60-Second AML Health Check by Kevin Kerrigan
An Interactive 60-second AML compliance checklist is available for download.
No MLRO (or equivalent) appointed
If a Money Laundering Reporting Officer (MLRO), or equivalent person, has not been appointed within your business then you will need to identify the appropriate individual to fulfil this function. They will require appropriate training and you must communicate their appointment to all staff.
Missing or inadequate AML Policies
The AML Policies, Controls and Procedures (PCP) manual needs to be comprehensive and should reflect your approach to AML from a policy and operational basis. The Consultative Committee of Accountancy Bodies – Ireland (CCAB-I) has developed detailed guidance to help Accountants understand their AML obligations within the Irish legal framework. This is a good resource when documenting your AML PCP manual.
There are many AML policy templates available for purchase online. Often AML software providers will provide a free PCP manual.
It is perfectly acceptable to use a template; however, it must be appropriate and tailored for your practice. Policies need to be reviewed, at minimum annually or if there is a material change to your business.
PCP related findings from the CPA Ireland Thematic Review (Q1 2024) are summarised as:
- Policies and procedures were not tailored for the firm
- In some cases, no or minimal policies or procedures in place
- Out of date policies and procedures
- No consideration for identification or verification of Beneficial Owners
- CDD did not consider high risk country factors
- No procedures defined to identify PEPs
- No independent and anonymous reporting channel for employees to report contraventions of AML legislation
- No evidence of PCPs being communicated formally to staff.
Missing Business Risk Assessments
If you have not conducted a business risk assessment there are many templates available online. If you have digital processes or AML software, it is possible to provide smart business risk assessments that update your business risk profile based on the individual Client Risk Assessments in your Client AML files.
- Types of customers that you have
- Products and services that you provide
- Countries or geographical areas in which you operate
- Type of transactions you conduct
- Delivery channels you use
Check out this CPA Ireland article for more information on Navigating AML Risk Assessments.
Incomplete AML Client Files
Customer Due Diligence (CDD) needs to be completed before taking on a new client. Ongoing monitoring needs to be completed throughout the engagement. In many cases, client AML files may have incomplete or out of date information.
Capturing their ID and proof of address is a small part of the puzzle. To properly complete your CDD obligations, you need to adopt a risk-based approach and really know your client.
A client risk assessment needs to be documented and refreshed (at minimum annually) to highlight any changes in the circumstances, behaviour or risk profile of each client. This can be a manual task or there are efficient ways to record your CDD and ongoing monitoring actions.
Key Customer Due Diligence shortcomings identified by the CPA Ireland Thematic Review included:
- ID and Proof of address not certified as a true copy of the original
- ID out of date, therefore no evidence of active monitoring
- Proof of address not appropriate i.e. a document not fixed to an address of the individual (Mobile phone bill etc.)
- No RBO check evidenced on file for corporate entities
- No certificate of incorporation or other verification of a corporate entity
Reviewing or refreshing your AML compliance procedures and client files does not have to be an all-consuming or large-scale project. Establishing a simple plan with an approach that works for your business will help achieve a successful outcome.
A simple plan could include:
- Conducting a gap analysis to identify compliance shortcomings and prioritise your response. The 60-second checklist is a great starting point.
- Establishing a resolution plan to address shortcomings. Identify if any external resource or collateral is required. Allocate tasks and set target dates for completion.
- Considering different strategies for some of the bigger tasks, especially if they require interaction with your clients.
- Tracking progress and planning for ongoing periodic reviews
Before starting any project, the approach has to be appropriate for your individual business. For example, if you need to refresh your client ID / proof of address documents, it might work better if this task is spread across the year when you are naturally engaging with each client (e.g. VAT return, Payroll, Annual Return).
Alternatively, you could adopt a big bang approach and undertake a full client refresh campaign when support is available from seasonal staff, or during a rare occasion when there is time for administrative actions.
AML obligations are onerous and can often appear disproportionate. Processes contain repetitive and resource-intensive tasks that can result in a box-ticking exercise. AML software solutions deliver automation opportunities; however, the first step in any organisation is to make sure you understand the obligations and assess your current performance.
Make anti-money laundering compliance easy with AML HQ
Our comprehensive platform includes all the tools accountants, bookkeepers, and tax advisory firms require to meet regulations and quickly onboard customers.
Founder and COO of AML HQ
Get in touch if you would like a free AML-health check or to learn more about how technology can help you meet your AML obligations.