An independent audit is a vital element of any effective compliance programme for financial institutions in respect of their Anti-Money Laundering and Combatting the Financing of Terrorism (AML/CFT) functions. Independent audit is a financial institution’s final line of defence, so it is vital to ensure that the AML/CFT independent audit is tailored to the financial institution’s risks.
In Mauritius, there is a statutory obligation under the Financial Intelligence & Anti-Money Laundering (FIAML) Regulations 2018 for every financial institution to have in place an audit function that will allow the reporting entity to evaluate its AML/CFT programme and to ascertain whether the established policies, procedures, systems and controls are adapted with the money laundering and terrorism financing risks identified.
The objective of an independent audit is to form a view of the overall integrity and effectiveness of the AML/CFT programme. Conducting a successful independent audit enables a financial institution to ensure that its policies, procedures and controls remain up to date, recognise any deficiencies in its regulatory compliance system and develop ways to be compliant with all prevailing legislation.
Scope and frequency of independent audit
In line with international best practices, the independent audit exercise should be risk-based. Typically, every independent audit should mandatorily test compliance in the following non-exhaustive areas:
- AML/CFT policies and procedures
- Internal Risk Assessment
- Risk Assessment on the use of third-party service providers (Outsourcing)
- Compliance Officer function and effectiveness
- Money laundering Reporting Officer (MLRO) function and effectiveness
- Implementation and Effectiveness of Mitigating Controls, including customer due diligence and enhanced measures
- AML/CFT Training
- Record Keeping Obligations
- Targeted Financial Sanctions
- Suspicious Transaction Monitoring and Reporting.
ancial institution relies on automated systems or manual processes to implement its AML/CFT programme, the reliability of these systems and processes should also be considered during the independent audit on a risk-basis.
The frequency and extent of the review should be commensurate with the licensee’s size, nature, context, complexity and internal risk assessment. The greater the AML/CFT risk of a financial institution, and of the rate of change of a financial institution’s business, the greater should be the frequency of audit.
Financial institutions are not required to file an independent audit report with the Mauritius Financial Services Commission (FSC), but all independent audit documentation – including work plan, audit scope and transaction testing – should be properly documented and made available to the FSC upon request.
Selecting an Audit Professional
Regulation 22 (1) (d) of the FIAML Regulations 2018 requires the audit process to be carried out independently. The audit function should therefore be independent of, and separate from, the operational and executive team dealing with the AML/CFT processes of the financial institution. The person or firm conducting the audit should not previously have had any involvement in the development of a financial institution’s AML/CFT risk assessment, or the establishment, implementation or maintenance of its AML/CFT programme.
The audit professional is required to provide quality recommendations, such that the financial institution can use the findings and recommendations to improve upon deficient areas. The person or firm conducting the audit must therefore have the necessary skills, qualifications, relevant experience of the audit process, as well as having a proper understanding of the Financial Intelligence and Anti-Money Laundering Act 2002 and of the financial industry.
Sovereign Consulting Limited
Sovereign Consulting Ltd is a company incorporated in Mauritius that specialises in the provision of Compliance Support Services and Compliance Consultancy Services to a wide range of licensed firms in Mauritius. We are a wholly owned subsidiary of the Sovereign Group, one of the largest independent corporate and trust service providers in the world.
Sovereign Consulting has long experience and expertise in assisting financial institutions and their reporting persons to meet their regulatory and legal requirements. We customarily assist companies in the following areas:
- Conducting verification and screening as part of standard Customer Due Diligence
- Provision of Enhanced Due Diligence reports
- Assisting in the ongoing transaction monitoring
- Independent AML/CFT Audit and Business Risk Assessments
- Assisting the compliance function of a company
- Drafting and review of internal policies, controls and procedures manuals
- Provision of customised training to the Compliance Officer, MLRO, Deputy MLRO, directors and other employees
- Assisting with regulatory inspections from the FSC or the Financial Intelligence Unit (FIU), and providing guidance with any regulatory reporting requirements
- Implementation and review of data protection policy and framework, including provision of Data Protection Officer (DPO)
- Any other ad hoc assignments that may be required
Sovereign Consulting is therefore able to assist clients in fulfilling their mandatory Independent AML/CFT Audit requirement. The audit will result in a signed and dated written report to ensure that the audit programme covers all relevant components of the compliance programme as required under FIAMLA and relevant regulations and was adequate and effective throughout a specified period.
The report will further identify any areas where the financial institution does not meet minimum legal or regulatory standards, and include actions that are required to rectify non-compliance, as well as identifying areas for recommended changes in behaviour and practice to improve the effectiveness of the AML/CFT programme’s implementation. This includes an indication of where there are potential failings and a recommended course of action.
Please contact Sovereign Consulting to find out how we can assist you to meet all your mandatory obligations under the FIAMLA and FIAML Regulations and to adopt a more effective, risk-based approach to AML/CFT. By implementing best practice, you will be protecting your business, your investors, your staff, your customers, and your reputation.