The Importance of Independent Audits
Why are Independent Reviews so important?
A hallmark of good corporate governance for regulated financial institutions is ensuring that there are robust systems and controls in place to monitor the conduct of its business. Management should have an independent process to identify and remediate any weaknesses in policies and procedures. Regulation 17A of the Proceeds of Crime (Anti- Money Laundering and Anti-Terrorist Financing) Regulations 2008, codified in January 2016, requires relevant persons to maintain an independent audit function, conducted by a qualified independent third party, who will provide a documented independent and objective evaluation of the robustness of the entity’s AML/ATF framework. Additionally, the 2106 Guidance Notes for AML/ATF Regulated Financial Institutions on Anti-Money Laundering and Anti- Terrorist Financing provides that an independent audit should be conducted on a regular basis to monitor and test the implementation, integrity and effectiveness of an entity’s AML/ATF policies, procedures and controls.
When conducting an independent AML/ATF audit, the auditor should evaluate:
- the risk rating assigned by the regulated financial institution under review and consider its appropriateness to the entity’s business model and size
- management’s ability to document its risk assessment process and clearly articulate how it aligns with Bermuda’s National Risk Assessment Report
- the firm’s maintenance of a risk register i which identifies the risk score for each account and highlights where additional monitoring is required for high risk clients.
The audit process also includes the assessment of the adequacy of the entity’s AML/ATF policies, procedures and controls and the business’s regulatory compliance with legislation. One of the key markers identified by an audit is how aligned the entity’s practices are with its stated policies, procedures and controls. This is evaluated by the sampling of client files and staff interviews. An entity must do in practice what it states it does in its documents for it to be deemed to have a compliant AML/ATF framework.
The organization’s culture and its commitment to Board, management and staff training and awareness of the regulatory landscape governing AML/ATF within its licensed activities is another essential component of a successful compliance regime. This commitment is evidenced during the audit by a review of the business’s hiring practices that provide for screening new hires for fitness and suitability, and underscored by regular training of employees on how to recognise and report suspicious transactions.
Regulated financial intuitions who recognize that a robust, risk-based and compliant regime is integral to the success of its business, will undoubtedly be enhanced by the independent audit process which both the Board and management can use as a key tool in the exercise of its governance oversight role.