AML
AML (Anti-money Laundering) Audit
As a regulated and/or supervised institution operating in the financial services sector, your banking partner, the regulator or related stakeholders may require you to conduct an annual independent audit of your firm’s anti money laundering (AML) arrangements.
With fscom as your independent third-party auditor, you will benefit from our deep knowledge and industry expertise as long-standing auditors on approved panels with several prominent banking providers. Rely on our team of specialists who can provide you with the insights you need to improve your third line of defence and meet your compliance standards.
Looking for an independent third party for your AML audit? Book a consultation today.
Related Webinar
Preparing for your AML Audit Webinar
Watch this webinar where fscom’s Associate Director in the Fincrime team, Fred McDowell guides you on how to prepare for your AML Compliance Audit’.
What is a compliance or AML audit?
A compliance audit or an anti-money laundering (AML) audit is an external independent review of your firm’s business processes, documented policies and procedures, personnel and controls in order to compare your existing compliance procedures against your regulatory obligations.
More specifically, an anti-money laundering compliance audit makes sure:
- Your systems and controls are both technically compliant and functionally effective as financial crime controls; and
- Your ecosystem is safe for both existing and new third parties (i.e., prospective counterparties, suppliers or commercial partners).
AML regulations involve a significant amount of personal, legal and financial responsibility. This means that AML audits include a holistic review of your end-to-end control framework, from governance frameworks and senior management oversight, through to controls design and the operational output of your first-line teams.
Without an expert third-party review, you can risk non-compliance, which can result in fines, sanctions, loss of licence or censure by the regulator.
Who needs an AML audit?
Regulated financial firms in the UK and the EU often require annual AML audits to ensure compliance with relevant regulatory / legislative obligations and to reduce exposure to illicit flows.
What are the regulatory obligations?
In the UK, our AML audits are primarily scoped against the The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (as amended), as well as the Proceeds of Crime Act 2002, the FCA Handbook, the Joint Money Laundering Steering Group’s Guidance for the UK Financial Sector and applicable financial sanctions regulation and legislation.
What is the benefit of an AML audit?
The end result of an AML audit is a comprehensive audit report which firms can use to demonstrate internally and externally to third parties that they are meeting the highest standards of compliance throughout the firm.
Book your free consultation
1. Have the proper documentation ready
Prepare your AML policies, procedures, and the components in the AML framework beforehand to make it easy for auditors to review your compliance and ensure greater accuracy and guidance:
- Prepare the right data. Check that your policies and procedures are up to date and ready for a review. Documentation, such as customer due diligence (CDD) records, testing and transaction monitoring, alert cases, sample selections, and more, provides a representative sample selection with reasonable data points to enable a review.
- Make the data accessible. Provide the right data in an easy-to-digest format (e.g., access to CRMs), which makes it easy for a third party to identify red flags or high-risk indicators in your client base.
- Ensure staff are on hand. Auditors may want to interview staff to understand how they carry out requirements, such as CDD file testing. It’s important that even senior managers and directors are on hand – from your MLRO, board of director members and the CEO to your commercial teams – to provide their view on your compliance structure.
2. Do a mini audit
A good exercise for an upcoming AML audit is to run your own mini audits. These can help you prepare for third-party reviews while giving you an idea of where potential risk and violations lie. For example, a mini audit could entail conducting a gap analysis ahead of time to identify issues, such as big backlogs in your systems or open regulatory items you still need to address.
As you’re going through a mini audit, also review your senior management arrangements. This includes making sure all your policies and procedures are up to date, including your:
- Financial crime risk assessments;
- Customer risk assessments;
- Transaction monitoring rulesets / controls;
- Training records;
- Periodic / event driven review processes;
- Suspicious activity reports (SARs);
- Compliance monitoring activities; and
- Operational outputs of detective controls.
A mini assessment can also help prompt and drive discussions with an independent reviewer, helping to further your understanding of AML compliance.
We can conduct AML audits that include counter terrorist financing (CTF) and counter proliferation financing (CPF) reviews, which fall under the AML audit scope and are based on the MLRs, JMLSG, POCA requirements.
Our established audit methodology of enquiry, observation and validation can take four to six weeks, depending on your firm’s size.
Your AML audit with fscom has four stages:
1. Kickoff call. We introduce our team to your relevant stakeholders and provide an overview of what to expect to ensure alignment during the AML audit. You receive a pre-audit documentation checklist, which outlines the documents we need from you to start the audit process.
2. Desktop review. We analyse the requested documentation to ensure what you have on paper is technically compliant with regulatory and legislative obligations. This discovery stage provides us with an important overview of what to expect during the testing phase.
3. Audit testing. We leverage what we learned in the desktop and file reviews and see how your internal controls and systems work in practice. This includes:
- Side-by-side walkthroughs. We sit down with your executives to observe your processes (e.g., CDD or transaction monitoring systems) in action from start to finish, ensuring your documentation and procedures align with the full AML framework.
- One-to-one staff interviews. We assess your executives’ knowledge and experience to gauge the culture of compliance within the firm – a key focus of the FCA.
- Testing and validation. We test representative samples of your policies and procedures to see how you actually apply them.
4. Report issuance. You come away with our audit findings in a finalised yet actionable report, which you can challenge to avoid misinterpretation and to strengthen your AML controls. Our recommendations are always practical in nature, including thorough explanations, ways to remediate and what remediation looks like.
Why choose fscom?
- 12+ years of AML audit experience. We have been conducting 70 AML audits per year across the UK and EU for firms varying in business model, financial product, and size.
- Comprehensive insight into industry best practice. Our tried and tested methodologies are comprehensive in scope and efficient in identifying your compliance strengths and areas requiring increased focus.
- Deep expertise. Former regulators, bankers, consultants and in-house compliance managers with deep domain knowledge of financial crime compliance will lead your AML audits from start to finish.
- Timely delivery. Receive an honest and full appraisal of what your firm does well and areas requiring attention in a time-efficient manner.
- Established reputation and friendly approach. Partner financial institutions, long-standing clients, and FCA regulators know us well and trust our methodologies. We combine strong technical delivery with an open and engaging communication approach based on core values of mutual respect, courtesy, patience and flexibility.
- Support beyond the AML audit. Our support extends to targeted AML reviews and financial crime audits. This includes not only reviews of your AML, CTF and CPF, but how you deal with the AML risks of tax evasion, fraud, bribery and corruption. We also tailor our support to your specific business needs.
How we helped a bank strengthen their financial crime regime through an AML audit
We conducted a thorough appraisal of their existing financial crime infrastructure, a review of the FCA’s concerns and recommendations, and a business risk assessment. We provided a remediation plan, which included measures to achieve maximum oversight of their financial crime regime and staff training to support their understanding of the regulatory requirements they’re responsible for.
We had a separate fscom advisory team step in to help the bank build out our recommendations, ensuring an ethical division between our audit and advisory teams. During the FCA follow up, the regulators noted and commended the improvements the bank had planned and implemented based on our assurance review.
Get started on your AML audit
Rely on experts with 12+ years of experience and deep domain knowledge to conduct a thorough review of your AML and financial crime infrastructure.
With fscom, you can scale your business in a compliant manner and remain in good standing.
Related services
On demand insights and resources
Webinar and Podcasts
From the Blog
On demand insights and resources
Discover insights from our industry-leading experts on Anti-money Laundering including blogs, podcasts and webinars.
Most Common Audit Findings Webinar
Watch our webinar where fscom’s Associate Director in the Fincrime team, Fred McDowell as he goes through the Most Common AML Compliance Audit Findings.
AML in Crypto: A beginners Guide
As of January 2022, more than 300 million people are using blockchain-based cryptocurrencies worldwide, and over 18,000 businesses accept cryptocurrency payments. According to market experts,
AML & CTF Risk Assessment- Best Practice Guidance Webinar
This on demand webinar, Senior Manager of Fincrime, Fred McDowell will discuss the key aspects of AML / CTF controls.
AML & CTF Risk Assessment- Best Practice Guidance Podcast
In this session, Fred McDowell, fscom’s Senior Manager of Financial Crime, will provide insight as to how a firm can ensure that their AML &
