At EnrolyCon26, Isabelle Sorrell, Head of Services at Enroly, delivered The Devil Wears Compliance - a practical session exploring how institutions can strengthen compliance decision-making without sacrificing operational efficiency.
Using The Devil Wears Prada as inspiration, Isabelle compared compliance teams to Andy Sachs: capable professionals navigating constantly shifting expectations while UKVI metrics loom in the background “like Miranda Priestly, watching your every move.”
Beneath the humour sat a serious message: compliance is no longer just about outcomes. It is about evidencing every decision, every check and every judgement along the way.
“CAS Shield helps you scale good decision making”
One of the clearest themes throughout the session was that technology alone is not enough.
As Isabelle explained:
"CAS Shield, in our view, is the vessel that helps you to scale good decision making. However, it never actually replaces good process and consistent decision making within practice."
In a climate of increasing scrutiny, institutions need more than workflows and automation. They need structured, repeatable decision-making processes that stand up to scrutiny.
The session explored how Enroly supports institutions throughout the applicant journey, from capturing and validating information through Enroly Apply to assessing CAS readiness and managing compliance risk through CAS Shield. Throughout, the focus remained the same: combining technology with clear operational frameworks to improve consistency, reduce ambiguity and minimise refusal risk.
The framework: Story → Risk → Evidence → Conclusion
At the centre of the session was a simple framework used by Enroly's Services team when assessing CAS readiness:
- Find the story
- Understand the risks
- Match the evidence
- Reach the conclusion
Rather than reviewing documents in isolation, the framework encourages teams to understand the student's wider context first.
"First making sure that the applicant details and the information check section of CAS Shield is checked first before you review any piece of documentary evidence."
The aim is simple: understand the story before assessing the evidence.
What we heard from the room
Attendees were asked what compliance risks their institutions regularly assess that may sit outside standard system alerts.
Despite representing different institutions, the responses were remarkably consistent.
Common challenges included:
- Source of funds checks for high-risk markets
- Academic progression assessments
- Study gaps
- Students already in the UK with previous immigration histories
- Under-18 applicants
The common thread? Context.
Interestingly, many of the challenges raised by attendees stemmed from gaps in information rather than gaps in process. Academic progression, source of funds assessments and previous immigration history all require institutions to collect the right information early and present it in a way that supports consistent decision-making later in the journey.
This is where structured workflows become critical. By bringing together applicant information, supporting evidence and risk indicators in one place, institutions are better equipped to make informed, auditable decisions at scale.
Many of the most important compliance decisions still require professional judgement, local expertise and an understanding of the wider student story.
Compliance is in the detail
The workshop discussions highlighted another important reality: consistency matters.
When asked what makes a document "acceptable", attendees repeatedly referenced:
- Clear and complete scans
- No signs of tampering
- Valid translations
- Alignment with UKVI requirements
- Consistency with application data
Similarly, discussions around financial assessments showed that institutions continue to rely on a combination of tools, manual review and professional judgement when assessing evidence. OANDA was frequently cited for currency conversion checks, alongside bank verification processes and source of funds investigations.
The message was clear: technology can support consistency, but it cannot define it.
The bigger takeaway
As international admissions becomes increasingly complex, the institutions managing risk most effectively are not necessarily the ones carrying out the most checks. They are the ones combining strong operational processes with technology that helps teams collect better information, apply consistent standards and evidence decisions throughout the student journey.
Whether reviewing financial evidence, assessing progression or investigating risk indicators, the goal remains the same: ensuring every decision can be understood, evidenced and defended if challenged.
Or, as Isabelle's session ultimately demonstrated: the devil really is in the detail.
