AML Software

The easy to use compliance management platform. Automate manual tasks, controls and processes by moving to a digital solution. One platform, one process, one overview.

AML Audits NZ

What is an AML/CFT Audit?

AML Audits provide an independent review of how well the policies, procedures and controls protect a business from a compliance breach occurring.

The auditor will examine the key criteria of an AML/CFT compliance framework and provide a written report expressing an opinion of the strengths and weaknesses.  Where weaknesses are detected, recommendations will be made on how the business can improve its overall compliance status.

The primary areas that an auditor will examine include, (a) the business risk assessment, (b) customer onboarding, (c) staff training, (d) ongoing monitoring, (e) management reporting and (f) reviews of compliance systems.

AML audits are the best tool to protect a business from an AML/CFT compliance breach. Business owners should therefore consider an AML/CFT audit as an investment and not an unwanted cost.

When an auditor examines strengths and weaknesses of an AML/CFT compliance framework, they will consider:

Business Risk Assessment

  1. Has the risk assessment considered the required criteria of how the business is exposed to ML/FT through its (a) nature, size and complexity, (b) customers, (c) institutions (B2B), (d) the vulnerabilities of its products/services, (e)  method of delivery of its products/services (whether face-to-face or through non face-to-face channels, and (f) geography.
  2. Is the risk assessment documented and findings reasonable to enable the business to understand its ML/FT risks.
  3. Is the sector and national risk assessments referenced, along with recognition of those aspects that impact upon the business.
  4. How often is the risk assessment updated and what are the triggers for an update to occur.

Customer Onboarding

Auditors will examine the methods relied on to confirm a customer owns the identity that the customer presents.  If a 3rd party is involved in the customer onboarding process, the auditor will require the business to present its due diligence on the 3rd party to ensure reliability of those services.

AMLCFT HealthCheck

Staff Training

Training records need to be maintained including the date the training was delivered, the topics covered, whether an assessment was included and controls around training updates.

Ongoing Monitoring

Ongoing monitoring refers to management and analysis of client activity. An auditor will examine how the business is able to identify higher risk clients and the rules applied for detecting unusual or suspicious activity.

Record Keeping

Record keeping is often the cause of compliance failures.  Records need to be kept for every part of an AML/CFT compliance framework, this includes the risk assessment, programme, client onboarding, ongoing monitoring, training, transaction or account activity, internal reviews and audits.  

Automation of record keeping is the best way to ensure this essential compliance component is consistently operating.

Review of Compliance Systems

AML/CFT compliance is an ongoing process. This requires a business to have systems in place to measure the effectiveness of its compliance programme.

An auditor will look at the  processes that a business relies on for identifying strengths and weaknesses, including the steps that follow when a weakness is detected. 

Management Reporting

Business owners, boards of directors and senior executives, must be informed of the AML/CFT compliance status and risks presented by the business.  The reporting must be at the right level to enable informed decision making, without necessarily being  comprehensive or technical.  Heat maps, with the ability to drill down to further detail is sufficient. Heat maps are a practical way to transfer knowledge without requiring extensive report reading.

AML Regulatory

AML compliance platform

Compliance Status

AML Risks

Improved AML/CFT

AML Best Practice
AML Compliance-as-a-Service