Audit Of AML/CFT Policies, Procedures And Controls

Regulation Name: Audit Of AML/CFT Policies, Procedures And Controls

Publishing Date: 21 October 2024

Region: Singapore

Agencies: Monetary Authority of Singapore (MAS)

On October 21, 2024, The Monetary Authority of Singapore (MAS) issued a circular regarding the audit of Anti-Money Laundering/Counter Financing of Terrorism (AML/CFT) policies, procedures, and controls. This circular aims to provide additional guidance and highlight best practices observed by the MAS during its engagements with the industry. Financial institutions (FIs) should take this guidance into account when defining the scope of their routine audits and determining how to validate the effectiveness of their existing controls. Additionally, FIs are encouraged to review this circular in conjunction with the relevant AML/CFT Notices and Guidelines, as well as the Guidelines on Risk Management Practices and Internal Controls.

Audit of AML/CFT Policies, Procedures, and Controls

1. Financial institutions (FIs) are mandated to maintain an audit function, or a comparable equivalent, referred to as the “audit function.” This function is responsible for providing independent and regular evaluations of the effectiveness of their AML/CFT policies, procedures, and controls, as well as compliance with MAS requirements. In this context, FIs are expected to implement established policies to guide their periodic AML/CFT audits and to escalate audit findings to enhance oversight by the Board and Senior Management (BSM) concerning ML/TF risks.

2. This circular aims to provide additional guidance and highlight best practices identified by the MAS during its interactions with the industry. Financial institutions (FIs) should consider the following guidance when determining the scope of their routine audits and the approach to validate the effectiveness of existing controls:

• The audit function must be adequately resourced with sufficient AML/CFT expertise. The level of expertise should correspond to the size and nature of the FI’s business. To enhance its internal audit capabilities, BSM may consider engaging external experts for an independent assessment of specific aspects of its AML/CFT policies, procedures, and controls.

• When defining the scope of periodic AML/CFT audits, the audit function should:

– Conduct regular AML/CFT risk assessments to identify any changes in the FI’s inherent ML/TF risk profile, including factors related to significant shifts in the FI’s business strategy and customer profiles, as well as changes in regulatory requirements. Recent regulatory or audit issues should also be taken into account. These risk assessments will help guide audit planning and ensure appropriate focus on the controls in place to mitigate identified risks.

– Ensure that the frequency and intensity of AML/CFT audits align with the identified ML/TF risks. FIs should prioritize higher-risk areas for audits while establishing a minimum baseline audit cycle for other areas to maintain ongoing attention. Additionally, FIs may consider similar audit work recently conducted by their regional or head office, including whether the audit scope encompassed local account sampling, when determining audit frequency and intensity.

• Financial institutions (FIs) should consider incorporating data analytics (DA) in their AML/CFT audits to more effectively pinpoint key risk areas and identify accounts and transactions that require closer examination. Through our industry engagements, we observed effective use of DA tools, such as those that automate risk-scoring of customer data for improved sample selection quality and machine learning models that detect anomalous transactions not identified by the FI’s transaction monitoring system. FIs are encouraged to leverage these DA tools to enhance the effectiveness of their audit results.

Read the details here.

Read about the product: Transact Comply

Empower your organization with ZIGRAM’s integrated RegTech solutions – Book a Demo