United Kingdom Risk & Compliance Statistics
UK Spotlight from State of Risk & Compliance Survey FindingsAvailable in
- UK
- US
From the United Kingdom’s Corporate Governance Code to the Economic Crime and Transparency Act, regulatory influence on the culture of ethics and compliance across the country’s organizations continues to evolve. This is in addition to reliance on open trade with other major markets possessing their own standards for risk and compliance (R&C), making compliance a notable challenge for organizations in the U.K.
This white paper represents a special analysis of select respondent data representing U.K.-based organizations from our 2025 State of Risk & Compliance Report survey, giving a unique view into the way R&C professions and organizations are themselves evolving in the face of a shifting landscape.
We hope this information will help R&C professionals from British organizations to better grasp where they stand compared to their peers, informing ways to improve.
State of Risk & Compliance Report survey methodology
The 2025 research was conducted online by The Harris Poll on behalf of NAVEX among 999 adults age 18+ who are nonacademic professionals (management/ non-management or higher) and knowledgeable about risk and compliance in the United States (n=458), United Kingdom (n=123), France (n=119), Germany (n=107), Japan (n=104) and other countries (n=88). The survey was conducted between April 23 – May 29, 2025.
Raw data are not weighted and are therefore only representative of the individuals who completed the survey.
Respondents for this survey were from a list of NAVEX customers or prospects (n=382) or selected from among those who have agreed to participate in our surveys (n=617). The sampling precision of Harris online polls is measured by using a Bayesian credible interval. For this study, the sample data is accurate to within +/- 3.1 percentage points using a 95% confidence level. This credible interval will be wider among subsets of the surveyed population of interest.
All sample surveys and polls, whether or not they use probability sampling, are subject to other multiple sources of error which are most often not possible to quantify or estimate, including, but not limited to coverage error, error associated with nonresponse, error associated with question wording and response options, and post-survey weighting and adjustments.
Key findings
Respondents more likely to say UK-based organizations have mature R&C programs
To help determine the state of programs in 2025, NAVEX asked respondents to self-report their risk and compliance (R&C) program maturity based on the Framework for Ethics & Compliance Program Excellence criteria from the Ethics and Compliance Initiative (ECI). This five-point scale begins at the least mature, “Underdeveloped,” and advances in maturity through the stages of “Defining,” “Adapting,” “Managing” and, finally, “Optimizing.” It is worthy of note that there is no “end” to the spectrum – even the most mature programs have room to refine their approach.
Sixty-three percent of respondents representing organizations based in the U.K. said their R&C program was either Managing or Optimizing – the two most mature designations on the ECI scale. Fifteen percent said it was Defining or Underdeveloped – the two least-mature designations. For Europe as a whole, 60% were said to be in the more mature designations, with 16% in the less mature designations. Globally, 57% of organizations were said to be at a top-two maturity level, and 18% in the lower two.
‘Privacy/cybersecurity breach’ tops compliance issues for UK organizations
Consistent with previous polling, data privacy/cybersecurity breaches remain the top compliance issue respondents said their organizations experienced in the past three years. Still, nuances remain that may help readers better understand how they compare to regional peers.
For organizations in the U.K., 35% of respondents said the organization had experienced no compliance issues in the past three years. This compares to 27% for Europe as a whole, though matches the overall response rate globally. Sixteen percent said their organization faced difficulty meeting obligations around EU regulations, compared to 23% in Europe but, again, level with the global response rate.
Like others, most UK compliance investigation programs are centralized
Globally, most respondents (67%) said their organizations use a centralized approach in their day-to-day compliance investigations program. This was largely consistent with U.K.-based organizations, where 69% of respondents said their organization uses a centralized investigations program. Generally, response rates to this question for the U.K., Europe and globally were very similar.
UK boards show lower engagement in some key areas compared to European peers
It stands to reason that organizations where boards of directors are engaged in Compliance are more effective and resilient in R&C.
For U.K.-based organizations, 35% of respondents knowledgeable about ethics and compliance said their board of directors has oversight of the compliance program. This compares to 43% in Europe, and 52% globally. Twenty-three percent of respondents representing U.K. organizations said their board has oversight of risk identification and management, compared with 28% for Europe and 33% globally. Fifty-three percent said their board receives periodic reports on compliance matters, compared to 61% for Europe and 64% globally.
Greatest share of compliance programs in the UK are ‘somewhat involved’ in use of AI
As artificial intelligence plays an evolving role across different organizations, the role of Compliance in its implementation is also evolving.
For U.K.-based organizations, the largest share of respondents (39%) said Compliance was “somewhat involved” in the use of AI. In Europe as a whole, the same share said the same, which was also close to the response rate globally. Respondents said compliance was “not involved” at a rate of 9% for U.K.-based organizations, compared to 10% for Europe and 12% globally. Response rates across the three cohorts were generally similar.
Only 39% of UK organizations are said to have a hotline
A concerningly low level of respondents indicate their organization has an internal whistleblower hotline, a trend we have seen across several of our annual surveys. This is despite the fact that a mechanism for individuals to report misconduct anonymously and/or without fear of retaliation is a core part of any compliance program.
For organizations based in the U.K., 39% of respondents knowledgeable about ethics and compliance said the organization had a hotline or whistleblower internal reporting channel. This compares to 45% percent in Europe, and 53% globally.
The lack of indication of a process to detect retaliation is also notable. For U.K. organizations, 27% were said to have a process to detect retaliation. For Europe, this was 28%, and globally, 29%.
Conclusion
Cultures of ethics and compliance continue to evolve for U.K.-based organizations. The information in this white paper provides additional context to consider how these organizations compare with their peers.
The findings show in some cases that U.K.-based organizations have some positive advantages, such as a greater share of respondents that indicated confidence in their program maturity. In other cases, there is room to grow, where far fewer than half of organizations are said to have a whistleblower hotline. As always, we encourage readers to use these findings as an opportunity to discuss their program internally and seek support in ways to improve.
Meet the authors
Carrie Penman
Chief Risk & Compliance Officer
NAVEX
Eric Gneckow
Senior Content Marketing Manager
NAVEX
Isabella Oakes
Data Scientist Specialist
NAVEX
Anders Olson
Senior Manager, Data Science
NAVEX
You may also like:
Benchmark Reports
2025 Risk & Compliance Statistics | State of Risk & Compliance
Risk management and compliance statistics based on surveys from nearly 1,000 professionals globally, expertly curated to help you improve your compliance program benchmarks and risk management practices.
Learn more
Benchmark Reports
Small-to-Medium-Sized Business Risk & Compliance Statistics
Risk management and compliance statistics based on surveys from nearly 1,000 professionals globally, expertly curated to help you improve your compliance program benchmarks and risk management practices.
Learn more
Benchmark Reports
2025 Whistleblowing Statistics & Benchmarking
This NAVEX report shares whistleblowing statistics, key findings and recommendations from an analysis of the world’s largest whistleblowing reporting database.
Learn more
Benchmark Reports
2025 Regional Whistleblowing Statistics & Benchmarks
See the latest regional whistleblowing statistics, trends and recommendations - from 2.15 MM reports, 70 MM people and 4,000 organizations across the globe.
Learn more