If the time for your AML audit is rapidly approaching, the most important question at the forefront of your mind should be: who will be my AML auditor?
Finding your AML auditor is one of the first steps to take when it comes to preparing for your three-yearly AML audit. But to make sure you're as ready as you can be, there are a couple of key areas you have to look at beforehand. In this blog you'll find my quick run-down of the important things you need to do before you have your AML audit, and an opportunity to download our free guide to AML Audits.
When should I start preparing for an audit?
If you’ve already had an AML audit, the best time to prepare for the next one is once the auditor has returned their findings. You should look at the outcomes and make a remediation plan to address any issues the auditor has identified, as this will help you avoid making the same mistakes going forward.
If you haven’t had an AML audit, preparation starts from the moment you begin managing your AML/CFT programme. In an AML audit, your auditor will be assessing you on how your policies, procedures, and controls are documented and followed, and so, your audit preparation should begin when you start managing your AML/CFT programme. However, most Compliance Officers don’t immediately think of their statutory AML audit when they take the reins of their business’s AML/CFT programme. So, you can spot-check now if your AML/CFT programme is up-to-scratch by asking yourself some basic questions:
- Are your Risk Assessment and Compliance Programme documents up to date?
- Have you been following the policies, procedures, and controls as outlined in your Compliance Programme?
- Are your staff and senior management up to date with their AML/CFT training?
- Have you been doing Customer Due Diligence and Enhanced Due Diligence on the people who need it?
- Have you undertaken account/transaction monitoring?
- Have you met reporting requirements?
- Have you been keeping records?
If you answer “no” to any of the above questions, try to put a plan of action in place to get the ball rolling as soon as possible, and thoroughly document what you’re doing so you can demonstrate to your AML auditor that you are actively taking steps to optimise your programme.
In addition, if you’re non-compliant and your AML audit is coming up, it’s important to be transparent with your auditor beforehand. Masking areas of non-compliance, for example, back-dating records or quickly doing work the week before the audit, will be readily visible to an experienced auditor and will reflect poorly on your organisation's culture of compliance. One early step to take is to discuss your challenges and remediation plans openly with your auditor, as this will yield meaningful recommendations and add value to your audit report and the audit process.
What preparation work should I do on my documents?
Documentation is a key part of the AML audit process, as your auditor will be assessing you on what you’ve recorded and filed. Here are five key steps to take to get your documentation in order:
- Gather your documents together
Your AML auditor will want to draw samples from your documents, so you'll need to make sure they're available ahead of time. Gather the relevant documents that are in separate filing cabinets, attached in emails, hosted in the cloud, or off-site. You'll want to minimise the time an auditor has to spend waiting on documents as this increases the cost of your audit.
- Make your documents logical and clean
Messy and incoherent documents make audits difficult to complete. Plus, auditors are human and hate mess. You need to make the process as frictionless as possible by organising your documents. For example, extract your Customer Due Diligence documents from the wider document retention files for a customer. This allows the auditor to hone in on that specific set without having to hunt for them. It also shows that you are organised!
- Do a logic check between your processes and AML/CFT documents
Have you been doing everything as outlined in your Risk Assessment and Compliance Programme? AML auditors often observe gaps between how something was documented and how it is practically undertaken. Do a logic check to see what sort of gaps you are facing and update any documents where possible.
- Undertake your own internal assurance prior to the audit
Get a flavour for the areas you're doing well in and where you might need to focus more attention on. Undertaking an internal assurance check around six months in advance gives you an opportunity to remediate any areas of weakness. Test key areas like CDD, transaction monitoring, staff vetting, and staff training to make sure they're in line.
- Make sure your registers are up to date
If you've done staff training and vetting, or formed and removed/filed suspicions, created exceptions etc., make sure this is reflected in your registers. Auditors can only assess what has been recorded, so if you've done the work but haven't written it down, you won't be given credit for it.
