Do More With Less: Why Compliance Chiefs Shall Embrace Efficiency.

If you’ve spent any time in a large corporation, there are certain things you’ll know instinctively. The office printer never works. Business review decks always have too many slides. And someone, somewhere, is muttering the immortal words: “Do more with less.”

Nowhere is this mantra more fervently recited than in compliance, where heads of function routinely brace themselves for the annual budget ritual, in which one must both justify every existing headcount and simultaneously defend against the CFO’s suspicion that the word “compliance” might be corporate code for “non-productive cost centre.”

But - brace yourselves - I wonder if we’ve been looking at this all wrong.

Budget as Bravado

Let’s begin with the obvious. There is a strange correlation in some boardrooms between the size of a compliance department and the perceived moral standing of the company. As if a large team, a weighty budget, and a consultant-approved maturity model are what keep people from bribing foreign officials or emailing inside information to their mates.

The logic goes like this: more budget = more integrity. By that measure, Google’s latest pledge to invest $500 million in compliance should make it eligible for canonisation.

But throwing money at a problem isn’t a strategy — it’s panic dressed up as virtue. And it’s often what companies do after they’ve been caught out. “Look,” they say to regulators, “we’ve spent so much on compliance, we couldn’t possibly be bad actors.” (Spoiler: they could.)

Of course, regulators like the Department of Justice are entirely reasonable in expecting “adequate” resourcing for compliance. But “adequate” means, well, precisely what it means, adequate. It does not mean scores of compliance analysts inputting risk scores into a system no one uses. It means fit for purpose. And here, size is a terrible proxy for effectiveness.

When More Is Actually Less

Throughout my career, I’ve seen compliance departments balloon into empires—replete with their own Byzantine hierarchies, thickets of processes, and enough paper trails to reforest the Amazon.

To be fair, some industries do require regulatory overkill. If you're in financial services or pharma, welcome to the compliance version of “Hard Mode.” But for the rest of us? Much of the expansion is not driven by risk, but by inefficiency. The moment a process breaks down, the reflex is to throw more people at it.

Here are some tell-tale signs:

1. Too many reporting layers. Your CCO needs a sherpa to reach the front lines.
2. Process overkill. Poor process design offset by the over-proceduralising and over-prescribing (Hello, ISO 37301).
3. Manual everything. Third party due diligence is a usual culprit.
4. Duplication nation. Siloed functions with compliance controls running in parallel with the business processes. Duplication does not bring better oversight.
5. Tech-phobia. Hey, that’s a real thing among many of my colleagues (don’t laugh, okay).

The net result? A function that is exhausting the business, demoralising its own staff, and delivering diminishing returns while sitting smug in its sprawl.

None of this screams efficiency. Worse, it breeds a comforting illusion of oversight—a Potemkin village of compliance activity that looks impressive from the boardroom but is utterly unfit for modern risk landscapes.

Reinvention, Not Retrenchment

At Vesuvius, we took a different route. Rather than padding our way to perceived safety, we asked what effectiveness actually looked like. Not just more compliance controls, but better ones. Not more reports, but better decisions.

We chose to build something leaner, focused, technology-driven and integrated with the business it serves.

Here’s how we approached it:

• Process optimisation: We moved from a tick-the-box approach to a principle-based model. Out went duplication and filler. In came clarity and efficiency.
• Tech enablement: We are replacing our legacy due diligence system with an integrated platform that automates third-party compliance management end-to-end, from onboarding to compliance risk management and ongoing monitoring to offboarding. External screening resources are integrated, too. Believe me, it’s sleek. Next stop: we will bring AI into the equation.
• Rational reporting: We culled unnecessary reports and vanity metrics. If it doesn’t inform a decision, it doesn’t belong.
• Restructuring with purpose. Clear responsibilities, fewer silos, more support where it’s needed. No more guessing who does what.
• Upskilling, professional development and the right capability mix in the team.

It is not easy, though. Change never is. But the result? A team with purpose, a function with credibility, and a job that, dare I say, feels meaningful.

What’s This Really About?

This is not a call for austerity. It’s a call for intentionality. Yes, compliance must be funded. Yes, it must be taken seriously. But seriousness is not the same as scale. The aim isn’t to build a fortress—it’s to build trust. And trust comes from clarity, accessibility, and relevance - not bureaucratic theatre.

Too many organisations only get serious about compliance after they’ve been publicly embarrassed. Then they go into penitential overdrive: more people, more policies, more consultants. And, eventually, more complacency.

What if we stopped treating compliance as a last-minute crisis expense or a post-scandal prop, and started seeing it as a strategic asset - one best delivered by smart tech, integrated teams, and professionals who actually understand the business they support?

Final Thought on Purpose

The true promise of a lean compliance function isn’t just cost efficiency. It’s purpose. It’s giving our colleagues space to think, to engage, to add value. It’s allowing them to say, with a straight face, that they’re not just there to prevent fines, but to enable ethical conduct.

Doing more with less is possible. But only if we first stop doing so much that simply doesn’t matter.

alimbay@comhla.co

---

If you find this article interesting or useful to advance on your compliance journey, visit Alimbay.me for more.

Breaking the Mould. Redefining Compliance Breaking the Mould (alimbay.me) is my newsletter dedicated to helping compliance professionals navigate the integrity and compliance landscape by highlighting key emerging risks and opportunities.

I aim to publish once every two weeks. The information provided in this newsletter is not intended to and does not render legal, accounting, tax, or other professional advice or services.