AML Audits: Make Auditors Your Friend Not Your Enemy

AML audits

Most entities will have experienced the stress of dealing with an audit and are well used to compliance documents being examined and reviewed. It may not feel like an enjoyable experience but as you spend valuable time and money managing your audit it makes sense to use the experience as an opportunity rather than just as a grudging expense.

Your next AML audit date may seem to be coming around again at alarming speed but there’s still time for most of us to ensure we get the most out of our next audit. This may sound like more hard work but with a bit of preparation this regulatory burden could become a positive experience and an unexpected bonus to achieving compliance success.

How to prepare for an audit

An audit is a requirement of many AML regimes and in New Zealand, as an entity you need to ensure an audit is carried out on your AML compliance programme every three years by an independent, appropriately qualified person.

Your first step will be in securing your auditor and ensuring they have the necessary skills and experience to do the job you’re paying them for. Consider, how well they know your industry sector and the specific AML challenges you may face. An auditor who knows your industry and understands your business will be able to provide value which you many not be able to get from somebody less familiar with your sector.

Assuming you’ve secured your auditor, agreed the scope of work, and a date has been set, it’s time to ensure you’re prepared for your big day(s).

The focus of an auditor’s visit will be in ensuring you are actively following compliance regulations, are keeping robust records, and have the right processes and procedures in place to ensure requirements can be properly met. To get the most out of your audit make the following preparations:

  • Compliance programme. As a reporting entity you’ll have your compliance programme well established. Make sure this is up-to-date and readily available to your auditor as it will be a key part of their investigations.
  • Customer due diligence and ongoing monitoring. Ensure your customer due diligence (CDD) documents are available and well organised so all details of your due diligence can easily be found. Show transactions, your CDD processes, the rationale behind them and how you continue to monitor activity and any changes in situations.
  • An audit will likely include a look at how you handle high-risk clients so ensure you can easily access all of your client records and have an organised method of being able to easily access and review them.
  • Staff training registers will be reviewed to ensure staff are being properly trained and have the right support to carry out compliance duties effectively. Make sure you keep a record of when training has taken place, who attended the training, and details of the training carried out.
  • Staff vetting. Keep comprehensive records of your staff vetting procedures and evidence of due diligence carried out on staff in key positions.
  • Risk assessment. As a key part of your compliance programme, auditors will want to review your risk assessment documents and see evidence of how it is used and put into practice.
  • Sounds simple but ensure you have the correct access to systems before the auditor arrives on your doorstep. Wasting time sorting out access when the auditor is already at your office will cost you money so make sure you’ve still got access to all the systems you use to store records, including GoAML for your suspicious activity, and prescribed transaction reporting.

Also ensure relevant staff are available (including senior management) as the auditor may want to speak with them.

If you are following procedure and have good record keeping processes your preparation shouldn’t be too arduous and it’s worth taking the time to get it done right, making sure your processes are up-to-date and reflect the current practices of your business.

Doing so, will provide more time for your auditor to focus on providing insight and advice rather than dealing with basic admin factors you can rectify yourself.

What to do with audit outcomes

Your auditor should supply you with a report at an agreed time after your audit.

It might seem like the hard work is over but key to the success of your audit is what you do with the audit results. Remember, this is a paid report with expert advice and recommendations on how to improve your compliance processes – don’t take it lightly as following this advice might just save you from more expensive consequences down the track.

So, to get the most of your audit report, ensure you have a process in place to take the findings and use them to your advantage. Senior management need to get on board to make this happen and should be committed to supporting recommended changes.

Remember, if you just look at your audit as fulfilling a tick box exercise, then you are wasting money. Look at it as an opportunity to gain guidance and tailored advice on how you can better meet your compliance obligations.

How do you stack up?

Audits don’t just stay within a business four walls, they are subject to review and recently the Department of Internal Affairs (DIA) reviewed nearly 40 independent audit reports from reporting entities all over New Zealand.

Key findings from the review showed areas of non-compliance as:

  • Risk assessments, particularly on customers and institutions;
  • Policies and procedures for staff training, and monitoring of compliance; and
  • Policies and procedures for PEPs, enhanced due diligence (EDD) and examining and keeping written records.

Does any of the above sound like you? If so, now’s the time to address it. Be transparent with your auditor, discuss areas where you have concerns and they may be able to provide recommendations and advice in your audit report at a time when you really need it.

At tic company

At tic we make it easy for you to manage things both before, during and after your audit.

Beforehand, you can use our expert quality assurance service to check your AML processes have been managed correctly and ensure you have everything you need for the audit. During your audit, as a tic client we can provide your auditor access to our AMLOnline portal so they can view records, streamlining the audit process and making it easy for them to complete your audit. And afterwards, if you need help dealing with the report findings, we can provide remediation and consulting services to get you back on track.

Give us a call on or +64 9 369 6867 to speak to our AML consulting team about our service options.

Get insights and news delivered to your inbox