Compliance Intelligence Platform
The Answers Your
Regulator Expects You
to Already Have.
Authoritative answers across Anti-Bribery, AML, Data Privacy, Sanctions, and ESG — organized for the compliance officer who cannot afford to be wrong.
Compliance FAQ Index
Every question.
Answered on the record.
Select a regulatory domain to filter the FAQ index and see how your peers have applied these answers in live regulatory moments.
All Topics
The complete Comply FAQ index — every question, every domain.
The Ministry of Justice guidance identifies six principles: proportionate procedures, top-level commitment, risk assessment, due diligence, communication and training, and monitoring and review. Adequate procedures must be tailored to your organization's specific risk profile — a rote policy document is insufficient. Courts have consistently held that the defense requires demonstrable implementation, not mere documentation.
A financial institution must file a SAR when it knows, suspects, or has reason to suspect that a transaction involves funds from illegal activity, is designed to evade BSA requirements, lacks a lawful purpose, or involves $5,000 or more (or $2,000 for money services businesses). The 30-day filing window begins when the initial detection of facts triggers the obligation — not when the internal investigation concludes.
Article 17(3)(b) provides a clear exemption: the right to erasure does not apply where processing is necessary for compliance with a legal obligation. However, this exemption is purpose-limited. You must identify the specific legal basis, document the retention period, and ensure the data is not processed beyond that purpose. Blanket "legal compliance" justifications have been rejected by multiple EU supervisory authorities.
OFAC prohibits transactions with entities that are owned 50% or more, directly or indirectly, by one or more SDN-listed persons — even if the entity itself does not appear on any list. The rule aggregates ownership interests. A 30% stake held by SDN-A and a 25% stake held by SDN-B equals 55% blocked ownership. Screening only against published lists is insufficient; beneficial ownership analysis is mandatory.
Non-EU companies are subject to CSRD if they have securities listed on an EU regulated market, or if they generate net turnover of more than €150M in the EU for two consecutive years and have at least one EU subsidiary or branch above the relevant thresholds. The first reporting year for large non-EU companies is financial year 2028, published in 2029, though EU subsidiaries may be subject to earlier timelines.
47 questions in this category
See the top 5 ungated FAQsPeer Validation
How compliance professionals
used these answers in the field.
“Comply's Anti-Bribery FAQ was the only resource that clearly distinguished FCPA's territorial reach from UK Bribery Act's absolute liability. I cited it verbatim in our board presentation.”
Margaret Chen
Chief Compliance Officer
Meridian Industrial Holdings
“The SAR threshold guidance finally resolved a six-month debate between our compliance team and legal. Clear, jurisdiction-specific, and defensible.”
David Okafor
Director of Financial Crime
Westfield Capital Management
“I was three weeks into my CCO role when the SEC sent a comment letter on our ESG disclosures. The Comply ESG section gave me a framework I could stand behind.”
Priya Nair
Chief Compliance Officer
Altara Asset Management
“OFAC's 50% rule is misunderstood everywhere. This was the first plain-language explanation that held up under scrutiny from our outside counsel.”
Robert Vasquez
VP, Global Sanctions
Northgate Financial Group
“We used the GDPR cross-border transfer matrix to restructure our vendor contracts. Saved us from a potential €4M fine.”
Helene Müller
Head of Data Protection
Eurobridge Logistics SE
“The whistleblower protocol FAQ is the resource I send every newly promoted compliance manager on day one. Non-negotiable reading.”
James Thornton
General Counsel
Cascade Energy Partners
“Double materiality finally explained without the jargon. My CFO read it and immediately understood why our ESG reporting scope had to expand.”
Adaeze Obi
ESG Compliance Lead
Pinnacle Infrastructure REIT
“The AML beneficial ownership FAQ helped us navigate the FinCEN CDD rule update in under an hour. We were audit-ready by end of week.”
Sung-Woo Park
BSA/AML Officer
Lakeside Community Bank
Compliance Toolkit Library
Field-tested resources.
Peer-endorsed.
Every resource below has been used by a compliance professional during a live regulatory engagement. Not theoretical. Not aspirational.
FCPA & UK Bribery Act Comparison Matrix
Side-by-side analysis of jurisdictional reach, enforcement mechanisms, adequate procedures defense, and penalty exposure across both regimes. Includes 2024 DOJ enforcement action summaries.
“This matrix saved three days of outside counsel fees. I used it to brief our board in 45 minutes.”
Catherine Walsh, Chief Compliance Officer, Orion Global Ventures
AML Program Adequacy Checklist
Structured against FinCEN's five pillars and BSA examination procedures. Maps to FATF Recommendations 10–21. Includes examiner's perspective on common deficiencies and red flag indicators by sector.
“We passed our OCC exam with zero MRAs. I attribute a significant part of that to this checklist.”
Marcus Reeves, BSA Officer, Harbor Trust Company
Cross-Border Data Transfer Toolkit
Post-Schrems II framework covering SCCs, BCRs, adequacy decisions, and derogations. Includes vendor assessment template, Article 30 record template, and breach notification decision tree.
“The breach notification decision tree alone is worth the download. We used it in an actual incident.”
Ingrid Larsson, Data Protection Officer, Scandinavian Reinsurance Group
ESG Disclosure Readiness Assessment
Maps SEC climate disclosure rules, CSRD requirements, and TCFD recommendations against your current reporting infrastructure. Includes gap analysis template and board-ready summary slide deck.
“The gap analysis template structured a conversation with our CFO that we'd been avoiding for a year.”
Thomas Acheampong, VP, Sustainability & Compliance, Meridian Infrastructure Fund
Full Compliance Toolkit
Download the
Complete Toolkit.
47 FAQs across five regulatory domains, four downloadable matrices and checklists, a regulatory comparison guide spanning 12 jurisdictions, and a board-ready summary deck. Everything indexed, everything current.
Step 1 of 2
Start with your work email.
We don't send marketing. You'll receive the toolkit and quarterly enforcement briefings only.
No credit card. No sales calls. Unsubscribe at any time.
Ungated Access
The top five FAQs,
no gate required.
These five answers represent the most-cited questions across our 4,200+ member network. The remaining 42 are delivered by email.
The FCPA's accounting provisions — 15 U.S.C. §§ 78m(b)(2)(A) and (B) — require issuers to maintain books and records that accurately and fairly reflect transactions, and to devise and maintain a system of internal accounting controls. Unlike the anti-bribery provisions, the accounting provisions apply to all issuers regardless of whether a foreign official is involved. Subsidiaries and joint ventures where the issuer holds 50% or more ownership are covered. The SEC has brought standalone books-and-records actions without accompanying bribery charges.
A red flag is a fact or circumstance that, considered in context, warrants further scrutiny. FinCEN guidance across multiple sectors identifies categories of red flags (structuring patterns, unusual geographic connections, inconsistent customer behavior) but is clear that a red flag alone does not automatically trigger a SAR filing obligation. The obligation arises when the institution knows, suspects, or has reason to suspect that the transaction meets the statutory criteria after conducting a reasonable inquiry. Documenting your inquiry — and the conclusion — is essential whether or not a SAR is filed.
Article 4(12) defines a personal data breach as a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data. The notification obligation to the supervisory authority applies unless the breach is "unlikely to result in a risk to the rights and freedoms of natural persons." The 72-hour window begins from when the controller becomes "aware" — a standard the EDPB has interpreted as when the controller has a reasonable degree of certainty. Notification to data subjects is required only when the breach is "likely to result in a high risk."
OFAC's Economic Sanctions Enforcement Guidelines (31 C.F.R. Part 501, Appendix A) treat voluntary self-disclosure as a mitigating factor that can reduce the base civil monetary penalty by up to 50%. A VSD must be made before OFAC initiates an investigation, must be complete and accurate, and must be accompanied by a thorough internal investigation. The mitigating benefit is not guaranteed — it is weighed against aggravating factors including willfulness, management involvement, and harm to sanctions policy objectives. OFAC has resolved cases with no penalty where VSD was combined with strong remediation.
Double materiality under CSRD requires companies to assess both financial materiality (how sustainability matters affect the company's financial performance) and impact materiality (how the company's activities affect people and the environment). This is a fundamental departure from the SEC's investor-focused, single materiality standard, which asks only whether information would be important to a reasonable investor. Under CSRD, a company must report on its environmental impacts even if those impacts have no material effect on its financial condition. The European Sustainability Reporting Standards (ESRS) provide detailed guidance on how to conduct the double materiality assessment.
+ 42 more answers across all five domains
AML · Anti-Bribery · Data Privacy · Sanctions · ESG
Inbox Delivery
Get the remaining 40+
answers delivered.
One email. The full 47-question FAQ library plus quarterly enforcement action summaries from the SEC, DOJ, OFAC, and FCA.
4,200+ compliance officers
rely on this resource