The Rising Standard

Compliance has outgrown the back office. What used to be seen as a technical box-checking exercise is now firmly in the boardroom spotlight. Regulators, investors, and even the public are all asking the same question: what did the board and senior management know, and what did they do about it?

For directors and senior leaders, the expectation has shifted. It’s no longer enough to rely on a compliance team’s updates or assume that policies on paper will hold up under scrutiny. Boards are being asked to lean in—to ask tougher questions, to understand the risks, and to show that they are actively steering the organization’s response.

The message is clear: the era of “we didn’t know” is over. Accountability lives at the top, and leadership will be measured not by what they delegate, but by how they engage.

Why Oversight Matters Now More Than Ever

The risks facing today’s financial institutions are no longer neat or predictable. Money laundering schemes now move across borders in seconds. Sanctions violations can happen with the click of a button. Fraudsters are using new technologies to outpace traditional controls. And a single data breach can undo years of trust with customers. For boards, this isn’t just background noise—it’s the environment you’re operating in every day.

Regulators have started sending a consistent message: leadership can’t sit on the sidelines. In the U.S., the Department of Justice and FinCEN have shown they are willing to hold individuals, not just institutions, accountable. Take the case of Thomas Haider, former Chief Compliance Officer at MoneyGram—he was personally fined $1 million and barred from the industry because fraudsters were able to exploit weaknesses in the company’s AML program. The takeaway was unmistakable: saying “we didn’t know” is not a defense.

The U.K. has taken a similar stance through its Senior Managers and Certification Regime (SM&CR). Under this framework, senior leaders must be able to show clear ownership of the areas they oversee. When Barclays’ then-CEO Jes Staley was investigated for mishandling a whistleblower case, it sent a clear signal: even the most senior executives will be held to account not only for technical compliance breaches, but also for how they set the tone at the top.

The same accountability trend has swept through the digital assets sector. The collapse of FTX and the conviction of its founder Sam Bankman-Fried wasn’t framed as a systems failure, it was pinned on decisions made by leadership. Also, when Binance’s CEO, Changpeng “CZ” Zhao, pleaded guilty to U.S. anti-money laundering violations in 2023, he stepped down, paid a $50 million personal fine, and accepted a prison sentence, while Binance itself faced $4.3 billion in penalties. Both cases sent a loud message: regulators are willing to go after the individuals making the calls, not just the companies they lead.

Even in traditional banking, consequences are hitting home. At TD Bank, CEO Bharat Masrani announced his retirement in April 2025, taking responsibility for the compliance failures under his watch. His pay was cut by 89%—from $13.2 million to $1.5 million— and the bank also cut variable compensation for 41 other executives, including former leaders and those with responsibilities in front-line operations, control functions, and internal audit, showing that boards and shareholders themselves are starting to enforce accountability at the highest level.

This call for accountability echoes at the global level. The Financial Action Task Force (FATF), which sets international AML/CFT standards, emphasizes that senior management must play an active role in ensuring that financial institutions maintain effective compliance programs.

And this isn’t just a U.S. or U.K. trend. Australia’s Banking Executive Accountability Regime (BEAR) and Ireland’s Senior Executive Accountability Regime (SEAR) show how accountability from the top is becoming a global norm. Around the world, regulators are aligned on one thing: compliance oversight cannot be delegated away.

Enforcement and Accountability: “Not Knowing” Is No Defense

Enforcement cases show that leaders who ignore warning signs, or who fail to escalate problems, can face penalties just as serious as if they had been directly involved.

What’s new here is the standard being applied: awareness is no longer enough. Regulators expect evidence of active oversight: board minutes reflecting tough questions, documented follow-ups on red flags, and proof that senior leaders were engaged when risks came to light.

For directors and executives, the message is clear. If something goes wrong, regulators will ask not just what the compliance team did, but what the board and senior leadership knew, when they knew it, and what they did about it.

But regulators aren’t the only audience boards need to think about. Investors want to know their capital is safe in well-governed institutions. Customers and the public want confidence that banks and financial institutions are acting with integrity. After so many high-profile scandals, trust has become a fragile currency.

The reality is simple: oversight isn’t just about avoiding penalties. It’s about protecting your institution’s reputation, resilience, and long-term stability. Boards that lean in, who ask the right questions and engage directly aren’t just keeping regulators satisfied. They’re building stronger, more trusted organizations.