Due to the implementation of the Anti-Money Laundering and Counter Financing of Terrorism act of 2009, business entities are now required to submit their Risk Assessment procedures and AML programs to a bi-yearly audit or whenever requested by an assigned AML/CMF Supervisor.
Certain businesses may be subjected to more frequent audits based on their nature and level of risk. Most broker-dealers, for example, are required to undergo them annually according to the rules of the Financial Industry Regulatory Authority.
The audit is to be conducted by an independent party, with its primary purpose being the assurance that the entity’s Risk Assessment process satisfactorily identifies potential money laundering risks and remains up-to-date, as well gauging whether or not the business is able to determine its risk levels effectively.
What goes on during an audit?
All aspects of the business’s Risk Assessment process and AML program will be placed under review to ensure that it complies with the standards set by the AML/CTF Act, along with the Codes of Practice provided by the AML/CFT Supervisor. This usually includes the following:
- A comprehensive review of the manual pertaining to the business’s AML program.
- Examination of the AML policies and procedures that the business has in place.
- Review of the business’s Customer Identification Program.
- Investigation of all client portfolios and customer transactions.
- Performing OFAC (Office of Foreign Assets Control) checks
- AML training evaluations.
- Assessment of the business’s management and monitoring software.
- Going through previous audit reports to determine if the recommended changes were actioned effectively.
Upon completion of the review, the entire AML program is thoroughly tested to determine if it is functioning as designed. Bear in mind that this is different than a financial audit.
Who conducts the audit?
The AML audit must be performed by an independent entity that does not have a hand whatsoever in the development, implementation, and maintenance of neither the business’s Risk Assessment process nor its AML program.
It may be conducted by an employee of the business itself, though it is more commonly done by an independent third-party entity (especially in smaller businesses) since keeping a qualified auditor on the payroll permanently can be a costly affair.
The Four Pillars of an Effective AML Program
To ensure that the business remains in compliance, it must have an AML program in place with the following principal characteristics:
1. A Designated Compliance Officer
A qualified full-time compliance officer must be designated to liaise between then the higher-ups of the business and the regulatory authorities involved.
2. Development of internal policies, procedures, and controls
This should include some key policies such as on-time filing of Suspicious Activity Reports and Transaction Reports. “Know Your Customer” and “Know Your Employee” programs are also a must and sometimes considered a pillar on its own. When it comes to monitoring, an effective system needs to be in place that can flag odd transactions and determine whether or not a Suspicious Activity Report is warranted.
3. Ongoing and Relevant Training of Personnel
While the threat of money laundering should have already been properly disseminated to the entire staff of the business from the get-go, it is vital to regularly hold training sessions to remind employees of the company’s policies and procedures and to equip them with knowledge of newer money laundering techniques that criminals may utilize.
4: Independent Testing and Review
As previously mentioned, the business has to perform a thorough test of its AML program, followed by a review of its operational procedures. This can be done either through independent internal review personnel that have no association with the AML program or by designated third parties.
If you need a proven and trusted AML auditing service, then enquire with Arctic Intelligence for a comprehensive review and consultation.