Assurance
Can’t watch the video just now? Here’s the summary
How do you know if you are compliant with the MAL/CFT Act if you don’t check?
If you look for the word 'assurance' in the AML/CFT Act, you will not find it, as this is a term that we borrow from accounting practices. Still, this is required because the minimum requirements of Section 57 of the AML/CFT Act ask you to have policies, procedures and controls to monitor and manage compliance.
In practice, an assurance review is like a mini audit. For example, to test politically exposed person (PEP) compliance, we would pick a sample of a few new clients’ files opened recently. Of those files, we would check:
Have all beneficial owners been screened for PEP status?
Do we have evidence of the PEP screening on file?
Have the PEP checks been done within a reasonable timeframe?
If we had a false positive, have we confirmed if the person was actually a PEP or not?
If we identified a PEP, have we obtained a senior manager’s approval of the business relationship and conducted enhanced customer due diligence on the client?
Any issues identified during the assurance review should be remediated. Any findings discovered during the assurance review should be recorded and communicated to the senior managers.
Differently from an audit, an assurance review does not need to be independent, so you can do it yourself. If you do choose to do an assurance internally, you should apply a four-eyes principle. Whoever is checking the work, should not be the same person that had done the work. Let’s say, if the legal executive collects the customer due diligence information, the AML/CFT compliance officer reviews the file.
Whether you do an internal review or you engage an external provider, the person conducting the assurance review should have the necessary skills and knowledge to do so.
Get in touch if you want to talk about your AML/CFT requirements and assurance.