Let’s be honest. Compliance doesn’t always inspire excitement. For many, it feels like a box-ticking exercise, an operational necessity that slows down decision-making and adds complexity to already busy days.
Early on in my career, I treated compliance as a set of rules to follow. Something I had to do. But now, I see it as a way of enabling people to do things right, consistently, confidently, and ethically. It’s a mindset that applies whether you’re approving an invoice or onboarding a new team member.
When compliance becomes embedded in the way you work, it stops being a burden. It becomes a source of stability, trust, and differentiation. It’s not about punishment or bureaucracy, but about building a resilient organisation where people understand the ‘why’ behind the rules and take ownership for doing things properly.
At Kerberos Compliance, it’s part of our DNA. And through experience, we’ve seen how shifting the perception of compliance can strengthen your foundations, empower your people, and even improve performance.
The modern CFO’s take on compliance
Roy T. Bennett once said: “Do what is right, not what is easy nor what is popular.” It’s a quote that stuck with me early in my career and has only grown more meaningful over time. In many ways, it captures the essence of compliance. It’s not always the most convenient route, but it’s the one that builds trust, both inside and outside the organisation.
As finance leaders, we play a dual role. We protect the integrity of our numbers and processes, but we also shape how the organisation moves forward. And compliance sits right at the intersection of these two priorities.
When compliance becomes embedded in the way you work, it stops being a burden.
With regulatory requirements constantly changing and risks multiplying, it’s no surprise that compliance remains high on the CFO’s agenda. From GDPR to anti-money laundering (AML), the cost of non-compliance can be devastating. And it goes beyond avoiding penalties. It’s about doing the fundamentals — your bookkeeping, financial integrity and transparency — right. We’ve all seen what happens when companies betray that trust. Just think of the Wirecard case.
According to a Forbes Finance Council article, CFOs are uniquely positioned to turn compliance into a competitive advantage. I couldn’t agree more.
When leaders treat compliance as a value rather than a task, it influences behaviour across the organisation. The tone at the top matters. If the C-suite only sees it as a risk-mitigation function, that mindset will trickle down. But if we champion compliance as a smart, ethical way of working, it becomes a shared standard.
That shift matters. Too often, companies delegate compliance to a single team or assume it’s solved by a tool. But real compliance culture starts with leadership and is built by everyone. It’s not about enforcement, but empowerment.
Compliance best practices: “four-eyes” principle, segregation of duties, and transparency
In our team, good compliance starts with simple but powerful principles.
One of them is the four-eyes principle. Whenever an important document or transaction passes through our hands, two people check it. It doesn’t take long, and it prevents more mistakes than you’d expect. It helps us catch errors early, avoid rework, and maintain trust in our numbers.
Could we automate more? Of course, and in some areas, we already do. It’s seen as a continuous step within the team. Manual processes don’t add value, but automated processes with checks at key steps do. This keeps us close to the details and ensures people stay involved. Technology can support the process, especially with AI tools that spot issues early, but it doesn’t replace the judgment and accountability that come from working closely as a team.
We also rely on the segregation of duties. Even in a small team, it’s possible to define clear roles. For instance, the person who enters payment data is never the same one who approves it or pays in the end. We review key steps together, and that actually builds more trust than having strict hierarchies or systems alone. It also creates natural moments for check-ins, knowledge sharing, and accountability.
Real compliance culture starts with leadership and is built by everyone.
And perhaps most important of all: transparency. Compliance isn’t about policing each other’s work, but about creating clarity. We keep processes transparent and encourage questions. We know mistakes happen and, when they do, the response should be a learning moment. That’s how you build a team that doesn’t hide issues but brings them forward.
When people understand why processes exist and feel free to ask questions or raise concerns, they’re far more likely to follow them.
According to the 2024 ACFE Report to the Nations, 49% of fraud cases involved a lack of internal controls or the ability to override them. These are not minor issues, but they can be prevented with the right structures and mindset.
Building a culture of compliance through training and awareness
Rules don’t mean much if no one understands them. That’s why compliance training has to go beyond checklists and annual certifications.
At Kerberos, compliance training is practical and team-driven. Yes, we cover general topics like GDPR and cybersecurity, but we also make space for discussion e.g. by knowledge sharing sessions on AML and that’s where the real learning happens. When we detect an issue such as a fake invoice, we turn it into a teachable moment rather than assigning blame.
Compliance isn’t about policing each other’s work, but about creating clarity.
We also invest in making these moments engaging. One of my favourite examples is from one of our latest team Value Days, where teams worked through, for instance, puzzles to reinforce our core values, including “Be compliant.”
And it works. Research shows that organisations that provide fraud-awareness training suffer nearly 50% lower median losses than those that don’t. Training doesn’t just check a box, it creates awareness that sticks. And repetition is key – we mostly all know these details, but having them present regularly strengthens our understanding.
First line of defence: empowering employees to fight fraud
Front-line employees are often the first to spot suspicious activity. In 2024, 43% of fraud was detected through employee tips. That’s nearly half. The systems we build matter, but so does the culture we foster.
The most effective compliance strategies will combine a strong ethical foundation, supported by intelligent systems.
We’ve seen this in practice. When a team member noticed unusual bank details on an invoice, they flagged it immediately. It turned out to be fraudulent. We were able to stop it before payment. It reinforced the idea that the best control systems in the world still rely on people paying attention and feeling safe to raise a concern.
That’s what we strive for: a culture where reporting is safe, normal, and even encouraged. We have anonymous whistleblowing channels for that reason, but ideally, people bring issues forward directly, knowing they’ll be met with curiosity, not criticism.
From checkbox to competitive edge
A strong compliance culture does more than avoid fines. It builds reputation. It reassures customers, partners, and investors that your house is in order.
At Kerberos, we believe that our clients choose us because we practise what we preach. They see our compliance-first mindset not only in our product but in how we operate. It’s a differentiator, and one that helps us win their trust.
The systems we build matter, but so does the culture we foster.
It also makes us more efficient. Improving our processes and workflows, as well as building standards reduces mistakes and the need for rework. Regular checks remove the pressure of audits. And being proactive means we spend less time putting out fires.
Think of it this way: compliance is like brushing your teeth. If you do it regularly, you avoid costly and painful visits to the dentist. That’s why for me it is important to build a routine around it.
Compliance doesn’t need to slow you down. When it’s built into your company’s values, it becomes second nature, a quiet force behind operational excellence.
I believe the future of compliance will be shaped by a combination of stronger cultures and smarter tools. As regulations evolve and expectations rise, technology, and especially AI, will play an essential role in helping teams detect risks early, monitor behaviour in real-time, and focus their efforts where human judgment matters most.
But technology alone won’t fix culture. AI can flag issues, but it’s our values and behaviours that prevent them in the first place. The most effective compliance strategies will combine both: a strong ethical foundation, supported by intelligent systems.
As finance leaders, we have the opportunity to reshape how compliance is viewed. By embedding smart controls, creating space for open conversations, and using technology to enhance (not replace) human oversight, we can move from reaction to prevention.
I’m proud of the culture we’ve built at Kerberos. It didn’t happen overnight. But today, our processes are smoother, our team feels more empowered to speak up, and our controls catch problems before they grow.
That’s what a healthy compliance culture looks like. And in today’s business environment, that’s a true competitive edge.