Financial compliance in projects: what every project manager needs to know

ByElizabeth Harrin General

Financial compliance isn’t just the CFO’s problem. If you’re managing projects in a regulated sector, overseeing vendor contracts, or running procurement cycles, you’re already operating in compliance territory, whether you realize it or not.

The challenge is that most project management training glosses over the financial governance layer. You’ll learn about budget tracking, earned value analysis, and cost forecasting.

But the regulatory scaffolding that sits underneath financial transactions? That tends to fall into a gap between the project manager and the finance team — and it’s a gap that can cause serious delays when nobody owns it.

This article is about closing that gap. Understanding what financial compliance means in a project context, and how to manage it with the same rigour you’d apply to scope, schedule, and risk.

For example, on one project we completed our vendor selection and chose a partner we felt would be a great fit. However, once the contracts team got ready to seal the deal, their vendor compliance checks concluded that financially, this was not a vendor we would want to enter a long term relationship with.

We were back to square one for the hunt for a supplier.

Lever arch files lined up on a shelf

Why financial compliance is a project management problem

Projects fail for lots of reasons. Scope creep, unclear requirements, stakeholder misalignment — these are the usual suspects, but you can probably think of other reasons why projects in your organization have struggled.

Compliance failures are increasingly common, particularly in projects that involve external partners, regulated markets, or cross-border transactions.

When a payment cycle stalls because a counterparty can’t be verified, or a contract is delayed because documentation doesn’t meet regulatory requirements, those delays land on the project timeline. The project manager feels the pain even if the root cause sits with legal or finance.

The practical reality is that project managers who understand the compliance layer are significantly better equipped to plan realistic timelines, identify risks early, and keep stakeholders informed. This is your business acumen in action, and the 2025 Pulse of the Profession report from PMI says that 40% of project managers report it helps them navigate regulatory or compliance issues.

You don’t need to become a compliance expert. But you do need to know enough to ask the right questions — and to make sure someone owns the answers.

Map the compliance requirements early

My top tip is to treat compliance as a project workstream, not an afterthought. Assume that you are going to need input from subject matter experts and engage them early.

In your company, that might be a team called Contracts Management, Procurement, Financial Control, Accounting, Compliance or something similar. These people are your go to sources of advice as rules differ between countries and industries.

At the start of any project involving financial transactions — particularly those involving external organizations, public procurement, or regulated industries — map out the compliance requirements as you would any other dependency.

Ask:

  • What regulatory frameworks apply to this project or its stakeholders?
  • What documentation will be required at each stage?
  • Who is responsible for producing, reviewing, and approving it?
  • What are the lead times on any third-party verification or registration processes?

That last point matters more than you might expect. Regulatory processes take time. If you discover midway through a project that a key vendor needs to complete a registration or verification process before a contract can be executed, you’ve just added an unplanned delay to your critical path.

I’ve worked on projects where this has happened – a third party needed to get a particular accreditation to work with us, and that takes as long as it takes.

Build compliance milestones into your project plan from day one. Treat them like any other external dependency: flag them, assign an owner, and track them.

Entity verification and counterparty due diligence

One area where project managers in financial services and procurement projects frequently encounter compliance requirements is entity verification, which means confirming the legal identity of the organizations you’re working with.

This matters for several reasons. Regulatory frameworks around anti-money laundering (AML), Know Your Customer (KYC), and financial transaction reporting all require that the entities involved in transactions can be clearly identified and traced. If your project involves a financial institution, a publicly traded company, or any organization participating in securities or derivatives markets, this is likely to be a live requirement.

Again, another of my projects had this, and when I say the KYC activity took ages, it really did add literal months to the timescales. I’m not sure if that is because of the process or because of how the process was implemented on both sides, but it meant one workstream dragged on with virtually no progress each month.

The Legal Entity Identifier (LEI) system is one of the key tools used to address this. An LEI is a 20-character alphanumeric code that uniquely identifies a legal entity participating in financial transactions. It was introduced following the 2008 financial crisis as part of a global effort to improve transparency in financial markets, and it’s now a requirement for any organisation trading in financial instruments under regulations including MiFID II in the UK and EU.

If your project involves counterparties that operate in regulated financial markets, you may need to verify that they hold a valid LEI before certain transactions can proceed. This is worth checking during your initial compliance mapping, not when you’re trying to close a contract.

No, I didn’t know this either before one of my projects demanded it.

Keeping your project on track

It’s not necessarily your role as the project manager to do anything with this information, but it helps everything stay on track if you know what questions to ask so someone else can make sure all the boxes are ticked.

For organisations that need to obtain an LEI, registration is managed through the Global LEI Foundation (GLEIF), which accredits a network of registration agents. Organizations can register directly through GLEIF’s website, or use an accredited registration agent such as LEI Register, which can streamline the process.

Either route produces the same result — a valid, globally recognized identifier — so the choice typically comes down to whether the organization wants to self-serve or have the process managed for them.

Documentation management: the unglamorous core of financial compliance

One of the most consistent failure points in financially complex projects is documentation. Not the absence of documents, but the absence of organized, accessible, version-controlled documents.

Contracts, invoices, regulatory submissions, approval records, correspondence with external parties — all of this needs to be maintained in a way that is auditable. In a regulated context, “we have it somewhere” is not good enough.

If you’ve ever finished a project and then had someone from the Finance team call you to ask why a transaction went through as capex and how that can be justified, then you’ll know the value of good record keeping! (Speaking from personal experience here!)

At a minimum, your documentation approach should cover:

  • Version control. Every document should have a clear version history, with dates and authors. If a contract is amended, both versions need to be retained. Don’t know how to do this? Read my guide to version control.
  • Access controls. Sensitive financial documents should be accessible to the people who need them and nobody else.
  • Retention policies. Many financial regulations specify how long records must be kept. Make sure your document management approach accounts for this, especially for projects that will eventually close.
  • Audit trails. For high-value or high-risk transactions, you may need to demonstrate exactly who approved what, and when. Systems that log user activity automatically are significantly easier to work with than manual tracking.

If you are handing over a project when it closes, you’ll need all the paperwork in order for the operational team.

Assigning clear ownership across teams

Financial compliance in projects typically spans multiple functions: finance, legal, procurement, compliance, and external partners may all be involved. This is where your role as cat herder and general coordinator is genuinely valuable.

The risk is diffusion of responsibility (add that to the risk log!). When everyone assumes someone else is handling the regulatory requirements, things fall through the cracks. So, assign a named owner to every compliance-related activity, with clear accountability for delivery.

I know, I know, easier said than done.

Your role is to make sure it’s owned, tracked, and visible in the project plan. Use your RACI matrix to help identify who is responsible for each element of the project, including any compliance-type responsibilities.

Regulatory compliance and risk management

One of the most practical ways to manage financial compliance in projects is to treat it as a risk, as I mentioned above.

Common compliance risks worth logging on financially complex projects include:

  • A vendor failing to meet verification requirements before contract execution
  • Regulatory changes mid-project that affect reporting obligations or transaction structures
  • Documentation gaps identified during audit or sign-off that delay project closure
  • Key compliance personnel leaving mid-project, taking institutional knowledge with them.

These aren’t ‘unicorn’ risks, they can and do happen, and once they’ve happened to you, you won’t forget to include them in your planning next time!

I’ve got a list of common project risks if you want more ideas of what to include in your RAID log.

The takeaway

Financial compliance is increasingly part of our operating environment as project professionals, particularly in financial services, procurement, and any project touching regulated markets.

To handle it well you don’t need deep compliance expertise, you just need to ask the right questions, handle the risk, make sure colleagues are on top of their jobs and keep everything on track, as you would do for any other specialist area of your project.

Your Finance and Legal teams are there to back you up, so use them. Map the requirements at project initiation. Identify lead times on external processes. Sort out your version control and track everything!

Elizabeth Harrin wearing a pink scarf

Project manager, author, mentor

Elizabeth Harrin is a Fellow of the Association for Project Management in the UK. She holds degrees from the University of York and Roehampton University, and several project management certifications including APM PMQ. She first took her PRINCE2 Practitioner exam in 2004 and has worked extensively in project delivery for over 20 years.
Elizabeth is the founder of RebelsGuideToPM.com and also the founder of the Project Management Rebels community, a mentoring group for professionals. She's written several books for project managers including Managing Multiple Projects.