Anti-Money Laundering (AML) auditing is an essential part of compliance for businesses in the legal industry. The newest AML guidelines for the legal industry reinforce regulators' expectations that businesses should evaluate whether to create an independent audit function and, if not required by law, evaluate if it would benefit them in any case. Regulation 21 of the Money Laundering Regulations 2017 necessitates establishing an independent audit function when suitable for the size and type of the organization. As a result, the firm's first barrier is determining if they are of sufficient size and character to require one.
The latest guidelines from the Financial Conduct Authority (FCA) and the Joint Money Laundering Steering Group (JMLSG) reinforce the expectation that businesses should evaluate the need for an independent audit function, even if not explicitly required by law in the UK.
The purpose of AML auditing is to evaluate and improve a company's internal controls, policies, and procedures to ensure compliance with AML regulations. This includes performing regular risk assessments, monitoring transactions for suspicious activity, and training employees on the company's AML policies and procedures. An independent AML audit function can provide an objective and unbiased evaluation of a company's compliance efforts, helping to identify and mitigate potential risks.
It is helpful to analyze why the 2017 Regulations included this extra restriction. Despite having large teams of well-trained AML employees, regulated firms, notably banks, were suffering AML errors. One of the issues raised was that if internal auditing teams were in place, their lack of independence meant they might not notice if something wasn't quite right or have the power to ensure that suggestions were followed. An independent audit function can provide an objective and unbiased evaluation of a company's compliance efforts, helping to identify and mitigate potential risks.
The efficacy of an AML audit program is evaluated based on the achievement of its objectives through established processes. However, ensuring the effectiveness of AML audits goes beyond simply collecting data. It necessitates the implementation of a robust program and always keeps it updated and controlled. This is a procedure that must be constant and checked from different points. To guarantee the effectiveness of AML audits, it is imperative to undertake several steps.
Firstly, audits should apparently establish the goals of the process. AML audits can be conducted as part of regular protocols or for a specific purpose. Assign an auditor who possesses knowledge and understanding of AML laws, regulations, and expectations. Auditors without enough expertise may fail to identify liabilities in an AML program.
Secondly, obtain audit reports from the AML department's solution program prior to the audit. The AML department's capability to efficiently produce its own audit reports is one of the significant points. The AML department must have a solution in place that can generate various AML audit reports that provide comprehensive and adequate supporting documentation for its AML efforts.
The process requires ensuring that thorough reviews are conducted of the AML audit reports produced by the implemented solution. These reports can help guarantee that effective AML audits are being performed and should be quantified, have appropriate terminology and unfamiliar terms defined, report and/or link findings to customers, transactions, or entities, and have images or diagrams for result presentation.
What Does an Independent AML Audit Entail?
An independent AML audit is an examination of the company's anti-money laundering plan. It is not a financial audit but rather an analysis to verify if a company has a proper anti-money laundering program in place and is doing what it indicates it is doing. In most cases, an AML audit contains the following:
- A total examination of the company's anti-money laundering compliance program document
- AML Policy and Procedures of the organization are being put to the test.
- Review of the Customer Identification Procedure (CIP)
- Transactional evaluation and testing
- OFAC investigations
- Review of FinCEN-related filings (CTRs and SARs)
- AML training evaluation
- Automated monitoring methods and management information systems are being evaluated.
- Examining previous audit reports to determine the effectiveness of recommendations that have been implemented
Who Can Conduct The AML Audit?
An AML audit can be carried out by corporate employees who are not involved in any areas where possible money laundering concerns exist or by a third party. This implies that the independent audit cannot be conducted by the approved AML compliance officer (or anybody on his or her team). Many smaller businesses use competent, independent third parties because they lack personnel who are knowledgeable in these areas or find it too expensive to commit the time and resources required to do so internally.
Frequency of an AML Auditing
The frequency is risk-based for financial organizations that are classified as loan and financing firms by the US Treasury's Financial Crimes Enforcement Network (FinCEN). According to FinCEN, the depth and frequency of testing must be relevant to the risks represented by the company's products and services.
The frequency of AML audits is typically dictated by the Self-Regulatory Organizations (SROs) compliance standards for other financial companies and those who are members of SRO. The rule mandates an annual AML audit for broker-dealers who are members of the Financial Industry Regulatory Authority (FINRA). In addition, the AML audit requirements must be met every twelve months for commodity futures brokerage companies that are members of the National Futures Association (NFA).
The Difference Between an AML Audit and a Financial Audit
A licensed public accounting company conducts an independent financial statement audit. It entails examining evidence supporting the amounts and disclosures in the company's financial statements on a test basis, assessing the overall financial statement presentation to develop an opinion on whether the financial statements overall are free of material misstatement, as well as an evaluation of the accounting principles used, and significant estimates made by the organization. An AML audit, on the other hand, is a check to determine if a company has a proper anti-money laundering program in place and is doing what it claims to be doing.
Internal audit weaknesses draw regulatory attention in four key areas:
The newest AML guidelines for the legal industry reinforce regulators' expectations that businesses should evaluate whether to create an independent audit function and, if not required by law, evaluate if it would benefit them in any case. The purpose of AML auditing is to evaluate and improve a company's internal controls, policies, and procedures to ensure compliance with AML regulations. An independent AML audit function can provide an objective and unbiased evaluation of a company's compliance efforts, helping to identify and mitigate potential risks. The efficacy of an AML audit program is evaluated based on the achievement of its objectives through established processes. However, ensuring the effectiveness of AML audits goes beyond simply collecting data. It necessitates the implementation of a robust program and always keeps it updated and controlled. To guarantee the effectiveness of AML audits, it is imperative to undertake several steps, including clearly defining the audit goals, assigning an experienced auditor, preparing a comprehensive list of required documents, obtaining audit reports from the AML department's solution program, conducting thorough reviews of the audit reports, and ensuring sample sizes are sufficient and representative. Ultimately, an independent AML audit can provide assurance that a company is effectively managing its AML risks and complying with regulations.
