Anti-Money Laundering: 5 Steps to Conduct an Audit

An article by New York Institute of Finance Anti-Money Laundering instructor Larry Schneider.

The Code of Federal Regulations 31 CFR Part 1029.210 discusses Anti-Money Laundering (AML) program requirements for financial institutions characterized as loan or finance companies (a category which now includes non-bank residential mortgage and loan originators).

1029.210(a) reads (in part): Anti-money laundering program requirements for loan or finance companies. Each loan or finance company shall develop and implement a written anti-money laundering program that is reasonably designed to prevent the loan or finance company from being used to facilitate money laundering or the financing of terrorist activities.

1029.210 (b)(4) further mandates independent testing to monitor and maintain an adequate program, including testing to determine compliance of the company's agents and brokers with their obligations under the program. An annual independent AML audit is therefore one of the cornerstones of any AML program.

1. What does an independent AML audit consist of?
An independent AML audit is actually a test of the firm's AML program. It is not a financial audit, but rather a test to see whether a firm has an appropriate AML program and is doing what they say they are doing.

An AML audit generally includes the following:

A full review of the company's AML compliance program manual
Testing of the company's AML Policy and Procedures
Customer Identification Procedure (CIP) review
Transactional testing and evaluation
OFAC checks
FinCEN related filings review (CTRs and SARs)
Evaluation of AML training
Evaluation of automated monitoring systems and management information systems
Review of past audit reports to assess the efficacy of recommended implemented changes

2. Who can conduct the audit?
An AML audit may be conducted by members of the company's staff who are independent of any areas that are exposed to potential money laundering risks, or by an outside party. This means the designated AML compliance officer (or anyone on his or her staff) cannot conduct the independent audit. Since smaller firms often do not have employees who are independent of these areas, or find it costly to devote the time and resources necessary to accomplish this internally, many firms use competent independent third parties.

3. How Frequently must an AML audit be conducted?
For financial institutions considered by the US Treasury's Financial Crimes Enforcement Network (FinCEN) to be loan and finance companies, the frequency is risk-based. 1029.210 (a)(4) states: The scope and frequency of the testing shall be commensurate with the risks posed by the company's products and services.

For other financial institutions and those who are members of Self-Regulatory Organizations (SROs) the frequency of conducting the AML audit is often proscribed within the SRO's compliance rules. For broker-dealers who are members of the Financial Industry Regulatory Authority (FINRA) the rule calls for an annual AML audit. For commodity futures brokerage firms who are members of the National Futures Association (NFA), the AML audit requirement must be satisfied every twelve months.

4. An AML audit is not the same as a financial audit.
Although a discussion of financial audits is beyond the scope of this article, a brief discussion is warranted if only because an AML audit is clearly not the same as a financial audit of a company's books and records.

"An independent financial statement audit is conducted by a registered public accounting firm. It includes examining, on a test basis, evidence supporting the amounts and disclosures in the company’s financial statements, an assessment of the accounting principles used and significant estimates made by management, as well as evaluating the overall financial statement presentation to form an opinion on whether the financial statements taken as a whole are free of material misstatement." [source: Center for Audit Quality: The Financial Statement Audit, http://www.thecaq.org/publications/In-Depth_GuidetoPublicCompanyAuditing.pdf]

An AML audit, on the other hand, is a test to see whether a firm has an appropriate anti-money laundering program and is doing what they say are doing.

5. AML Audits aren't a bad thing.
The AML audit process is a way to strengthen or improve a firm's AML program. It should be regarded not as a regulatory burden imposed by the government but as one of the four pillars (*) of an effective anti-money laundering program.

The 4 Pillars of an effective AML program are:

The development of internal policies, procedures and controls;
Designation of a compliance officer;
An ongoing employee training program;
An independent audit function to test programs.
(*) 31 U.S.C. § 5318(h).

About New York Institute of Finance

With a history dating back more than 90 years, the New York Institute of Finance is a global leader in training for the financial services and related industries with course topics covering investment banking, securities, retirement income planning, insurance, mutual funds, financial planning, finance and accounting, and lending.  The New York Institute of Finance has a faculty of industry leaders and offers a range of program delivery options including self-study, online and in classroom.

For more information on the New York Institute of Finance, visit the homepage or view in-person and online finance courses below: