How to Prepare for an AML Compliance Audit

This article will discuss some aspects in How to Prepare for an AML Compliance Audit.

An AML compliance audit analyses a reporting entity’s risk assessment and AML programme to ensure both operate effectively.  Under section 59 of the Anti-Money Laundering and Countering the Financing of Terrorism Act 2009 (the AML/CFT Act), an audit must be conducted at least every three years.

When the legislation was implemented in 2013, reporting entities were required to undergo an audit every two years (or at the request of their AML Supervisor). In 2021 this requirement changed to every three years. There is some leverage for a reporting entity to extend an AML compliance audit to a 4-year cycle; however, approval from an AML supervisor is first required before committing to the extended period.

How is an AML compliance audit conducted?

Before commencing the AML compliance audit, an auditor will provide an AML/CFT Audit Plan. This document sets out the steps the AML auditor will take and will be a detailed document describing the auditing process. 

Following the sign-off of the audit plan and confidentiality documents, the audit will typically start with a request for records.  The type of records requested include:

1. The current and earlier versions of the AML risk assessment.
2. The current and earlier versions of the AML programme.
3. Records that support the AML programme..
4. AML/CFT Training register.
5. Staff vetting records. 
6. Filings of regulatory reports.
7. Evidence of ongoing monitoring.
8. Management reports.
9. Communications with AML Supervisors.

Once the AML auditor has reviewed the records, further requests are made to check that procedures and controls are performing to the requirements of the AML programme.

AML Compliance Audit: Staff Interviews

All employees who have a role in AML/CFT compliance are required to have adequate training and knowledge of their responsibilities.

Key personnel such as the AML compliance officer and AML senior manager are likely to be interviewed.  Support staff may also be interviewed depending on the size of the organisation and the types of issues present.  

The purpose of these interviews is to clarify that the day-to-day business practice is operating as stipulated in the AML/CFT programme.

The Anti-Money Laundering Compliance Officer should be competent in responding to AML/CFT Auditor queries.

Other staff with responsibilities for AML/CFT compliance obligations should also be able to competently demonstrate how they apply their compliance duties. 

AML Compliance Audit Testing

Once an AML auditor has inspected records and conducted interviews with staff, procedures and controls will be validated.

Testing will include the adequacy of customer onboarding procedures, retention of verification records, outcomes of ongoing monitoring, detail of management reporting, the scope of AML training and results of internal reviews.

Your Anti-Money Laundering Compliance Officer should be utilising internal processes for testing.

Prepare AML Audits for testing by examining procedures and written reports capturing client risk profiling, activity money and AML compliance risk reporting.

What is an AML audit report?

An AML compliance audit report will provide a written and formalised description of the audit.  It will set out scope of the audit, qualifications and experience of the AML auditor, a description of the reporting entity’s type of business and the findings of the audit inspection.

You can find out more information on What is an AML compliance  audit by clicking on this link: Targeted Assessments – Independent AML/CFT Audit

Ready for an AML Quote?