Choosing an auditor to help with AML compliance can be a daunting task. However, it’s something all entities have to tackle on a three year basis.
As another round of AML audits are due for a number of entities it’s time to get started on choosing the right auditor for your business. Auditors are in high demand so it makes sense to secure your preferred auditor early. There will be a number of things you’ll want to consider as you select your auditor, such as cost, expertise, and who can best deal with the size and scope of your business.
Here we dive into the key things to consider when choosing an AML auditor.
1. Make sure your auditor is independent
Finding an independent auditor is essential and a key part of your obligations under the AML/CFT Act. Being independent means your auditor:
- Has has not been involved in your risk assessments or implementation of your compliance programme;
- Does not have any financial interest in your business, and you have no financial interest in theirs and;
- Does not have a relationship with key stakeholders within your business such as a shareholder or senior manager.
Alongside this it’s important to consider any other potential conflicts of interest that may call into question an auditor’s independence. For example, there are no barriers to having a reciprocal audit arrangement with another reporting entity but they must be suitably qualified and be able to demonstrate their independence. You must also demonstrate objectivity and show how you remain unbiased during this reciprocal process.
2. Find a suitably AML qualified auditor
There are no regulations around auditors so it’s important you do your own due diligence when choosing one for your business. To help ensure you find an auditor who is suitably qualified, look for those who have worked in AML before or have a certified anti-money laundering qualification (CAMS) or CAMS-Audit qualification.
Check what the typical scope of their audits include, whether they have done audits before, and ensure you are confident they know what they’re talking about. Check if they are an established name in the industry, and you are going to get the outcomes you need.
Try not to be impressed that they are willing to ‘audit all types of reporting entities’. It is more important that they have the right knowledge to help you and your business. This brings us nicely to number 3 on our list, making sure your auditor ‘understands your industry’.
3. Look for an auditor that understands your industry
Having somebody that understands your business can make a real difference to your audit. You want an audit which is reflective of your AML obligations in the context of your business.
Ensure you ask auditors how well they know your business so you can choose somebody with the right knowledge to truly help your company.
4. Ensure your audit is a cost effective solution for your needs
Audits can vary in price and are a considerable investment for many businesses. Cost will depend largely on the business being audited – the size and complexity of the organisation.
You could expect to pay from between $2,000 – $10,000.
However, it is important that you don’t base your decision solely on price and go for the cheapest without considering all the other important aspects such as expertise.
Like many things in life, you get what you pay for. And you don’t want to end up with a generic templated audit report because you’ve made an inappropriate choice based on price.
5. Get a supportive auditor for better outcomes
Ensure you have a decent rapport with your auditor. This should be more than a ‘tick box’ exercise and auditors should be able to provide recommendations and discuss with you how improvements can be made. Don’t hold back from asking for advice or letting them know where you think there may be issues.
Your auditor should focus on being educational rather than punitive.
6. Choose your level of assurance carefully
Take into consideration what type of audit you need. Generally, you will be offered the choice of two types of audit:
- Limited assurance audit
- Reasonable assurance audit
A reasonable assurance audit will typically go into more depth and carry out more tests than a limited assurance audit. Your auditor should be able to advise you which level of assurance is best suited to your needs, but it’s up to each reporting entity to select the type of audit that you need for your business.
Apply a risk-based approach to your decision, and weigh up the cost of the audit against the degree of confidence in results required.
So now you’ve spoken to a few auditors and secured your preferred one, what happens next?
Get started and book a time for your auditor to come and see you. They may require a session before the actual audit to brief you on what they need access to, and how the audit will be conducted. There is no requirement for the auditor to be on-site during the audit but you may decide that it will be best for your business to conduct the audit in person.
During the audit, the auditor is likely to ask you a number of questions and will want to read your AML compliance programme, review customer due diligence records, your risk assessments, as well as interview key staff members.
At the agreed time, you should expect to receive an outcome report from your auditor which tells you what you’re doing well and what needs improving.
You should receive clear recommendations on how to make improvements, and be provided with the tools and/or information to help make you compliant.
From there it’s up to you. If you don’t do anything with the recommendations and outcomes you’ve wasted your money. And remember, your obligations don’t end because you got an auditor in, regulators will expect you to take action on the recommendations.
Responsibility for actioning auditor advice lies with the entity and you will be questioned by regulators if you choose not to take any action.
This year there will be at least two to three industries looking for auditors at the same time so it pays to start your search early. It’s not unheard of to book four to five months in advance to ensure you get the right auditor. Nobody loves an audit but get prepared and book it in.
If you need some help, get in touch with our team and we can help you manage your audit preparation and any remediation actions you may need to take after your audit. If you’re a tic company client we can also provide your auditor access to the online portal to make it easy for your auditor to access relevant records.
Get in touch at email@example.com or call 09 369 6867
Updated: March 2023