Taking into account as mutatis mutandis reference the U.S. Department of Justice Criminal Division “Evaluation of Corporate Compliance Programs”, it’s very interesting to highlight the following as a threshold to assess whether our policies and procedures are actually effective:

Design – What is the company’s process for designing and implementing new policies and procedures and updating existing policies and procedures, and has that process changed over time? Who has been involved in the design of policies and procedures? Have business units been involved prior to rolling them out?

Comprehensiveness – What efforts has the company made to monitor and implement policies and procedures that reflect and deal with the spectrum of AML/CTF risks it faces, including changes to the legal and regulatory landscape?

Accessibility – How has the company communicated its policies and procedures to all employees and relevant third parties?

Responsibility for Operational Integration – Who has been responsible for integrating policies and procedures? In what specific ways are compliance policies and procedures reinforced through the company’s internal control systems?