Proportionality is one of the most widely referenced principles in governance and compliance. It is embedded in EU law, mandated by regulatory standards and repeatedly reinforced in guidance from regulators. In theory, it is simple. Governance and controls should reflect the size, complexity and risk profile of the organisation.
In practice, it is anything but simple.
At a recent breakfast roundtable hosted by Investigo Netherlands and Mighel Molenkamp, Chief Compliance Officer at TradeZero, senior risk and compliance leaders gathered to discuss a challenge many organisations quietly recognise. Governance frameworks rarely stay proportionate. They tend to grow.
Policies multiply, documentation expands and additional controls are layered on top of existing ones. Often, this is not because risk has increased, but because organisations fear regulatory hindsight. The result is a governance environment where evidence is abundant, yet genuine risk management can become diluted.
One participant summed it up well. The compliance industry needs more people willing to say: this is a bit rubbish, isn’t it?
When governance becomes heavier, not better
Many organisations have developed what could be described as one size fits all governance stacks. Frameworks designed for large or highly regulated environments are replicated across teams, products and markets regardless of the underlying risk.
This often leads to two common problems.
The first is evidence inflation. Teams produce increasing volumes of documentation to demonstrate control, yet the connection to the underlying risk can become less clear.
The second is ownership ambiguity. Policies are written by one group, implemented by another and monitored by a third. Over time, the people responsible for executing the controls may lose sight of why they exist in the first place.
In these environments, governance can become more about demonstrating compliance than managing risk.
What good governance actually looks like
A recurring theme throughout the discussion was the importance of partnership between the business and compliance.
Too often, organisations assume that compliance is a checkpoint at the end of a process. In reality, effective governance relies on collaboration much earlier. When the first and second lines of defence work together, compliance becomes less about blocking activity and more about enabling the business to make informed decisions.
Good governance therefore starts with clarity.
A clear risk appetite statement helps define how much risk the organisation is prepared to accept. Alongside this, tools such as systemic risk assessments allow firms to identify where their most significant exposures sit. Some risks require heavy scrutiny. Others may require far less.
The key is applying the same principle consistently. Lower risk should mean lighter documentation and fewer controls. Higher risk should receive the opposite.
The challenge of proportionality in real organisations
Even when the theory is clear, applying proportionality in practice remains difficult.
As organisations mature, governance frameworks often become layered over time. What worked five years ago may no longer reflect the current structure, operating model or risk profile of the business. Simplifying these frameworks requires not just technical changes but cultural alignment.
Culture emerged as one of the most important drivers of effective governance.
Leaders need to set the tone from the top, making it clear that governance is not about ticking boxes but about managing real risks. Policies should focus on principles and outcomes, while procedures translate those principles into practical steps for teams on the ground.
Another important distinction discussed during the session was the difference between policy and procedure. Policies should define the rules and expectations. Procedures should explain how those rules are implemented. When these two are blurred, governance can quickly become overly complex.
Judgement, challenge and the regulator
One of the most interesting questions raised during the roundtable was where sound judgement ends and regulatory hindsight begins.
Many organisations hesitate to deviate from market practice even when their own risk profile suggests a different approach. If competitors are doing something a certain way, the instinct is often to replicate it.
But proportionality means governance should reflect the specific context of the organisation. That may require challenging assumptions, including those that come from regulators themselves.
Participants discussed the importance of building constructive relationships with regulators such as De Nederlandsche Bank, ensuring that supervisory bodies understand the business model and context behind governance decisions. Transparency and dialogue can help organisations defend proportionate approaches when scrutiny arises.
Moving from theory to practice
Perhaps the clearest conclusion from the event was that achieving proportionate governance requires conscious effort.
It means reviewing frameworks regularly and asking difficult questions.
- Are policies still fit for purpose?
Do controls genuinely manage risk or simply generate evidence?
Do the people implementing the controls understand why they exist?
Most importantly, it requires organisations to accept that good governance is not measured by the number of documents produced. It is measured by whether risks are understood, owned and actively managed.
Proportionate governance is therefore not about eliminating controls. It is about ensuring those controls are credible, defensible and workable in the real world.
Continuing the conversation
As regulatory expectations continue to evolve, organisations will increasingly need leaders who can balance strong governance with commercial reality. Professionals who understand risk, judgement and practical implementation are becoming more valuable than ever.
If your organisation is strengthening its risk, compliance or governance capability, the Investigo Netherlands team would be delighted to help.
For a confidential discussion about hiring in this space, please contact Anna and the Investigo Netherlands team to explore how we can support your organisation.
