: Three Key Reasons why Hundreds of Customers Rely on Nasdaq BWise.

Scroll up