Internal AML Review | Confidential & Value-Added Reports | Customised Audit Checklist | Streamlined Audit Program | Tailored Testing | Effective External Audit Preparation

We offer a specialised Internal AML Review solution based on an effective audit checklist and customisable audit program tailored to:

• your client base
• your countries of operation
• the size of your business
• your AML/CFT framework
• your ML/TF risk level
• the available AML/CTF compliance technology
• the available AML/CFT resources
• your risk appetite for AML/CFT-related risks
• your governance structure
• any related risk and compliance obligations and expectations applicable to your business
• Operational AML/CFT obligations, including but not limited to:
  • money laundering and terrorism financing risk management
  • customer due diligence and Know Your Customer (KYC) obligations
  • enhanced customer due diligence in specified circumstances
  • transaction monitoring
  • ongoing customer due diligence
  • beneficial owners’ and politically exposed persons’ identification
  • sanctions compliance
  • staff vetting and training
  • ad-hoc and periodic reporting

 

AML Internal Review’s purpose

An internal AML review’s scope is wider than that of the AML/CFT audit regarding how and what is tested, making our Internal AML Review solution an effective tool for:

• External Audit Preparation: Helping you prepare for an external AML/CFT Audit or an AML/CFT supervisor’s review, allowing you to improve any non-compliance areas discreetly
• Targeted Review: Independently review specific parts of your AML/CFT compliance rather than being constrained by a specific AML/CFT audit checklist under the statute (e.g., your E-KYC protocols and controls, EIV (electronic identity verification) procedures, KYB solutions, AML/CFT alerts and triggers, gaps in transaction monitoring systems, etc.)
• Evaluating AML/CFT Effectiveness: Assess the effectiveness of your AML/CFT controls, protocols and procedures for your risk appetite and commercial goals,
• Business Development Focus: On reviewing AML/CFT frameworks for commercially oriented compliance criteria
• Value-added feedback: Give more strategic audit and post-audit feedback since it’s not a “statutory” audit, which paves the way for a more collaborative approach
• Stress testing AML controls: Evaluate how your transaction monitoring thresholds, alert mechanisms, and other AML controls perform under high-risk scenarios to ensure operational resilience.
• Identifying process inefficiencies: Detect and address bottlenecks or redundancies in operational workflows, such as pathways to improvement for onboarding, monitoring and reporting processes.
• Benchmarking against industry practices: Compare your AML/CFT framework to industry best practices to identify opportunities for improvement and maintain competitiveness.

 

 

Internal AML Review’s Scope

We offer our AML/CFT Internal Review solution to a wide range of financial institutions, financial service providers, DNFBPs and other types of AML/CFT reporting entities, including but not limited to:

• Banking and Lending Institutions: Finance companies, authorised deposit takers, non-bank deposit takers, non-bank lenders, neo-banks, consumer credit providers, corporate finance providers and credit unions
• Investment and Financial Advisory Services: Investment firms, fund managers, financial advisers, investment advisers, wealth managers and investment bankers
• Trading and Derivatives Platforms: Brokers (including forex brokers) and derivatives issuers and platforms.
• Payment and Currency Service Providers: Currency exchange providers, e-money issuers, money remitters, and payment gateway providers.
• Fintech and Emerging Financial Services: Fintech companies, P2P lending platforms, and crowdfunding services and platforms.
• Gambling and Entertainment Platforms: Online casinos and gambling platforms.
• Custodial and Asset Management Services: Custodial or depository service providers, licenced trustees and custodians
• Designated non-financial businesses and professions (DNFBPs): Trust and company formation providers (TCSPs), high-valued dealers, law firms, accountants, and real estate agents.

 

 

Internal AML Review and AML/CFT Laws

Our Internal AML Review Solution covers compliance with AML/CFT compliance requirements in the following jurisdictions:

• Australia: Where designated service providers are subject to the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act).
• United Kingdom: Where relevant persons, including financial institutions and DNFBPs, are governed by the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs).
• United States: Where financial institutions and other covered entities are subject to the Bank Secrecy Act (BSA), the USA PATRIOT Act and other relevant laws and regulations.
• Singapore: Where depending on their nature of business, reporting entities, including financial institutions and DNFBPs, may have comply with different acts and notices, including Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act (CDSA), Terrorism (Suppression of Financing) Act, Payment Services Act (PSA) and MAS Notices like MAS Notice 626, MAS Notice 1014, MAS Notice 824, MAS Notice PSN01, MAS Notice PSN0, etc.
• European Union: Where obliged entities, as defined in the 6th Anti-Money Laundering Directive (6AMLD), must meet AML/CFT obligations
• New Zealand: Where reporting entities are regulated under the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (AML/CFT Act).
• Prominent Formation Centres

• Belize: Where reporting entities are regulated under the Money Laundering and Terrorism (Prevention) Act
• British Virgin Islands: Where reporting entities comply with the Proceeds of Criminal Conduct Act
• Cayman Islands: Where reporting entities are regulated under the Proceeds of Crime Act (2020 Revision) and the Anti-Money Laundering Regulations (2020 Revision).
• Jersey: Where relevant persons are governed by the Proceeds of Crime (Jersey) Law
• Malta:  Where subject persons are regulated under the Prevention of Money Laundering Act (PMLA)
• Dubai: Where reporting entities are governed by the Federal Decree-Law No. (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organisations, along with its amendments and implementing regulations
• Bermuda: Reporting entities are subject to the Proceeds of Crime Act 1997, the Anti-Terrorism (Financial and Other Measures) Act 2004 and other relevant laws and regulations
• Mauritius: Where reporting entities are governed by the Financial Intelligence and Anti-Money Laundering Act 2002 (FIAMLA)
• Seychelles: Where reporting entities are subject to the Anti-Money Laundering and Countering the Financing of Terrorism Act 2020
• Vanuatu: Where reporting entities are regulated under the Anti-Money Laundering and Counter-Terrorism Financing Act 2014

 

 

Internal AML Review Checklist

We cover a variety of both compulsory AML/CFT audit requirements, checks for operational effectiveness for your AML/CFT compliance.

The specific checklist will depend on your specific list. There is a comprehensive list of focus areas, including but are not limited to:

• Your AML processes, checks, mitigations and controls, covering:
  • Initial customer due diligence, Know Your Customer (KYC) and KYB requirements, ML/TF risk rating at onboarding, enhanced due diligence triggers, beneficial ownership identification and verification, etc
  • Information collection methods for different customer types
  • Information verification methods
  • Source of wealth requirements and when they are applied
  • Source of funds triggers and requirements
  • Enhanced customer due diligence
  • Sanctions, Adverse Media, screening during and after the onboarding
  • Politically exposed persons (PEP) detection and handling
  • Record-keeping obligations and practices, including whether data is readily available for an external review
  • Responses to law information enquiries from your institutional partners, law enforcement agencies and government bodies

• Customer risk rating and re-assessment
• Controls to manage ML/TF risks for your product delivery channels, customer bases, institutions you work with, and your jurisdictions of operations
• AML/CFT red flags, triggers and controls to mitigate ML/TF risks related to products and services you offer
• Ongoing customer due diligence for different risk categories of clients, including triggers for ongoing due diligence
• Ongoing due diligence processes after an alert has been triggered
• Limitation measures on customers’ accounts and customer offboarding
• Transaction monitoring, covering the detection and handling of large, unusual, and suspicious transactions and patterns
• Suspicious activity and matter reporting guidelines, including detection, decision making and filing
• Internal AML/CFT reporting
• Governance and oversight, including management’s involvement in day-to-day AML/CTF compliance
• Staff vetting and training
• Periodic and ad-hoc reporting obligations, including supervisor reports, cross-border transactional reporting, etc.
• Verifying the operational effectiveness of escalation protocols and internal reporting systems

• AML/CFT Key Documents Review: Covering AML/CFT Risk Assessment, AML/CFT Program Audit, AML/CFT manuals and internal guidelines to check whether:

• • It enables you to determine the level of risk involved in relation to various AML/CFT obligations.
  • Your key documents cover the five key ML/TF risk areas: products, size and complexity, delivery channels, the countries you engage with, and the institutions you deal with
  • They are compliant with the applicable AML/CFT laws
  • Your key documents are effective in keeping your AML/CFT compliant
  • Your AML/CFT program is functioning in practice as intended
• AML/CFT Procedures Review, to check whether:

• Your procedures are effective
• Your procedures clearly state your maps and controls
• There are gaps and areas of improvement
• Your procedures are suitable for your business size, product complexity and resources

• AML/CFT controls testing, to check whether:
  • Your controls been adequately designed and operate effectively using effective controls testing methodologies
  • Your control testing plan and assurance measures are sufficient
  • Your internal reporting gives enough information to allow management make informed decisions about your AML/CFT compliance
  • Your AML/CFT compliance framework is in line with your wider risk appetite

• AML/CFT resources, including:

• • Assessing the sufficiency of your AML/CFT employee training program
  • Assessing the extent to which employees understand and comply with your AML/CFT program, procedures, protocols, processes and manuals

• Evaluating whether your outsourcing practices, such as relying on AML/CTF agents or other reporting entities, are effective

• • Your AML/CFT function is adequate in terms of the concentration risk, skill set, etc
  • Your AML/CFT technology is effective for your product, business goals, customer onboarding speed, data analysis, AML/CFT risk appetite, ML/TF risk levels and other important markers more

• AML/CFT Guidance, to check whether:

• • They are compliant with the local AML/CFT guidance, and if not, what are some alternative ways to maintain compliance
  • Your AML/CFT compliance aligns with industry benchmarks

 

Effective AML Audit Reports

We issue detailed audit reports aligned with review focus areas, going beyond the standard actionable recommendations.

 

 

Our AML/CFT Expertise

If you search for an AML/CFT audit firm online, everyone claims to be an expert, uses puffery language that AI chatbots write for them, and so on and so forth.

We are not just another AML/CFT audit provider firm that claims to have extensive knowledge of AML/CFT compliance.

We are the ones who know what we are doing, having years of experience in all aspects of AML/CFT compliance, including:

• Creating and successfully enhancing anti-money laundering and counter-terrorist financing frameworks for different businesses tailored to their specific product, resources, risk appetites and sector-specific money laundering and terrorism financing (ML/TF) risks
• Conducting AML/CFT risk assessments through a wide range of reporting entities
• Managing the first, second, and third lines of AML/CFT compliance
• Leading AML/CFT compliance functions and different teams involved in AML/CFT compliance
• Acting as an external AML/CFT auditors for FIs and DNFBPs
• Conducting internal AML/CFT audits that go beyond statutory requirements
• Successfully assisting businesses in going through statutory AML/CFT reviews, including those conducted by the top four. We know a thing or two about good and bad AML auditors
• Designing and testing AML/CFT controls, ensuring they are both practical and effective in addressing ML/TF risks
• Helping FIs and DNFBPs when things go wrong, including coordinating their risk and compliance teams, legal teams, external lawyers, and operations teams
• Helping different reporting entities to  effectively  communicate with local AML/CFT supervisors
• Successfully leading businesses through desktop and onsite regulatory reviews
• Helping different reporting entities with their AML/CFT remediation

We know first-hand what businesses want from their AML/CFT auditors.

 

 

External AML/CFT Audit PreparationWe can help you prepare following types of AML/CFT audits:

• Statutory Audit Periods: Set out in your local AML/CFT laws. Generally, it varies from country to country, with some countries like New Zealand having prescribed audit periods in their laws and others basing it on the ML/TF risk level of the business
• Directed AML/CFT Audit: An AML/CFT supervisor can direct a reporting entity to undergo an AML/CFT audit at any time.
• Audits with internal deadlines: These are generally a part of an AML/CFT Program and or wider compliance risk management plans, where an organisation sets up a period for their AML/CFT audit.
• AML/CFT Audits Compliance by Decision: A reporting entity may engage an AML/CFT auditor through an internal decision. Common audit triggers include:
  • Substantial changes in markets of operations and customer types
  • Introduction of new products
  • Changes in delivery methods for their services
  • Structural changes to the business
  • Changes to the ML/TF risk level of the business
  • Interactions with their AML/CFT supervisor
  • Changes in fund deposit or withdrawal methods
  • Changes in outsourcing arrangements for ML/TF prevention functions
  • Substantial changes to their AML/CFT Program
  • Changes to the number or volume of transactions
  • AML/CFT remediation issues faced or completed by the business

 

 

Internal AML Review Process

The AML/CFT Audit process generally involves:

• Initial Meeting & Scope Definition:
  • Defining the scope and objectives of the review with the reporting entity
  • Understanding the entity’s business, risk profile, and existing AML/CFT compliance framework
• Review of the information required for review
• Sampling & Testing: Performing sampling and testing of review areas
• Interviews & Inquiries:
  • Interviewing key personnel (operations teams, management, banking teams, compliance, front-line staff, etc.)
  • Observing processes in practice
• Application of Audit Methodology
• Report Preparation & Presentation
  • Preparing a comprehensive audit report
  • Presenting findings, conclusions, and recommendations to management

 

 

Internal AML Review Solution Tailored to Your Needs

When it comes to delivery, we:

• Focus on clear, concise, and objective assessments. No ego, no attitude, no puffery, and no jargon
• Have real knowledge of AML/CFT compliance and how each aspect works
• Use a client-centric approach. We understand the difference between your risk appetite, internal procedures, and AML/CFT requirements
• Cause minimal interruptions to your business (combining onsite and remote engagements)
• Provide comprehensive audit reporting

When it comes to flexibility, we:

• Offer realistic pricing options
• Tailor our approach to your specific needs and risk profile. We offer our internal AML review option to:
• Small businesses and startups
• Mid-sized businesses
• Business groups, including those with centralised compliance functions across subsidiaries, those operating across different compliance regimes, and offering a range of products
• High-risk corporates that come under regulatory scrutiny and pressure from important stakeholders, such as banking partners, insurance providers, and money remittance channels
• More information: Visit our Internal AML Review Solution page for more information

 

 

Related AML/CFT Solutions

In addition to our Internal AML review audit option, we offer a comprehensive set of AML/CFT compliance solutions to help you navigate the complexities of various AML/CFT requirements in a commercially oriented and goal-focused manner, providing effective support for all aspects of anti-money laundering compliance. Our focus areas include, but are not limited to:

• AML/CFT Advisory: We provide advisory solutions on a wide range of AML/CFT matters and issues. Visit our AML/CFT Advisory page for more.
• AML/CFT Compliance Management: We can fully manage your anti-money laundering and terrorist financing compliance. Visit our AML/CFT Compliance Management page for more.
• External AML/CFT Audit Option: We can act as your AML/CFT auditors in the number of jurisdictions listed above. You can also visit our:
• Australian Independent AML/CTF Review page for more information
• New Zealand AML/CFT Audit page for more information
• UK AML/CFT Audit page for more information
• General AML/CFT Audit page for other jurisdictions
• AML/CFT Risk Assessments: We conduct, review, and help businesses implement AML/CFT Risk Assessments that form the foundation of effective AML/CFT Programs. Visit our AML/CFT Risk Assessment page for more.
• AML/CFT Programs: We draft, review, and help businesses implement AML/CFT Compliance Programs based on the ML/TF risk assessment outcomes. Visit our AML/CFT Program page for more.
• AML/CFT Reg-tech Solutions: We help with AML/CFT technology integration tailored to your circumstances.
• AML/CFT Training: We offer specialised AML/CFT training solutions for different reporting entities. Visit our AML/CFT Training page for more.
• AML/CFT Procedures: We assist in developing and enhancing AML/CFT procedures tailored to your business needs, focusing on effective AML risk management across business processes.
• AML Manuals and Guidelines: We create and refine practical resources such as AML operating manuals and guidelines that provide step-by-step instructions to ensure efficient AML/CFT compliance based on your business size and complexity.
• ML/TF Controls Mapping: We help map, assess, and enhance internal ML/TF controls to ensure compliance, address financial crime risks, and respond to findings from AML/CFT audits and supervisors.
• AML Red Flag Protocols: We develop guidelines for identifying and responding to red flags, enabling timely action against fraud, money laundering, and terrorist financing activities under various operational circumstances.