7 tips for successful audit preparation
AML / CFT audits come around every two years and reporting entities naturally want to achieve as good an audit outcome as possible. The Strategi AML audit team has used its experience from conducting hundreds of audits to develop ‘7 tips for successful audit preparation’.
1. Review your documents well in advance
Don’t wait until just before your audit is due then review your AML risk assessment and programme. Give yourself plenty of time to review and amend your documents then demonstrate that the changes have been put in place.
2. Keep up to date
Your business changes, AML Supervisors produce updated risk assessments/ guidance, plus new technology comes onto the market. Have bring-ups to read widely so you are aware of the changes. A good source of practical hands-on information is our monthly AML / CFT newsletter, plus AML articles on Radar - the Strategi Group online education portal.
3. Complete the required training
Each year, ensure all staff complete AML / CFT training. This includes front line staff and directors of the business. Most importantly, the AML / CFT compliance officer needs to know what training is available and record what staff do what training. Evidence of having completed training is essential so doing training online using the AML modules in Radar is ideal as the auditor can view each person’s training log and the actual training completed. Don’t forget to train new staff when they join the business.
4. Look at technology to simplify the AML burden
If you only have a small number of clients, then manual AML processes are probably the most appropriate. However, once you have thousands of clients or hundreds of new clients each year, then technology may be the way to go. If considering technology, then give the Strategi AML auditors a call as they see most technology solutions and can provide comments around what may be appropriate for a business of your size. Introduction of technology may also trigger a change that needs to be made to your AML / CFT programme.
5. Version control your document
Failure to apply version control to your AML risk assessment and programme will not be a breach of obligations. However, employing good version control will help you demonstrate that you have been regularly reviewing and updating your documents. If you are a larger company, potentially include on the front cover of your AML documents the version history and board review dates.
6. Action past audit recommendations
Read the last audit report you received and take action to implement appropriate remedial actions. Do this as soon as you have received your audit report. It is pretty hard to convince an auditor that you have not had time to fix things considering the last audit was two years ago.
7. Talk regularly with your AML auditor
Sure, your auditor is there to audit your documents to see if you comply but don’t treat them as some scary ogre. They must remain independent so you cannot get them to rewrite your AML / CFT risk assessment and programme. However, they are very knowledgeable about all things AML / CFT so feel free to pick up the phone and talk to them about issues which may be concerning you.