Managing the cost of compliance in an increasingly complex world

What is the cost of compliance? In a sense, that is actually up to you. There are many different approaches to compliance work, all requiring a certain degree of creativity and ingenuity; simply throwing money at the problem is not likely to solve it. However, one thing is certain: it is better to spend your budget on a proactive compliance approach, than having it come back and bite you later in the form of huge fines.

Shefali Roy, an investor and economist who has worked for Apple, Stripe and Goldman Sachs, warns that the cost of subpar compliance and bad risk management is substantial.

How substantial?

To date, the total value of fines imposed by the EU for GDPR breaches alone amounts to 272 million euro.

“Therefore the question is: What are you doing about it? And it’s not enough to say: Let me just hire 20 more people, because that’s not the solution. How do you automate, how do you do things in an innovative way, and use technology to actually sift out your compliance breaches, your AML breaches, your risk management threats? Where are you gonna use technology to make it cost efficient, so that you comply and you don’t have fines like this?”

These are not simple questions to answer. Richard Atleen, Dun & Bradstreet’s Go to Market Manager, SME Compliance Nordics, recommends an incremental approach to automating compliance procedures. “The first thing I would do is to look into your first line compliance, and see what is manually handled and what is automated. Where do you spend your time identifying the customers in your KYC process? Where in this process can you save resources, time and money? Are there any processes that can easily be automated?”

Dun & Bradstreet can help your organization identify these processes — as well as implement solutions to automate them, always in accordance with frequently updated legislations, both on the local and EU-wide level. “One of our biggest advantages is our local presence; we have both local and global solutions. Our first-line compliance products, covering local legislations, can handle hundreds of thousands of onboardings and millions in your portfolio. We have the best KYC products, which our customers have very good use for in their customer due diligence processes. Our excellent due diligence solutions enable a more thorough analysis to be performed on a client. We have solutions for more or less every purpose, and are happy to discuss different solutions and possibilities with our customers.”

According to Richard Atleen, compliance is currently a big focus of Dun & Bradstreet’s customers, not least when it comes to spending. 

Richard Atleen Go to Market Manager, SME Compliance atNordics Dun & Bradstreet

 “They invest a lot of money into getting the best human resources, as well as different softwares and systems. We have customers within banking/finance using 500–15000 FTE’s just to be sure to be covered and be able to comply with AML regulations. One of the most important things we are talking with our customers is related to automation within first-line compliance: how can we do it, what can we automate, and how can we identify UBO’s, PEP’s and sanctioned entities as fast as possible? Our systems are built precisely around these possibilities.”

More about AML Compliance Solutions 

To manage compliance spending in an increasingly complex world, you need access to data — reliable data. “Compliance risk management involves identifying, assessing and monitoring the risks to your enterprise’s compliance with regulations and different industry standards. Using data, data that you can trust, makes it a lot easier for our customers to build a thoughtful infrastructure within their systems, which they monitor and control.” This eliminates the need to constantly second-guess decisions, and to worry about things like: “Is this good enough? Are we non-compliant? Should we be afraid of legal penalties, fines or reputational loss?”

When it comes to the question of data’s role in ensuring compliance, Shefali Roy is emphatic. “Do your compliance teams use data as part of your business orientation and how you make business decisions? They should! Data should be used in a compliance and risk-management perspective when you’re making decisions, because it’s fundamentally important — and it's absolutely invaluable.”

About Shefali Roy 

Power of Data

Shefali Roy is an Angel investor and invests globally in startups at the pre seed, seed and A rounds in companies building products in Fintech, the Creator Economy, FemTech, and the Future of Work.

She was the Chief Operating Officer and Chief Compliance Officer of TrueLayer till September 2020, and was an early employee at Stripe where she was their Chief Compliance Officer and MLRO for Europe, and responsible for the licensing, regulatory oversight including risk, and compliance of Stripe’s operations in Europe. Prior to Stripe, she led compliance, business conduct and risk across Europe, the Middle East, India and Africa for Apple, was the Chief Compliance & Ethics Officer for Christie’s worldwide, and was responsible for private wealth compliance for Goldman Sachs across Europe and the Middle East. (Source:

A dive into the power of data across Europe
New Report is out
The Future of Data 

      Read the report here