Compliance Officers Playbook

In this Compliance Officers Playbook podcast episode, we break down the core purpose of internal auditing—from its foundation in independence and objectivity to the two key services it provides: assurance and consulting. We highlight how assurance offers an unbiased assessment of risks and controls, while consulting supports improvement without taking on management roles. At a high level, we show how internal audit helps organisations achieve their goals by strengthening governance, risk management, and internal controls through a disciplined, structured approach.

In this Compliance Officers Playbook podcast episode, we dive into the complicated world of cryptocurrency mixing services—tools like CoinMixing and CoinJoins that promise enhanced privacy by obscuring blockchain transaction trails. While these services offer legitimate anonymity benefits, they’re also frequently exploited for money laundering, sanctions evasion, and other illicit finance activities.We unpack how global regulators and law enforcement agencies are responding. From the FATF’s call for stronger international action to FinCEN’s proposal to designate CVC mixing as a primary money laundering concern under the USA PATRIOT Act, the pressure is mounting. Recent enforcement actions underscore this shift: authorities have dismantled major hybrid mixers such as Cryptomixer, which processed more than €1.3 billion in illicit Bitcoin, and secured guilty pleas from the founders of privacy-focused apps like Samourai Wallet for running an unlicensed money transmitting business.The episode also explores the current legal grey zone surrounding privacy-enhancing crypto tools—and the tension between protecting financial privacy and combating criminal abuse. Ultimately, the story reveals a striking irony: the blockchain, once viewed as a haven for anonymous crime, is becoming one of the most powerful investigative tools in modern financial crime-fighting. Tune in to understand how technology, regulation, and privacy intersect in this rapidly evolving space.

In this episode, we unpack the Serious Fraud Office’s newly detailed guidance on how corporate compliance programmes are evaluated across England, Northern Ireland, and Wales. The SFO relies on this framework in six key scenarios—from deciding whether to prosecute a company to determining whether a Deferred Prosecution Agreement (DPA) is appropriate.We break down what the guidance means for organisations facing allegations of bribery or fraud, including how the SFO assesses statutory defences like “adequate procedures” for bribery and “reasonable procedures” for failure to prevent fraud. The conversation explores why the SFO places heavy emphasis on the effectiveness and proactive nature of compliance systems—both at the time of the offence and during charging decisions.You’ll also learn why the SFO warns companies against treating compliance as a superficial “paper exercise.” Instead, programmes must be risk-based, proportionate, and continuously reviewed, regardless of a company’s size or sector. Tune in to understand how these standards are reshaping corporate accountability in the UK.

In this episode, we unpack the increasingly complex landscape of the EU’s digital regulatory regime—one that continues to evolve around the foundations set by the General Data Protection Regulation (GDPR). Drawing on recent analyses, we explore how regulators are sharpening their enforcement approach, applying strict criteria that can lead to fines of up to four percent of a company’s global turnover.We look at real-world trends, including record penalties from Spain’s data protection authority, which signal a shift toward targeting systemic weaknesses in data security, governance, and risk management. From there, we examine how the EU’s new AI Act is creating fresh tension within the regulatory ecosystem—particularly where obligations for risk assessments, oversight bodies, and documentation overlap with long-standing GDPR requirements.Finally, we break down the practical guidance organizations must follow for international data transfers, including the need for robust safeguards and thorough transfer risk assessments to stay compliant. If you want a clear picture of where EU digital regulation is heading—and what it means for businesses navigating it—this episode offers a concise, informed briefing.

In this episode, we examine the story behind a major regulatory enforcement action in Luxembourg’s financial sector: the €283,000 administrative fine imposed on Allianz Global Investors’ Luxembourg branch for persistent anti-money laundering (AML) and counter-terrorist financing (CFT) failures.We unpack the findings of a 2018 CSSF inspection that uncovered serious gaps—including the omission of more than 1,000 investors from the branch’s AML/CFT risk analysis and weak due-diligence documentation for politically exposed persons (PEPs). Although AllianzGI maintains that the issues were procedural and have since been fully corrected, the case highlights a broader industry trend in which firms delay critical compliance work to focus on short-term business priorities.We also discuss the timeline: the penalty issued in 2022 and upheld in court in 2025—evidence of the regulator’s determination to confront systemic weaknesses in financial controls.Tune in for a clear look at what this case means for compliance culture, supervisory expectations, and the financial industry’s ongoing struggle to balance growth with robust risk management.Full Episode on Apple Podcast

n this episode, we unpack a deep-dive analysis from the European Parliament’s Economic Governance and EMU Scrutiny Unit (EGOV) on one of the EU’s most significant reforms in financial oversight: the creation of the European Anti-Money Laundering Authority (AMLA).We explore how the EU’s 2024 AML/CFT package—including the new Anti-Money Laundering Regulation (AMLR), the Sixth AML Directive (AMLD6), and the AMLA Regulation (AMLAR)—is designed to unify a previously fragmented system and establish a powerful central supervisor. You’ll hear how AMLA is expected to coordinate with national authorities, enhance consistency across the Union, and bolster the EU’s global role in fighting money laundering and terrorist financing.The episode also looks ahead at the challenges facing AMLA: scaling up its operational capacity, adapting to digital finance and crypto-assets, and navigating an increasingly complex regulatory ecosystem.If you want to understand where EU financial integrity is headed—and why AMLA could become a cornerstone of Europe’s regulatory future—this is an essential listen.

The FATF (Financial Action Task Force) Toolkit provides a comprehensive framework for conducting National Risk Assessments (NRAs) on money laundering (ML), terrorist financing (TF), and proliferation financing (PF). It includes practical quick guides for evaluating complex areas such as corruption, virtual assets (VAs) and virtual asset service providers (VASPs), legal persons and arrangements, and the informal economy. The toolkit also features cross-country comparisons of ML threats, classifications of vulnerabilities, and access to NRA tools and global data sources from organisations like the World Bank, IMF, and Council of Europe. A key theme is the need to tailor risk assessments to each country’s unique context, ensuring a nuanced understanding of threats. Importantly, the guidance emphasises not only mitigating financial crime risks but also considering the wider social and environmental impacts of these crimes, promoting a more holistic approach to financial integrity.

In this episode, we explore the complex and often uncomfortable world of risk management, especially for those with a perfectionist mindset. Unlike compliance, which operates with clear rules and definitive answers, risk management lives in the grey areas of uncertainty. We discuss why business growth actually depends on embracing this uncertainty rather than trying to eliminate it. The episode highlights how effective risk management is about building resilience—making informed decisions with incomplete information while staying open to opportunities that emerge from the unknown.