Reviewing compliance risk, technology and resiliency