What is Compliance?

The term compliance describes the ability to act according to an order, set of rules or request.

In the context of financial services businesses compliance operates at two levels.

Level 1 - compliance with the external rules that are imposed upon an organisation as a whole
Level 2 - compliance with internal systems of control that are imposed to achieve compliance with the externally imposed rules.

Discover the latest news surrounding compliance ►

Which ICA course level is right for you?

Job Roles & Salaries

There is considerable variation within and across pay scales for compliance and compliance related roles. Salaries tend to focus on the skill sets required for a role, rather than being defined by the job title. Therefore, no two compliance officer roles are likely to be established on the same pay scale.

View job roles & salaries ►

Qualifications & Courses

Compliance professionals not only navigate a complex regulatory environment but also add a key commercial perspective. They enable the right business to be conducted in the right way and help firms achieve success by using systems and controls to ensure effective risk management.

Begin a career in Compliance ►


The availability of funding varies from jurisdiction to jurisdiction. Funding is available in some jurisdictions for programmes of study leading to ICA qualifications. Discover what funding is available to you.

View funding options ►

Compliance FAQs

DUTY - The Compliance Officer has a duty to his employer to work with management and staff to identify and manage regulatory risk.

OBJECTIVE - the overriding objectives of a compliance officer should be to ensure that an organization has systems of internal control that adequately measure and manage the risks that it faces.

RESPONSIBILITY - The general responsibility of the Compliance Officer is to provide an in-house compliance service that effectively supports business areas in their duty to comply with relevant laws and regulations and internal procedures.

  1. To identify the risks that an organisation faces and advise on them (identification)
  2. To design and implement controls to protect an organisation from those risks (prevention)
  3. To monitor and report on the effectiveness of those controls in the management of an organisations exposure to risks (monitoring and detection)
  4. To resolve compliance difficulties as they occur (resolution)
  5. To advise the business on rules and controls (advisory)

Corporate governance is a highly inclusive concept that covers a number of different aspects about the way in which an organisation is managed, directed and governed.

It can be described as a set of relationships between a company’s management, board, shareholders, and other stakeholders, which provides the structure through which the objectives of the company are set. Furthermore it provides the means of attaining and monitoring performance against those objectives.

The term ‘regulation’ generally refers to a set of binding rules issued by a private or public body with the necessary authority to supervise compliance with them and apply sanctions in response to violation of them.

Although there is no unified theory of financial services the key objectives of regulation is as follows.

  1. The protection of investors/consumers
  2. Ensuring that the markets are fair, efficient and transparent
  3. The reduction of systemic risk
  4. The reduction of financial crime
  5. The maintenance of consumer confidence in the financial system

Effective regulation is regulation that:

  1. Contributes to the fulfillment of one or more of the core objectives of financial services regulation.
  2. Maintains an open market that can be participated in by the widest range of appropriate participants with no unnecessary barriers to entry and exit and
  3. Provides an equal regulatory burden on all participants that meet minimum criteria.

Primary legislation refers to the Law, Act or Ordinance passed by the legislative of a particular jurisdiction.

The legislature in many jurisdictions has the power to delegate or subordinate law making powers to other agencies that may then make delegated or subordinate legislation often referred to as “secondary” legislation. In the context of financial services, secondary legislation is generally legislation that has been drafted by a regulatory body empowered to do so pursuant to the primary law by which it is established.

Codes generally set out the broad principles by which a regulated business is expected to conduct its business.

Rules are generally very detailed and relate to every regulated activity and function.

Guidance can either be in the form of a statement of best practice or a statement of minimum best practice.

Occasionally a regulatory authority will feel compelled to issue detailed guidance to regulated businesses on how it expects them to actually discharge their legal and regulatory obligations. Anti money laundering and terrorist financing is one area where most regulators around the World have issued guidance.

In broad terms regulators fulfill the following seven functions:

  1. They lay down rules or principles that determine who can conduct financial services business
  2. They authorise financial services businesses
  3. They lay down the rules by which regulated financial services businesses must conduct their business (both prudential and conduct of business rules)
  4. They supervise compliance with the rules either through desk based supervision or onsite inspections or a mixture of the two
  5. They conduct investigations into suspected breaches of the rules sometimes in conjunction with other law enforcement bodies
  6. They enforce the rules
  7. They co-operate and exchange information with other regulators

Many regulators adopt a risk-based approach to supervision and follow a process of supervision that can be divided into the following four steps:

Step 1. Defining the objectives

Step 2. Obtaining information from regulated businesses

Step 3. Assessing the risk that regulated businesses face and pose

Step 4. Taking action in response to the risk assessment

There are essentially two methods by which compliance with regulatory rules is monitored – Onsite supervision and Offsite desk based supervision.

  1. On site supervision entails visits by the staff of a regulator to the offices of a regulated entity, with the objective of satisfying etc
  2. Offsite desk based supervision requires regulated financial services businesses to provide relevant information by means of ‘supervisory returns’ normally prescribed within legislation and or license conditions.

  1. To maintain a low probability of insolvency and any consequential loss to an organisation’s ultimate customers; and
  2. To ensure the resolution of the position of any organisation whose viability is impaired, while protecting the interests of their customers to the maximum possible extent.

Conduct of business rules govern the manner in which a business conducts itself in its relationships with consumers. Conduct of business rules impose minimum standards of acceptable conduct upon regulated businesses.

  1. Advertising
  2. Customer communications
  3. Customer agreements
  4. Conflicts of interest
  5. Customer understanding and suitability
  6. Customer dealings
  7. Customer due diligence
  8. Client assets and money
  9. Breaches, errors and/or near misses.

Enforcement is a necessary product of the process of authorisation and supervision, in the sense that a regulator must enforce compliance with rules. Enforcement is as much about investigating, gathering and sharing information as it is about imposing penalties.

Enforcement generally entails the following:

  1. Inspection
  2. Investigation powers
  3. Surveillance powers
  4. The imposition of corrective or remedial action
  5. The imposition of penalties

  1. Power to inspect and request information
  2. Power to seek orders to compel a business to comply
  3. Power to remove directors and auditors;
  4. Power to appoint an administrator
  5. Power to impose administrative sanctions and / or to seek orders from courts or tribunals;
  6. Power to initiate or to refer matters for criminal prosecution;
  7. Power to suspend operations or trading

  1. The nature of the operation
  2. The diversity of its operations
  3. The complexity of its business
  4. The scale of its business
  5. The volume of transactions
  6. The size of the transactions

Which course is right for you?