Compliance Risk Register Template (with Heat Mapping)

THE PROBLEM

Most compliance functions know they should maintain a risk register. Few actually have one that works.

What tends to happen instead is a spreadsheet that was last updated six months ago, sitting in a shared drive, with no consistent scoring methodology and no way to show the Board where the real risks sit.

When the FCA asks how you identify, assess, and manage compliance risks, vague answers invite deeper scrutiny. Under SYSC 7.1 and PRIN 3, firms are expected to have effective risk management processes proportionate to the nature, scale, and complexity of their activities.

This template gives you everything you need to build a functioning compliance risk register — from scratch — in a single afternoon.

WHAT YOU GET

A comprehensive Excel workbook with 6 fully structured worksheets:

1. Executive Dashboard

Visual summary of your entire risk landscape. Auto-populating risk counts by category (Critical, High, Medium, Low), a colour-coded 5x5 heat map, risk rating legend, and at-a-glance metrics. Board-ready from the moment you populate the register.

2. Risk Register

The core working sheet. 50 pre-formatted rows with dropdown menus for likelihood (1-5), impact (1-5), and control effectiveness scoring. Auto-calculating inherent risk scores (Likelihood x Impact), residual risk ratings, and colour-coded risk levels. Includes 5 fully worked example risks to demonstrate best practice.

3. Action Tracker

Linked mitigation actions with priority ratings, assigned owners, target dates, and status tracking. Ensures every identified risk has a clear path to treatment — and nothing falls through the gaps.

4. Scoring Methodology

Customisable 5x5 matrix with clearly calibrated likelihood and impact scales. Defines what "Rare" versus "Almost Certain" looks like for your firm, and what "Insignificant" versus "Catastrophic" means in practice. Provides the consistent framework your risk assessments have been missing.

5. Risk Categories

11 compliance risk categories mapped to FCA regulatory requirements, each with descriptions and example risks. Categories include regulatory change, conduct risk, financial crime, data protection, operational resilience, outsourcing, complaints, conflicts of interest, training, governance, and consumer duty.

6. Risk Identification Prompts

Structured question prompts for each of the 11 risk categories. Use these to run risk identification workshops or conduct desk-based assessments. Ensures comprehensive coverage so nothing gets overlooked.

KEY FEATURES

• 5x5 scoring matrix with clear calibration guidance
• Auto-generating heat map with colour-coded risk visualisation
• Dropdown menus throughout for consistent data entry
• Auto-calculating inherent and residual risk scores
• Risk appetite threshold guidance
• Action tracking with due date monitoring and owner assignment
• 5 worked examples demonstrating proper completion
• 11 compliance risk categories with FCA regulatory mapping
• Board-ready dashboard — present without reformatting

REGULATORY ALIGNMENT

• SYSC 7.1 — Risk control requirements
• SYSC 6.1 — Compliance function obligations
• PRIN 3 — Management and control
• FCA Business Plan enforcement priorities
• Consumer Duty (PRIN 2A) risk considerations

WHO IS THIS FOR?

• Compliance Officers building or rebuilding their risk register
• Risk Managers needing a structured compliance risk framework
• MLROs incorporating financial crime risks into a wider register
• Senior Managers (SMFs) requiring oversight of compliance risks
• Compliance Consultants deploying risk frameworks for clients
• Firms preparing for FCA supervisory engagement

FILE FORMAT

Microsoft Excel (.xlsx) — fully editable, no macros required.

Compatible with Microsoft 365, Excel 2016+, and Google Sheets.

WHAT HAPPENS AFTER PURCHASE

You will receive an immediate download link. Open the workbook, review the 5 worked examples, customise the scoring methodology for your firm, and begin populating risks. The built-in prompts guide you through comprehensive risk identification across all 11 categories.

Includes VAT at 20%. If you are a business and need a VAT Receipt, please ask.