Growth is the mantra of modern business, yet in the EU and UK it now collides daily with tightening regulation. Since the 2022 invasion of Ukraine, sanctions regimes have forced banks such as HSBC and Deutsche Bank to rethink client relationships and exit revenue streams. At the same time, new rules on ESG disclosures and the EU AI Act are expanding the compliance burden into uncharted territory.
This is no longer a back-office function of ticking boxes. Compliance has moved to the frontline, shaping strategy in real time. The old idea that business drives growth while compliance slows it down is breaking apart. What follows challenges that assumption and explores a more uncomfortable truth.
When Sales Targets Collide with Sanctions Lists
Few tensions are as stark as the clash between revenue ambition and sanctions compliance. Relationship managers are measured on growth, yet sanctions rules can instantly turn a profitable client into a prohibited one. After Russia’s 2022 invasion of Ukraine, banks such as UniCredit and Raiffeisen Bank International faced intense pressure to scale back Russian exposure despite significant earnings tied to the region.
Inside organisations, this creates friction. Front-office teams see lost deals and shrinking pipelines, while compliance insists on strict adherence to rapidly evolving EU and UK sanctions lists. The reality is that these decisions are no longer purely legal. They are geopolitical, shifting with each new package of restrictions.
Sanctions compliance has become a live strategic exercise, not a static checklist. Leaders must navigate uncertainty in real time, balancing commercial urgency with regulatory risk in a landscape where yesterday’s acceptable client may be today’s liability.
Innovation vs Oversight in the Age of Instant Business
Speed has become a competitive weapon, but in regulated sectors it can just as easily become a liability. Fintech firms pride themselves on rapid launches and frictionless onboarding, yet regulators are increasingly questioning whether controls can keep up. In the UK, the Financial Conduct Authority (FCA) has raised concerns about weaknesses in anti-money laundering systems at fast-growing firms, including scrutiny of onboarding processes at Revolut.
The problem is structural. Products are built to scale quickly, while compliance is often bolted on afterwards. That model no longer holds. Regulators now expect “compliance by design”, where controls are embedded from the outset rather than retrofitted under pressure.
This shift changes the role of compliance entirely. It must move at the same pace as innovation, not trail behind it. In today’s environment, speed without control is not impressive. It is risky. The winners will be those who can deliver both simultaneously.
Tone at the Top, Tension on the Ground
Senior leaders rarely fail to talk about ethics. The difficulty is what happens when incentives tell a different story. In the UK, the FCA has repeatedly highlighted cases where firms had well-written policies but weak cultures of challenge, notably in its reviews of banking conduct and governance.
A striking example emerged in enforcement actions against banks where aggressive sales targets undermined stated values, contributing to misconduct despite formal compliance frameworks. Employees understood what was rewarded, not what was written.
This is the uncomfortable shift. Culture is no longer a vague aspiration. Regulators increasingly treat it as something observable and assessable through behaviour, escalation patterns and decision-making.
The risk is performative ethics, where organisations signal virtue externally but tolerate pressure internally. For compliance leaders, the real task is aligning incentives with intent, because staff follow what drives outcomes, not what appears in speeches.
The Compliance Information Overload
Compliance teams have never had more data, yet often feel less certain about risk. Transaction monitoring systems, AI tools and screening platforms generate vast volumes of alerts, many of which lead nowhere. The result is noise, not clarity.
This problem is not theoretical. Deutsche Bank has faced repeated regulatory criticism and fines for weaknesses in anti-money laundering controls, despite heavy investment in monitoring technology. Regulators pointed to ineffective systems and poor follow-up rather than a lack of data. The lesson is uncomfortable. More data does not automatically produce better decisions. In fact, it can obscure real risks if teams are overwhelmed.
What matters now is prioritisation and judgement. Compliance leaders must focus on filtering signals, not collecting them. Technology can assist, but it cannot replace critical thinking about what genuinely matters.
The Cost of Doing It Right
Doing the right thing can come at a real commercial cost. Following Russia’s 2022 invasion of Ukraine, companies such as BP and Shell exited major Russian investments, writing off billions. The decisions aligned with UK and EU sanctions expectations, but they also meant surrendering profitable positions overnight.
The contrast is stark. Competitors from jurisdictions with looser enforcement have in some cases maintained or adapted operations, capturing market share while Western firms stepped back. This exposes a difficult truth for compliance leaders. Ethical rigour is not always rewarded in the short term. It can look like self-inflicted disadvantage.
Yet the strategic calculation is shifting. Investors, regulators and customers increasingly value resilience and trust. The question is no longer purely moral. It is whether organisations are willing to trade immediate gains for long-term credibility in an environment where scrutiny is only intensifying.
The Shift from Gatekeeper to Strategic Partner
The role of compliance is changing fast. It is no longer about blocking decisions at the last minute, but shaping them early. Leading firms now embed compliance into product design, risk modelling and strategy discussions from day one.
In the UK, the FCA has encouraged firms to adopt technology-driven oversight, while banks such as Barclays have invested in RegTech and AI governance frameworks to anticipate risks rather than react to them.
This shift demands a different mindset where influence matters more than authority. Compliance leaders must speak the language of the business, working alongside commercial teams rather than policing them from a distance. The result is subtle but powerful. When compliance is built in early, it stops being a constraint and starts becoming part of how modern organisations compete.
Living the Dilemma
The tension between commercial pressure and regulatory reality is not going away. If anything, it is intensifying as rules tighten and expectations rise. The smartest organisations are not trying to eliminate the conflict. They are learning to manage it with discipline and clarity. Consider how HSBC has reshaped its risk appetite after years of regulatory scrutiny, or how NatWest Group has invested heavily in financial crime controls following past failures. These are not defensive moves. They are strategic resets.
The lesson is clear. Advantage comes from navigating pressure better than competitors, not pretending it does not exist. Compliance is no longer the brakes slowing progress. It is part of the steering system, guiding where and how the business moves next.
And what about you…?
- Where in my organisation do commercial pressures most often override compliance concerns, and how do I currently respond to that tension?
- Are we overwhelmed by data and systems, and if so, how effectively are we distinguishing real risks from background noise?
