Financial Services

As the UK’s anti-money laundering (AML) supervisors continue to fine across businesses and sectors for poor anti-money laundering procedures, this area of compliance continues to dominate the headlines.

Over the past 12 months, supervisors have imposed a range of sanctions and corrective measures upon firms, including but not limited to, fines for both the businesses and individuals, letters of advice, reprimands, warnings and in some cases, conditions have been placed upon a firm’s authorisation.

At Crowe, our team have been helping clients with their AML audits for over 12 years.

Why do I need an Anti-Money Laundering audit?

Section 21 of The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations (MLRs 2017) requires a firm to implement internal controls. It requires, where appropriate with regard to the size and nature of its business, firms to establish an independent audit function with the responsibility to:

• examine and evaluate the adequacy and effectiveness of the firms’ policies, controls and procedures to ensure that they comply with the requirements of the MLRs 2017
• make recommendations in relation to those policies and procedures
• monitor the firm’s implementation and compliance with those recommendations.

Firms can undertake their own internal audit, however, the person undertaking the audit should not be involved in writing the firm’s policies or be involved in the day-to-day operation of the AML function, or gathering of customer due diligence etc. The individual should also be familiar with the requirements of the MLRs 2017 and associated legislation, sector guidance and be sufficiently senior within the firm, so that the board will undertake a comprehensive review of the findings and implement recommendations where required/appropriate.

What does an AML audit involve?

An independent review/GAP analysis of your firms processes and procedures, measured against the legal requirements of MRLs 2017, associated legislation and industry sector guidance. We present our findings with a traffic light system, detailing any deficiencies, if found and providing our recommendations for an AML compliant programme, for the following areas.

• Governance framework
• Risk assessment
• Policies and Procedures
• Know Your Client/Customer Due Diligence
• Personnel/ Screening
• Training
• Suspicious Activity Reports
• Data Retention
• Interviews with key personnel
• Testing

Designated Investment Firms (DIFs) that hold client money and/or custody assets in relation to their regulated activities must have a CASS audit. As outlined by the Financial Conduct Authority (FCA), a CASS auditor must prepare a report which gives an opinion on whether the firm:

• maintained systems adequate to enable it to comply with relevant rules throughout the period
• was in compliance with those rules as at the end of the period.

Other FCA-regulated firms that fall into the CASS regime.

• Firms operating a peer-to-peer lending platform.
• Mortgage and General Insurance firms.
• Debt management firms.
• Claims management firms.

The CASS audit must be delivered within four months of the end of the period. Usually, it is completed at the same time as the financial statements audit, but is a separate exercise, and does not have to be completed by the same auditor.

Our team empower you to deliver your strategic goals by working with you to evaluate:

• risk-based decision making
• consumer duty
• effectiveness of risk and compliance
• technology risk and digital trust.