As per the recommendation of the Financial Action Task Force (‘FAFT’) on the establishment of an independent compliance audit, section 22(1)(d) of the Financial Intelligence and Anti-Money Laundering Regulations 2018 (‘FIAML 2018’) provides that licensees are required to ensure the implementation of independent compliance audit. In contrast with financial audit which pertains to an evaluation of the financial statements of an organisation, the independent compliance audit is an independent assessment to ensure that laws, rules, and regulations or internal guidelines are followed by an organisation. While it is a vital element of any effective compliance program for regulated financial institutions, it also helps licensees in responding to the dynamic and emerging money laundering and terrorism financing threats.
What makes valuable an independent compliance audit is the fact that audit reports generally include helpful recommendations. Independent compliance auditing can help a company recognise deficiencies in regulatory compliance systems, and develop ways to be compliant. Moreover, since laws and regulations evolve over time, compliance programs are in a constant state of flux. Independent compliance auditing provides an account of internal business procedures that can be revised or improved as laws and regulations change. Guidance offered by an independent compliance audit can help minimise risk in certain situations, while also preventing future legal problems or non-compliance penalties.
While planning an independent compliance audit, the following key points should be considered:
-
Deciding whether the audit should be undertaken internally or externally
The FIAML Reg 2018 requires the audit process to be carried out independently. Although, the law does not provide an explicit definition of ‘independence’, at the very least it implies that the audit functions should be independent of, and separate to the executive team dealing with the organisation’s Anti-Money Laundering (‘AML’) and Combating Financing of Terrorism (‘CFT’) processes. The auditor must not have been involved in the development of the risk assessment, or the establishment, implementation, or maintenance of the organisation’s AML / CFT programme. In cases where an internal person is designated to undertake the audit, an assessment of whether the person could be considered “independent” should be made. It is highly improbable to have adequate separation of duties in a small- to medium-sized reporting entity. Independence also implies a separation in the reporting line, i.e. a direct line of communication from the audit functions to the organisation’s senior management.
-
Experience and skill of the auditor
Apart from being independent, the choice of the auditor should be based on the experience and skill of the latter. The background and qualifications of the auditor should be asked prior to the audit.
-
Expectations from the audit
As a general rule, in view of evaluating how well the organisation adheres to rules, regulations and laws, the independent compliance audit will cover the adequacy and effectiveness of the organisation’s policies, systems, controls, and procedures relating to AML/CFT. This is done by having a detailed plan covering access to information and relevant staff, testing of the effectiveness of existing procedures and controls and any automated systems in use by the organisation, random selection of transactions/files for review and record-keeping. Additionally, the independent compliance audit helps to ascertain if the AML/CFT programme adopted by the financial institution throughout the specified period was adequate and effective and advise on any changes that may be required.
-
Audit frequency
It is common practice that independent compliance audit is conducted on an annual basis and/or when there has been a major change in the AML/CFT risk assessment, policies, or procedures. However, it lies on the organisation to determine the audit frequency based on the internal risk assessment and any previous audits. For example, if an organisation is dealing with institutions posing a higher risk of Money Laundering and Terrorism Financing, it is recommended that the independent compliance audit be conducted more frequently.
The importance of independent compliance audit
In Mauritius, the obligation to conduct an independent compliance audit, imposed by the law, is one which must be adhered to, as the cost of non-compliance can be devastating. In fact, in January 2020, Fenergo has released its findings on financial institution fines, revealing that in December 2019, global penalties for non-compliance with Anti-Money laundering, Know your Customer and sanctions regulations totaled to $36 billion.
Why consider Temple Consulting as your compliance auditor?
Temple Consulting Ltd (‘TCL’) established in 2007, has been assisting financial entities in meeting their regulatory and legal requirements through various compliance exercises, including independent compliance audit.
Our role will be fully aligned with the requirements of the law as outlined above.
- We have a team of compliance consultants with proven expertise on independent compliance audits.
- We remain available over the phone, by email and to be present on site as required.
- In the event of absences / leave, there is no disruption in our service delivery –there is always be a senior representative of TCL present to liaise with your organisation as required.
- We work to demonstrate awareness of the National Risk Assessment outcomes and align internal processes with the recommendations made, demonstrating best practice, and streamlining any future NRA-related regulatory queries or action.
- Affiliation with legal chambers, readily available legal resources, pool of experienced consultants, serviced withing 24 hours.
References:
https://www.bom.mu/sites/default/files/guideline_on_aml-cft_jan_2020_15.01.2020_0.pdf https://www.lawsociety.org.nz/news/lawtalk/lawtalk-issue-940/the-amlcft-external-audit-and-internal-review/ https://www.strategi.co.nz/aml-cft/what-is-aml-cft-audit-what-do-i-need-to-consider https://www.fenergo.com/news/aml-kyc-and-sanctions-fines-for-global-financial-institutions-top-$36-billion-since-financial-crisis.html
Recent Comments