Conducting Effective AML Audits and Reviews

Anti Money Laundering (AML) audits are a legal requirement for financial institutions – including accountancy practices. Designed to assess your firm’s compliance with both regulations and best practices, AML compliance audits establish whether there are any gaps or weaknesses in your existing practices, and recommend ways that you can improve.

These AML reviews are crucial to ensure that your organisation is compliant, helping you to spot risks and reduce levels of financial crime.

The Necessity of AML Audits

In 2020, the UK Government amended existing AML regulations to include international standards. All accountancy firms (among others) must comply with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs) – including the Money Laundering and Terrorist Financing (Amendment) Regulations 2019.

The Money Laundering Regulations (MLRs) are enforced by the Financial Conduct Authority (FCA), and include international standards that were set by the Financial Action Task Force (FATF): an intergovernmental organisation that leads global action to tackle money laundering and other financial crimes.

These regulations include the requirement that financial services firms are subject to AML compliance audits. There is no fixed period between audits: this depends on the size of the business, its complexity, its customers and previous compliance records.

AML audits enable you to identify and mitigate any risks, enhance your customer due diligence practices and improve your internal controls, helping you to prevent financial crimes.

Planning the Audit

The first step in planning AML compliance audits is to set the objectives and scope of the audit. These objectives may include identifying any gaps or risks, assessing compliance, and evaluating your current controls. The scope of the audit, of course, will be based on both risk assessment and the relevant regulatory requirements.

The next step is gathering the necessary information. The types of information you will need include customer data, transaction records and policies. This information can come from a variety of sources, including internal databases, interviews with key personnel, and regulatory guidelines.

Next, assemble your audit team. Ensure that you have allocated enough resources to the task, clearly defining your audit team members’ key roles and responsibilities. You should also be sure that your team includes data specialists and experienced and knowledgeable compliance experts to ensure accuracy.

Once you have assembled your team, it is time to develop an audit plan. This will include a defined, realistic timetable which takes into account any deadlines, internal constraints and resourcing challenges. You should also clearly define your audit methodology, including sample collection, techniques for data collection, control testing processes and criteria for evaluation. Create milestones for the audit process too, making it easier for your audit team to complete the process accurately and efficiently.

Conducting the Audit

Having a clear, step-by-step AML auditing process in place will make the task far easier.

Start with your fieldwork. Collect and analyse the relevant data, as determined in your planning process, and interview any relevant personnel. Next, evaluate your findings, identifying any discrepancies and non-compliance issues, and assessing the effectiveness of your current

AML controls

There are key areas of focus that should be included in all AML reviews. Of course, one of these is high-risk areas and transactions. These may include customers who have suspicious characteristics or flagged histories, transactions that involve large amounts of money or geographical areas that are known to be high-risk. You will have plenty of data available to analyse – like your customer profiles, transaction histories and suspicious activity reports – and can use automated systems and risk detection models to identify any potential criminal activity.

Customer Due Diligence (CDD) is also a vital part of AML compliance. Understanding a client’s business, as well as their personal background, will help you to identify unusual behaviours that could signal suspicious activity. Methods for verifying customer identities include photo ID, Companies House information, annual accounts, invoices, receipts and more. You should also review CDD policies to ensure that they are compliant.

AML audits should also focus on record-keeping and documentation. Records should be kept in line with regulatory requirements and be comprehensive enough to enable full traceability. Having standard policies in place for ensuring documentation accuracy will make this task easier.

Transaction monitoring is a key part of AML compliance audits. The transaction monitoring system should be fully evaluated to ensure that it can accurately identify any suspicious activity, and checks should be made that there is a system in place to escalate such activity to the right authorities. These checks should also include a review of procedures and policies relating to risky transactions: those made in cash, cross-border transactions and any over a certain size.

Effective AML compliance requires adequate staff training and awareness. Regular AML training for your staff can improve understanding of the regulations, the importance of adhering to them and the processes that your practice uses to ensure compliance. Training should cover both new and existing employees, and should include everything from the regulations themselves to record-keeping, monitoring and reporting. Your team should be able to spot, report and prevent suspicious activity – and regular training will reinforce the importance of a focus on AML reduction.

Tools and Techniques

Many accountancy firms choose to use AML software solutions. These automated tools ensure that transactions, behaviour patterns and customer data are monitored on an ongoing basis and that potential issues can be flagged as quickly as possible.

There are many benefits to using advanced analytical tools, including real-time data monitoring, a reduced burden on your internal resources, and a lower likelihood of human error. However, some may find the cost of automated technologies prohibitive, and may struggle to link them to in-house infrastructure and processes. Some may also develop a reliance on software, becoming complacent and missing suspicious activity.

This is why we recommend using a combination of both manual and automated techniques. In order to integrate AML technology into your existing solutions, you’ll need to fully assess your current AML infrastructure, choose the technologies that best suit your needs, develop an integration plan and fully test the integration before it is rolled out and staff are trained.

Documentation and Reporting

Once the audit is complete, the audit team should create a comprehensive audit report that shares their findings and recommendations. Your audit report should include analysis of the data and interviews that have been provided, along with recommendations for improvement where needed.

To keep reporting clear and concise, there are templates for AML audits that organisations can use – however, it is important to check that any templates you use include all of the necessary detail.

Findings from an AML audit should be presented to management and stakeholders, focusing on any areas where more work is needed. AML reviews must include actionable recommendations to make it easy to improve going forward.

Best Practices

When conducting AML compliance audits, there are certain best practices that can make the process easier and more efficient.

The first is maintaining independence: organisations are required to choose an auditor that is independent to avoid any risk of bias, and to ensure objectivity and impartiality.

The second is using a risk-based approach. Auditors should focus on high-risk areas – be these specific customers, transaction types or geographies – and tailor their audit procedures based on the initial risk assessment.

Ensuring thorough documentation is also key to audit success. You should have policies in place that support detailed record-keeping practices – without accurate records, the audit process will be impossible. Audit trail integrity is vital, and accurate record-keeping will help.

Finally, ensure that audit procedures are regularly updated. These procedures should take into account any new regulatory changes and emerging risks, enabling continuous improvement of your AML audit processes.

Why Choose ICPA for AML Audit Support

Here at the ICPA, we pride ourselves on sharing our years of experience and expertise in AML compliance with our members. Through a combination of guides, resources and industry events, we provide our members with the resources they need to easily pass AML audits.
ICPA membership also includes access to telephone helplines staffed by industry experts, offering support in preparing for AML reviews.

As an ICPA member you’ll also enjoy access to all-in-one online compliance and risk management solution, AMLCC. See our complete list of member benefits.

AML audits are a regulatory requirement for accountants and others working in financial services. Each audit requires careful planning and certain steps that must be followed – as well as accurate reporting with recommendations for future improvements.

It is likely that, in the future, we will see greater innovation in the technological side of AML auditing, with the likes of AI and big data helping to improve AML audits even further.

There’s no denying that AML compliance audits can be an onerous task, but they are a legal requirement and should be prioritised by financial institutions.

Frequently Asked Questions (FAQs)

What is an AML audit?

An AML audit is a way to examine the policies, procedures and operations of a financial institution to ensure that they are compliant with AML regulations and to identify potential risks.

Why are AML audits important?

AML audits help to ensure regulatory compliance, identify and mitigate money laundering risks, and maintain and improve the reputation and integrity of financial institutions.

What are the main steps involved in planning an AML audit?

To plan an AML audit you must set its objectives and scope, gather the required information, assemble your audit team and develop an audit plan.

How do you set objectives and scope for an AML audit?

The objectives and scope of an AML audit are based on regulatory requirements, risk assessments, and any specific areas of concern within the institution.

What information is needed to conduct an AML audit?

Information required will include internal policies, customer data, transaction records and previous audit reports.

What is the step-by-step process for conducting an AML audit?

The process begins with planning, then incorporates the gathering and analysis of data, the evaluation of findings, the reporting of results and following up on corrective actions.

What are the key areas of focus during an AML audit?

AML audits should focus on customer due diligence (CDD), high-risk transactions, transaction monitoring, record-keeping and staff training.

How are high-risk areas and transactions identified in an AML audit?

These are identified via data analysis, risk assessments and reviewing customer profiles and transaction patterns.

What tools and techniques are used in AML audits?

These include transaction monitoring systems, specialised data analysis software, and a range of analytical methods.

How should documentation and reporting be handled in an AML audit?

The documentation should be comprehensive and include all of your findings supporting evidence and any recommendations. Audit reports should be clear and concise, and communicated to all relevant stakeholders.

What are some best practices for conducting effective AML audits?

Best practices include choosing independent auditors, using a risk-based approach, documenting the process thoroughly and regularly updating your audit procedures.

How can financial institutions prepare for an AML audit?

To prepare for an AML audit you should conduct internal reviews, ensure that all of your records are up-to-date, train your staff, and address any issues that have previously been identified.

If you’re struggling with your audits, get in touch – our expert team of experienced accountants is here to help.