In today’s world of tightening regulations and an evolving risk landscape, companies are facing increased pressure to comply with Anti Money Laundering (AML) regulations to avoid hefty fines, reputational risk, and disruptions to their operations.

Now more than ever, companies require assurance that their AML control framework is strong and tight enough to prevent and detect instances where their business can be used to clean money or to finance terrorism. Internal audit may provide this assurance to the company by assessing its AML control framework. It will also give the opportunity to the company to address any issues before they escalate or before they are detected by the competent authorities.

What is Internal Audit?

A company can never be in business without being susceptible to risks. Having said that, it needs to have sufficient mitigating controls to address those risks and reduce them to an acceptable level. According to the Chartered Institute of Internal Auditors, the role of internal audit is to provide independent assurance that an organisation’s risk management, governance, and internal control processes are operating effectively. In essence, internal audit, being the third line of defence, will assess the design and operating effectiveness of the internal control framework and provide an independent opinion thereon. Most importantly, it would also propose recommendations on how identified weaknesses can be addressed by management. The independence of an internal auditor is crucial in ensuring opinions expressed are free from any internal and external interference, or undue pressure.

What is the regulatory requirement?

The Prevention of Money Laundering and Funding of Terrorism Regulations (PMLFTR) and the related Implementing Procedures (IPs) emphasize the importance of monitoring the AML control framework on an ongoing basis. These also encourage companies to consider the implementation of an independent audit function to assess the design and effectiveness of the implementation of measures, policies, control, and procedures adopted by the company to address AML risk. The IPs also state that a company is not necessarily required to set up an internal audit function, but it can also engage an independent consultant or an internal party, who is independent of the operations, to carry out this role.

What are the critical elements for an effective internal audit function?

The internal audit team should have the required qualifications and expertise in AML to be able to understand the regulatory obligations, best practices, as well as the latest money laundering typologies. This should be coupled with a thorough understanding of the operations of the company to be able to assess the AML risks it is susceptible to, based on the four key risk factors: product, customer, interface, and geographical risk.

Defining scope is critical. This is achieved by having an open communication channel between the internal audit team and the Board of Directors or Audit Committee during the scoping of an assignment, to ensure that resources are focused on those areas which pose the highest risk. Audits may be focused on specific high-risk areas (such as onboarding, monitoring, customer risk assessments, or reporting) or else take the form of a general health check of the  AML control framework to provide an insight into the company’s compliance with its AML/CFT obligations.

Such audits would typically have two facets. The first would focus on an assessment of the design of policies, procedures, controls, and systems to ensure that they meet the regulatory requirements, and are in line with best practices and with the risk appetite of the company.

The second would include a review of the implementation of the company’s policies and procedures by the first line of defence, to guarantee that the controls designed by management are implemented in practice and that the controls are effective in mitigating the risk. This may also cover the oversight and checks carried out by the second line of defence, these being Compliance and the Money Laundering Reporting Officer (MLRO). Various methodologies may be used during this phase, such as data analysis to provide greater coverage, which could eliminate or reduce the need for large and timely substantive sampling.

Whilst preserving independence, internal audit should work together with management and the relationship between the two should be built on mutual trust. This can be achieved by discussing findings and remediation plans during the course of the audit. The internal audit report is first presented to management, which is, in turn, requested to comment on the findings before it is presented to the Board of Directors or Audit Committee.

The role of internal audit should be dynamic and should adapt to the needs of the company. There are various ‘non-traditional’ assignments that may be undertaken by internal audit in order to assist the company, whilst it navigates through the various stages in its lifecycle. These could include involvement during the development of new tools, systems, policies, and procedures, or during the development of new products or service lines; the post-implementation assessment of systems, tools, policies, and procedures; assistance during de-risking exercises; assessments of the AML risk and control framework of an entity as part of the due diligence process prior to a merger and acquisition transaction or joint venture arrangement; as well as the provision of training.

This article was written by our advisory senior manager Alicia Vella, specialising in internal audit, AML, and regulatory compliance.

'Credit & Financial Institutions' Related News Articles

01
High calibre international speakers for FinanceMalta’s 15th Annual Conference
FinanceMalta

by FinanceMalta

28th October 2022

H.E. Sheikh Feisal Bin Qassim Al Thani celebrates BNF Bank’s success in latest visit to Malta
BNF Bank plc

by BNF Bank plc

6th October 2022

The Changes to the Structure and Competencies of the European Supervisory Authorities (ESAS)
CSB Group

by CSB Group

31st August 2022

INSIGHT Interview: Alan Cuschieri, Founder of Moneybase
FinanceMalta

by FinanceMalta

5th August 2022

Member Spotlight: Fyorin
FinanceMalta

by FinanceMalta

5th August 2022

PrimeGlobal Named Association of the Year 2022 at IAB Awards ¦ Winning in Business with Advisory Culture.
Griffiths + Associates Ltd

by Griffiths + Associates Ltd

25th July 2022

BNF Bank launches a Credit Card Campaign with chance to win once-in-a-lifetime World Cup experience
BNF Bank plc

by BNF Bank plc

14th July 2022

BOV Asset Management launches the sixth reading of the Investor Sentiment Index for Malta.
Bank of Valletta

by Bank of Valletta

3rd June 2022

Infocredit Group shortlisted as ‘Credit Information Provider of the Year ‘at Credit Awards 2022!
Infocredit Group Limited

by Infocredit Group Limited

19th May 2022

14th International Taxation Conference l organized by the Malta Academy for Taxation Studies & the Malta Institute of Management l 3rd May 2022
Griffiths + Associates Ltd

by Griffiths + Associates Ltd

3rd May 2022

Infocredit Group sponsors the Webinar “AML, Sanctions and Embargoes: Understanding the risks and learn how to mitigate them”, organized by FEBIS
Infocredit Group Limited

by Infocredit Group Limited

28th April 2022

Free Webinar from Infocredit Group: “Transforming Consumer Creditworthiness and Affordability with the help of PSD2”
Infocredit Group Limited

by Infocredit Group Limited

8th April 2022

Infocredit Group and MACM join forces to support the Maltese Business Community with Innovative Credit Risk Management and Compliance Solutions
Infocredit Group Limited

by Infocredit Group Limited

8th April 2022

BNF Bank wins again The Banker, ‘Bank of the Year 2021’ Award for 2nd Consecutive Year
BNF Bank plc

by BNF Bank plc

3rd December 2021