Compliance Program: Compliance Policy and Proper Procedures

Compliance Program

The compliance program is prepared by the chief customer officer or CCO and approved by the board of directors. The CCO is primarily responsible for implementing the board-approved compliance program and its components, such as the compliance policy, Anti Money Laundering or AML policy, Know Your Customer KYC policy, Data Protection Policy, and other applicable regulatory requirements. The compliance program, including the policies, must be prepared under the CCO’s supervision and must be reviewed and approved by the corporate compliance committee and the board of directors. 

As part of the corporate compliance program, the compliance policy is a written methodology outlining the business’s obligations under the relevant regulatory requirements such as AML/CFT. GDPR, and other regulations and guidelines. Compliance policy is detailed in the form of Compliance Procedures, which outlines the process and controls designed and implemented in various processes and departments to ensure that regulatory requirements are complied with. 

Compliance Program

AML Requirements Related to Compliance Program Policy and Procedures

Compliance policy and procedures should be made available to all the employees, agents, and others that deal with onboarding clients, establishing relationships with clients, being involved in executing transactions, and other activities.

Key Components of Compliance Policy and Procedures

Compliance policies and procedures should cover, at minimum, the following requirements:

  • Requirements to have an appointed compliance officer, a risk assessment, an ongoing compliance training program and plan, and a two-year effectiveness review and plan, which consists of a review of your policies and procedures, risk assessment, and ongoing training program and plan;
  • KYC requirements which include requirements for verifying the identity of the client, politically exposed persons or PEPs, heads of associated international organizations, their family members and close associates, beneficial ownership, and third-party involved;
  • Business relationship and ongoing monitoring requirements;
  • Record-keeping requirements;
  • Reporting requirements; and
  • Requirements for suspending or rejecting an electronic funds transfer or EFT or receiving a virtual currency transfer request.


The compliance program also covers the training requirements to ensure that employees are provided with appropriate regulatory compliance training to enable them to understand the applicable regulatory requirements. As part of the Compliance Program, the financial institutions must establish and implement an ongoing employee training program to fulfill their AML/KYC requirements and implement the Compliance Program.

Compliance Program

Training should include regulatory requirements and the internal AML policies, procedures, and processes. At a minimum, the training program must provide training for all personnel whose duties require knowledge of the BSA requirements.”

Training must be provided periodically, such as annually, including the Board members. The AML compliance officers must complete an internal AML/CFT certification program as “knowledge checks” to ensure an understanding of the AML/CFT regulatory requirements. Employees may also be trained through multiple additional channels, including web-based training, workshops, and additional courses.

The completion of AML training is tracked internally, and the failure to complete the required training is taken very seriously. It may lead to discipline, including monetary penalties and job termination. On the successful completion of AML training controls, violations may be reduced.

Final Thoughts

A compliance program is a set of internal policies and procedures implemented within a company to ensure compliance with laws, rules, and regulations or to protect the company’s reputation. A compliance program is a collection of internal policies and procedures that a company implements to ensure compliance with laws, rules, and regulations or to protect the company’s reputation.