nlenbe-nlThe best software for quality and risk management.

Lessons from the financial sector for your organisation

‘Compliance management’ is a concept that has long ceased to be important only in the financial sector. Every sector faces tightened laws and regulations and has to comply with certain standards. However, other sectors can learn a lot from the financial sector, which is at the forefront of compliance management. By using the ‘Three Lines’ for example, which allows you to mitigate business risks with three lines of defence. In this article, you will read more about this model and how to shape your compliance policy using a concrete roadmap.

What does compliance management actually mean?

If you look up ‘compliance’, the meaning is ‘docility’ and ‘compliant’. Compliance management is therefore about complying with internal and external laws and regulations within an organisation. But being compliant is about more than following laws and regulations. It is about saying what you do as an organisation and doing what you say. After all, you do not want to be compliant just because you might get audited, right? If all goes well, as an organisation you want to act socially and do what is right. You want to have integrity and be trustworthy.

You can choose to employ a compliance manager. In some companies, this is necessary and they have a whole team of compliance officers. They are responsible for protecting reputation and integrity. In smaller organisations, a compliance manager is not always specifically hired but is a task of the legal department, among others. Either way, this is a topic that affects the entire organisation and one that everyone should be working on – from the management to the interns and from the facilities staff to the HR department.

Zes stappen compliance management - Zenya

The history of compliance management

No, we are not going to give you a history lesson! What is interesting is to understand where compliance management comes from, because the emphasis that is placed on it is really something from recent years. In September 2008, the biggest financial crisis in post-war history broke out. Because America had issued too eager and excessive credit, the entire banking sector became infected. Big banks no longer trusted each other – creating distrust in the financial sector all over the world. Politicians as well as aggrieved organisations and individuals demanded change.

That change came. As a result, the financial sector faced tighter regulations and stricter, new laws. The sector took the opportunity to specialise in compliance laws and regulations. Other sectors have learnt from this and have started to get serious about compliance management themselves. Whether they are hospitals, government agencies or large corporate organisations – all require the people working there to adhere to certain codes of conduct and laws.

Being compliant thanks to roles and responsibilities

Having no other choice, the practices around compliance management of the financial sector became a good example for other sectors and organisations. Often, the framework they have is based on the Three Lines Model. This model assumes three lines of defence to mitigate business risks. The business is the first line, followed by systems that support the risk management process. The third line provides additional tools for control thanks to internal audits.

This method enables organisations to manage key risks The Three Lines Model also known as the three ‘lines of defence’:

  • The first line constitutes the business. The people in this first line are responsible for the choices and goals the organisation undertakes and the risks the organisation is willing to take. Often, organisations struggle with how to minimise and maximise the precious time of this first line. At Infoland, we believe in involving everyone in the organisation in risk management and doing it together.
  • The second line is often tasked with developing systems for proper process around risk management and control. Often, people in this line fill risk functions such as legal, finance, compliance, internal control, safety and quality.
  • The third line is ‘Internal Audit’. This is the final piece of the Three Lines Model and provides guidance on control and direction. The third line has to check whether the first and second lines work well together and make an objective judgement on this. Is there room for improvement? Then the third line suggests it.

The above model offers many advantages. You get a better understanding of risks and solutions, an organisation-wide view of risks, a structural approach from different angles, as well as independent control of risk management processes thanks to third-line audits.

Laws and standards to be compliant

Besides the Three Lines Model, there are other good examples from the financial sector that other sectors can apply when it comes to compliance management. Think clear and efficient policies around incident management, as well as periodic reporting. ‘Do what you say and say what you do’ is enforced in many industries – in the financial sector, this includes the European Banking Authority (EBA). So you not only need to conduct internal audits, but also know your customers and suppliers. These days, you better think carefully about who you do business with.

Like banks, every sector has certain laws and standards that must be met to be compliant. Infoland is a company situated in the IT sector. Important laws and standards that we, as an organisation, have to comply with include the General Data Protection Regulation (GDPR).

Roadmap: drafting your compliance policy

Compliance and risk management relates to various processes in your organisation: such as governance and legal processes. It is – as mentioned earlier – something that has to live throughout the organisation and it has to be fully integrated into the business model, rules of conduct and culture. On top of that, compliance management is an ongoing process.

But how do you do that? How do you draft an effective compliance policy? If you are serious about this, there are a number of points to consider.

Below, we elaborate on the different steps for creating a good compliance policy.

Wat is compliance management - Zenya

Below, we elaborate on the different steps for creating a good compliance policy.

Step 1: Landscape organisation mapping

Start at the beginning. It is important to map out your organisation’s activities. This includes relevant stakeholders (both internal and external).

Step 2: Establish laws and regulations in the work field

Now that the market has been identified, you need to identify which laws and regulations apply to your organisation. This is your organisation’s ‘legal framework’. A compliance management tool can provide a solution, gives insight into the standards set for your organisation.

Step 3: Identifying themes and identifying risks

You can now, based on the laws and regulations, identify different compliance themes. For each risk, map the themes and record the measures that go with them.

Step 4: Translating the outcome of step 3 into a policy

You have identified the risks and determined how you will manage them? Great. Then it’s now time to translate this into a compliance policy. This way, compliance is integrated within your organisation with one approach.

Step 5: Assign management tasks and train employees

Once the policy is defined, concrete management tasks are assigned to employees. Also offer manuals and training so that everyone uses the same approach. You can highlight your policy, new training or other information, for example, with ‘mini-campaigns’ through Zenya BOOST.

Step 6: Continuously monitor compliance with standards

Compliance management does not stop after one audit or after formulating a policy. It is an ongoing process that requires you to continuously monitor, implement control measures and demonstrate to regulators whether you are meeting the standards that apply to your organisation.

Compliance management with Zenya

Zenya software is there to make compliance management easier within your organisation. For example, you can use Zenya DOC to store important files and documents that you might need during an audit. You can store evidence so that it can be properly filed, stored and found when you need it. You can also store work instructions or create interactive documents in Zenya DOC, to show that you are working in a certain way on topics within an important standard. You can link a workflow to this with Zenya FLOW, so that you are notified within a certain time, for example, when the permission expires.

Questionnaires and checks are indispensable to comply with increasingly strict laws and standards. With Zenya CHECK, our smart audit management system, you secure this entire process. You are supported by clear schedules, automatic task schedules including notifications and clear reports. Communicate your compliance policy to the rest of the organisation in an accessible way with Zenya BOOST.


Tonino, T. (2023, 3 february). Financial sector: inspiration specially for other sectors. Referenced from:

Weiss, S. (2022, 7 july). What is IT-compliance? Referenced from:

Ruler (2021, 14 june). Compliance Management. Referenced from:

Want to learn more about Zenya?

Request the brochure to have all information conveniently at hand.

Download the brochure about Zenya Software - Software for Quality and Riskmanagement

Free demo available

Want to see what Zenya can do for your organisation? Request a free demo.

Curious about what Zenya can mean for your organisation?

Contact our experts without obligation. We will be happy to think along with you.