During 2004, PricewaterhouseCoopers conducted a major study of compliance in financial institutions and published the findings in Protecting the Brand (May 2005). More than 73 internationally-active financial institutions took part in the study.
One portion summarized the various reporting permutations of compliance (pg. 45). In 49 percent of the institutions, compliance was stand-alone, “often reflecting explicit regulatory requirements.” Co-reporting with the legal function to the general counsel was next most common, at 25 percent. For 16 percent of the companies (primarily in Australia and the UK), compliance was part of risk management, while for 8 percent, compliance was one of several internal functions, such as internal audit, legal, and risk management, that reported to one individual. Only 2 percent of compliance functions were aligned with internal audit.