AML/CFT Compliance Audits
Uddhav played an instrumental part preparing the supervisor programme that FMA used to start its AML/CFT supervisory regime. Our audits will give you reasonable assurance about the design and implementation of your AML/CFT risk assessment and AML/CFT programme. Our audit will report on the design and implementation of each of your mandatory obligations in relation to AML/CFT risk assessments and programmes. Contact us now to discuss your AML/CFT Act audit requirements.
The audit of the AML/CFT Risk Assessment will cover the following:
1. Risk Assessment
- Whether the Risk Assessment complies with all obligations in section 58(3) of the AML/CFT Act.
- Nature and extent of the risk assessment and its application.
- The design, clarity and positioning of your risk assessment.
- Is there a clear overview of your business – type, nature, size, complexity?
- Have you completed an appropriate summary of your key ML/TF risks and risk areas?
- How well you have applied the National and Sector Risk Assessments.
- A review of the methodology you used to rate the risks.
- How you described your approach to keeping your risk assessment current.
- Other considerations, such as your employee risk.
- How effectively your risk assessment communicates key and emerging risks to staff.
The audit of the AML/CFT Programme will cover the following:
2. AML/CFT Programme
- Whether the AML/CFT Programme complies with all of the obligations in section 57 of the AML/CFT Act.
- Whether the policies, procedures and controls are based on the risk assessment.
- Whether the policies, procedures and controls are adequate.
- Whether the policies, procedures and controls have operated effectively throughout the period.
- Design, clarity, positioning of your AML/CFT programme.
- How effectively the risk assessment drives and influences your AML/CFT programme.
- A review of the processes you applied for CDD including if electronic verification is being used.
- How ongoing account monitoring is achieved.
- The triggers identified as high risk for transaction monitoring.
- The suspicious transaction reporting (STR) led and registration with goAML.
- Record keeping practices.
- How you as the RE will stay current with AML/CFT information, guidance notes, emerging risks etc.
- Staff training material.
- Staff understanding of the policies.
- Support and training for your AML/CFT compliance officer.
- Governance and culture of your organisation in regard to ML/TF risk.
- Any assurance testing and reporting being completed internally.
- Triggers for review and updating your AML/CFT programme.
- Any key gaps in your control environment.
- How well you have described your oversight of third parties and any assurance activity you have developed in this area.
- Your process for on-boarding new customers who are Politically Exposed Persons (PEPs) or entering into new banking relationships.
- Review of reporting to senior managers.