If your compliance programme lives in a folder no one opens, it is not a programme — it is a document.
A genuine compliance programme is an active, embedded system. It shapes how your team identifies customers, assesses risk, files reports, and escalates concerns. It gets tested, challenged, and updated when the regulatory environment shifts.
The four pillars regulators look for
Whether you are being inspected in Barbados, Alberta, or another jurisdiction, examiners typically evaluate the same core areas:
- Policies and procedures — written, approved, version-controlled, and actually followed.
- Risk assessment — a living document that reflects your specific client base, products, and geographies. Not a template downloaded five years ago.
- Training — staff who understand their obligations, not just staff who attended an annual refresher.
- Monitoring and testing — regular checks that controls are working, with documented results and remediation where gaps are found.
Where firms get caught out
The most common inspection finding is not the absence of policies — it is the gap between what the policy says and what staff actually do. A KYC procedure that requires enhanced due diligence for high-risk clients means nothing if relationship managers routinely skip it when a client looks familiar.
Second most common: risk assessments that have not been updated after significant business changes — a new product line, a shift into a higher-risk sector, or updated FATF guidance on your jurisdiction.
Starting from where you are
If you are unsure whether your programme would withstand scrutiny, a gap assessment is the fastest way to find out. It maps your current controls against regulatory expectations, identifies priority remediation areas, and gives you a clear action plan before an examiner does it for you.
Monitoring emerging AML typologies and threat intelligence — particularly as financial crime patterns shift — is also increasingly expected. Tools like amlx.io can help your team stay current between formal training cycles.
If you would like to discuss where your programme stands, get in touch with the Four CCCC team.