Auditing to many people is a dark and mysterious art. The very presence of an auditor and the fact that you have to pay them to put you under scrutiny you don’t really want to enforce Anti Money Laundering laws you sure as heck didn’t vote for, is enough to raise your anxiety levels and have you reaching for your blood pressure pills. But as with the art of negotiation, the key to a great outcome with your AML audit is first to understand exactly what your auditor knows and is tasked to do and what they are going to be looking to see.
There are two key things that your auditor will focus on.
- Firstly, they will be looking to determine if your risk assessment document complies with section 58(3) of the act. Specifically, they will be looking to assess the nature and extent of the AML / CFT risk assessment and its application in your business.
- Secondly, they will be seeking to determine whether your AML / CFT programme that is based on your risk assessments complies with section 57 of the act. Specifically, this includes processes to vet staff, choose between enhanced and simplified CDD, report suspicious transactions, monitor and record findings, be alert to deals that benefit from anonymity and undertaking training to ensure the programme is followed and used.
Now here’s the thing; Many firms contracted out the task of conducting a risk assessment and writing their compliance programme. This has meant they are compliant but vulnerable. Their vulnerability lies in not having truly lived in this process. The boxes might have been ticked but is lip service only being given to the ongoing monitoring and implementation of the program?
If this is you, and all you have really done is collect CDD information, you might need to shake off any remaining apathy and really get your hands into the soil of your compliance program.
Here’s a three-question test of your vulnerability;
Could you, for example, explain how to determine whether enhanced CDD or simplified CDD is required?
Are you actually doing anything to determine if your client might be a “politically exposed person” and do you know what to do if they are?
What have you actually done that you can prove to vet new staff and agents?
Five key tips to assist you to get that positive outcome from your AML audit
So, if you a feeling a bit lacking in all of this, here are five key tips that if implemented, will greatly assist you to get that positive outcome from your auditor and improve your test score.
- Pull your program out and re-read it before the audit. If you are asked questions on it but are found to have no understanding of it, you are not going to be creating a positive impression with your auditor.
- Make sure you are following the programme to ensure you have the right level of CDD information. Test your own teams’ compliance ahead of the audit, testing is something the auditor will definitely do.
- Check whether you have any suspicious transactions that require reporting. If any have been identified the auditor will check they were reported within three days.
- Assemble proof that you are vetting new staff properly.
- Determine how you will demonstrate that new staff have been trained in the use of your program. A system to ensure they are inducted and sign off on their training in the program will find favour.
Finally, remember that the AML legislation is new law creating many obligations on firms that have not existed in the past.
You are not the bad guy. You are simply required to follow the law that is designed to prevent the bad guys from hiding their ill-gotten gains. Your auditor will provide valuable feedback on how well you are going with meeting your obligations. Take feedback in a positive context and use it to your advantage. Knowledge is power and your auditor is going to be able to grow your knowledge of things you can do to keep the enforcement officers at bay.
In that sense, your auditor is offering you the gold here.