Back to overview

Compliance Department Structure & Organisation

Does your company require its own compliance department? If so, how should it be structured and organised? Here, we explain the process.

by Andrew Breakwell 4 min

    The calls for more transparency and openness in companies are growing increasingly louder. However, establishing a compliance organisation takes time and extensive preparatory work. Whether an independent compliance department makes sense depends on the industry as well as the size and structure of the company. Alternatively, compliance can take place in existing departments such as legal, HR or sales. We will show you how to find the right type of compliance organisation for your company.

    Tasks of a compliance department

    What does a compliance department have to do in order to meet the multi-layered and complex requirements of regulatory control? “It has to cover all the issues that are brought to it. It must be a risk manager, it must operate control systems, it must train and communicate, it must ultimately be creative”, summarises Mirko Haase, President of the Professional Association of Compliance Managers (BCM).

    Five main tasks present themselves:

    • Identify risks
    • Provide instructions for prevention
    • Use controls and uncover grievances
    • Find solutions to violations
    • Advice on compliance rules


    1.) Identify company-specific compliance risks

    To incorporate the “tone from the top”, company-specific adjustments are necessary. This is because not every company deals with the same grievances and the list of compliance risks is long. Common examples are violations of:

    • Environmental regulations
    • Anti-corruption laws
    • Antitrust and competition laws
    • Trade restrictions
    • Security rules

    Cybercrime and sexual harassment also trouble some companies. Once the biggest compliance threats have been identified, you can start setting up and organizing the (new department).

    2.) Create compliance guidelines

    Some compliance guidelines for employees and employers are necessary for every business. The basis of all rules is the Code of Conduct, which regulates the basic standards of behaviour such as the company values or dealing with corruption. In addition, the topics of “equal rights”, “health at work”, “data protection policy”, “use of social media and the internet”, and “regulations on working hours and holidays” should be included in the compliance rules. In addition, there are also rules that should apply on the basis of a company-specific risk assessment.

    Structure of the compliance team

    Whether as a lone wolf or as a team, these are the central roles in a compliance department.

    1.) The compliance officer: profile & task

    The requirements for a compliance officer are clearly defined. In order to prevent violations of guidelines and applicable laws, he or she uses a compliance management platform to ensure that standards and laws are adhered to in the company’s operations while risks are assessed. Additionally, the role acts as a broker between the specialist department and the management without disregarding confidentiality requirements and responsibilities. As soon as compliance guidelines change, he or she trains the employees.

    In larger companies, these compliance tasks can quickly grow complex and confusing. As the compliance management system, training and risk assessments need to be spread out among multiple team members, establishing a compliance department is recommended. However, there is also a structural alternative: depending on the compliance risk spectrum and the size of the company, a single compliance officer can coordinate issues from different departments.

    2.) Compliance professionals or career changers?

    A compliance department does not always have to consist of professionals. The team should be able to get to grips with the different areas of the company and understand the challenges they face. Some companies have therefore expanded their compliance team with entrants having backgrounds as sociologists, economists or marketers and therefore a different perspective. As well as bringing a breath of fresh air, creativity and empathy, they can gain compliance expertise through on-the-job training.

    Review existing compliance processes

    “The new normal” should also be seen as an opportunity to put existing processes to the test and drive the digitalisation of the compliance programme. Whether it is the whistleblower system, communicating guidelines, checking gifts and invitations or conducting internal investigations, there is hardly a compliance area that has not changed as a result of COVID-19. Accordingly, companies have had to adapt their compliance processes to the new conditions. On our topic page on the new normal for compliance teams, you will find information regarding the effects on numerous other compliance building blocks.

    The pandemic has also presented compliance departments with new challenges. In home office, for example, employees are more difficult to reach, especially when it comes to sensitive issues. In addition, many processes have change. Therefore, the focus needs to be on the following points:

    • Visible and active whistleblowing system (also: “whistleblowing hotline”)
    • Revision of the risk analysis
    • Revision and active communication of regulations
    • Attractive design of the online training

    Compliance & Digital Teamwork

    Digital progress is increasingly arriving in all social as well as professional spheres which has proven a major positive side effect of the COVID-19 crisis.

    1.) Tips for digital teamwork

    A flood of digital communication tools became increasingly mainstream due to lockdowns. Microsoft Teams, Slack and Zoom are considered extremely popular and are used by companies all over the world. We present other tools for virtual teams in detail here.

    Have you found the right tool for your team? With these tips, digital collaboration will run smoothly:

    • Form virtual compliance teams
    • Share additional apps and files
    • Offer virtual workshops
    • Be confident with video telephony
    • Be accessible from anywhere with apps
    • Introduce a virtual meeting culture


    2.) Strengthen online compliance training

    A virtual meeting can of course never replace a face-to-face meeting in all aspects, especially when employees meet to learn together. However, online compliance training can also lead to success. Employees can exchange ideas in an uncomplicated way, regardless of location – a great advantage, particularly for international teams. By recording the training, other employees can also benefit from it later on. With the following tips on compliance training and the correct use of the appropriate tools, the content can be conveyed clearly and easily.


    Whether a company decides to set up a compliance department or not depends primarily on the nature of the organisation. Regardless of the compliance organisation structure ultimately chosen, a digital compliance management system effectively helps not to lose track of the complex tasks. On the one hand, the software regularly reminds you to conduct risk analyses. On the other hand, it ensures audit-proof and complete documentation. This is a great help in the event of a violation and official audits.

    The ultimate guide: optimising compliance risk assessment

    Tips on how to successfully analyse compliance risk in your organisation

    Download now
    Andrew Breakwell
    Andrew Breakwell

    Commercial Director UK – EQS Group | Andrew has been supporting compliance, ethics and risk professionals internationally for over 25 years, with a particular focus on integrated risk management and compliance software solutions and associated consulting and advisory services. Prior to this he was involved in the corporate training and educational publishing sectors.