How to Build an Audit Risk Assessment Tool to Combat Money Laundering and Terrorist Financing
Author: Jonathan Estreich, CAMS-Audit
The primary objective of this white paper is to offer specific considerations and suggestions for how a financial institution’s internal audit department (“Audit”) can design a firm‐wide AML risk assessment (“AMLRA”) tool that: 1. improves the auditor’s ability to identify relevant AML risks; 2. sets the foundation for thoughtful and supported risk determinations; and 3. produces results that can assist in the development of an audit plan that satisfies current regulatory expectations for deterring money laundering and terrorist financing.
Internal audits are critical for proactively identifying deficiencies and for ensuring that financial institutions (“FIs”) maintain AML functions and programs that are aligned with supervisory requirements and examiner expectations. The selection of these audits — as represented by an audit plan — is the primary roadmap for AML testing activities and is often determined by a risk assessment. A notable challenge relating to the compilation of an audit plan that effectively captures AML risk lies with the initial design of the risk assessment tool1, which should, at a minimum, produce meaningful results that the audit department can interpret, analyze and use to build an appropriate risk‐based plan.