Arranging for an independent review of your Anti-Money Laundering / Counter-Terrorism Financing (AML/CTF) Program to be conducted is imperative to ensuring compliance with the AML/CTF Rules. Part A of all AML/CTF Programs must include procedures to ensure an independent review is conducted at regular intervals.
What is an Independent Compliance Review?
The purpose of an independent review is to provide an impartial assessment of whether Part A of your AML/CTF Program has been implemented effectively, whether it addresses the ML/TF risks and complies with the legislative requirements. All of these requirements should be tested in the independent review.
Reporting entities are able to use their understanding of ML/TF risk to determine the specific actions and methodology required to complete the review and can determine the scope of the review required to be conducted, in consultation with the reviewer. Independent reviews also provide an opportunity to assess whether previous audit issues have been addressed.
What should be included in the Independent Compliance Review?
The review should assess and test:
- the effectiveness of your AML/CTF Program in addressing your ML/TF risks;
- if your AML/CTF Program meets the requirements of the AML/CTF laws;
- how effectively your AML/CTF Program has been implemented; and
- if you have been complying with your AML/CTF Program appropriately.
Independence of a reviewer
The independent reviewer must be someone who:
- was not involved in the design, implementation or maintenance of your AML/CTF Program;
- is not involved in the development of your ML/TF risk assessment or the internal controls in place to manage these risks.
Whilst the reviewer should be someone who understands your business and the ML/TF risks involved, it is necessary to be able to demonstrate that your reviewer is independent. Accordingly, it is important to put measures in place to ensure the reviewer’s independence.
In assessing the suitability of a person to be an independent reviewer, a reporting entity should consider the following factors:
- whether each reviewer is a member of a professional body that imposes relevant obligations on its members;
- whether each reviewer is sufficiently free from influence by persons involved in the development of Part A of the reporting entity’s AML/CTF Program, or the reporting entity’s risk assessment, and
- the adequacy of the reviewer’s understanding of, and expertise in applying, the obligations of the AML/CTF Act and Rules to the reporting entity.
How often should you review your AML/CTF Program?
Any business with an AML/CTF Program must have it reviewed regularly. It’s up to each reporting entity to determine how often its program is subject to an independent review Some things you should take into account when making your decision include:
- the nature of your business (i.e. Remitter, Digital Currency Exchange Provider, Financial Planner etc);
- the size and complexity of your business; and
- the type of ML/TF risks your business faces.
If you would like further information or any assistance with your AML/CTF obligations, please contact us.