Consider the Cost of an AML/CFT Audit as an Investment to Protect Brand
The cost of an AML/CFT Audit is minuscule in comparison to a potential regulatory breach
Unless an AML/CFT Supervisor authorised otherwise, an AML/CFT audit occurs every 3-years.
For businesses wondering where they should set their budget for an Independent AML/CFT Audit, a rough guide for a small sized business is $1,500 to $3,000. This would represent a Limited Assurance Audit.
Based on the above 'ball park' figures, the annual cost of AML/CFT reviews and testing the AML/CFT Programme and Risk Assessment for adequacy and effectiveness in achieving AML/CFT regulatory expectation. This 3-year revolving cost, at today's market rate, would therefore equate to approximately $750 to $1,000 per annum.
You Can't Afford Compliance? Try Non-Compliance!
New Zealand businesses generally misinterpret the purpose of New Zealand’s laws arising from the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (the AML/CFT Act).
The misinterpretation is that the AML/CFT Act requires a “tick box” approach or a “She’ll be right mate, we’ll never be subject to a regulatory inspection”.
Being complacent to the AML/CFT compliance obligations would be a grave mistake.
Firstly, conducting business trade whether globally or domestically should be considered a privilege and not a right. As AML/CFT compliance ultimately aims for detecting serious financial crime which can lead to detection of predicate crimes such as narcotic distribution, businesses should interpret AML/CFT compliance as a necessary business community service.
Secondly, serious breaches under the AML/CFT Act can result in fines equating to hundreds of thousands of dollars and for larger businesses, multiple millions.
What is the Cost of an AML/CFT Compliance Breach?
Presently only the Courts can deliberate on issuing financial penalties for non-compliance. However AML/CFT Supervisors are working towards having the opportunity to issue infringement notices.
New Zealand’s Court’s have deliberated on the appropriate penalty for non-compliance of the AML/CFT Risk Assessment.
The Courts considered the AML/CFT risk assessment was the cornerstone for ensuring implementation and operation of adequate policies, procedures and controls.
A financial regulatory penalty can occur if a business does not have an AML/CFT risk assessment in place. Penalties can also occur if a business is operating with an AML/CFT risk assessment that cannot reasonably achieve its objectives.
New Zealand’s Courts have penalised firms from between $300,000 to $5,000,000 for serious breaches.
Getting Quality Assurance from an Independent AML/CFT Audit
If small and medium sized businesses look for shortcuts by avoiding a quality assurance audit or avoiding ‘independency’ of the AML/CFT Auditor, the financial and regulatory risk could very easily permanently close a small or medium sized entity.
Therefore business owners who place value on business continuity and brand protection, should apply appropriate due diligence when selecting the Independent AML/CFT Auditor.
If the AML/CFT Auditor is neither experienced or qualified in AML/CFT risk-based compliance and has limited experience in auditing, the value of the AML/CFT audit results is unlikely to fall into the category of a Quality AML/CFT Audit Assurance Report.
What is Quality AML/CFT Audit Assurance
The AML/CFT Supervisors have provided a Guideline on AML/CFT Audits to explain the difference between a ‘Limited Assurance’ audit and a ‘Reasonable Assurance’ audit. AML/CFT Supervisors explain they expect the commitment of resourcing and testing of a reasonable assurance audit to be greater.
Reasonable assurance audits therefore provide greater confidence in the Auditor’s observations and findings.
You can access the AML/CFT Audit Guideline at the links below:
What is AML/CFT Audit Testing?
An AML/CFT Auditor will examine corporate data relating to client activity, including the data that confirms compliance with Know Your Customer and Ongoing Due Diligence.
Know Your Customer refers to identity verification reasonably informs the client is who they say they are. Know Your Customer (KYC) also incorporates the ‘Nature and Purpose’ of the business relationship with the client or customer.
The AML/CFT Auditor will examine Policy, Procedures and Controls that the reporting entity utilises for meeting ongoing monitoring.
This includes rules relied on for detecting unusual activity or ‘suspicion’.
Does an AML/CFT Auditor need to hold an AML/CFT Qualification?
No, an AML/CFT auditor is not required to hold an AML/CFT qualification. However, AML/CFT Supervisor Guidelines require that the AML/CFT Auditor detail their relevant experience in the covering AML/CFT Audit Report.
However, the more qualified and experienced the AML/CFT Auditor is in performing the Independent AML/CFT Audit, the greater the level of confidence that AML/CFT Supervisors will place on the AML/CFT Audit Report.