[c0l0]

All I have to say from personal experience (some of it gained working for a big bank) is that if you want and seek compliance, you will get neither security, nor saftey - but you will get compliance. :)

Whoever tells you otherwise has got a bridge to sell, as well as some compliance- and "security"-facilitating "solutions" on top.

[svleest]

In order to fly, current regulations in most countries require the aircraft is flight certified by the named regulatory authority. In the US for civilian aircraft, the regulatory agency is the Federal Aviation Administration (FAA). So compliance to their stated standards is not really optional. It is also true that compliance does not necessarily mean security or safety has been completely achieved. That is, even if one "checks all the boxes" does not guarantee 100% safety. So we also depend on professionals who go beyond simply doing the minimum but who truly care about the safety of the flying public.

[horsawlarway]

This has been my exact experience (some of it gained working adjacent to a big bank).

At a certain level, folks dropped any real pretense that the compliance regulations in industry were for anything other than shifting liability around and ensuring you can check the right checkbox when doing sales or getting audited.

Actual security varied widely, and had zero relation to the compliance checklists.