Risk and Compliance

September 7, 2023
Authored by
Chris Martin

A Risk and Compliance specialist can help safeguard reputation, promote proactive risk management, and navigate changing landscapes. In essence, they bridge the gap between technical compliance and practical implementation, ensuring an organisation's enduring success. Furthermore, they can provide confidence and assurance to your business decisions, to help you ensure you’re heading in the right direction. What this looks like will vary by industry, but it can range from assessing the risk of financial expenditure, through to evaluating safety protocols in your place of business. Below, Chris Martin from the Auckland Corporate team has highlighted the importance of having Risk & Compliance specialists for your business in 2023. Plus, you can reach out to him for more information!

Running any business involves constantly managing risk and complying with the laws and legislation that govern an industry. Risk and Compliance is a broad subject area that may surprise you in its breadth. At a basic level every business is balancing risk and return and the concept of risk mitigation versus return.  

Areas of Risk can include macro elements such as reacting to economic down turns, market competition, reputational damage, Health and Safety, Business Continuity Planning through to the impact of breaching laws and regulations.

Compliance is the process of identifying and mitigating potential losses that come from not complying with the laws and regulations relevant to an industry. Some organisations have risk and compliance policies and procedures which are frameworks and mechanisms used to implement and control compliance. Compliance management is a continuous process that tracks changes in the legal or regulatory environment to ensure policies are up to date, as well as revising these polices on a regular basis considering new laws or regulations.

In this guide, we have put together our insights, tips, and tricks to help you move into the world of Risk and Compliance, and to help you assess if hiring a Risk & Compliance specialist is right for your organisation.

Current Development of the Market

In New Zealand Risk and Compliance is a fast-growing market sector. Over the last 5 years (to 2023) we have seen some key trends emerge. The market has emerged from a focus on Health and Safety, iterations of (IFRS) International Accounting Standards, the adaption of laws in Financial Crime and Corruption, Financial Market Stability Law, Consumer Protection and Conduct Law, Business Continuity Planning, and more recently Environmental and Sustainability legislation.  

Risk & Compliance is a fast-growing market sector, with some key trends having emerged over the last 5 years to 2023.

The Growth of an Industry

It's been a moving feast of change and an industry has emerged along with its members quickly building a set of skills to navigate these fast-running waters.  

Initially, candidates were pulled from parallel industries such as Accounting and Law. Now we have seen the emergence of true Subject Matter Experts.

Aligning NZ with some of our closest markets has not been the only key driver of change in this sector. Other catalysts have been breaches in Conduct and Money Laundering in Australia. The resulting Royal Commission saw Senior Directors losing their jobs and significant fines being applied. Although this did not impact New Zealand jurisdictionally, many of New Zealand’s institutions are Trans-Tasman in nature or have Australian Parents. New Zealand has conducted some of its own reviews and although not finding serious issues, findings have driven change. A review of the Insurance Industry and reactions to the GFC have all impacted this sector.

Organisational Structure

For large organisations this subject is split into Risk Management and Compliance Management while smaller companies combine these elements.  Small and medium enterprises may have Risk and Compliance reporting into a Head of Finance, medium sized organisations may slot this area under Legal and large corporates often employ a Chief Risk Officer who is part of a Senior Leadership Team. Industry sector also plays a part in how organisations treat this subject with the Finance Industry seeing the most impact from legislation, resulting in the largest and most established teams. Aeronautical is also a highly established and “Risk Mature” market. Construction and Infrastructure have more of a Health and Safety and Project Risk focus.

Here at Find, we have seen the largest volume of jobs being created across the Financial Services sector. This has been driven by a raft of consumer, business conduct and structural legislative changes. Much of this change has been to “catch-up” New Zealand with other jurisdictions particularly in Europe and parts of Asia. The purpose of this is to ensure Consumers are treated fairly and to balance vulnerable consumers against larger institutions.

Key Regulators

There are several key regulators  who govern organisational conduct. Some examples of these governors are below.

Within Financial Services, these include:

Other market sectors may have a range of other governing bodies which can include organisations such as:

Key Areas of Risk & Compliance

In the modern business landscape, businesses face a myriad of challenges and risks that demand careful management and adherence to various Frameworks and guidelines, this brief overview explains some of the key areas of Risk Management and Legal Compliance.

The '3 Lines of Defence' Model

Many organisations utilise a 3 Lines of Defence Model. This methodology ensures that each “Line” has a degree of oversight.

  • Line One is considered operational and is carried out at a customer facing or service delivery level ('the front line').
  • Line Two is focussed on managing the rules, procedures and frameworks which the operational functions carry out.
  • Line Three is an audit function of both Lines One and Two.

Anti Money Laundering and Countering the Financing or Terrorism are key pieces of legislation that govern Financial Services. Although New Zealand is considered low in corruption, organised crime and terrorism (both nationally and internationally) will search for weak points for Money Laundering.


Hacking, viruses, and malware are cyber risks to organisations that handle private or otherwise sensitive information, requiring them to take steps to protect that data and prevent privacy breaches, going above and beyond simply following regulations. Organisations falling under this category must develop solid data security policies and procedures to help prevent serious incidents of privacy breaches involving customers/clients and employees.

Environmental Concerns and ESG

ESG stands for Environmental, Social and Governance and is a wide and growing discipline. Social Responsibility, giving back and Governance Responsibilities are all sub-sets of this subject scope.

Notable recent legislation in this area includes upcoming climate disclosure reporting. This legislation has started to drive the importance and visibility of this topic within corporate New Zealand.

Environmentally, business is being thrust into dealing with pollution and environmental damage they cause. Many countries have strict laws regarding these environmental risks. It is more important than ever to ensure relevant regulations are followed to avoid consequences.

Workplace Health & Safety

Many industries require organisations to follow specific health and safety protocols, many of which are enforced by the government. In New Zealand, WorkSafe is the primary regulator for the health and safety work systems, they aim to provide the NZ workforce with regulatory confidence, harm prevention, and system leadership through working collaboratively with businesses to embed and promote good work health and safety practices.

Managing the risks associated with your workplace is more important than ever before, especially as new laws and regulations require a higher standard of employee safety and business compliance.

The Importance of Risk & Compliance for Modern Business

Identifying possible situations that may impact or damage your organisation is critical for building a robust business.In modern times there is an expected duty of care for employees, customers, and the environment. These manifest in areas such as ensuring fit for purpose products, privacy, health and safety and consumer protection. With social media, reputation has never been more easily damaged. We are also seeing regulators drive ethical and social tenets in new law. Managing the risks associated with this change is now critical for any successful modern business.

Kerry Bakkerus, President of RIMS NZ & PI Chapter

"The importance of enterprise risk management is more relevant than ever in today's intricate and interconnected business landscape. Factors such as shifts in regulatory standards and expectations, the proliferation of data and advanced technology, the growing significance of ESG (Environmental, Social, and Governance) risks, the increasing emphasis on ethical and sustainable practices, the global risk and political landscape, as well as the ongoing attention to workforce and emerging risks, all contribute to a time when organisations must prioritise effective risk management.

Organisations that have invested in enhancing their teams and bolstering their risk management and compliance capabilities have successfully harnessed opportunities, increased their organisational resilience in the face of global uncertainties, mitigated their risks, and have thereby increased shareholder value. This presents an exceptional opportunity for risk and compliance professionals to advance their skills and expertise during a period when their ability to provide substantial value, significance and meaning has never been more pronounced.”

The Importance of Having a Risk & Compliance Hiring Specialist by your side

Risk and Compliance is now considered an essential, specialist skill set. Having a technical Subject Matter Expert is irreplaceable. Where the rubber “meets the road” is being able to implement best practice into a business in an actionable and engaging way. These industry specialists will bring you:

  • Targeted expertise.
  • Assurance that candidates understand industry-specific needs.
  • Best practices transformed into actionable strategies.

A Risk and Compliance specialist can help safeguard reputation, promote proactive risk management, and navigate changing landscapes. In essence, they bridge the gap between technical compliance and practical implementation, ensuring an organisation's enduring success. Furthermore, they can provide confidence and assurance to your business decisions, to help you ensure you’re heading in the right direction. What this looks like will vary by industry, but it can range from assessing the risk of financial expenditure, through to evaluating safety protocols in your places of business.

Risk Management Frameworks

These are templates and guidelines used by companies to minimise risks. This usually involves having a risk profile for each risk that is identified within an organisation, these profiles could have information as simple as how much capital could potentially be lost owing to an unidentified risk, or more complex information such as quantifying the cost of a risk versus the cost of implementing systems to mitigate risk. Once risks have been identified, they then require plans for mitigation, reporting and monitoring, and the governance of these plans.

What might a day-to-day in Risk & Compliance look like?

Working in this field, you can expect to build and design internal policies to lower the risk of your employees not compiling with relevant regulations. This also involves training staff and informing them of any legal changes or updates to compliance guidelines, whilst also acting as a contact person between heads of departments and the organisational regulatory body. From a strategic level you will be considering what risks are likely to have the biggest impact on a business and what the cost of mitigating this risk will be. You can expect to be involved in creating Frameworks and Procedures for managing Risk and Compliance, implementing new processes and training those in the business is equally key.

Is Risk & Compliance a well-paid industry in New Zealand?

As an industry that is evolving and growing in importance around Aotearoa, salaries and rates are indicative of market expectations. As a Subject Matter Expert, you will hold a valued position in any organisation and can expect the following rates to reflect this. The below data is accurate as of September 2023. For the most up-to-date salary date, click here to find out more.

Job Title Experience Level Salary Lower Salary Higher
Compliance Associate 1-3 years $70,000 $85,000
Risk Analyst 2-4 years $85,000 $100,000
Risk and Compliance Specialist 1-4 years $90,000 $110,000
Senior Risk Analyst 3-5 years $115,000 $130,000
Risk and Compliance Manager 4-10 years $120,000 $160,000
Senior Risk Manager 5-10 years $170,000 $185,000
Head of Risk 10+ years $200,000 $230,000
GM Risk/CRO 10+ years $250,000 $400,000+

Please note the years of experience required to achieve that given title are an indication only and not a guarantee. Expectations of experience varies from role to role and business to business.

How does one look to get a role in Risk & Compliance, or how can they find out more information?

Career vectors into Risk and Compliance often come from Financial Crime Compliance, Accounting or LegalBackgrounds. Health and safety is another core area that is widening its scope into this realm. To enter this field, one should start with an accredited bachelor's degree in finance, business administration, economics, or related fields, and gain work experience in one of these fields. Consideration of graduate school, particularly for master's degrees in relevant areas, can enhance job prospects.

Pursuing some professional certifications like the Chartered Financial Analyst (CFA), Certified Risk Manager, Certified Regulatory Compliance Manager (CRCM), or Certified Professional Compliance Officer (CPCO) can further boost career opportunities. Assuming that hurdle has been jumped a career in risk and compliance offers an opportunity to manage and mitigate financial uncertainties within companies. Risk Managers identify and control exposure to uncertainties, aiming to prevent substantial profit loss. Compliance teams collaborate closely with risk managers to ensure adherence to industry regulations, particularly as tighter business laws have led to increased penalties.

A great way to further gain information on how to break into a role in R&C is to contact groups such as RIMS (The Risk Management Society), and engage with them to learn more about how you can qualify, what you might need to add to your CV, and where to start looking for opportunities.

Engaging with a community group such as RIMS (The Risk Management Society) can be a critical first step towards entering the world of Risk & Compliance.

What is the career path for someone who joins R&C? What are the natural steps one can expect to take?

As demonstrated, there is an increasing focus on Compliance and Corporate Governance ,and Risk Management is becoming increasingly significant and increasingly rewarded. The outlook is positive for the R&C sector in terms of opportunities and benefits. This also means competition for top appointments is likely to increase.

Risk and compliance are well paid in comparison to similar vocations such as Accounting and Law. The most common risk management career path involves progressing through the ranks over the years. However, it may take over a decade to reach a senior-level position.Typical progression will be: Analyst/Advisor to Manager to Senior Manager to ‘Head of’ and General Manager level roles. We are seeing some instances of CRO (Chief Risk Officer) roles appearing in the market, especially post-COVID.

Get inspired by our latest blogs!

Candidate Tips

Time to resign? Here’s how to do it properly!

Time to resign but unsure how to do it? Here's how to tender your letter of resignation while keeping things friendly and approachable.
Read more
August 8, 2023
Client Tips

Finding Your Next Superstar: Why a Recruitment Agency Could Be Your Secret Weapon

Drowning in applications? Hiring should be exciting, not overwhelming! Click to discover your secret hiring weapon (hint: it's us!)
Read more
August 8, 2023
Candidate Tips

The must have skills of any candidate in 2024

We asked Find Recruitment Director Julian Greaves and Senior Consultant Sif Arnardóttir what the most desirable candidate skills are.
Read more
August 8, 2023
Shall we grab a coffee?
We believe that great partnerships are forged over coffee! Give us a bell or click beneath and let's go chat - our shout!
🇳🇿 100% Kiwi Owned & Operated
💯 Trusted by Businesses Nationwide
🔒 Industry Trusted Professionals

Thanks for your interest in Find!

Thanks for your interest in what we do here at FIND. We love meeting and helping amazing kiwis every day and will always do our best for our clients and candidates. We've been simplifying the recruitment game since 2008, so don't hesitate to get in touch if you need our help!

Find Recruitment logo, but in White.
Find Recruitment logo, but in White.
Level 13, 342 Lambton Quay, Wellington, 6011
Level 1, 87 Albert Street, Auckland Central 1010