What is the outcome of an AML / CFT audit?
The outcome of the audit is an independent assessment of how well your risk assessment and programme are designed and working.
The AML auditor will present their findings in a written report, containing certain minimum requirements and any additional reporting based on the agreed deliverables between you and the auditor.
The report will include a title (eg: ‘Independent AML / CFT Audit’) and clearly state the period covered by the audit. As a minimum the report will identify:
- The audit period covered by the report.
- Whether your risk assessment and programme meet the requirements of the AML / CFT Act.
- Whether your programme is functioning in practice as required and intended.
- A description of how the auditor determined the adequacy and effectiveness of your risk assessment and your programme.
- The date and signature of the auditor.
The report may also include:
- Identification of areas to be accorded highest priority for improvement.
- Recommendations for rectifying non-compliance.
- Identification of any weaknesses in your systems and processes, such as (but not limited to) your procedures for identifying or reporting suspicious transactions.
What should I do with the audit report?
- Address, as a priority, any non-compliant areas identified in the report.
- In your annual AML / CFT Report to your supervisor, you must state whether you have made the necessary changes to address issues raised (if any) in the audit report.
- Keep the audit report on file and submit it to your supervisor if they ask for it.
If you have received your audit report and are unsure how to implement any of the recommendations, contact us for advice.