AML/CFT Compliance Audits

Uddhav played an instrumental part preparing the supervisor programme that FMA used to start its AML/CFT supervisory regime. Our audits will give you reasonable assurance about the design and implementation of your AML/CFT risk assessment and AML/CFT programme. Our audit will report on the design and implementation of each of your mandatory obligations in relation to AML/CFT risk assessments and programmes. Contact us now to discuss your AML/CFT Act audit requirements.
The audit of the AML/CFT Risk Assessment will cover the following:  
1. Risk Assessment
  • Whether the Risk Assessment complies with all obligations in section 58(3) of the AML/CFT Act.
  • Nature and extent of the risk assessment and its application.
  • The design, clarity and positioning of your risk assessment.
  • Is there a clear overview of your business – type, nature, size, complexity?
  • Have you completed an appropriate summary of your key ML/TF risks and risk areas?
  • How well you have applied the National and Sector Risk Assessments.
  • A review of the methodology you used to rate the risks.
  • How you described your approach to keeping your risk assessment current.
  • Other considerations, such as your employee risk.
  • How effectively your risk assessment communicates key and emerging risks to staff.
The audit of the AML/CFT Programme will cover the following:  
2. AML/CFT Programme
  • Whether the AML/CFT Programme complies with all of the obligations in section 57 of the AML/CFT Act.
  • Whether the policies, procedures and controls are based on the risk assessment.
  • Whether the policies, procedures and controls are adequate.
  • Whether the policies, procedures and controls have operated effectively throughout the period.
  • Design, clarity, positioning of your AML/CFT programme.
  • How effectively the risk assessment drives and influences your AML/CFT programme.
  • A review of the processes you applied for CDD including if electronic verification is being used.
  • How ongoing account monitoring is achieved.
  • The triggers identified as high risk for transaction monitoring.
  • The suspicious transaction reporting (STR) led and registration with goAML.
  • Record keeping practices.
  • How you as the RE will stay current with AML/CFT information, guidance notes, emerging risks etc.
  • Staff training material.
  • Staff understanding of the policies.
  • Support and training for your AML/CFT compliance officer.
  • Governance and culture of your organisation in regard to ML/TF risk.
  • Any assurance testing and reporting being completed internally.
  • Triggers for review and updating your AML/CFT programme.
  • Any key gaps in your control environment.
  • How well you have described your oversight of third parties and any assurance activity you have developed in this area.
  • Your process for on-boarding new customers who are Politically Exposed Persons (PEPs) or entering into new banking relationships.
  • Review of reporting to senior managers.