The top 4 mistakes companies uncover during their AML audit

The Money Laundering Regulations 2017 require all reporting entities to regularly review their compliance with the regulations. This assesses how their anti-money laundering programme is functioning in practice and how the policies, procedures and controls in place are mitigating the money laundering and financing terrorism risks identified by that business. Simon Luke, UK Country Manager, First AML writes

Even though there are many firms that are AML compliant, accountants can still end up paying huge penalties due to oversights and deficiencies in their compliance programme. In fact, 46% of accountants we surveyed said the increased risk of fines was the core reason for money laundering rising up company agendas. Since the appropriate period of time between each review is up to the discretion of each firm, firms who don’t review their processes often can be left vulnerable as blind spots are left open for bad actors to exploit.

With that said, here are the common pitfalls accountants face when undergoing an AML audit.

Simon Luke
UK Country Manager
First AML

1. You have incomplete source of wealth information

Identifying the source of your clients’ funds is not always a straightforward task. Basic documentation such as payslips, work contracts and bank accounts are standard practice when gathering wealth information. However, when it comes to larger corporations and high-profile individuals, the paper trail isn’t always easy to follow.

2. You’re failing to adequately set out your firm’s own compliance framework in a firm risk assessment

Firms have discretion to create their own approach to compliance tailored to their risk appetite. At the bare minimum these must meet the requirements of the Money Regulations 2017. It’s important that your firm has a document in place outlining its risk assessment that it can show to regulators in the event of an audit.

In these areas, training your staff on how to handle complex cases is key. There needs to be more focus on educating your staff about how to identify money laundering transactions. Instead of making the activity a box-checking exercise, it's best to show your staff several examples and show how human error and complacency can make it difficult to spot red flags.

3. You’ve neglected an exit plan for CDD data 

AML laws in the UK require you to keep hold of your CDD data for 5 years after the end of your client relationship, unless they give you permission to destroy it. In the case of an audit, whether you have deleted information that is no longer relevant will be checked, as keeping personal information on clients on file when no longer necessary is an information security risk.

4.  You haven’t appointed a Money Laundering Reporting Officer (MLRO)

Many firms may not have a designated Money Laundering Reporting Officer (MLRO) An MLRO’s duty is to review internal systems and controls that their firm has put in place to help detect, monitor, and report money laundering activities to the authorities. Though this role does not need to be a full-time role and can be assigned to an individual on top of their day-to-day activities, the role is key as it ensures that their firm is not exposed to criminal risk and does not inadvertently facilitate financial crime.

The bottom line 

Whether your firm is about to undergo an AML audit or not, it can be useful to keep these things in mind to ensure you don’t fall into the most common pitfalls for accountants when it comes to their internal anti-money laundering policies and procedures. Being across these things can ensure that you build a culture of compliance within your firm that keeps your reputation intact and out of the firing line of regulators.