Every financial institution and listed business shall conduct risk based, independent reviews of its AML/CFT/CPF policies and procedures, to ensure implementation in accordance with the laws of Trinidad and Tobago and guidelines issued by the relevant Supervisory Authority.33.
An independent review can be conducted by an internal or external professional who is sufficiently independent of the compliance function as well as independent of the lines of business which require implementation of compliance policies and procedures.
Financial institutions and listed businesses are required to conduct an independent review which covers:
• compliance with the AML/CFT/CPF legislation and guidelines;
• reliability, integrity and completeness of the design and effectiveness of its compliance risk management function; and
• the reliability, integrity and completeness of the design and effectiveness of its internal controls framework.
This review must be conducted at a frequency based on the Listed Business’s assessed risk, at a minimum of once every 3 years.
In addition to the independent review mentioned above, financial institutions are also required to conduct another type of independent review, at least once every year, which covers a review of the Compliance Programme and testing of customer/member files and transactions, on a risk sensitive basis.
The report of each review, with recommendations, should be submitted to the Board of Directors or senior officers (where applicable) of the entity and to the relevant Supervisory Authority.
Who can conduct an independent review?
An independent review (or AML/CFT/CPF audit) should be conducted by an independent auditor or competent professional who shall be specifically trained to undertake such an AML/CFT/CPF review/audit.
When sourcing an independent auditor or competent professional to conduct this AML/CFT/CPF audit the financial institution or listed business should conduct some level of due diligence to confirm the candidate has the requisite competence. This will be dependent on:
• The nature of business and complexity of the financial institution or listed business; and
• The qualification and experience of the candidate seeking to conduct the audit.
A competent professional should have qualifications in Law, Accountancy, Business, Management or other relevant qualifications and sound knowledge of AML/CFT/CPF laws and regulations and FATF standards as evidenced by certification and/or sufficient experience in AML/CFT/CPF.
Note: It is strongly recommended that the financial institution or listed business conduct all necessary due diligence on the competent professional, including reference check, etc. before accepting their services.
Scope and methodology of an independent review
The scope and methodology of an AML/CFT/CPF independent testing is relative to the financial institution and listed business. Once again, the independent review is dependent on the nature of business activities, types of transactions/payment accepted, volume of transactions, the risk assessment and history of AML/CFT/CPF compliance.