The TIC Company
When your sector supervisor requests an audit, or when it’s time for your regular 3 yearly audit, it can feel like a huge weight has dropped on your shoulders from high above, but it doesn’t have to be that way.
Yes, going through an audit does take some preparation, but you can lighten the load by doing basic quality assurance (QA) checks throughout the year. While the review of your policies, procedures and controls should be covered off in your AML/CFT Programme, undertaking additional QA processes can allow you to dig deeper into your overall practices and ensure you are in the best possible position to benefit from your audits.
Below, we discuss some of the essential QA checks to help save you stress, time and money. We promise, when that 3-year audit comes around again you’ll feel a whole lot better for keeping QA top of mind.
What to QA
Doing ongoing checks on all your AML processes will help ensure you have a clear understanding of the quality of your anti-money laundering efforts and if there are any gaps, but failing a full check on all your processes it would be good to QA the following six fundamental activities.
1. Customer due diligence
Make sure you’re gathering the right information to correctly identify entities, are able to confidently determine the risks involved, and can verify information according to best practice. Your CDD should be well managed and conducted to mitigate risk.
2. International transactions
Review international activity and transactions. Note any ‘red flags’ and if there are multiple indicators such as ‘’high value cash deposits to pay for international funds transfers’’, ‘’or use of internet banking to frequently access New Zealand based accounts internationally’’, consider whether additional enquiries should be made.
Ensure any reports are being filed with the FIU within 10 working days.
3. Wire transfers
Check you are meeting your responsibilities when dealing with wire transfers. The sector supervisors guidance states that you should ensure that you “include required originator and beneficiary/payee information in payment messages and that you do not omit, delete or alter information in payment messages.”
Any reports of suspicious wire transfer activity should be filed within 10 working days.
Suspicious activity reports are an important part of AML Compliance and must be documented and actioned promptly.
Check you are filing SARS within 3 working days to the FIU using goAML.
5. Record keeping
Record keeping can be arduous, but create a robust system within your compliance programme and you’ll keep both yourself and the auditors happy.
Check you can clearly identify who is involved in the recorded activity, does it make sense, is the system you’re using robust, and does your compliance team know how to use it correctly?
6. Risk based approach
Ensure you’re using a risk-based approach rather than a rule-based approach. A rule-based approach may seem easier, but if you’re just ticking boxes to follow rules you won’t be clearly identifying high risk compliance issues, and you are likely to miss updates in PEP and sanction screening lists.
This won’t be ignored by auditors.
Why observing quality assurance practices could save you time and money
If you’re still wondering whether carrying out ongoing checks on your AML process is worth it, here are a few reasons why you won’t regret embracing QA.
A QA can help you identify gaps in team knowledge quickly, and you can see if your team are finding things too hard or complex and handle any issues more easily.
A QA can help ensure you’re doing the right thing and be confident processes are being managed correctly.
It could save you from a long drawn-out process of regulator warnings, enforceable undertakings or even court proceedings.
Gets you ready for the unexpected. A sector supervisor can visit at any time without warning and ask for things to be available for inspection, so it pays to be prepared.
Easier to front up the cost of QA early, rather than deal with the consequences of a failed audit later.
Most importantly, QA is a great way to prepare for an audit.
If you just wait for your audit notice to review your AML programme, you may find yourself scrambling to fix things down the track.
While it is beneficial for some businesses to use an outsourcing company to carry out quality assurance checks, a Compliance Manager can do it themselves if size of business and budget doesn’t warrant an additional resource. However, outside help could be valuable for some larger businesses such as:
a complex business with a higher risk;
businesses that manage complex clients and transactions, and;
those working with higher-risk clients and entities.
What to do if you find a gap in your processes
If you are conducting QA yourself and find some gaps, consider whether:
it’s a gap in the teams knowledge, and training is required in a particular area;
it’s one employee who might need more focused training, or;
there is a consistent gap which feels like a red flag, if so, you may need to review internally and check the staff vetting of those concerned.
Ongoing QA checks really can be your key to success when it comes to audit time, so take the time to tackle this head on and make it part of your compliance programme.