We often say – perhaps a little too often – that we are living in an “age of uncertainty.” It has almost become a running joke at conferences and in boardrooms. Yet humour aside, there is a real point behind it.
What has truly changed is not that risks exist but that change itself has become constant. Geopolitical developments, shifting trade and sanctions regimes, rapid regulatory evolution, cyber threats and the accelerating impact of artificial intelligence have created an environment where past assumptions no longer hold in the same way.
At the same time, it is important not to lose sight of something fundamental: even in periods of rapid change, principles endure. Integrity, transparency, accountability and sound judgement are not optional extras; they are anchors. Compliance must evolve but it must do so while holding firmly to these core principles – both in theory and in practice. In this context, compliance and counter-financial crime functions sit at the centre of the challenge and, equally, at the centre of the opportunity.
For many years, compliance operated within relatively rigid frameworks, responding to defined risks in what felt like more stable environments – sometimes because change itself was difficult and sometimes because it was resisted. Today, the task is different. The question is no longer how to comply with yesterday’s rules but how to help build institutions and businesses that are resilient, adaptable and competitive, balancing risk, growth, profitability and reasonableness. This is particularly relevant in Cyprus, where the compliance function has matured significantly over time, often shaped by hard lessons and real experience.
Before turning to the key trends, it is worth recognising a simple reality: no organisation – and no profession – can navigate this environment alone. Structured partnerships with other associations, industry bodies, regulators and international organisations are no longer optional; they are essential.
Over the past year, the Cyprus Compliance Association (CCA) has strengthened its collaboration with the International Compliance Association (ICA), supporting training, qualifications and professional forums. We have also entered into important Memoranda of Understanding with key stakeholders, including the Institute of Certified Public Accountants of Cyprus (ICPAC), the Cyprus Chamber of Commerce & Industry (CCCI) and the Cyprus Organization for Standardization (CYS), with further collaborations underway. This progress is driven by a Board of professionals who contribute their time and expertise alongside demanding full-time roles. Together, these developments have further established the CCA as the recognised ambassador of the compliance profession in Cyprus.
However, an important shift is still required. It is no longer enough to bring compliance professionals and regulators into the room; business leaders must also be part of the conversation. Many tensions around compliance arise not from resistance, but from misalignment.
A statement that an organisation “commits to compliance” means little unless it is reflected in everyday decisions, behaviours and accountability.
This belief underpins the CCA’s forward agenda. One of our flagship initiatives this year is our collaboration with the CCCI to deliver a practical, industry-focused series aimed at increasing compliance and risk knowledge across all sectors. In parallel, our collaboration with the Association of Cyprus Banks (ACB) will help ensure practical application across key business areas, supporting healthy growth rather than sidelining it – particularly as Cyprus continues to expand in areas such as gaming and other innovative industries.
Geopolitical and regulatory volatility as the new normal
Geopolitical and regulatory disruption is no longer episodic. Changes in trade policy, sanctions, regional conflicts, supply-chain pressures and cyber incidents now form part of the everyday operating environment. Organisations are increasingly required to make decisions quickly – often with incomplete information – and accept that stability may be temporary rather than assumed.
Artificial intelligence brings real opportunities for efficiency and innovation but also raises practical questions around accountability, ethics, data quality and human oversight. These issues affect how decisions are made, how risks are managed and how responsibility is assigned, at both an organisational and individual level.
Strategic planning is moving upstream. Organisations are now expected to consider scenarios that would previously have seemed remote. Entry and exit planning is no longer an afterthought, while questions about concentration risk – such as how much of the business relies on a specific market or sector – are becoming central to risk discussions.
There is also a renewed focus on ethics and integrity – not just in policy documents but in day-to-day practice. Integrity must be visible at all levels, including in systems, data, controls and reporting. Clear principles matter but they must be lived, not just written.
Compliance now sits much closer to the heart of decision-making. Sanctions, cyber risk, digital assets, AI governance and financial crime are no longer separate issues handled in isolation. They overlap, interact and often escalate together.
This creates an opportunity for compliance to engage differently with the business. Rather than acting primarily as a gatekeeper, compliance can help organisations understand risk in practical terms – what it means for growth plans, partnerships and reputation. Organisations that manage change well are those where compliance is involved early, shaping decisions rather than reacting after risks have already crystallised.
Risk is increasingly shaped by sector as much as by geography. Growth in regions such as the Middle East has highlighted how industries like shipping, infrastructure, financial services and emerging sectors carry very different risk profiles within the same location.
Shipping sits at the intersection of sanctions exposure, trade routes, ownership transparency and cyber resilience. Other sectors face challenges around source of funds, ESG expectations and geopolitical exposure. Digital assets introduce additional complexity through transaction speed, evolving regulation and technology risk, while non-traditional industries such as professional football raise questions around ownership structures and intermediaries.
In Cyprus, these dynamics are not theoretical. We have seen risks materialise across real estate, professional services, technology and other sectors, often with regulatory and geopolitical pressures converging rapidly. The lesson is clear: risk today is shaped by sector and speed as much as by location.
Recent regulatory developments – including AMLA, DORA, CSRD, the Corporate Sustainability Due Diligence Directive, MiCA and the EU AI Act – are reshaping business decisions across Europe. These frameworks influence operating models, resource allocation and decisions about where and how organisations operate.
At the same time, there is a noticeable shift in how compliance teams are perceived. Compliance is no longer simply an administrative function. When properly resourced and trained, it adds value through insight, foresight and informed challenge. This shift requires continued investment in skills, training and communication so that compliance knowledge is recognised as a strategic asset.
Aligning business ambition with regulatory expectations and risk appetite remains one of the most persistent challenges. Approving growth is often easy; maintaining alignment across business lines, jurisdictions and functions is much harder.
Risk appetite must be clearly defined, consistently applied and reflected in policies, processes, KPIs and performance discussions. Leadership plays a critical role. When senior management understands and owns the risks, compliance becomes a shared responsibility rather than a perceived obstacle.
Rather than viewing constant change as a threat, we should see it as a catalyst for improvement. Compliance today is not about stopping business; it is about enabling organisations to operate with confidence, clarity and integrity. Compliance, risk and governance professionals must have a voice – and that voice must be heard.
Those who invest in principles, partnerships, skills and alignment will not only adapt – they will lead. At its best, compliance builds trust, and trust remains the strongest foundation for sustainable success. In doing so, the CCA helps underpin trust and supports the development of a sustainable and resilient Cyprus economy.
*Andrea Moundi Savvides, Chair, Cyprus Compliance Association (CCA)
