Generally, The chief compliance officers (CCOs) operate in a dynamic legal, regulatory, social, and economic environment framework that is often characterized by complex and sometimes conflicting rules and regulations.

-Many of the first CCOs came from legal backgrounds. These compliance officers

develop training and communication strategies, to evaluate data, and conduct that to be complaint to the law, which is-critical for the organisation. But NOT enough in today's complex society, where many of the non-legal ethical standards are based.

-Simply operating in compliance with the law may not be enough. Enforcement authorities require measures that go beyond what is legally required, including embedding a culture of integrity to achieve appropriate prevention and detection of improper behavior.

-The emphasis on other compliance program elements—such as risk assessments, training, or policies and procedures—has sometimes led to the undervaluing and under-resourcing of the testing and monitoring functions of the compliance department. The lack of effective testing and monitoring can have a ripple effect on other areas of any compliance program.

Compliance risk is the threat posed to an organization’s reputational standing resulting from violations of laws, regulations, or industry codes of conduct,

-40 percent of companies do not perform an annual compliance risk assessment.

-The full spectrum of compliance risks is always lurking in each part of the organization. Organisations need to assess which risks have the greatest potential for legal, and reputational damage and allocate resources to mitigate those risks.

-Companies should also conduct ethical audit for risk assessments.