Compliance risk is the firm’s exposure to legal penalties, financial losses, reputational damage or regulatory sanctions when an organisation, its employees or associated persons fail to comply with laws, regulations, ethical standards, internal or external policies. It arises from inadequate policies, weak controls, or non-compliance with industry rules. Organisations manage compliance risk by implementing strong governance, regular monitoring, and clear policies.