Skip to content
Compliance & Risk

The 2023 Thomson Reuters Risk & Compliance Survey Report: A delicate balance between risk and reward

· 5 minute read

· 5 minute read

In the latest edition of our "Risk & Compliance Survey Report", we take an in-depth analysis of the market trends and innovative developments that are driving change among corporate compliance departments

As uncertainty and instability continue to roil global markets, corporate risk and compliance teams face a wide range of challenges, from cost pressures and cybersecurity concerns to ever-evolving regulatory changes, fraud prevention strategies, and more.

To find out how risk and compliance teams feel about their jobs and what their management strategies are for the next two years, Thomson Reuters surveyed more than 180 risk and compliance professionals from companies in the United States, Canada, and the United Kingdom. Their responses form the basis of the 2023 Thomson Reuters Risk & Compliance Survey Report, an in-depth analysis of the business factors and trends driving change in the field of corporate compliance.

Some of the key topics most cited by survey respondents as critical issues for compliance teams going forward include bringing more work in-house as a cost-cutting measure, how best to manage emerging compliance risks and strategic priorities such as time management and specialization, and how best to pivot the team’s role from check-the-box risk managers to one of strategic advisors.

Cost containment vs. risk

In general, corporate risk and compliance teams are responsible for protecting their organizations from harm and ensuring that policies and regulations are being followed. In order to do their jobs properly, however, compliance teams need the right mix of personnel and resources — but not all of them get it.

And while the average size of risk and compliance teams is about 15 people, according to the report, almost two-thirds (62%) of our survey respondents reported that the number of employees in their departments has actually increased over the past few years. This is due mainly because of the trend toward bringing more work in-house (sometimes called in-sourcing), an increasingly common cost-saving strategy. Unfortunately, the research also suggests that the impulse to cut costs sometimes means short-changing departments by failing to provide adequate technology and training.

Risk and compliance roles also have become more specialized. In compliance, for example, the pressure to stay up to date on ever-changing international regulations means a greater reliance on increasingly sophisticated monitoring technologies, which requires people with more advanced technical skills. And this increased reliance on technology also leaks over into risk management — as 82% of survey respondents cited concerns about data and cybersecurity as one of their top priorities.

Other high-priority risks cited by respondents included the accuracy of know-your-customer information, supply-chain due diligence and reporting, the internal use of artificial intelligence (AI) tools, environmental, social & governance (ESG) reporting, and regulatory changes in anti-money-laundering rules.

Strategic priorities

In terms of long-range strategic priorities over the next 12 to 18 months, our report suggests that keeping abreast of upcoming regulatory and legislative changes is the top strategic priority for a majority of companies’ compliance teams (61%), followed by the challenge of identifying and mitigating emerging risks, as well as the perennial need to increase both growth and efficiency in the quest for greater profit margins.

Respondent also reported a number of other long-range strategic priorities, including preventing and detecting fraud, recruiting and training talent, improving service, and expanding into new service areas or geographies.

Interestingly, the report also reveals some distinct differences between compliance teams at North American companies and those in the U.K. when it comes to certain priorities. For example, more than one-quarter (28%) of survey respondents from the U.K. cited keeping pace with the organization’s digitalization as a top-five priority, but only 11% of respondents from North America were concerned about their organization’s technological development.

ESG and AI

In addition to examining how risk and compliance professionals are prioritizing their time and resources to meet the many challenges they face; the report also includes two special sections on some relatively recent developments in the risk and compliance space — ESG reporting and generative AI.

ESG is becoming an important compliance issue because the necessary reporting required to comply with ESG standards typically falls on risk and compliance departments. That reporting, in turn, is a public reflection of an organization’s values, goals, leadership, and reputation — which is why more than two-thirds (67%) of respondents reported seeing ESG-related organizational changes at their companies within the past three years.

Generative AI is also making its way into the field, but while risk and compliance professionals can appreciate the potential for AI, they are also skeptical of the technology’s reliability and would like to see more relevant test cases before accepting it into their toolkit.

You can download a full copy of the 2023 Thomson Reuters Risk & Compliance Survey Report by filling out the form below:

Gated Form


More insights