AML Audits provided by ASSURACOMP will provide reasonable assurance to our clients that compliance with the requirements prescribed by AMLO and guidelines published by the relevant regulator have been met and assist them with mitigating money laundering/terrorist financing risks through establishing effective control measures and internal processes. We will also endeavour to include comments and suggestions to assist our clients on how to improve operations and the efficient use of resources when operating their compliance regimes. Legal references will be provided for justification whenever possible, which will allow our clients to seek legal advice from an informed position whenever necessary.
For some DNFBPs, an internal AML audit is not an absolute regulatory requirement. Even for those that must conduct AML audits, there is a good chance it can be conducted internally without external involvement. This is possible if the personnel/function, charged with performing the audit, can remain objective, independent, and reports directly to the board of directors or senior management. They must not have been part of carrying out AML processes nor should they be involved in the decision making during it’s operations and implementation. It is only when there is no one suitable internally to conduct the audit in an objective manner or the board of directors/senior management have determined that they will need an external party to provide an independent view will the organisation require to outsource this duty to an external service provider.
The below are the components included within an AML audit which may be subject to changes and arrangements defined in the audit plan. As there are some overlap between different components, amendments and appropriate allocation adjustments should be made during the planning and auditing phase. Similar to other AML standards and requirements, the audit process and reporting should be flexible in accordance to the risk-based approach but also enable the proper assessment and evaluation of the AML regime being reviewed.
Key Components of the Audit
Risk Assessment
Compliance Review
Transaction / Matter Monitoring Test
Reporting and Recommendations
Follow-up and Subsequent Periodic Audits
The risk assessment reviews the below aspects of an AML regime.
- Identification of Existing and Future Potential Risks
- Assessment of Controls and Governance
- Customer Due Diligence
- Transaction / Matter Monitoring
- Reporting and Escalation Management
- Staff Awareness
- Internal Ongoing Monitoring and Review
Its main objective is to identify and address areas of vulnerability posed by money laundering, terrorist financing, and sanctions using the risk-based approach. Ultimately, it will become a foundation of which the development of a comprehensive AML compliance program will be based on.
In contrast with a risk assessment, a compliance review mainly evaluates various areas of an organisation's AML program to ensure adherence to regulatory requirements and best practices. These areas overall include the following:
- Policies and Procedures
- Organisation's Risk Assessment Process
- Customer Due Diligence Measures
- Transaction / Matter Monitoring
- Reporting and Escalation Management
- Staff Awareness
- Internal Ongoing Monitoring and Review
The auditor should seek to identity any gaps, deficiencies, or areas to improve on in an organisation's AML program, with a heavier focus on laws, rules, and guidelines published by regulatory authorities/bodies. This will assist with mending any gaps the regulated entity's policies/procedures may have.
Especially for DNFBPs, whether a transaction / matter monitoring test is required and to what extent it should be performed is usually determined by the services provide by the entity regulated by AMLO and its overall nature of the business.
Generally, the process evaluates and analyse transactions / matter openings to identify any potential suspicious or illegal activities that may be connected to money laundering and any breach of sanctions. A comprehensive examination of the organisation's transaction data and matter opening files will be performed. The auditor will consider various factors, including but not limited to:
- Identification of Red Flags
- Compliance with Reporting Requirements
- Review of Past Audit Reports (Compare progress and patterns)
Note: The methods and procedures utilised for transaction / matter monitoring test are largely dependent on the jurisdiction, regulatory requirements, and the risk profile of the audited entity.
Being the final part of the audit process, the auditor will extract observations in a easily digestible format, provide conclusions on findings, and include action plans for recommendation. It should be drafted with the senior management, board of directors, regulators, and/or other external auditors as the intended end user.
After the audit had been finalised and signed off by the board of directors or senior management, the auditor should, within a reasonable time frame, check-in with the audited subject to address any difficulties encountered when implementing recommendations.
Additionally, subsequent audits should be performed to ensure issues raised within previous audits had been resolved and the effectiveness of the organisation's AML controls remain robust.
More Details on Our Services?
As services facilitating with regulatory compliance and the improvement of business operational efficiencies can be highly modular and tailored made to each circumstance, we welcome any queries you may have on how we can help with the challenges you are encountering. Please click the below “Get In Touch” button or reach out to us using the contact details available at the bottom of this page.