To guide organizations in their response to this judicial and regulatory activity, scholars and practitioners have developed codes, best practices, and guidelines regarding the duties of compliance officers and the structure of compliance programs. Today many organizations have compliance programs administered by a CCO or by a person in the organization in charge of its compliance activities.

Risk management has also gained attention in the legal community, although by following a different path from compliance. In financial institutions, which need to manage their credit and market risks, risk management has been a subject of operational and business attention for some time. The practice of risk management received considerable legal attention, again primarily in financial institutions, because of the financial crisis of 2007–2008. This crisis was regarded as an event that exposed defective risk-management practices in large financial institutions, which contributed to their failure or near failure and to the near collapse of the financial system.