scroll to explore

The role of Internal Audit within the AML Framework

Credit & Financial Institutions

The role of Internal Audit within the AML Framework

by Mazars in Malta

7th July 2021

In today’s world of tightening regulations and an evolving risk landscape, companies are facing increased pressure to comply with Anti Money Laundering (AML) regulations to avoid hefty fines, reputational risk, and disruptions to their operations.

Now more than ever, companies require assurance that their AML control framework is strong and tight enough to prevent and detect instances where their business can be used to clean money or to finance terrorism. Internal audit may provide this assurance to the company by assessing its AML control framework. It will also give the opportunity to the company to address any issues before they escalate or before they are detected by the competent authorities.

What is Internal Audit?

A company can never be in business without being susceptible to risks. Having said that, it needs to have sufficient mitigating controls to address those risks and reduce them to an acceptable level. According to the Chartered Institute of Internal Auditors, the role of internal audit is to provide independent assurance that an organisation’s risk management, governance, and internal control processes are operating effectively. In essence, internal audit, being the third line of defence, will assess the design and operating effectiveness of the internal control framework and provide an independent opinion thereon. Most importantly, it would also propose recommendations on how identified weaknesses can be addressed by management. The independence of an internal auditor is crucial in ensuring opinions expressed are free from any internal and external interference, or undue pressure.

What is the regulatory requirement?

The Prevention of Money Laundering and Funding of Terrorism Regulations (PMLFTR) and the related Implementing Procedures (IPs) emphasize the importance of monitoring the AML control framework on an ongoing basis. These also encourage companies to consider the implementation of an independent audit function to assess the design and effectiveness of the implementation of measures, policies, control, and procedures adopted by the company to address AML risk. The IPs also state that a company is not necessarily required to set up an internal audit function, but it can also engage an independent consultant or an internal party, who is independent of the operations, to carry out this role.

What are the critical elements for an effective internal audit function?

The internal audit team should have the required qualifications and expertise in AML to be able to understand the regulatory obligations, best practices, as well as the latest money laundering typologies. This should be coupled with a thorough understanding of the operations of the company to be able to assess the AML risks it is susceptible to, based on the four key risk factors: product, customer, interface, and geographical risk.

Defining scope is critical. This is achieved by having an open communication channel between the internal audit team and the Board of Directors or Audit Committee during the scoping of an assignment, to ensure that resources are focused on those areas which pose the highest risk. Audits may be focused on specific high-risk areas (such as onboarding, monitoring, customer risk assessments, or reporting) or else take the form of a general health check of the AML control framework to provide an insight into the company’s compliance with its AML/CFT obligations.

Such audits would typically have two facets. The first would focus on an assessment of the design of policies, procedures, controls, and systems to ensure that they meet the regulatory requirements, and are in line with best practices and with the risk appetite of the company.

The second would include a review of the implementation of the company’s policies and procedures by the first line of defence, to guarantee that the controls designed by management are implemented in practice and that the controls are effective in mitigating the risk. This may also cover the oversight and checks carried out by the second line of defence, these being Compliance and the Money Laundering Reporting Officer (MLRO). Various methodologies may be used during this phase, such as data analysis to provide greater coverage, which could eliminate or reduce the need for large and timely substantive sampling.

Whilst preserving independence, internal audit should work together with management and the relationship between the two should be built on mutual trust. This can be achieved by discussing findings and remediation plans during the course of the audit. The internal audit report is first presented to management, which is, in turn, requested to comment on the findings before it is presented to the Board of Directors or Audit Committee.

The role of internal audit should be dynamic and should adapt to the needs of the company. There are various ‘non-traditional’ assignments that may be undertaken by internal audit in order to assist the company, whilst it navigates through the various stages in its lifecycle. These could include involvement during the development of new tools, systems, policies, and procedures, or during the development of new products or service lines; the post-implementation assessment of systems, tools, policies, and procedures; assistance during de-risking exercises; assessments of the AML risk and control framework of an entity as part of the due diligence process prior to a merger and acquisition transaction or joint venture arrangement; as well as the provision of training.

This article was written by our advisory senior manager Alicia Vella, specialising in internal audit, AML, and regulatory compliance.

Credit & Financial Institutions

The role of Internal Audit within the AML Framework

In today’s world of tightening regulations and an evolving risk landscape, companies are facing increased pressure to comply with Anti Money Laundering (AML) regulations to avoid hefty fines, reputational risk, and disruptions to their operations.

What is Internal Audit?

What is the regulatory requirement?

What are the critical elements for an effective internal audit function?

'Credit & Financial Institutions' Related News Articles

A creditor’s obligation to assess the creditworthiness of a consumer

BOV TALKS ARTIFICIAL INTELLIGENCE IN THE BANKING WORLD

The MFSA consults on a draft Conduct of Business Rulebook for Banks

MFSA Shifts to Outcomes-Based Supervision in 2024

AIFMD II – A step closer to entry into force

The European Union Global Minimum Level of Taxation for Multinational Enterprise Groups and Large-Scale Domestic Groups Regulations 2024

BOV EXPERTS DISCUSS ECONOMY AND INVESTMENT BASICS WITH RETAIL CLIENTS

Bank of Valletta has supported this year’s opera by Gioachino Rossini – ‘Armida’

EU AML-CTF Package taking shape: Compromise text for AMLR and 6AMLD published

Changing the terms of a credit agreement and forbearance policies and measures: new obligations on lenders in consumer and residential property credit agreements

BOV launches revamped cutting-edge website

The HSBC Malta Foundation supports Three-Year UM Research Project through RIDT

Bank Of Valletta extends Partnership Agreement with Heritage Malta

BOV RETROSPECTIVE EXHIBITION FEATURING WORKS BY NOEL GALEA BASON OFFICIALLY INAUGURATED

Goal-line Defenders: Scoring Victory Against Financial Crime with the Three Lines of AML/CFT Defence

Agreement reached on the establishment of the Anti-Money Laundering Authority (“AMLA”)

FIAU Thematic Review on Company Service Providers when providing Company Formation Services

Directive 93/13/EEC and mandatory statutory or regulatory provisions in consumer contracts

2023 SEES 151 BOV EMPLOYEES GRADUATING

BOV SELLS PORTFOLIO OF NON-PERFORMING LOANS

MALTA Nomad Residence Permit, New Tax Rules.

BOV Boosting Employee Retention through Occupational Pension Schemes

Keeping Tabs on Market Perception and Knowledge about Investments

BOV Announces Profit Before Tax of €163.5 million as at September 2023

Proposed amendments to the Exclusive Economic Zone Act and ancillary laws

MFSA Circular regarding various amendments to the Investment Services Rulebooks

MiCA Update: Consultation Process on the Proposed Updates to Chapter 3 of the VFA Rulebook

Continuing to disclose the topic EU funding for Startups ¦ Startup Definition

BOV keeps up momentum in educating customers about scams

Auditing iGaming Entities

Malta: a state-of-the-art regulatory framework for cryptocurrencies

ESMA issues Second Consultation Package under MiCA

Standard and Poor’s (S&P) upgrades Bank of Valletta’s rating to stable

BOV Asset Management Seminar Discusses Best Practices in Investments

BANK OF VALLETTA ACQUIRES NEW FUNDING TO RELAUNCH THE BOV SME INVEST PACKAGE

BOV Introduces New Digital Portal to Update Customer Records

EU Court’s Landmark Ruling: Restricting Financial Ties to Combat Money Laundering and Terrorism Financing

ESMA and EBA issue Inaugural Consultation Packages under MICA

ESMA issues public statement in relation to sustainability disclosures in prospectuses

FIAU publishes its AML / CFT Supervisory Plan for 2023 – 2024

Reforming Digital Payments – Introducing the new Payment Services proposals

APS Bank delivers best-ever half-yearly results, to pay interim dividend

New Digital Experience For BNF Bank Customers

Proposals for an improved European Banking Union framework – Part II

Proposals for an improved European Banking Union framework – Part I

Opposing trade mark registrations in the realm of financial institutions

Over 24,000 customers respond to BOV’s call for feedback

BOV puts Mobility in the Spotlight on World Bicycle Day

BOV Goes Green for Mental Health

BOV Volunteers at GSSE 2023

The new notified PIFs framework: MFSA publishes consultation document on regulatory changes

MiCA obtains green light from European Council

ESMA postpones annual IFRS amendment of ESEF to 2024

BOV Launches Investor Education Sessions

MiCA – Landmark crypto regulation approved by EU Parliament

BOV ISSUES WARNING ON SCAM CALLS

BOV Asset Management Limited launches the Global Multi-Asset Thematic 60 Fund managed by Fidelity International

MALTA COUNTRY ANALYSIS REPORT

INFOCREDIT GROUP AMONG THE SPONSORS OF MALTA FINANCIAL CRIME COMPLIANCE CONFERENCE 2023

Business Decisions that undermine the Compliance Culture – Part 5

BOV Offers MAPFRE MSV Life Capital Guaranteed Product

Business Decisions that undermine the Compliance Culture – Part 4

Becoming a Data Driven Organisation

Business Decisions that undermine the Compliance Culture – Part 3

BANK OF VALLETTA PROMOTES HEALTHY LIFESTYLES AND ROTA INITIATIVE

Business Decisions that undermine the Compliance Culture – Part 2

ELTIF 2.0 published in the Official Journal of the European Union

The INSIGHT Interview: David Power, CEO of BNF Bank

Sustainable Finance and the Impact on the Financial Services Sector in Malta

Bank of Valletta commemorates International Women’s Day

EU’s Green Taxation: Tackling Climate Change through Tax

The classification of cryptoassets under the new Markets in Crypto-Assets Regulation

Business Decisions that undermine the Compliance Culture – The MLRO Reporting Lines