The Seven Steps of an Effective

AML Auditing Program

 The Seven Steps of an Effective AML Auditing Program
2 // 6

Many financial institutions struggle to build effective audit procedures for

Anti-Money Laundering (AML). Unlike other audits for other disciplines, AML
requires analysis and evaluation using different perspectives and different
methodologies. This places pressure on AML auditors, as the success of an
assessment depends on the institution’s AML program documentation, tasks,
processes, monitoring and reporting.

For an AML auditor to effectively perform an assessment, the department being

examined must clearly show evidence, methodologies and process documents.
That’s why a detailed, clear program is central for a productive and successful
AML audit.

The secret to simpler AML audits

AML audits are only as effective as the results they produce. To ensure your AML audits return the
required information, you’ll need to do much more than just gather materials.

You’ll require a strong program and solution tools, and you’ll need to take a series of additional
steps that often get overlooked. Here’s our concise seven step guide, which will help you build an
effective AML auditing program.

1. Clarity

Clearly define your audit goals and objectives. AML audits can be conducted as part of routine
procedures or for a set specific purpose.

2. Expertise

Assign an auditor knowledgeable in Anti-Money Laundering laws, regulations, and

expectations. Auditors who lack AML experience can potentially miss gaps or weaknesses in
an AML program. AML audits need to incorporate, at a minimum, transaction monitoring and
suspicious activity monitoring.

3. Documentation

Prepare a request list of all documents and potential supporting documentation needed
to perform a comprehensive audit. This list should be presented to the AML department in
advance, so staff have sufficient time to collate the requested items.

Often, auditors misjudge how much time it takes for the AML team to obtain this information.
As a result, that leads to a last minute rush and insufficient attention to detail.

Don’t skimp on documentation. Be sure your work papers and other supporting documents back
up your audit plan and maintain sufficient evidence of testing and results. Additional support
may be needed for higher-risk observations.
 baesystems.com/aml
3 // 6

4. Interview

Prepare a list of interview questions in advance for personnel, including specific questions for the
AML Officer. AML auditors will require an overall understanding of the AML department’s program,
procedures, operations, and daily activities. This information may not be easily accessible within the
written program.

5. Report

Obtain audit reports from the Compliance Department’s solution program in advance. Effective
auditing also relies on the AML department’s ability to adequately and efficiently produce its own
audit reports.

The Compliance Department must have a solution in place capable of producing various audit reports
with adequate and comprehensive supporting documentation.

6. Review

Ensure detailed reviews of the AML audit reports are conducted. The reports generated by the AML
solution you have in place should be quantified, have appropriate terminology, unfamiliar terms
defined, link findings to customers, transactions, or entities, and have images or diagrams to support
the presentation of results.

7. Diligence

Make sure your sample sizes are sufficient and representative. Higher risk issues like Money Services
Businesses or privately owned ATMs should be more closely examined than lower risk activities. Are
you looking at enough accounts? The right accounts? Are you focused on the correct time periods
for testing?

Results
Comprehensive
review of AML risk
assessment

AML policies,
procedures, and
processes review
Checklist
Assemble Documentation
knowledgable Audit plan based Stage
AML audit team on evaluation of
risk assessment
Develop and
implement
sufficient testing
plans for controls,
processes, and
monitoring
Structured Track and
interviews with confirm resolution
AML officer and of identified
AML staff issues
 The Seven Steps of an Effective AML Auditing Program
4 // 6

Transparency is key
Transparency is critical for a successful audit (and a successful AML operation). The easier it is for
regulators to understand how you have defined, documented, controlled and audited risks, the more
comfortable they will be with your AML audit effort and results. It’s vital you assess your AML audit
program through a Regulator’s eyes, and ensure that your plan and documentation will withstand the
scrutiny it’ll undoubtedly receive.

Effective AML audit programs should provide insight and ultimately support the financial institution’s
goals and business strategies, rather than be steered by a required number of findings or exceptions.

Adopt a risk-centric approach

Tie your audit plan to your risk profile. Just as your internal controls should reflect your unique
geographic, product and customer risks, so too must your AML audit plan. The value added to a
financial organisation as a result of an effective AML audit can be priceless.

1 2 3
Obtain prior to audit kick- Planning - AML audit End of day - Results and
off - Initial Documentation approach Findings

• Comprehensive enterprise • Clearly defined AML audit • Detailed report of findings

AML risk assessment strategies to board and senior
management

• Methods of risk assessment • Properly scoped and

(determining high risk documented audit plan • Follow up plans to confirm
customers, PEPs, MSBs, etc.) specific to AML any issues or concerns have
been properly addressed
and/or resolved
• Written policies and • Comprehensive risk-based
procedures testing plans.

• Training materials

• AML Solution generated

audit reports.
 baesystems.com/aml
5 // 6

Talk to our AML experts

At BAE Systems, we work with global banks, insurers and governments to provide intelligence and
solutions to combat fraud and financial crime. We aim to protect your organisation, your customers
and your reputation.

Our range of solutions can help identify, combat and prevent financial threats, as well as reducing risk,
loss or penalties and ensuring your institution is fully compliant with regulatory obligations.

To find out more about BAE Systems and how our AML solutions can
help you, visit us at
http://www.baesystems.com/aml or email learn@baesystems.com

BAE Systems, Surrey Research Park, Guildford, Surrey, GU2 7RQ, UK

E: learn@baesystems.com | W: baesystems.com/aml

linkedin.com/company/baesystemsai

twitter.com/baesystems_ai

Copyright © BAE Systems 2019. All rights reserved.

BAE SYSTEMS, the BAE SYSTEMS Logo and the product names referenced herein are trademarks of BAE Systems plc. BAE Systems Applied Intelligence
Limited registered in England & Wales (No.1337451) with its registered office at Surrey Research Park, Guildford, England, GU2 7RQ. No part of this
document may be copied, reproduced, adapted or redistributed in any form or by any means without the express prior written consent of BAE Systems
Applied Intelligence.