As per AML-CFT Decision Article 20.6, a robust and independent audit function is a key component to a well-functioning governance structure and an effective AML/CFT framework. Entities without an independent audit function can appoint an external independent auditor.
An independent AML auditor reviews the entity’s AML / CFT framework and evaluates if the AML program is effective in combating the risks of Money Laundering and Financing of Terrorism (ML/FT).
An audit program can be designed either to evaluate an entity’s entire AML/CFT framework or focus only on certain aspects of the framework i.e., where a deep dive is required. Thus, the areas covered can be all or part of the following.
Before the start of an audit, the scope of the review should be understood, and a Scope of Work (SoW) document should be issued to the auditee entity. Audits should cover the aspects related to Control Design Effectiveness (CDE) and Control Operating Effectiveness (COE). A qualitative or a quantitative approach should be adopted based on individual processes and controls.
In order to assess the effectiveness of control design, the auditor conducts a walkthrough with one transaction. Technically, control deficiencies can be called out at this stage itself. Based on the walkthrough the auditor can decide on the control testing methodology including test scripts & sample selection criteria. The walkthrough can be done immediately before the fieldwork or during the initial stages of the fieldwork. Before the start of the actual fieldwork, the auditor should have developed a PROCESS – RISK – CONTROL – TEST matrix. The entire audit program would be based on the matrix. Each test is classified as either qualitative or quantitative.
During the fieldwork, the samples get reviewed based on the test script in the PROCESS – RISK – CONTROL – TEST matrix.
After the fieldwork, has been completed, an Audit Report will be issued calling out any gaps along with management responses for remediation / action plan. The findings are also risk rated according to their impact and likelihood of breaching AML/CFT regulatory norms so that entities can prioritize the findings and assign necessary resources to address and fix them.
We at Adventant have qualified internal auditors with relevant business and regulatory knowledge across various sectors. We conduct our audits by understanding the nances of our clients’ businesses and overarching regulatory principles specific to their business practises. Our auditors understand your business processes, key risks, key controls, and testing procedures before starting the fieldwork. We gather information through secured digital channels or in-person at our clients’ premises to ensure safety and security of data. With more than 20+ years of experience working for multi-national banks within the Middle East and Africa region, our core team comes with a wealth of knowledge and expertise required to conduct a detailed review of your AML/CFT framework and provide you with an objective audit report.
