A Risk-Based Framework for Assessing a Compliance Culture
Author: Francisco Daniel Zepeda Lázarus, PhD, MBA, CAMS, CFE, AML-CA, CAMS-AUDIT
In various forums, compliance culture has been mentioned as an important component that sets the backdrop for the attainment of anti-money laundering (AML) objectives in a financial institution.
However, compliance culture has not been defined clearly in a manner that can allow it to fit into a risk-based assessment process, considering the fundamental assumptions that guide behavior in institutions.
This white paper will offer a framework that allows auditors to understand: a) the organizational dynamics that shape a compliance culture, b) how they can use a risk-based framework for assessing it, and c) determine levels of risk for assumptions of organizational dynamics. In addition, a strategy is presented on how a combination of quantitative and qualitative techniques can be used with the proposed framework. Finally, a brief description of how the framework fits into the corporate governance process will be presented, so that if needed, institutions can pursue compliance cultural improvements.