Payments compliance faces runaway costs

by Trent Larson, Head of Operations at Lucra

Share this post

Payment compliance and risk management is expensive and time-consuming due to its multifaceted and idiosyncratic nature. There is no one-size-fits-all solution. The state of risk and compliance is ever-changing, and firms continue to adapt to new threats. As history has shown, if you think compliance is expensive, try non-compliance.

Risk Profile: No ‘One Size Fits All’

A company’s risk profile largely determines the cost of compliance. Businesses operating in high-risk sectors such as gambling, cryptocurrencies or money transfer services will find their risk profile significantly higher. Likewise, those operating in or serving clients in high-risk countries have an elevated risk profile. Such organisations require robust compliance and risk management functions to assess their supply chains and customers for money laundering, corruption, and sanctions, but what are the costs?

Economic Costs

The pure financial cost of remaining onside is increasing, and more investment is required just to keep up. Firms are spending heavily on new processes and technology. According to a recent publication from Deloitte, 2023 will see corporate legal functions and their legal service providers adopt technology to streamline their process, improve legal risk management and enable technology-based self-service, allowing lawyers to focus on bespoke complex legal issues. Forbes reports that in large firms, the average cost of maintaining compliance can total up to $10,000 per employee, an increase of 60% from pre-financial crisis levels. Layer on top of that, government programmes such as the Economic Crime Levy where up to £250,000 will be collected by HM Revenue & Customs on all anti-money laundering regulated businesses beginning in 2023.
A closer look at the costs reveals that customer due diligence (CDD) processes remain by far the largest single operational cost. Two-thirds (67%) of total financial crime compliance costs in 2022 were attributed to CDD, an increase from 53% in 2020, as reported by LexisNexis – and these numbers are increasing. The largest share of the CDD cost is represented by Know Your Customer (KYC) onboarding checks, accounting for a third of overall CDD costs. Anti-fraud checks at onboarding – necessary for the increased fraud risk posed by remote identity management and document verification – contributed to a further 9% of CDD costs as firms move to strengthen their defences.

Percentage Share of Compliance Costs

Breakdown of compliance costs

Source: Lexis Nexis

Opportunity Costs

Are compliance costs worth it? The financial loss due to fraud or financial crime can be significant depending on factors such as the size and frequency of payments. Unfortunately, it doesn’t stop there. According to a study by McKinsey, the amount lost due to financial crime is merely the tip of the iceberg. Even when combined with the costs of compliance technology, represents less than one-third of the total cost faced by an organisation hit by financial crime. The client impact, company reputation and loss of revenue begin to stack up. Layer on top of the remediation costs and fines from the regulator, and the true size of the iceberg comes into view.
Trent Larson, head of operations, Lucra

As mentioned earlier, while the cost of compliance is high, the cost of non-compliance is even higher. In January 2022, London-based law firm Mishcon De Reya was ordered by the SRA to pay £232,500 for failing to perform adequate due diligence to comply with anti-money laundering regulations. Later that same year, Santander (UK) Plc was fined over £107m for failing to have an effective risk-based anti-money laundering (“AML”) control framework and became the latest high-profile company to be fined for insufficient AML and compliance controls.


While regulators are taking an increasingly tougher stance on non-compliance, what options exist? Given the scale of the problem, there is no perfect solution that automates everything, and a manual approach to compliance is no longer viable. To help keep up, firms are opting for cloud-hosted digital solutions to leverage wider AML data sets and get better contextual analysis to provide insights on the macro and micro simultaneously. Higher-quality data leads to better-informed decisions.

The Bottom Line

Payment compliance and risk management are expensive, but the cost of non-compliance can be much worse. No one-size-fits-all compliance solution exists to meet all firms’ varying risk profiles. Still, progressive organisations can access cloud computing solutions to improve compliance and risk controls and adapt to the ever-changing AML landscape.
Article by Lucra Technologies Ltd.

More To Explore


Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.


Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?