What is an Anti-Money Laundering Audit?
This article sets out what a business should expect from an anti-money laundering audit.
To conduct an anti-money laundering audit it is necessary an AML auditor to have access to the following types of information –
Your AML CFT risk assessment and documents;
Your AML CFT program;
Documents relating to the development of your risk assessment and program;
Access to staff members and/or senior management;
Access to files, customer identification records, transactions and/or outputs from your systems; and
The results of your internal reviews.
Below is the process applied by AML360 when conducting an AML/CFT audit:
1. ANTI-MONEY LAUNDERING AUDIT PLAN
Your business will be provided with an audit implementation plan. The plan will set the nature, scope and objectives of the audit, including techniques to be used for the audit. During the drafting of the audit plan, you will have the opportunity to identify any concerns to be included in the audit planning and to inform AML Consultants about any time constraints to be observed during the audit.
2. PRELIMINARY OVERVIEW
AML360 will obtain an overview of your business operations and policies. The information gathered in this step will generally arise from online questionnaires, discussions with your personnel and reviews of reports and files maintained.
The preliminary overview process is undertaken in stages over a 5-10 day period and will take no more than 2-3 hours of your time.
At the completion of this phase AML360 will set the amount of testing required to accomplish the audit’s objectives.
3. SYSTEMS EVALUATION
AML360 will begin the evaluation of internal controls by reviewing system records and capabilities. Particular emphasis will be placed on the assignment of duties, the approval process, and the reporting structure. This information is obtained primarily through interviews and flow charts.
AML360s’ opinion regarding the adequacy of internal controls has a direct relationship to the amount and depth of the second category of testing, namely customer due diligence and operational testing.
To determine if the reported controls are functioning as intended, AML360 will select samples of documents and inspect those documents for compliance with stated procedures and practices. | The results of these tests provide a degree of assurance regarding the reliability and adequacy of the controls, and a means of measuring operational effectiveness and accountability. | Through sample analyses, AML360 will determine if your entity is achieving the stated mission, namely to identify and mitigate the risk of money laundering and financing of terrorism. |
5. PROGRESS REPORTING
When undertaking an anti-money laundering audit, AML360 operates with a ‘no surprises policy’. AML360 will keep your management informed during the course of the anti-money laundering audit process by discussing progress, audit test results, conclusions and recommendations. | The purpose of these discussions is threefold: (i) To clarify any misunderstandings (ii) Enlist management’s opinion and support in solving any problems discovered; and (iii) Implementation of recommendations. |
6. INTERVIEWS
The auditor will arrange to have interviews with key staff who have responsibility for AML/CFT compliance. This will include the AML/CFT Compliance Officer and the AML/CFT Senior Manager. You should expect some support staff to also be interviewed.
These discussions will be for the purpose of clarifying policies, procedures and controls, as well as gauging the level of knowledge and understanding held by staff.
7. AML/CFT AUDIT REPORT
There is a two-phase approach to the AML/CFT audit report:
Discussion Draft | Final Draft |
Following completion of the sample testing, AML360 will prepare a draft of the audit report. The report will state the audit objective(s), the audit tests performed, the results of the audit tests, including findings and recommendations (if applicable). Your business will have an opportunity to correct any factual errors and make further comment. | The final report is prepared based on the results of the discussion draft. We use 5 ratings of (i) Compliant, (ii) Compliant with Recommendation, (iii) Partially Compliant, (iv) Non Compliant and (v) Not Applicable. Any ratings of Non-Compliant include recommendations of how to strengthen controls. |
8. REGULATORY TECHNOLOGY
Your business will receive an AML360 account from where you will receive and action audit requests. Should business demands interrupt your response, simply save and continue when time permits.
AML360’s technology is designed to provide your business with additional insight in how to strengthen your internal procedures and controls. It achieves this by providing your business an advisory report, setting out the legal obligations and the practical applications of how your business can achieve compliance.
Following completion of the audit, you can continue to use the technology for a further six months, without incurring additional fees. This provides your business an opportunity to immediately remedy any weaknesses. The six month period will enable your business to establish its internal processes, with the software guiding you on how to achieve this.
9. PRE-AUDIT HEALTHCHECK
If you are not ready to commit to an audit but would like to get a ‘preview’ of an audit outcome, you can undertake AML360’s ‘Pre-Audit HealthCheck‘.
You have access to the Pre Audit HealthCheck for a period of 12-months and you can update the HealthCheck as often as required over that time. After completing the HealthCheck, you will receive a report with highlights of those areas that require strengthening.
Should you proceed with an audit from AML Consultants, the fee for the Pre-Audit HealthCheck will be deducted from the audit cost.