Performing AML/CTF risks reviews and investigations is a key responsibility of financial institutions, including banks, money services businesses, and other entities that are subject to AML/CFT regulations. The performance of periodic financial crime audits and reviews by independent departments or functions, such as internal audits, requires appropriate AML/CTF audit planning and monitoring.
The audit procedures adopted should be standardized, relevant, and sufficiently consistent on an entity-wide basis enabling it to aggregate money laundering or other crime information system to identify any patterns or trends of weak AML/CTF controls.
Responsibility of Performing AML/CTF Risks Reviews and Investigation
Anti-money laundering controls review processes should include verification of key information used in compliance reports to Management and the Board. Periodic ML/TF-related risk and controls exercise is reviewed to check the identified ML/TF risks by the compliance team and the measures taken to address those risks. The audit team checks the health of controls, where controls are tested for selected samples of transactions.
The audit department performs an independent review based on a risk-based sample of material and high-risk activities to assess the cases or areas where non-compliance may have serious financial and compliance implications resulting in reputation, financial and operational losses. The audit also covers the areas like awareness of AML/CTF laws and regulations by the department heads, employees, and process owners.
The head of an audit function reviews all the audits and reviews performed during the period. The significant compliance issues and observations are segregated and analyzed with management feedback. This requires discussion with different stakeholders such as departmental heads, heads of legal affairs, etc. The responses are consolidated and discussed with the departmental heads and the CEO of the entity.
The material risks and issues are placed before the board audit committee meeting for review and feedback. Based on the facts presented, the committee issues further instructions and feedback to ensure that weak internal controls are strengthened, and measures are taken to protect the entity from the consequences of ML/TF risks and issues. The management follows the committee’s instructions and guidance, applies the instructions received, and reports to the committee in its next meeting through the head of an audit function.
Final Thoughts
Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) are critical measures to combat financial crimes such as money laundering and terrorist financing. Financial institutions are responsible for identifying, assessing, and managing their AML/CTF risks. In summary, financial institutions have a responsibility to identify, assess, and manage their AML/CTF risks, which includes performing regular reviews and investigations. Failure to do so can result in significant fines and reputational damage, as well as potential criminal liability for the institution and its employees.