What is an independent review?
Every financial institution and listed business shall conduct an independent review of its AML/CFT policies and procedures at least annually to ensure implementation in accordance with the laws of Trinidad and Tobago and guidelines issued by the relevant Supervisory Authority.
An independent review can be conducted by an internal or external professional. However, where an internal audit is not feasible, the FIU would accept an external audit report. Click here for Guidance on Independent Testing
The report of the review, with recommendations, should be submitted to the Board of Directors of the entity and the relevant Supervisory Authority.
Who can conduct an independent review?
An independent review (or AML/CFT audit) should be conducted by an external auditor or competent professional who shall be specifically trained to undertake such an audit.
When sourcing an external auditor or competent professional to conduct this audit the financial institution or listed business should conduct some level of due diligence to confirm the candidate has the requisite competence. This will be dependent on:
• The nature of business and complexity of the financial institution or listed business; and
• The qualification and experience of the candidate seeking to conduct the audit.
A competent professional should have qualifications in Law, Accountancy, Business, Management or other relevant qualifications and sound knowledge of AML/CFT laws and regulations and FATF standards as evidenced by certification and/or sufficient experience in AML/CFT.
Scope and methodology of an independent review
The scope and methodology of an AML/CFT audit is relative to the financial institution and listed business. Once again, the audit is dependent on the nature of business activities, types of transactions/payment accepted, volume of transactions and history of AML/CFT compliance.
Typically, every audit should test compliance in the following areas:
- Compliance Programme
- Compliance Officer functions and effectiveness
- Implementation and Effectiveness of Internal Controls
- Reporting Obligations
- AML/CFT Training and
- Record Keeping Obligations