A creditor’s obligation to assess the creditworthiness of a consumer
by Ganado Advocates
23rd April 2024
by Mazars in Malta
7th July 2021
Now more than ever, companies require assurance that their AML control framework is strong and tight enough to prevent and detect instances where their business can be used to clean money or to finance terrorism. Internal audit may provide this assurance to the company by assessing its AML control framework. It will also give the opportunity to the company to address any issues before they escalate or before they are detected by the competent authorities.
A company can never be in business without being susceptible to risks. Having said that, it needs to have sufficient mitigating controls to address those risks and reduce them to an acceptable level. According to the Chartered Institute of Internal Auditors, the role of internal audit is to provide independent assurance that an organisation’s risk management, governance, and internal control processes are operating effectively. In essence, internal audit, being the third line of defence, will assess the design and operating effectiveness of the internal control framework and provide an independent opinion thereon. Most importantly, it would also propose recommendations on how identified weaknesses can be addressed by management. The independence of an internal auditor is crucial in ensuring opinions expressed are free from any internal and external interference, or undue pressure.
The Prevention of Money Laundering and Funding of Terrorism Regulations (PMLFTR) and the related Implementing Procedures (IPs) emphasize the importance of monitoring the AML control framework on an ongoing basis. These also encourage companies to consider the implementation of an independent audit function to assess the design and effectiveness of the implementation of measures, policies, control, and procedures adopted by the company to address AML risk. The IPs also state that a company is not necessarily required to set up an internal audit function, but it can also engage an independent consultant or an internal party, who is independent of the operations, to carry out this role.
The internal audit team should have the required qualifications and expertise in AML to be able to understand the regulatory obligations, best practices, as well as the latest money laundering typologies. This should be coupled with a thorough understanding of the operations of the company to be able to assess the AML risks it is susceptible to, based on the four key risk factors: product, customer, interface, and geographical risk.
Defining scope is critical. This is achieved by having an open communication channel between the internal audit team and the Board of Directors or Audit Committee during the scoping of an assignment, to ensure that resources are focused on those areas which pose the highest risk. Audits may be focused on specific high-risk areas (such as onboarding, monitoring, customer risk assessments, or reporting) or else take the form of a general health check of the AML control framework to provide an insight into the company’s compliance with its AML/CFT obligations.
Such audits would typically have two facets. The first would focus on an assessment of the design of policies, procedures, controls, and systems to ensure that they meet the regulatory requirements, and are in line with best practices and with the risk appetite of the company.
The second would include a review of the implementation of the company’s policies and procedures by the first line of defence, to guarantee that the controls designed by management are implemented in practice and that the controls are effective in mitigating the risk. This may also cover the oversight and checks carried out by the second line of defence, these being Compliance and the Money Laundering Reporting Officer (MLRO). Various methodologies may be used during this phase, such as data analysis to provide greater coverage, which could eliminate or reduce the need for large and timely substantive sampling.
Whilst preserving independence, internal audit should work together with management and the relationship between the two should be built on mutual trust. This can be achieved by discussing findings and remediation plans during the course of the audit. The internal audit report is first presented to management, which is, in turn, requested to comment on the findings before it is presented to the Board of Directors or Audit Committee.
The role of internal audit should be dynamic and should adapt to the needs of the company. There are various ‘non-traditional’ assignments that may be undertaken by internal audit in order to assist the company, whilst it navigates through the various stages in its lifecycle. These could include involvement during the development of new tools, systems, policies, and procedures, or during the development of new products or service lines; the post-implementation assessment of systems, tools, policies, and procedures; assistance during de-risking exercises; assessments of the AML risk and control framework of an entity as part of the due diligence process prior to a merger and acquisition transaction or joint venture arrangement; as well as the provision of training.
This article was written by our advisory senior manager Alicia Vella, specialising in internal audit, AML, and regulatory compliance.
by Ganado Advocates
23rd April 2024
by Ganado Advocates
5th April 2024
by CSB Group
5th April 2024
by Bank of Valletta
21st March 2024
by Bank of Valletta
18th March 2024
by Ganado Advocates
4th March 2024
by Ganado Advocates
23rd February 2024
by HSBC Bank Malta p.l.c.
19th February 2024
by Bank of Valletta
29th January 2024
by Bank of Valletta
17th January 2024
by CSB Group
12th January 2024
by Ganado Advocates
3rd January 2024
by Ganado Advocates
3rd January 2024
by Ganado Advocates
3rd January 2024
by Bank of Valletta
28th November 2023
by Bank of Valletta
23rd November 2023
by Bank of Valletta
3rd November 2023
by Ganado Advocates
1st November 2023
by Ganado Advocates
1st November 2023
by Ganado Advocates
1st November 2023
by Griffiths + Associates Ltd
31st October 2023
by Ganado Advocates
16th October 2023
by Bank of Valletta
29th September 2023
by Bank of Valletta
31st August 2023
by Bank of Valletta
28th August 2023
by Ganado Advocates
16th August 2023
by Ganado Advocates
16th August 2023
by Ganado Advocates
11th August 2023
by APS Bank plc
31st July 2023
by Ganado Advocates
28th June 2023
by Ganado Advocates
28th June 2023
by Ganado Advocates
28th June 2023
by Ganado Advocates
26th May 2023
by Bank of Valletta
7th May 2023
by Infocredit Group Limited
3rd May 2023
by Bank of Valletta
14th April 2023
by Ganado Advocates
10th April 2023
by CSB Group
14th March 2023
by Ganado Advocates
24th February 2023
by CSB Group
21st February 2023
by Griffiths + Associates Ltd
20th February 2023
by FinanceMalta
14th February 2023
by Bank of Valletta
31st January 2023
by CSB Group
19th January 2023
by Ganado Advocates
13th January 2023
by Ganado Advocates
13th January 2023
by Bank of Valletta
27th December 2022
by Bank of Valletta
21st November 2022
by BNF Bank plc
18th November 2022
by Bank of Valletta
3rd November 2022
by FinanceMalta
28th October 2022
by BNF Bank plc
6th October 2022
by Bank of Valletta
16th September 2022
by Bank of Valletta
2nd September 2022
by CSB Group
31st August 2022
by Bank of Valletta
11th August 2022
by BNF Bank plc
10th August 2022
by Griffiths + Associates Ltd
29th July 2022
by Griffiths + Associates Ltd
25th July 2022
by BNF Bank plc
14th July 2022
by Bank of Valletta
3rd June 2022
by Infocredit Group Limited
19th May 2022
by The Malta Institute of Accountants
13th May 2022
by Griffiths + Associates Ltd
9th May 2022
by Griffiths + Associates Ltd
3rd May 2022
by Infocredit Group Limited
28th April 2022
by Infocredit Group Limited
8th April 2022
by Infocredit Group Limited
8th April 2022
by Ganado Advocates
24th February 2022
by Bank of Valletta
16th February 2022
by BNF Bank plc
12th January 2022
by BNF Bank plc
3rd December 2021
by Western Union Business Solutions
1st November 2021
by FinanceMalta
8th July 2021
by FinanceMalta
8th July 2021
by FinanceMalta
8th July 2021
by Bank of Valletta
28th June 2021
by FinanceMalta
18th June 2021
by Bank of Valletta
1st June 2021
by Bank of Valletta
26th May 2021
by Bank of Valletta
25th May 2021
by Bank of Valletta
18th May 2021
by Bank of Valletta
17th May 2021
by Bank of Valletta
7th May 2021
by FinanceMalta
29th April 2021
by Bank of Valletta
13th April 2021
by Bank of Valletta
18th February 2021
by Western Union Business Solutions
5th February 2021
by FinanceMalta
14th January 2021
by Bank of Valletta
4th January 2021
by Bank of Valletta
21st December 2020
by Bank of Valletta
18th December 2020
by Bank of Valletta
18th December 2020
by Bank of Valletta
30th November 2020
by Bank of Valletta
29th September 2020
by Infocredit Group Limited
23rd September 2020
by Bank of Valletta
14th September 2020
by Bank of Valletta
14th September 2020
by Bank of Valletta
2nd September 2020
by Bank of Valletta
19th August 2020
by APS Bank plc
3rd August 2020
by Bank of Valletta
31st July 2020
by Bank of Valletta
31st July 2020
by Ganado Advocates
17th July 2020
by FinanceMalta
10th June 2020