Assessing the Effectiveness of a Compliance Function

New Link Editor Non-Financial Risk Management

Whilst many firms may think that their Compliance arrangements are purring along just nicely thank-you-very-much, there are not many who can say – never mind actually evidence – that their Compliance function is doing everything just right.

Compliance departments, in this very changeable world, are not immune to the need to grow, develop, and improve.

Senior management will want to gauge, with some objective certainty, the current state of their Compliance arrangements to ensure that the second line of defence is adequate and effective in supporting risk mitigation. If an independent assessment has been done, has it been reviewed recently or is it gathering dust in a bottom drawer?

So how can senior management, and indeed the Compliance department itself, get an objective view that Compliance is doing all the right things, in the best way, compared to their peers and the pack leaders?

Nothing to See Here….Unless You Look

Compliance functions, and indeed the forums into which Compliance traditionally reports, unfortunately often assume that all is probably (fingers crossed) fine. There is always a fine balance to be struck between risk management and cost control and firms have to make difficult decisions on where to invest ….but if firms are honest with themselves they know, and crucially, so do regulators, that things can always be ‘done better’.  This doesn’t necessarily mean spending more – but it does invariably mean doing things differently.

Is our Compliance function doing well? How do we actually know this is the case and can we demonstrate this to senior management and regulators? Compliance operating models become outdated, regulations change, the business strategy takes a sharp left turn, restructurings happen, regulators come knocking on the door, audits come around every year…

The regulatory imperative and (the many!) stakeholder expectations are well established, and these compel Compliance functions to be well run so as to keep pace with industry best practices. Now, more than ever, Compliance functions are being challenged, both internally and externally, to be proactive and pre-emptive in helping the organisation manage regulatory risk. And at the same time they are always being asked to do more with less resource!

How Can New Link Consulting Help?

The number of triggers for an effectiveness review are varied and numerous and any one of them may leave Compliance function running to keep up. How can firms assess ‘where’ they are in terms of the maturity of their Compliance arrangements, ‘what’ gaps exists, and, the all-important ‘how’  can it be fixed?

New Link Consulting has developed an approach to assessing the maturity of a firm’s Compliance arrangements through a Compliance Effectiveness Review (CER) service offering.

The CER helps firms understand:

  • Where on the ‘maturity’ scale the Compliance function under review sits, be it ‘Basic’, ‘Mature’, or ‘Advanced’,
  • What gaps exist and where are these gaps presenting,
  • The steps they need to take to move to a more mature state, and
  • How well the Three Lines of Defence Model is working in the firm.

New Link Consulting has a set of nine standard themes that we review including governance, organisation, policies and procedures, management information and training, but we can adapt the review to focus on any additional themes that senior management or Compliance require to be reviewed.

In summary our approach adopts the following 3-step approach:

  1. Information gathering which typically includes a documentation review, interviews with key stakeholders (think Chief Compliance Officer, MLRO, Chief Risk Officer, ‘clients’ of Compliance, senior management, Internal Audit) and workshops for more technical topics (such as financial crime).
  2. Reporting of gaps via a detailed, straight-talking and easily digestible written report. This report captures New Link Consulting’s ‘Observations’ and any ‘Recommendations’ for improvement (including ‘quick wins’) and includes our assessment of the current level of maturity observed against New Link Consulting’s assessment of the future level of maturity to which a client should reasonably aspire.
  3. Helping develop a ‘Transformation Plan’ which is, in essence, a high-level project plan informed by the gaps noted during the review. This plan is developed by New Link Consulting, in consultation with the client, to assist scope and plan the activities that are necessary to convert the Observations and Recommendations into a practical book of work which addresses those gaps. New Link Consulting works with the client to map out indicative timelines, sequencing, resource requirements, expertise required, dependencies, and other relevant aspects.

And What are the Benefits?

Benchmarking to Peers and Industry Best Practice

Leveraging the expertise within the Regulatory Practice, which has developed across multiple clients – we know what good (and not-so-good) Compliance arrangements look like.…and we can help clients get to where they should be.

Regulatory Certainty

Clients, and their stakeholders, can derive comfort that their Compliance arrangements have been reviewed and are assessed to be in-line, or not, with what regulators would expect …. If there are gaps, it is better to know them and fix them than have a regulator point them out.

Objective Assessment of Compliance functions

An independent review of a firm’s Compliance arrangements holds more weight when undertaken by a third-party with the credibility and requisite expertise. A CER can be used by clients to get ahead of potential challenges (such as an audit or a supervisory inspection, for instance) and, where gaps are presented, the measures underway by the client in ‘fixing things’…. this may often avert – or at least mitigate – a more serious situation.   

Not just Observations…

Clients don’t just want to know what is wrong, but how problems can be addressed. It’s all too easy to be the ‘Monday morning quarterback’ by merely pointing out problems….but much better is to have real-world, pragmatic recommendations based on, collectively, decades of experience in helping Compliance functions to be better.

Why New Link Consulting?

As experienced Compliance practitioners, the team have all sat in the proverbial ‘hot seat’, bringing the invaluable perspective of having led Compliance functions before. We have also reviewed the compliance arrangements in firms as ‘Skilled Persons’, reporting to the FCA. The team has extensive practical experience and domain expertise across all facets of Compliance, coupled with the latest regulatory and industry developments and access to New Link Consulting experts in business analysis, process improvement, operating model design and enhancement, ensures that client’s benefit from consultants who speak ‘regulation’ and speak ‘compliance’.

Simply put, we don’t do consultant-speak!

We are not auditors and our approach is to work collaboratively and constructively with Compliance teams to help them identify how they can be better in all that they do.

In summary, we:

  • Assess your current Compliance arrangements against peers and regulatory expectations.
  • Make pragmatic and ‘right-for-you’ recommendations where gaps are observed or improvements can be made.
  • Help you map out what needs to be done to close any gaps.
  • Provide experienced and skilled resources to help you manage any remediation.


Peter Brooke – Practice Lead – AFC and Regulatory Practice

M: +44 (0)7590 105185

T: +44 (0)203 826 9700


Walter Hogg – Director – AFC and Regulatory Practice

M: +44 (0)7758 690 261

T: +44 (0)203 826 9700


Andrew Hovell – Director – AFC and Regulatory Practice

M: +44 (0)7493 071 823

T: +44 (0)203 826 9700