Financial Crime World

Scope 3: Reporting and Governance

Good Practices Observed

A recent survey of financial institutions (FIs) reveals several good practices in reporting and governance related to internal audits (IAs). The survey highlights that:

  • Over 90% of respondents believe the frequency of IAs depends on the FI’s size, nature, context, complexity, and internal risk assessment.
  • 95% of respondents confirmed that their audit reports include a documented work plan, audit scope, and documented transaction screening.

The survey also shows that:

  • 97% of respondents rely on specific circumstances to amend their audit cycle, including material changes to the FI’s business, changes in business risk rating, changes in client risk ratings, or changes in legislative or regulatory obligations.
  • 98% of respondents stated that auditors were provided with access to all relevant information during the IA exercise.

Areas for Improvement

However, the survey identifies several areas where FIs can improve their reporting and governance practices. For instance:

  • 24% of respondents’ audit reports failed to include red flags for failure to address recommendations and findings from previous audits.
  • 51% of licensees are taking more than a year to conduct another IA review.

The survey also highlights the importance of effective follow-up after an IA report is issued. Failure to address recommendations and findings should be flagged to the board or audit committee, and FIs should have structured processes in place to plan and monitor the implementation of remedial actions.

Scope 4: Actions Taken Following IA Review

The IA review process involves:

  • Understanding the FI’s business
  • Reviewing relevant core documents
  • Sampling testing
  • Testing live applications of policies and procedures (P&Ps)
  • Interviewing a cross-section of players

The audit report should include recommendations for addressing non-compliance issues and identifying areas for improvement. The survey shows that 86% of respondents have taken appropriate measures to remedy deficiencies identified in the IA report.

Scope 5: Challenges Faced

The survey identifies several challenges faced by FIs when conducting IAs, including:

  • Collecting information from the FI
  • Testing different parameters of anti-money laundering/counter-terrorism financing (AML/CFT)
  • Availability of beneficial ownership information
  • Difficulties in agreeing on dates for audits
  • COVID-19 restrictions

Conclusion

Overall, the survey highlights the importance of undergoing an IA review and having adequate AML/CFT programs and policies in place. FIs should have processes in place to ensure the quality of audit exercises, perform regular audits, and address deficiencies identified in IA reports. The staff of FIs should be appropriately trained on the importance of IAs, and FIs may consider undertaking more frequent audits, especially if they operate in high-risk sectors.

By implementing these strategies, FIs can improve their reporting and governance practices, ensuring that they comply with regulatory requirements and safeguard their businesses against money laundering and terrorist financing risks.