Skip to content

Are you allocating enough resources to compliance and risk management, and are you getting a positive ROI?

Macquarie Group has disclosed in its latest financial results that the group spent $785 million on compliance in the year to 31 March 2022, a 22% increase from the previous year [1].

If this trend continues, the group's compliance spend will pass $900 million in 2023, which would be equal to or even exceed spend on technology for the year. The word "compliance" is mentioned 79 times and "risk management" 230 times in the group's 2022 financial statements, a major increase from a few years ago.

These numbers serve as a timely wake-up call to consider how your business compares with this level of investment and importantly, how you can ensure a return on that investment.

Why is Macquarie spending so much and accelerating spend so rapidly? The most likely reasons are:

  • Compliance and risk management demands are increasing exponentially. Financial services organisations are facing an exponential increase in compliance requirements particularly as we head into the ESG era.
  • Compliance and risk management needed to be performed better. Since the Financial Services Royal Commission, most institutions have seen a raising of the expected standard of compliance and risk management and the need to apply more resources to make this happen.

Both points highlight your responsibility to ensure that adequate resources are applied to compliance and risk management and to question whether your organisation's current investment is adequate. Macquarie's compliance spend represents nearly 17% of net profit. How do you compare?

But spend alone does not guarantee the efficient and effective use of resources. Ensuring that your compliance and risk resources are spent wisely and sustainably is key to achieving a long-term positive return on investment. This will come from ensuring your approach to any compliance and risk uplift focuses on:

  1. People capability, culture and engagement. In order to ensure that compliance and risk practices become embedded in the day-to-day management activities and behaviours of your people, you must engage and create a positive compliance and risk culture. At Protecht, we call this "preparing the mental ground" and it is the main focus of our Protecht Academy service.
  2. Automating the compliance and risk process as far as possible, using technology, to maximise efficiency and engagement with the user. At Protecht, we deliver that technology in the form of our Protecht.ERM risk and compliance system.
  3. Embedding compliance and risk into your day-to-day operations, and not separating them off to a specialist risk and compliance team. These functions must be a part of everyday operations and management. At Protecht, we help you embed compliance and risk process into your operations with our Protecht.Advisory team.
  4. Building good frameworks and governance within which all of the above can operate. This is the glue that holds all the pieces together, getting the right ownership, roles, responsibilities and accountabilities. Our Protecht.Consulting team can help you deliver the right framework and polices and support ongoing risk and compliance maturity and transformation.

Another key issue that the Macquarie results raise is how to measure your return on compliance and risk investment.

A key focus must be efficiency and effectiveness. This is particularly true of executive and board reporting: the sheer quantity of compliance and risk information being collected, process and reported can easily overwhelm a board. Macquarie chair Peter Warne told the AFR: "…it's a real challenge to actually get the information the board needs in a comprehensive way that the board can get over in a sensible timeframe".

At Protecht, we can help you overcome these issues by using business intelligence tools that are linked directly to the underlying risk and compliance information. Our tools produce board-level summary information with drill-down capability that provides the board with exactly what they need to see with the ability to enquire into the data live within the system.

We also provide an aggregation of risk and compliance information against a specific anchor, such as obligations, risks or controls to provide a truly integrated and current view of your organisation's compliance and risk status.

Protecht.ERM's RiskInMotion dashboard showing assessments, controls, compliance, KRIs, actions and more all linked to risks

The RiskInMotion dashboard in Protecht.ERM


If you would like to know more about how Protecht can help your business achieve sustainable compliance and risk operations, request a demo of our Protecht.ERM system now.

[1] Macquarie's compliance cost explosion: Australian Financial Review, May 6 2022