JML - To offer a true comparison, and to be helpful in my own resource analysis at my institution, what would be the scope of the compliance function's duties that you are involved in? In other words, what do you own versus just promoting or outsourcing, or being handled by others.
At conferences, I'm meeting people who are in varying types of compliance structures that are either narrower in scope, or more complex, than my own. There does not seem to be a single structure or program model that is universal. One compliance person from my state in a $310 million institution only has responsibility for consumer Reg B/Z-type compliance and CRA, and that bank has a separate BSA/AML/OFAC officer who reports to a separate security officer, while another $9 billion institution has a much wider scope of coverage with a senior-level risk officer overseeing a compliance/audit/security/risk focus.
My institution is just under $500 million, and we constantly get squeezed by picking up new activities without the additional resources.