Finding your AML auditor is one of the first steps to take when it comes to preparing for your three-yearly AML audit. But to make sure you're as ready as you can be, there are a couple of key areas you have to look at beforehand. In this blog you'll find my quick run-down of the important things you need to do before you have your AML audit, and an opportunity to download our free guide to AML Audits.
If you’ve already had an AML audit, the best time to prepare for the next one is once the auditor has returned their findings. You should look at the outcomes and make a remediation plan to address any issues the auditor has identified, as this will help you avoid making the same mistakes going forward.
If you haven’t had an AML audit, preparation starts from the moment you begin managing your AML/CFT programme. In an AML audit, your auditor will be assessing you on how your policies, procedures, and controls are documented and followed, and so, your audit preparation should begin when you start managing your AML/CFT programme. However, most Compliance Officers don’t immediately think of their statutory AML audit when they take the reins of their business’s AML/CFT programme. So, you can spot-check now if your AML/CFT programme is up-to-scratch by asking yourself some basic questions:
If you answer “no” to any of the above questions, try to put a plan of action in place to get the ball rolling as soon as possible, and thoroughly document what you’re doing so you can demonstrate to your AML auditor that you are actively taking steps to optimise your programme.
In addition, if you’re non-compliant and your AML audit is coming up, it’s important to be transparent with your auditor beforehand. Masking areas of non-compliance, for example, back-dating records or quickly doing work the week before the audit, will be readily visible to an experienced auditor and will reflect poorly on your organisation's culture of compliance. One early step to take is to discuss your challenges and remediation plans openly with your auditor, as this will yield meaningful recommendations and add value to your audit report and the audit process.
Documentation is a key part of the AML audit process, as your auditor will be assessing you on what you’ve recorded and filed. Here are five key steps to take to get your documentation in order:
Your AML auditor will want to draw samples from your documents, so you'll need to make sure they're available ahead of time. Gather the relevant documents that are in separate filing cabinets, attached in emails, hosted in the cloud, or off-site. You'll want to minimise the time an auditor has to spend waiting on documents as this increases the cost of your audit.
Messy and incoherent documents make audits difficult to complete. Plus, auditors are human and hate mess. You need to make the process as frictionless as possible by organising your documents. For example, extract your Customer Due Diligence documents from the wider document retention files for a customer. This allows the auditor to hone in on that specific set without having to hunt for them. It also shows that you are organised!
Have you been doing everything as outlined in your Risk Assessment and Compliance Programme? AML auditors often observe gaps between how something was documented and how it is practically undertaken. Do a logic check to see what sort of gaps you are facing and update any documents where possible.
Get a flavour for the areas you're doing well in and where you might need to focus more attention on. Undertaking an internal assurance check around six months in advance gives you an opportunity to remediate any areas of weakness. Test key areas like CDD, transaction monitoring, staff vetting, and staff training to make sure they're in line.
If you've done staff training and vetting, or formed and removed/filed suspicions, created exceptions etc., make sure this is reflected in your registers. Auditors can only assess what has been recorded, so if you've done the work but haven't written it down, you won't be given credit for it.
|