When designing and resourcing an enterprise compliance program, how should the principle of "proportionality" guide the organization's efforts?
Select an answer to reveal the explanation.
Short Explanation and Infographic
Check this out: if you're running a small, family-owned local bakery, you don't need a compliance program with a global hotlines office, a dedicated sanctions team, and 50 compliance policies in ten languages. But if you're a multinational bank with offices in 40 countries, you absolutely do! That's the principle of proportionality. Your compliance effort has to match your actual footprint and risk level. The correct answer is A because your resources have to match your risk profile. Option B is just a waste of company money. Option C is wrong because even in the same industry, one company might operate in high-risk foreign countries while another is strictly domestic. And Option D is crazy—you don't need one compliance officer for every single employee. Match the program to the risk, and you're doing it right!
Full explanation below image
Full Explanation
The correct answer is A. The principle of proportionality is a core tenet of international regulatory guidance, including the OECD Good Practice Guidance and the UK Bribery Act's "Adequate Procedures" framework. It dictates that there is no "one-size-fits-all" compliance program. Instead, the design, implementation, and funding of a compliance program must be directly tailored to the organization's scale, the complexity of its operations, its geographic reach, its industry sector, and its specific risk profile. A high-risk, multinational enterprise requires a much more sophisticated and heavily resourced compliance program than a small, local, low-risk business.
Let's evaluate the incorrect options: - Option B is incorrect because compliance budgets should be reasonable and sufficient to meet the organization's risks, but they are not expected to be the largest budget in the company. Such a requirement would be commercially unsustainable. - Option C is incorrect because even companies within the same sector can have wildly different risk profiles depending on their geographic operations, business models, reliance on third parties, and history of regulatory issues. - Option D is incorrect because a one-to-one ratio of compliance officers to employees is administrative nonsense and completely unnecessary for effective risk oversight. By applying proportionality, organizations can optimize their compliance spend, ensuring that resources are focused on the areas of highest risk.