Independent Compliance Auditing
2.4.1.19 In accordance with Paragraph 15(1)(ba) of Schedule 3, the firm shall establish an independent audit function (where appropriate, having regard to the ML and FT risks, and the size and nature, of the specified business in question), for the purpose of evaluating the adequacy and effectiveness of the policies, procedures and controls adopted by the specified business to comply with Schedule 3, the Relevant Enactments and the Handbook.
Guernsey Financial Services Commission Handbook on Countering Financial Crime and Terrorist Financing 10 July 2023
With 22+ years of building, reviewing and navigating the fast changing world of regulatory compliance. We walk through and review the compliance cradle to grave on AML/CFT risks.
- Handbook Gap analysis
- BRA coverage and identified risks
- Policies managing the BRA risks
- Key Controls (PEP, Sanctions and Screening)
- CMP and CMP Testing veracity
- Procedures and process design effectiveness testing
Independent Reviewer (Skilled Persons)
We have experience in undertaking remediation exercises and have worked on some of the largest and complex cases in the Bailiwick. We can help you build a change project and help your relationship with the Commission.
With us, you will have experience persons and reviewers in funds and investments.
Business Risk Assessments (Rebuilds or Reviewing)
We can conduct a review of a ML, TF and PF (Money Laundering, Terrorist Financing and Proliferation Financing) business risk assessment, we undertake the following steps:
Understand the scope and purpose of the risk assessment with you the customer. This will help in determining whether the assessment will be conducted comprehensively and in accordance with the relevant laws and regulations.
- The methodology used for the risk assessment will be reviewed and understood as part of the scope. This includes the sources of information used, the analysis undertaken, and the assumptions made. The methodology needs to be rigorous and transparent.
- Evaluate the risk assessment process: The process used to conduct the risk assessment should be evaluated. This includes the involvement of key stakeholders, the level of expertise of those involved, and the documentation of the process.
- Review the adequacy of your controls: The risk assessment should identify the risks of ML and TF faced by the business and evaluate the adequacy of controls in place to manage those risks. We will assess whether the controls are appropriate as identified in the scope, effective, and proportionate to the risks identified.
- Review the quality of documentation: We will check the quality of the documentation produced as part of the risk assessment. This includes the clarity of the language used, the completeness of the information provided, and the accuracy of the data.
- Identify areas for improvement: The reviewer should identify any areas where the risk assessment could be improved. This may include recommendations for additional controls, areas where the documentation could be improved, or suggestions for changes to the methodology used.
- Provide feedback and recommendations: The final step would be to provide feedback and recommendations to the business based on the findings of the review. The feedback should be constructive and provide the business with actionable steps to improve your ML and TF risk management practices.
