This article is based on a Jade ThirdEye Spotlight on AML podcast, which featured AML/CFT auditing specialist Martin Dilly, who spoke on AML Programme Audits, Independent Reviews, and Assurance.
Staying up to date with the latest trends and changes in the AML/CFT environment helps reporting entities wanting to avoid any surprises that may impact their business. So, what are the upcoming trends that reporting entities should be aware of with their AML programmes.
From mid-2021, the maximum period between audits for New Zealand reporting entities is expected to move to three years. It will be interesting to see how this plays out in practice and whether firms will still choose to take a shorter timeframe.
Three years is quite a long timeframe between audits, which is worrying because some reporting entities are slow to follow up on or implement audit recommendations.
The lack of implemented changes following an audit is an issue across both sides of the Tasman too, as there is no obligation for auditors to follow up on the recommended actions or make sure they've been done. Auditors may be re-engaged for a subsequent audit, and they will come back and check whether you've done what you're supposed to be doing.
In some jurisdictions, supervisors are looking at giving auditors the responsibility of ensuring audit findings are followed up and implemented or remediated promptly.
Australia has one very sensible change that I would like to see replicated in New Zealand - the ability for reporting entities to explicitly share suspicious matter reporting information with their auditors. This makes sense because to actually test if that whole process is compliant, auditors need to be able to see and work through the reporting process.
One other trend I see is that with New Zealand's large increase in reporting entities under phase two of the AML legislation, there is a greater need for more AML experts, auditors, and consultants in the market. This is giving rise to a wave of new auditors entering the industry. As a reporting entity, it is your responsibility to ensure your auditor (whether new or experienced) is independent and are qualified to meet your auditing requirements. You need to determine what sort of audit you want to get, and so you need to make sure that the person has the experience to give you the assurance you need. Furthermore, you need to be able to demonstrate your auditor's competency too, should your supervisor require it.
Martin Dilly is an AML auditor advisor, who has consulted full time as an AML/CFT specialist since 2012. Martin has assisted hundreds of entities across every sector through the provision of audit consulting and training services in New Zealand, Australia, Samoa, and Vanuatu.