Frequently Asked Questions

1. What is a compliance program?​ 

A compliance program is ​a system of individuals, processes, policies and procedures developed to ensure compliance with applicable laws, industry regulations, and legal agreements/contracts that govern an organization and its actions. There are three purposes for a compliance program: 1) Prevention, 2) Detection, and 3) Corrective action.

​2. What are the elements of an effective corporate compliance program?

Compliance programs have evolved over time. Although specific guidelines may vary somewhat, the major themes remain the same. Today, an effective corporate compliance program is generally considered to have the following seven elements:

  1. Written policies, procedures, and standards of conduct;

  2. Compliance oversight;

  3. Effective education and training;

  4. Effective lines of communication;

  5. Disciplinary guidelines for enforcing standards;

  6. Internal monitoring and auditing; and

  7. Prompt response to offenses and corrective action plans

Some industry experts consider there to be an informal eighth element: Periodic reassessment of the compliance program to ensure effectiveness.  

An effective compliance program should be tailored for each organization based on the industry in which it operates, the products and services it offers, the clients it serves, and the specific needs of the particular organization. Therefore, the 7-8 elements listed above, will look different for each organization.

3. Who should have a compliance program?

  • Private Businesses

  • Publicly Traded Companies

  • Foundations and other Non-Profit Organizations

  • Government Agencies

  • Schools

  • Others 

4. Are compliance programs mandatory?

A host of regulations make compliance programs mandatory for certain entities within specific industries. Whether mandatory or merely recommended, compliance programs safeguard an organization and provide a number of important benefits. 

5. What are some of the benefits of a formal compliance program?

There are numerous benefits, both tangible and intangible, to implementing a formal compliance program. Some of these benefits include:

  • Protecting the reputation of the organization

  • Encouraging a culture of "doing the right thing"

  • Increasing awareness for employees and stakeholders

  • Providing an avenue for employees and stakeholders to raise potential issues (and a corresponding opportunity for the organization to fix those issues)

  • Reducing costly enforcement actions and avoiding the imposition of fines and penalties

  • Attracting top talent

  • Increasing productivity

6. What are the pillars of an AML compliance program?

Historically, an AML compliance program was considered to be made up of four components or pillars. However, following the effective date of the Customer Due Diligence Rule (CDD Rule) in May 2018, an AML compliance program is now considered to be comprised of five pillars. The five pillars include:

  1. Written policies, procedures and internal controls;

  2. A designated BSA compliance officer;

  3. An employee training program;

  4. Independent testing of the BSA/AML program; and

  5. Customer due diligence procedures.

AML compliance programs must be risk-based and tailored to the specific institution, including it’s size, geographic areas(s), customer base and the products and services offered.

7. Are AML compliance programs mandatory?

The requirement for an AML compliance program arises out of the Bank Secrecy Act (BSA). The regulations and reporting requirements implemented pursuant to the BSA apply to "financial institutions," which is a term defined broadly and encompasses the financial activities of a variety of businesses, including traditional banks as well as credit unions and thrifts, non-bank financial institutions, securities dealers, money services businesses, and others. 

8. What is OFAC?

The acronym, OFAC, stands for the Office of Foreign Assets Control, which is an agency of the U.S. Treasury Department. OFAC is responsible for the administration and enforcement of economic and trade sanctions in support of U.S. national security and foreign policy objectives. This includes the issuance of sanctions against certain individuals, entities and shipping vessels, as well as against targeted countries and regions.


9. Are there any guidelines for an OFAC sanctions compliance program?

In May 2018, OFAC issued its first formal Framework for OFAC Compliance Commitments. The intent of this document is to provide organizations with a framework for the five essential components of a risk-based Sanctions Compliance Program (SCP). The five essential elements include:

  1. Management commitment;

  2. Risk assessment;

  3. Internal controls;

  4. Testing and auditing; and

  5. Training. 

10. Where can I get more information?

If you have any questions about compliance program implementation, applicability of these laws and regulations to your organization, compliance training, or anything else, please email

Disclaimer: The information provided on this website does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this site are for general informational purposes only. 

©2019 by Compliance Notes. Proudly created with