Most compliance frameworks start in the wrong place. They begin with the regulatory universe and work inward, mapping everything against the firm's activities. The logic seems sound: start with everything, miss nothing. But mapping everything buries the obligations that matter beneath requirements that are inapplicable, immaterial, or already addressed.
A better approach: start with what applies to your firm, not with what exists in the regulatory universe. We call it relevance-first compliance.
The Everything-Applies Approach
A firm operating in Jersey might start by listing every piece of legislation: the Proceeds of Crime Law, the Money Laundering Order, the Codes of Practice, the Companies Law, the Financial Services Law, plus guidance notes, dear CEO letters, and thematic reviews. From this inventory, the compliance team extracts hundreds or thousands of individual requirements and maps each to internal policies, controls, and evidence.
The result is comprehensive in scope but shallow in usefulness. A high-risk beneficial ownership obligation gets the same weight as a low-risk administrative filing requirement. Everything is mapped, but nothing is prioritised.
This also creates a maintenance burden that is almost impossible to sustain. A regulatory change forces impact assessment across the entire map. An approaching audit means preparing evidence for every mapped obligation, regardless of materiality.
Relevance-First in Practice
Instead of asking "what regulations exist?" you ask "what are our regulated activities, and which specific obligations arise from them?" Your firm begins with its own profile (jurisdictions, licence types, client base, risk appetite) and uses that profile to filter the regulatory universe down to the obligations that are applicable and material.
Every applicable requirement still gets mapped. But the filtering happens before the mapping, not after. When a regulator asks "how did you determine what applies to you?" you can explain the relevance criteria and the rationale for excluding requirements that do not apply.
- Mapping is smaller and richer. Instead of a thousand thinly mapped obligations, you have three hundred deeply mapped ones, each with interpretation rationale, risk assessment, and evidence chain.
- Maintenance is feasible. When a regulatory change arrives, the relevance filter tells you immediately whether it affects your scope and what downstream mappings to review.
- Audit preparation is structural. Every mapped obligation has a defined evidence chain, so preparation becomes extracting and formatting rather than hunting and assembling.
The Relevance Decision
How do you determine what is relevant? The relevance decision involves judgement, and judgement creates risk. But a well-structured relevance framework captures:
- The applicability assessment: why a requirement does or does not apply, based on jurisdiction, licence type, client type, and activity type.
- The materiality assessment: how material the obligation is given the firm's risk profile and operating model.
- The approval and review record: who made the assessment, when, and what events would trigger a reassessment.
A firm that can produce a relevance assessment with clear criteria and a transparent audit trail is in a stronger position than a firm that mapped everything but cannot explain why half of its mappings are incomplete or stale.
From Coverage to Defensibility
The shift from everything-applies to relevance-first is a shift from coverage to defensibility. The old model optimises for breadth: how much of the regulatory universe have we touched? The new model optimises for depth: can we defend our compliance position for every obligation we have determined applies to us?
Defensibility means showing the complete chain from requirement through interpretation, policy, control, and evidence, and demonstrating that this chain is current, reviewed, and owned. A firm that maps three hundred obligations defensibly will outperform a firm that maps a thousand superficially.
Relevance-first does not require scrapping your existing mapping. It requires layering a relevance assessment over it: document the applicability criteria, deepen the high-priority mappings, and set review cycles for everything else. The result is a mapping your team can maintain without heroic effort, because the scope is defined by relevance rather than by the ambition to capture everything.