Summary:

  • Control testing at Danske Bank it's a role that combines investigation, engineering mindset and behavioural insight to verify that critical processes work in real life, not just on paper.
  • From reviewing potential conflicts of interest across subsidiaries to testing mandatory training completion for ~20,000 employees, the work directly supports how a global financial institution operates safely and responsibly.
  • Compliance officers for control testing act as an independent lens between business, risk, advisory compliance and audit – translating complex regulations into clear, actionable insight that builds trust across the organisation and with customers.
  • The role blends data analysis, system checks and regulatory knowledge with interviews, judgment calls and problem‑solving when controls rely on human decisions or imperfect data.
  • Even small issues in automated controls can create false assurance; spotting and fixing them early protects big outcomes – a mindset that defines high‑quality, expert work at Danske Bank.
  • While automation and AI support speed and pattern detection, the article shows why critical thinking, context and “so what?” reasoning keep these roles both challenging and future‑proof. 

For people outside banking – what is “control testing”, really? 

In simple words, control testing is checking whether important processes actually work as intended. A process may look perfect on paper, but our job is to test how it performs in real life – combining analytical thinking with a bit of detective work.  

In Compliance control testing, this means independently reviewing whether we, as a financial institution, have properly implemented regulatory requirements, whether these are accurately reflected in our governing documents and whether the described processes operate as they should. As an example, from one of the recent tests, we did a complex review of how potential conflicts of interest are identified, registered and managed across subsidiaries. 

Each review or test has three main steps:  

Most tests run over roughly three months and are carried out by a lead tester working closely with a buddy. The scale can vary significantly – for example, recently we did a test focused on mandatory trainings. It involved reviewing how completion was ensured for around 20,000 employees of Danske Bank, including notifications, reminders and how the end-to-end process was designed.  

How does control testing contribute to the bank’s overall risk management?  

Our work helps the Group assess Financial Crime, Regulatory Compliance and Sustainability risks. As we put it: business teams operate controls, risk and compliance teams provide oversight, we act as an independent lens to test and translate findings, and audit independently reviews everything. This layered model creates something essential: trust – within the organisation and ultimately with our customers.  

What’s the hardest type of control to test – and why? 

In general, any control that is well-documented is straightforward to test. The challenges start when a control relies heavily on human judgment – for example, deciding whether something is suspicious or whether an explanation is sufficient. Automation is predictable; people aren’t. In those moments you not only review what someone did, but also why they did it, which means interviewing, understanding context and applying a structured approach to reach consistent conclusions.  Automated controls can be tricky too – especially when documentation is weak, system logs are incomplete, or the data you need is scattered across multiple reports with different formats. In those moments, testers have to think on their feet, piece together evidence and adapt their approach to whatever is actually available.  But with clear governing documents and engaged stakeholders, most controls can be tested successfully. Flexibility, curiosity and the ability to translate findings into clear insight are key. 

Why do challenging and reporting small issues matter?  

Automation can look foolproof – no interpretation, no human error. But systems can drift over time. Things get cross-wired. In one test, an automated control appeared perfect, yet there was no evidence of the actual process outcome. Challenging and reporting that small issue prevented false assurance and restored the control’s effectiveness. Small fixes protect big outcomes. 

What’s the most underestimated part of control testing? 

People often assume the hardest part is the actual testing – sampling cases and checking how a control performs. But in reality, the most demanding phase is the planning. That’s where you uncover the nuances of the control, align expectations and build the foundation for reliable results. For me and for my colleagues, this is the stage that requires the most time, thinking and careful coordination. 

From your perspective, is control testing something robots could realistically take over? 

Automation can certainly take on the repetitive parts – scanning records, pre-filling templates based on previous documents, spotting anomalies and running comparisons. AI is great for speed and pattern detection.  But the essence of control testing is human judgment: understanding context, applying critical thinking and answering the “so what” behind the evidence. That human layer is hard to automate and that's why a full takeover is unlikely.