Finding your AML auditor is one of the first steps to take when it comes to preparing for your three-yearly AML audit. But to make sure you're as ready as you can be,...
If the time for your AML audit is rapidly approaching, the most important question at the forefront of your mind should be: who will be my AML auditor?
Depending on the auditor you pick, they can deliver great value and insight into the running of your AML/CFT programme. But if you choose the wrong auditor, you could end up with a hurried tick-box exercise that results in your business actually being non-compliant.
You might already have an AML auditor that you use. Maybe you're on the hunt for a new auditor. Or perhaps this is your first audit ever. Whichever stage you're at, you will benefit from assessing your auditor to make sure you're getting the most value out of the AML audit exercise.
So, what should you be looking for in an AML auditor?
To make your AML audit truly valuable, you'll want to engage an AML auditor who understands AML/CFT principles and your sector. In particular, you will want an auditor with a solid audit methodology, as auditing is a skill set in its own right. This is important because processes, systems, and risks differ between sectors, and if the auditor doesn't have a good grasp on the context in which your business operates, they'll make recommendations that aren't applicable or customised to your circumstances.
In addition to having a good ground knowledge of your sector, you will benefit most from an AML auditor that explains the process as they go and discusses the findings with you afterwards.
But, how will you know what a good AML auditor looks like?
You should look carefully at your AML auditor's qualifications across four aspects:
- Expertise: Are they CAMS-certified? (Certified Anti-Money Laundering Specialist). What previous audits have they undertaken?
- Industry experience: Have they performed AML audits or worked in your sector before? Do they understand the context?
- Previous AML audit experience: How long have they been doing AML/CFT audits, how many, and who for? Have they previously undertaken other types of audits in their career, or held internal assurance type roles?
- Methodology: Ask your auditor about their methods, for example, how wide is their audit scope? If an AML auditor is fixated with reviewing a large percentage of your CDD files, but they don't enquire about other aspects of compliance, their focus may be too narrow. When AML Supervisors review Reporting Entities, they have a detailed focus on each aspect of the Compliance Programme to make sure you are following the requirements. A good auditor will focus as much on your full suite of obligations, and it is worth asking up-front how an auditor achieves this.
A quick pass doesn't mean compliance
Unfortunately, it isn't hard to find a low-cost auditor that will give you a quick pass, but that doesn't mean you are compliant in practice. If an auditor has failed to identify systemic issues within your Compliance Programme and its implementation (perhaps because they have done the audit too quickly and/or not addressed your full suite of obligations), then as a Reporting Entity you may be found non-compliant by the Supervisors despite a positive independent audit.
So, it is important to pick your auditor carefully; the lowest cost option is not the best criteria.
