Compliance risk is defined as a bank's exposure to financial loss and/or financial penalties when it or its employees fail to act in accordance with laws and regulations that govern its operations or when employees do not follow internal policies or prescribed best practices. There are many ways in which compliance risk can be subdivided. We'll look at these now. Regulatory risk is the risk that the regulations governing a bank are changed by the relevant regulators of that bank, resulting in the bank having to change its operational procedures or business activities, or that it results in an increase in the costs within the bank to ensure compliance with those new rules. Conduct risk or people risk relates to the risk that employees might make poor decisions or breach the bank's internal processes, putting the bank or its customers at a risk of financial loss. Data privacy is the risk that customers' data ends up in the public domain by malicious or accidental means. Financial crime covers a wide range of crimes but money laundering, the financing of terrorism and insider dealing are some of the more significant examples. Cybersecurity deals with the risk that the bank's computers, servers, mobile devices, electronic systems, networks, or data might be targeted in a malicious attack, potentially leading to data breaches or systems being put out of action. Third-party risk is the risk faced by the bank from working with outside vendors. These vendors may be independent companies acting in the name of or providing solutions to the bank, which are then sold to the clients. Errors made by these third parties might carry financial loss for the bank itself. And finally, cloud risk. This is the risk of a data breach from servers that are hosting client data through the cloud.

One of the financial crimes banks are most concerned with from a compliance perspective is money laundering. Money laundering is when cash gained from illegal sources is reintroduced to the financial system with a view to make the money look like it's been legitimately earned. Banks are often targeted for such activities. Anti-money laundering regulations or AML, set out the guidelines that banks must follow in order to prevent them being used for money laundering. Taking the industry as a whole, banking has a rather checkered history in successfully implementing anti-money laundering processes internally. Just taking the fines alone that were levied on banks that failed in implementing robust AML processes, the global banking industry has incurred billions of dollars in fines since 2010 with $11.5 billion of fines being handed out in 2015 alone.