AML Inspections for Accountants: What to Expect

Our clients often express concern and distress when they receive the dreaded Quality Assurance Review or Anti-Money Laundering (AML) Monitoring Visit letter. We have already supported a number of clients this year through review processes.  In this article we will attempt to demystify the AML inspection process so that you know what to prepare for and hopefully reduce some of the anxiety.

Scope of Inspections 

AML inspections can happen as part of the Quality Assurance review cycle or as part of a standalone AML inspection.  Risk analysis and profiling of practices is conducted by the professional bodies through the firms annual return process and the AML thematic reviews.  Monitoring visits are focused on those firms presenting the highest risk.  

Risk profiling can directly impact the frequency of monitoring visits.  For example, Chartered Accountants Ireland put Low risk firms on an 8 year review cycle, while high-risk firms are reviewed every 2 years.

Reviews can take place remotely or via an onsite inspection. The process will typically start with a pre-visit questionnaire or information request where you will need to provide the professional body with:

The assessment of the initial documentation can lead to further information requests.  Substantial findings of non-compliance often lead to subsequent reviews and monitoring for adherence to the required actions.   

Inspection Structure

Each professional accountancy body varies based on their individual bye laws and codes; however the overall approach and requirements are similar, and all accountants are held to the same underlying legislation.

Monitoring visits typically adopt the following structure: 

A.    Pre-visit questionnaire 
B.    Initial meeting 
C.    Closing meeting and findings
D.    Practices response to findings
E.    Escalation to professional conduct / quality assurance
F.    Regulatory action (if required)

Key Findings

AML inspections will often result in findings with required actions.  The required actions are usually well presented and often provide a practical route to compliance.  Failure to comply can result in a referral for a professional conduct investigation and potentially disciplinary action. 

Some of the common key findings raised by the professional bodies are summarised as follows:

• Incomplete or inadequate AML Policies, Controls or Procedures (PCPs). Templates are ok, but they should be tailored for the practice and signed-off by the MLRO
• Insufficient or missing Firm wide Risk Assessments
• Missing periodic reviews of Firm wide risk assessments and / or AML Policies, Controls and Procedures (at minimum annually)
• Insufficient evidence of staff AML training
• Firm wide Risk Assessments failed to identify vulnerable services provided by the firm (e.g. company formation services) or clients that present high-risk factors (e.g. high value dealers)
• Inadequate identification and / or verification of beneficial owners (incl. a check of the RBO register)
• Insufficient detail and consideration documented on the individual Client Risk Assessments  
• Missing annual compliance checks and control governance
  

AML HQ – Your Partner in Compliance

AML reviews or monitoring visits are not a problem if you are meeting your AML obligations.

Paper or Excel based AML processes are fine, however, leveraging AML software can help deliver significant time and cost savings.  The management of AML records in a central, secure system provides considerable administrative efficiencies and peace of mind when demonstrating compliance at an AML inspection.  

The key to remaining AML inspection ready is to:

1. Maintain your Firm-wide risk assessment and your AML Policies, Controls and Procedures.  Review and sign-off on them annually. Ensure they accurately reflect your business.
2. Provide staff training and document in a training log.
3. Maintain adequate AML client files.  Review risk assessments annually and conduct ongoing monitoring.
4. Conduct and document annual compliance reviews to demonstrate effectiveness. 

Compliance made easy