Building an Integrated Compliance Function
In 2012, when I started in compliance, the industry — in the sense we understand it today — barely existed. In many financial institutions, it was still a relatively small function sitting somewhere between legal support, internal control, and regulator liaison. It was not embedded into company processes and was certainly not perceived as one of the central pillars of a CIF.
And yet the market somehow worked. Companies onboarded clients, launched products, built sales channels, developed brokerage operations, and entered new markets. The regulatory environment was simpler, expectations were lower, and the word compliance had not yet become the universal answer to almost every question about risk, process, or control.
Over the past fifteen years, the pendulum has swung sharply in the other direction — towards hyper-regulation. Today, compliance in many financial institutions has become one of the largest non-revenue departments in the organisation. In my case, a department of 32. That creates cost pressure, but there are redeemable qualities to it. The function has not only grown in size — to borrow the old dialectical formula, quantitative change eventually becomes qualitative. Compliance did not simply get larger; it evolved into a fundamentally different organisational function.
From Control Function to Process Integrator
The traditional view of compliance was relatively simple: the business comes with a question, compliance assesses it against the rules and says yes or no. This model assumed that compliance stood somewhat outside the business — an external filter, activated at certain points in the process.
Integrated compliance works differently.
It does not wait for the business to arrive with a problem. It is embedded into the processes themselves: marketing, sales, operations, brokerage. It understands not only the regulatory requirement, but how that requirement lives inside a specific business process.
This is why modern compliance increasingly becomes a process integrator. It connects different parts of the organisation, helps translate regulatory logic into the language of the business, and business logic into the language of control, reporting, and resilience.
Hence my personal formula: "Today I am rather a project manager on regulatory steroids than a classical compliance expert."
A compliance leader today is not only someone who knows the rules. It is someone who manages projects, processes, teams, expectations, internal conflicts, and technological change — a holistic operator.
Compliance Optics
Compliance occupies a unique position within the organisation. It sees the company both horizontally and vertically.
Horizontally, it sees marketing, sales, operations, and brokerage. While each department sees its own slice of reality — primarily its own KPIs — compliance sees through a different lens. It sees escalations, statistics, feedback, staffing, and project stages. It sees where recurring issues accumulate, where processes require manual intervention, where weak signals appear (and disappear), and where escalations become systemic rather than isolated.
Compliance can also challenge any statement for bias and data integrity. Where there is no direct commercial KPI, there is often less pressure to present data in a particular way. In this sense, compliance process registers often tell management more about the company than the reports of the departments themselves. At a minimum, compliance can always offer an alternative point of view.
Business Simplicity Is Compliance Complexity
One of the paradoxes of a modern financial organisation — or at least of mine — is that simplicity for business departments is achieved through growing complexity within compliance.
The business does not need to unpack the full depth of regulatory requirements every day. It needs to know how to onboard a client correctly, how to launch a campaign, how to process a transaction. But for these actions to become clear and repeatable, someone must first build a proper rulebook — and to build that rulebook requires an in-depth understanding of what happens inside each process. Compliance goes into the business, studies its mechanics, incentives, constraints, and goals — and only then embeds control.
To put it plainly: someone must absorb regulatory complexity into the process in advance so that execution can be simple. That someone is compliance.
This is an important shift. Previously, compliance was a point of approval. Now it becomes a participant in process design. Good integrated compliance should not turn the business into a regulatory expert. It should make the right action natural — and the wrong action difficult or impossible.
The Ultra-Specialisation of Compliance
The deeper compliance integrates into the business, the more it differentiates internally into specialised functions.
Adam Smith's division of labour is apt here. Just as the wealth of a medieval city could be measured by the number of trades and crafts it contained, the maturity of compliance today can be measured by the number of specialised functions within it.
AML is no longer a single universal field. It encompasses transaction monitoring, pattern recognition, source-of-funds verification, sanctions control, and fraud prevention — and more besides. These specialists do not substitute for one another. They operate in different regulatory languages. A transaction monitoring specialist thinks in scenarios, patterns, and alerts. A sanctions specialist lives in the world of screenings, ownership structures, and geopolitical risk. These are not different tasks for the same person — they are different professions.
Hence the irony: if Adam Smith was right, compliance must be a very wealthy function indeed.
The Paradox of Integrated Compliance
At first glance, integrated compliance ought to mean unification. In practice, the picture is more complex. The more integrated the compliance department becomes, the more fragmented the expertise inside it. For compliance to be embedded across all company processes, it must consist of many narrow competencies. Integration is achieved not through universality, but through the coordination of specialisations.
This is the central paradox of the modern function: integrated compliance is achieved through the disintegration of the compliance department as such.
AI and Hyper-Specialisation
It would be tempting to expect AI to resolve the problem of complexity. The reality is more nuanced.
I see three levels of AI adoption in compliance today. First, general-purpose tools: localised GPT servers, online translators, email assistants. Second, compliance-designated tools: AI-generated ban desks built from emails and tickets, regulatory text analysers. Third, function-specific toolsets used at the operator level — source-of-funds verification assistants, record screening tools, marketing activity screeners, reporting validators. Across seven departments, we currently run nine designated tools. At some point, I suspect every compliance officer will need their own AI instance.
Even so, AI remains in the early stages of adoption. In compliance technology, perfect solutions are rare. Almost any screening, monitoring, reporting, or due diligence tool still requires a human controller — above all because AI systems lack consistency. In compliance, what matters is not only whether a tool is convenient. What matters is whether its use can be explained to the regulator, whether it can be demonstrated that the system works, and whether it can be embedded into the operating process without disrupting the business.
The Washing Machine Effect
Many expect AI to reduce the workload. But the history of technology suggests that automation does not always reduce the amount of work — it raises the standard.
Current AI solution advertisements are strikingly similar to washing machine advertisements from 1910: save your time, simple input, easy results. But the washing machine did not simply reduce the amount of laundry — it raised the standard of cleanliness. The same dynamic is already playing out with AI in compliance. What was previously impossible may soon become mandatory, simply because technology made it feasible.
The Regulatory Pendulum: Has It Reached Its Limit?
This article opened in 2012, when compliance barely existed in today's sense. Today it is one of the largest departments in any financial institution. But the central question remains open: has the pendulum reached its limit, or will it continue to swing further?
On one hand, regulatory pressure continues to build: MiCA, automated transaction monitoring, AMLA, MiFID III, new sanctions packages — to name a few. Financial institutions and investment firms are increasingly expected to perform functions that belong to police and tax authorities, though without the corresponding powers. That is a subject for another paper.
On the other hand, there are growing signals that the system may be approaching the limits of its own complexity. If rules become too expensive, too burdensome, and too complex even for those they are meant to protect, the question shifts from deregulation to something more fundamental: better regulation.
Recent signals have come from both sides of the Atlantic. The ESMA Chairwoman has acknowledged that certain elements of MiFID II have become too complex and too costly for retail investors. In the United States, the new SEC Chairman has signalled a shift in enforcement priorities — from grey-area litigation to a focus on actual fraud and criminal activity. This may mark the beginning of a reverse pendulum movement. As Director of Compliance, part of me would resist it. As for everything else inside me — I would welcome it.
Compliance Is Not a Destination — It Is the Way
The future of compliance is unlikely to be simpler. Even if certain regulatory regimes are revised, the function itself has already changed irreversibly. Future compliance will be more integrated, more specialised, and more technological — simultaneously. It will depend more deeply on AI, while also requiring more human judgement. It will sit closer to the business, yet still need to preserve its independence. And it will need to learn how to help the company grow — because a function of this size and cost cannot be merely a drain on resources.
This is the way of modern compliance.
*By Yury Anesyants, Director of Compliance at Freedom24 (Freedom Finance Europe)
