Compliance Officers Playbook
Subscribed: 10Played: 212
Subscribe
© Compliance Officers Playbook
Description
Compliance Officers Playbook is your trusted companion in the evolving world of compliance. Whether you’re new to the field, a junior professional accelerating toward a more senio role, or a seasoned Chief/Compliance Officer sharpening your skills, this podcast delivers practical insights, best practices, and thought-provoking discussions designed to elevate your expertise.
This show uses AI-assisted tools to bring you timely content. Every episode is reviewed and published by a human compliance professional to ensure, to the best of our ability, clarity and accuracy. Tune in to level up!
This show uses AI-assisted tools to bring you timely content. Every episode is reviewed and published by a human compliance professional to ensure, to the best of our ability, clarity and accuracy. Tune in to level up!
339 Episodes
Reverse
To listen to the full episode, head to Apple Podcast and search for PREMIUM version under the Same Episode Title. Thank you for supporting the Compliance Officers Playbook podcast show.In the full episode, we unpack the Australian Government AI Technical Standard and how it guides agencies in adopting artificial intelligence responsibly. The standard introduces a clear AI system lifecycle—Discover, Operate, and Retire—providing a structured approach to designing, deploying, and decommissioning AI systems. We explore how national AI ethics principles are translated into practical technical requirements, including human-centred design, strong data quality controls, and rigorous performance testing. The conversation also dives into key governance measures such as bias mitigation, transparency through AI watermarking, and robust version control. Together, these safeguards aim to ensure regulatory compliance, reduce risk, and build lasting public trust in government-led AI initiatives.
To listen to the full episode, head to Apple Podcast and search for PREMIUM version under the Same Episode Title. Thank you for supporting the Compliance Officers Playbook podcast show.In the full episode, we unpack the £160,000 fine issued by the UK’s Office of Financial Sanctions Implementation (OFSI against the Bank of Scotland in November 2025 for breaches of Russia-related sanctions. Regulators found that a designated individual—former Sevastopol governor Dmitrii Ovsiannikov—was able to open an account and process 24 prohibited transactions without detection.The failure stemmed from weaknesses in both automated sanctions screening and manual compliance reviews, which overlooked a spelling variation in the customer’s name. While the initial penalty was significantly higher, the bank received a 50% reduction after voluntarily disclosing the issue to authorities.Drawing on wider government reports and industry analysis, the episode explores how minor data gaps can lead to serious regulatory exposure. We also examine the UK’s growing emphasis on intelligence-led sanctions enforcement and what this case signals for financial institutions navigating an increasingly unforgiving compliance landscape.
To listen to the full episode, head to Apple Podcast and search for PREMIUM version under the Same Episode Title. Thank you for supporting the Compliance Officers Playbook podcast show. In the full episode, we break down the European Banking Authority’s newly issued guidelines designed to standardise how financial institutions across the EU implement restrictive measures and sanctions controls. The rules apply broadly to banks, payment service providers, and crypto-asset firms, aiming to eliminate inconsistencies in how sanctions are enforced across member states.At the heart of the framework is a mandatory restrictive measures exposure assessment, requiring firms to evaluate how their specific business models, customers, and geographies expose them to sanctions risk. This assessment is meant to directly inform risk management strategies, screening systems, and internal controls.The guidelines also introduce clear accountability requirements, including the appointment of a senior staff member responsible for sanctions compliance with direct reporting lines to the management body. We explore additional operational expectations such as screening calibration, staff training, escalation processes, and obligations around asset freezing and potential sanctions matches.Overall, the episode explains how these EBA standards represent a major step toward intelligence-led, harmonised enforcement across the EU—and why firms that fail to adapt risk falling behind in an increasingly stringent regulatory environment.
In this Compliance Officers Playbook episode, we uncover the rapid rise of transnational organised crime networks spreading across Southeast Asia—and how digital technology is supercharging their reach. From fortified scam compounds in Myanmar and Cambodia to billions of dollars laundered through crypto, these criminal syndicates are fusing illegal online gambling with cyber-enabled fraud on an industrial scale.We break down how trafficked workers are forced to run sophisticated “pig butchering” romance and investment scams, and how criminals are weaponising AI deepfakes, custom malware, and social engineering to outsmart even the most tech-savvy victims. The episode also explores the shadowy financial infrastructure behind these operations, including underground banking networks, anonymous money mules, and the growing use of stablecoins like USDT to move and clean illicit funds.Finally, we examine the global response—from US Department of Justice strike forces to record-breaking asset seizures—and why law enforcement is still struggling to keep pace with the professionalisation of crime-as-a-service. This is the story of how organised crime went digital, and why stopping it is harder than ever.
This episode explores a fundamental shift in risk leadership as organisations look toward 2026—one that moves beyond surface-level compliance and toward risk as a driver of meaningful decision-making. We examine why traditional tools like risk heatmaps often fail to deliver value and how risk management only becomes effective when it influences corporate choices before problems materialise.The discussion places strong emphasis on accountability and governance, challenging organisational structures where ownership is unclear or uncomfortable truths are diluted for senior leadership. We also highlight the critical role of healthy escalation cultures, showing how suppressing bad news can turn manageable risks into inevitable losses.Ultimately, this episode reframes risk not as a control function, but as a strategic capability—one that strengthens resilience and prepares organisations to navigate multiple future scenarios with confidence.
This episode examines the rapidly evolving fight against financial crime, with a particular focus on the wholesale brokerage sector and the critical role of Suspicious Activity Reports (SARs). Drawing on insights from the Financial Conduct Authority (FCA), we explore key vulnerabilities in capital markets and why firms must combine effective transaction monitoring with strong customer risk assessments.We also look at recent regulatory updates and industry developments showing how artificial intelligence and large language models are transforming SAR reporting—improving both detection accuracy and the quality of investigative narratives. Supporting data from the National Crime Agency and the ICAEW highlights a sharp increase in SAR submissions, while also revealing persistent under-reporting in sectors such as accountancy.The episode concludes by emphasizing collaboration between regulators, law enforcement, and private firms. As financial crime techniques grow more sophisticated, the industry must adopt innovative technologies, strengthen governance frameworks, and invest in staff training to protect market integrity and combat money laundering effectively.
This episode explores the growing overlap between corporate IT security, cryptocurrency compliance, and international sanctions enforcement. We begin with the challenges system administrators face when employees use VPNs to bypass workplace controls, exposing organizations to hidden legal, security, and operational risks—while raising difficult questions about privacy and oversight.The discussion then shifts to real-world enforcement actions by the U.S. Office of Foreign Assets Control (OFAC), examining high-profile cases involving fintech and crypto platforms such as Kraken and Exodus Movement. These companies faced multimillion-dollar penalties after failing to properly block users in sanctioned regions, including Iran, through effective geolocation controls.We also analyze emerging data showing a sharp increase in government monitoring of digital wallets and the use of blockchain analytics to trace transactions and freeze illicit assets. The episode concludes with a clear takeaway: both IT professionals and financial institutions must maintain strong controls and proactive monitoring to navigate the legal, regulatory, and security risks tied to unauthorized network access and digital currency use.
This episode breaks down the Digital Operational Resilience Act (DORA), the EU’s landmark regulation aimed at strengthening the financial sector against ICT and cyber-related disruptions. We explore DORA’s five core pillars, including ICT risk management, incident reporting, resilience testing, and oversight of third-party technology providers.The discussion also compares DORA with other major EU frameworks such as GDPR and the EU AI Act, showing how organizations can align overlapping requirements into a single, cohesive compliance strategy. Insights from technology providers like Qualys, Copla, and Red Hat illustrate how automation tools can support asset discovery, vulnerability management, and third-party risk monitoring at scale.As the January 2025 compliance deadline approaches, this episode highlights a key shift facing financial institutions: moving away from flexible guidance toward strict, rule-based operational standards. Essential listening for compliance leaders, risk professionals, and technology teams preparing for DORA implementation.
In this Compliance Officers Playbook episode, we explore the role and responsibilities of the European Union’s Anti-Money Laundering Authority (AMLA) and how it is reshaping financial crime supervision across member states. AMLA’s core mission is to create legal and regulatory consistency throughout the EU by developing binding technical standards, practical guidelines, and supervisory recommendations.We discuss how these tools clarify compliance expectations, strengthen cooperation between national supervisors, and improve the overall effectiveness of anti-money laundering and counter-terrorism financing controls. The episode also highlights how AMLA balances innovation with continuity by incorporating established regulatory frameworks originally developed by the European Banking Authority.By bringing supervision under a more rigorous and harmonised structure, AMLA aims to reduce systemic vulnerabilities and better protect the EU financial system from money laundering and terrorist financing risks. This episode provides essential context for compliance professionals, policymakers, and financial institutions preparing for the next phase of EU AML oversight.
In this episode, we break down the Financial Conduct Authority’s Final Notice against Nationwide Building Society, which resulted in a £44.1 million fine for serious anti-money laundering (AML) failures. Covering the period from October 2016 to July 2021, the FCA found that Nationwide breached regulatory Principle 3 by failing to adequately organise and control its affairs.We explore the key weaknesses identified by the regulator, including poor customer risk assessments, widespread failures to refresh customer due diligence, and an ineffective transaction monitoring system. The episode also examines how these shortcomings created significant financial crime risks—most notably in cases where customers used personal accounts for business activity without proper oversight.One particularly stark example involved the laundering of millions of pounds in fraudulently claimed Coronavirus Job Retention Scheme (JRS) funds, highlighting how systemic control failures can be exploited at scale. We also discuss how Nationwide’s early settlement led to a reduced penalty, bringing the fine down from more than £62 million.Whether you work in financial services, compliance, or risk management—or simply want to understand how AML failures happen and why regulators are taking a tougher stance—this episode offers clear insights into one of the UK’s most significant recent enforcement actions.
In this episode, we break down the Financial Conduct Authority’s (FCA) latest move to simplify and strengthen the way complaints are reported across the UK financial services sector. The FCA—responsible for regulating firms, overseeing markets, and protecting consumers—is rolling out a major change: replacing five separate complaints returns with one streamlined, consolidated report.We explore why the FCA is making this shift, how it aims to improve data quality and comparability, and what it means for firms’ compliance processes. A key highlight of the new framework is a dedicated requirement for reporting complaints involving vulnerable customers—a step designed to help the FCA better monitor risks and enhance protection for individuals who may need additional support.Tune in for a clear, accessible breakdown of how this initiative supports the FCA’s broader ambition to become a smarter, more effective regulator—reducing unnecessary burdens on firms while reinforcing its consumer-protection mission.
In this Compliance Officers Playbook podcast episode, we break down the core purpose of internal auditing—from its foundation in independence and objectivity to the two key services it provides: assurance and consulting. We highlight how assurance offers an unbiased assessment of risks and controls, while consulting supports improvement without taking on management roles. At a high level, we show how internal audit helps organisations achieve their goals by strengthening governance, risk management, and internal controls through a disciplined, structured approach.
In this Compliance Officers Playbook podcast episode, we break down the essential difference between risk appetite—the level of risk a board is willing to take—and acceptable risk, the amount an organisation can tolerate without adding new controls. We highlight why zero risk is never realistic, how risk appetite guides what becomes acceptable, and why higher-impact risks are escalated to senior leadership. A quick, clear primer for anyone looking to strengthen their risk management understanding.
In this Compliance Officers Playbook podcast episode, we dive into the complicated world of cryptocurrency mixing services—tools like CoinMixing and CoinJoins that promise enhanced privacy by obscuring blockchain transaction trails. While these services offer legitimate anonymity benefits, they’re also frequently exploited for money laundering, sanctions evasion, and other illicit finance activities.We unpack how global regulators and law enforcement agencies are responding. From the FATF’s call for stronger international action to FinCEN’s proposal to designate CVC mixing as a primary money laundering concern under the USA PATRIOT Act, the pressure is mounting. Recent enforcement actions underscore this shift: authorities have dismantled major hybrid mixers such as Cryptomixer, which processed more than €1.3 billion in illicit Bitcoin, and secured guilty pleas from the founders of privacy-focused apps like Samourai Wallet for running an unlicensed money transmitting business.The episode also explores the current legal grey zone surrounding privacy-enhancing crypto tools—and the tension between protecting financial privacy and combating criminal abuse. Ultimately, the story reveals a striking irony: the blockchain, once viewed as a haven for anonymous crime, is becoming one of the most powerful investigative tools in modern financial crime-fighting. Tune in to understand how technology, regulation, and privacy intersect in this rapidly evolving space.
In this Compliance Officers Playbook podcast episode, we unpack a gripping cross-border investigation from OCCRP and KRIK that reveals how Balkan organised crime networks allegedly used banana shipments from Noboa Trading Co.—the family business of Ecuadorian President Daniel Noboa—to smuggle massive quantities of cocaine into Europe.Drawing on confidential Croatian prosecution files and decrypted Sky ECC messages, the exposé shows traffickers bragging about their privileged access to the company’s export routes. Journalists matched these chats to three verified Noboa Trading shipments that collectively hid 535 kilograms of cocaine, representing millions in street value. Through meticulous cross-referencing, investigators identified key players, including Nikola Đorđević, who handled container loading in Ecuador, all under the direction of convicted drug lord Darko Šarić.We explore the political and operational fallout: how these revelations clash with President Noboa’s strong public stance against “narco-terrorists,” his insistence that his family business was unaware of the scheme, and what the findings expose about systemic security failures at Ecuador’s principal port. Tune in for a deep dive into how global supply chains, political influence, and organised crime intersect in this extraordinary case.
Freemium Episode: In this Compliance Officers Playbook podcast episode, we take a critical look at one of the most widely used—but deeply flawed—tools in corporate governance: the risk heat map. While these colorful grids may offer visual comfort, the source argues they create a dangerous illusion of control. Behind the neat presentation lie subjective scores, oversimplified assumptions, and an inability to capture real-world complexity—such as volatility, tail events, and interconnected risks.We explore how internal politics, optimism bias, and the desire for clean reporting often amplify these weaknesses, masking serious financial exposure. You’ll hear why, if heat maps appear in board packs or audit reports, they should serve only as conversation starters, not as the foundation for risk measurement or decision-making.The episode also highlights practical steps organizations can take: being transparent about scoring limitations and pairing any visual map with concrete financial impact ranges. Ultimately, we underscore the core message of the critique—relying on colored squares to define a risk profile isn’t risk management at all. It’s the absence of it.
In this episode, we break down the European Union’s sweeping overhaul of its anti–money laundering and counter-terrorist financing framework under Directive (EU) 2024/1640 (AMLD6). The new rules usher in a much more unified and transparent system for tracking beneficial ownership and cross-border financial structures across the EU.We explore how AMLD6 standardises and interconnects national beneficial ownership registers—tightening registration rules, improving data quality, and ensuring seamless information flow between member states. At the center of this transformation is the newly established Authority for Anti-Money Laundering (AMLA), which will coordinate national Financial Intelligence Units (FIUs) and provide shared infrastructure for advanced analytics.You’ll learn how FIUs will gain direct, unfiltered access to ownership registers, enabling faster, more accurate AML/CFT investigations and stronger enforcement across borders. With significant operational changes expected by 2026, this episode breaks down what compliance teams, financial institutions, and investigators need to know about the EU’s shift toward centralised data, powerful analytical tools, and an integrated enforcement ecosystem.
In this episode, we unpack the Serious Fraud Office’s newly detailed guidance on how corporate compliance programmes are evaluated across England, Northern Ireland, and Wales. The SFO relies on this framework in six key scenarios—from deciding whether to prosecute a company to determining whether a Deferred Prosecution Agreement (DPA) is appropriate.We break down what the guidance means for organisations facing allegations of bribery or fraud, including how the SFO assesses statutory defences like “adequate procedures” for bribery and “reasonable procedures” for failure to prevent fraud. The conversation explores why the SFO places heavy emphasis on the effectiveness and proactive nature of compliance systems—both at the time of the offence and during charging decisions.You’ll also learn why the SFO warns companies against treating compliance as a superficial “paper exercise.” Instead, programmes must be risk-based, proportionate, and continuously reviewed, regardless of a company’s size or sector. Tune in to understand how these standards are reshaping corporate accountability in the UK.
The European Commission announced in December 2025 that it has officially designated Russia as a high-risk jurisdiction due to serious strategic weaknesses identified within its anti-money laundering and counter-terrorist financing frameworks (AML/CFT). This action was taken pursuant to Delegated Regulation (EU) 2025/1393, which committed the Commission to reviewing nations whose membership in the Financial Action Task Force (FATF) had been suspended. Following a detailed technical assessment, the Commission concluded that Russia satisfied the established criteria to be labelled a high-risk third country under the 4th Anti-money Laundering Directive. Consequently, all EU financial entities covered by the AML framework are now required to apply enhanced vigilance when processing transactions involving Russia to preserve the integrity of the EU financial system. The delegated regulation is scheduled to take effect following a period of scrutiny and non-objection from both the European Parliament and the Council.
In this episode, we break down the United Kingdom’s groundbreaking Property (Digital Assets etc) Act, a new law that officially recognizes cryptocurrencies and NFTs as their own distinct class of property. This legislative shift modernizes centuries-old property definitions, carving out a third category beyond physical goods and traditional financial claims.We explore why this matters for investors, creators, and everyday users. Crypto industry groups are already celebrating the act for strengthening consumer protection, clarifying digital ownership, and enabling legal recovery of stolen or fraudulently obtained assets. While UK courts had previously treated digital assets as property on a case-by-case basis, this statute cements that status once and for all—bringing long-awaited certainty to the digital economy.Tune in to understand how this law could reshape crypto regulation, digital ownership, and the future of Web3.
Comments
Download from Google Play
Download from App Store
United States