BACKGROUND

On 21 October 2024, The Monetary Authority of Singapore (“MAS”) issued a circular on the audit on AML/CFT policies, procedures, and controls. The circular provides extra guidance and highlights good practices observed by MAS during its industry interactions. Financial institutions (“FIs”) should consider this guidance when defining the scope of their regular audits and determining the approach to validate the effectiveness of their existing controls.

KEY POINTS

Audit Function

FIs must have an audit function, or a similar function, to independently and regularly evaluate the effectiveness of their AML/CFT policies, procedures, and controls, as well as their compliance with MAS’ requirements. Consequently, FIs should have established policies to guide their periodic AML/CFT audits and to escalate audit findings to support the Board and Senior Management (“BSM”) in overseeing ML/TF risks.

 

Guidance and Good Practices

          1. Audit Function should have sufficient AML/CFT expertise

BSM should ensure that the personnel involved in the audit function has adequate AML/CFT expertise to conduct the audit. In order to supplement its own audit function’s AML/CFT expertise, BSM may consider engaging external parties to provide an independent assessment of the effectiveness of specific aspects of its AML/CFT policies, procedures and controls

          2. Scope of periodic AML/CFT audit

 In determining the scope, an FI’s audit function should:

• Regular AML/CFT risk assessments should be conducted to identify changes in the FI’s inherent ML/TF risk profile, including material changes in business strategy, customer profiles, and regulatory requirements. Recent regulatory or audit issues should also be considered. These assessments help guide audit planning and ensure a proper focus on the controls in place to manage the risks.

• Ensure that the frequency and intensity of AML/CFT audits are commensurate with identified ML/TF risks. FIs should identify and prioritise higher risk areas for audit and establish a minimum baseline audit cycle for other areas to maintain ongoing attention. In determining the frequency and intensity of audits, FIs may also take into consideration similar audit work that was recently performed by its regional or head office, including whether the audit scope included sampling of local accounts.

• FIs should consider leveraging the use of data analytics (“DA”) in the conduct of AML/CFT audits, to more effectively identify key risk areas for audit as well as to identify accounts and transactions for closer scrutiny. From MAS industry engagements, there are good examples of DA tools used (refer to examples in “Enhancing Anti-Money Laundering and Countering the Financing of Terrorism Audit Effectiveness for Banks: Key Baseline Standards and Best Practices” – link below) to automate risk-scoring of customer data for higher quality sample selection, and machine learning models to identify anomalous transactions which were not detected by the FI’s transaction monitoring system. FIs are encouraged to harness the use of DA tools to enhance the effectiveness of its audit outcomes.

Link: https://abs.org.sg/docs/library/aapg-best-practice-paper-enhancing-amlcft-audit-effectiveness-for-banks.pdf

          3. Learning from Best Practices from Banks

The Anti-Money Laundering Audit Peer Group’s (“AAPG’s”) has, on 21 October 2024, published its Best Practice Paper that sets out baseline standards and best practices for auditors to consider when determining the appropriate scope and extent of testing in the conduct of AML/CFT audits for banks. MAS welcomes such industry led initiatives to level-set industry practices. FIs should conduct a gap analysis of their existing audit practices against the practices set out in the circular, as well as the AAPG’s Best Practice Paper.

WHAT’S NEXT?

Management should:

• Ensure AML/CFT operations are robust per the regulatory requirements
• Engage auditors with a high-level of AML/CFT expertise and training

And more…

HOW CAN WE HELP?

We have broad and in-depth experience in AML operations

https://capitalgovernance.wordpress.com/services/anti-money-laundering/

Contact Us today to discuss how we can assist you in your AML/CFT audits, as well as to strengthen your AML/CFT policies, procedures and controls, across your organisation.