Abstract Effective regulation of big companies seems to be a growing concern of public administrators. Processes are complex and risks often hard to analyse. Public supervisors therefore look for more effective methods of regulation for large facilities that are also efficient. Self-regulation through company compliance assurance programs is one option that has been considered. Even though self-regulation has advantages in certain circumstances, there are also pitfalls that can result in serious societal damage. Some forms of self-regulation such as codes of conduct have not proven to be consistently reliable in assuring risk reduction. In contrast, management systems utilized by regulated companies may offer a more suitable focal point for public supervisors. A compliance management system (CMS) is the part of the private management system aimed at assuring regulatory compliance. By focusing public supervision on the CMS, the government supervisor can differentiate companies with effective and ineffective compliance assurance and stimulate improved compliance assurance by giving feedback on a system level.