Mar 22. 2020

Auditing the anti-money laundering framework

Auditing the anti-money laundering framework

Auditing the anti-money laundering (AML) framework is critical to ensure that banks and financial institutions do ensure compliance with regulatory guidelines.

In light of the recent anti-money laundering incidents:

  • “Sweden Fines Swedbank $386M For AML Missteps” – source
  • “EU chastises 8 member states on AML even as bank watchdog girds guidelines for gauging fincrime risk” – sources

internal audit is under pressure to carry out a detailed review of the design effectiveness and efficiency of an organization’s AML compliance regime.

How can internal audit provide assurance on a financial institution’s AML compliance program?

Reviewing the design of the AML framework

The internal audit team is not naturally versed in the latest AML regulatory requirements, compliance best practices and/or threat profile. As a result, it is indispensable that the audit team acquires knowledge of the latest money laundering topologies.

This skillset can be obtained by studying for ACAM’s Certified Anti-Money Laundering Specialist (CAMS) certification.

The CAMS certification equips the IA function with the necessary knowledge to: 

  • perform an AML risk assessment in order to define its audit scope
  • develop of a more in-depth anti-money laundering audit methodology
  • provide better management action plan recommendations…

Since the AML audit covers both the organization’s compliance function as well as operations, in order to preserve independence and objectivity, IA cannot consult with compliance. The IA team should hire an external AML compliance subject matter expert to complement its audit team.

Assessing the AML framework implementation

When internal audit takes a look at the AML compliance framework the following high-level risks should be considered:

  • the framework is outdated
  • the framework is not in line with the latest AML typologies defined by FATF
  • compliance staff is not trained or not attending annual refresher training
  • high employee turnover in key AML compliance roles
  • inadequate and/or outdates suspicious transaction monitoring tools
  • inadequate and/or untimely suspicious transaction reporting…

Beyond the generic, high-level risks listed above, internal audit should assess the unique circumstances facing the entity. Let me give you a run down on the key, organization specific AML exposures that should be considered:

  1. the entity is onboarding foreign citizens, using new on-line KYC/CDD processes
  2. new on-line client onboarding processes are not properly tested and vetted by compliance
  3. enhanced customer due diligence processes are not well defined for on-line applicants
  4. the escalation process for on-line client onboarding is not established or less rigorous than traditional face to face client on-boarding requirements…

Ultimately, internal audit has to adapt its AML audit methodology both the constantly evolving threat typologies as well as the transformation of the organization as a whole.


How your organization manages its AML compliance audit efforts?


Please, give a Thumbs Up if you like this post and please, share it within your network!!!

#aml #anti-money laundering #fataf #compliance #amlcompliance #internalaudit #amlcompliance

1 0

Leave a Reply

Your email address will not be published. Required fields are marked *