Law & Regulation
60-Second AML Health Check by Kevin Kerrigan
60-Second AML Health Check
by Kevin Kerrigan
In Q1 2024, CPA Ireland conducted an AML thematic review of non-audit firms that identified 47% of participants as non-compliant. In this article, we provide you with a 60-second AML Compliance checklist to help you stay compliant and safeguard your practice.
This quick guide helps you ensure that your accounting practice meets critical Anti-Money Laundering (AML) requirements.

An Interactive 60-second AML compliance checklist is available for download.

60-second aml compliance checklist
Addressing Non-Compliance
The checklist will help identify areas of non-compliance or items that require attention. We will now consider some of the most common non-compliance issues and suggest a path to compliance.

No MLRO (or equivalent) appointed

If a Money Laundering Reporting Officer (MLRO), or equivalent person, has not been appointed within your business then you will need to identify the appropriate individual to fulfil this function. They will require appropriate training and you must communicate their appointment to all staff.

Missing or inadequate AML Policies

The AML Policies, Controls and Procedures (PCP) manual needs to be comprehensive and should reflect your approach to AML from a policy and operational basis. The Consultative Committee of Accountancy Bodies – Ireland (CCAB-I) has developed detailed guidance to help Accountants understand their AML obligations within the Irish legal framework. This is a good resource when documenting your AML PCP manual.

There are many AML policy templates available for purchase online. Often AML software providers will provide a free PCP manual.

It is perfectly acceptable to use a template; however, it must be appropriate and tailored for your practice. Policies need to be reviewed, at minimum annually or if there is a material change to your business.

PCP related findings from the CPA Ireland Thematic Review (Q1 2024) are summarised as:

  • Policies and procedures were not tailored for the firm
  • In some cases, no or minimal policies or procedures in place
  • Out of date policies and procedures
  • No consideration for identification or verification of Beneficial Owners
  • CDD did not consider high risk country factors
  • No procedures defined to identify PEPs
  • No independent and anonymous reporting channel for employees to report contraventions of AML legislation
  • No evidence of PCPs being communicated formally to staff.

Missing Business Risk Assessments

If you have not conducted a business risk assessment there are many templates available online. If you have digital processes or AML software, it is possible to provide smart business risk assessments that update your business risk profile based on the individual Client Risk Assessments in your Client AML files.

MLRO Responsibilities
Figure 1 MLRO Responsibilities
Business Risk Assessment templates need to be tailored to your practice and reviewed periodically (at minimum annually). The structure of the Business Risk Assessment is effectively set out in legislation and must consider the following risk factors:

  1. Types of customers that you have
  2. Products and services that you provide
  3. Countries or geographical areas in which you operate
  4. Type of transactions you conduct
  5. Delivery channels you use

Check out this CPA Ireland article for more information on Navigating AML Risk Assessments.

Incomplete AML Client Files

Customer Due Diligence (CDD) needs to be completed before taking on a new client. Ongoing monitoring needs to be completed throughout the engagement. In many cases, client AML files may have incomplete or out of date information.

Capturing their ID and proof of address is a small part of the puzzle. To properly complete your CDD obligations, you need to adopt a risk-based approach and really know your client.

A client risk assessment needs to be documented and refreshed (at minimum annually) to highlight any changes in the circumstances, behaviour or risk profile of each client. This can be a manual task or there are efficient ways to record your CDD and ongoing monitoring actions.

Key Customer Due Diligence shortcomings identified by the CPA Ireland Thematic Review included:

  • ID and Proof of address not certified as a true copy of the original
  • ID out of date, therefore no evidence of active monitoring
  • Proof of address not appropriate i.e. a document not fixed to an address of the individual (Mobile phone bill etc.)
  • No RBO check evidenced on file for corporate entities
  • No certificate of incorporation or other verification of a corporate entity
person writing in notebook
A simple plan for Success

Reviewing or refreshing your AML compliance procedures and client files does not have to be an all-consuming or large-scale project. Establishing a simple plan with an approach that works for your business will help achieve a successful outcome.

A simple plan could include:

  1. Conducting a gap analysis to identify compliance shortcomings and prioritise your response. The 60-second checklist is a great starting point.
  2. Establishing a resolution plan to address shortcomings. Identify if any external resource or collateral is required. Allocate tasks and set target dates for completion.
  3. Considering different strategies for some of the bigger tasks, especially if they require interaction with your clients.
  4. Tracking progress and planning for ongoing periodic reviews

Before starting any project, the approach has to be appropriate for your individual business. For example, if you need to refresh your client ID / proof of address documents, it might work better if this task is spread across the year when you are naturally engaging with each client (e.g. VAT return, Payroll, Annual Return).

Alternatively, you could adopt a big bang approach and undertake a full client refresh campaign when support is available from seasonal staff, or during a rare occasion when there is time for administrative actions.

AML obligations are onerous and can often appear disproportionate. Processes contain repetitive and resource-intensive tasks that can result in a box-ticking exercise. AML software solutions deliver automation opportunities; however, the first step in any organisation is to make sure you understand the obligations and assess your current performance.

Make anti-money laundering compliance easy with AML HQ

Our comprehensive platform includes all the tools accountants, bookkeepers, and tax advisory firms require to meet regulations and quickly onboard customers.

aml hq logo
kevin kerrigan headshot
Kevin Kerrigan

Founder and COO of AML HQ

Kevin.Kerrigan@amlhq.com

Get in touch if you would like a free AML-health check or to learn more about how technology can help you meet your AML obligations.