Following the inspections carried out by the Financial Services Commission (Hereinafter referred to as “the FSC”), the Regulator has now brought amendments to the FSC AML/CFT handbook (“the handbook”) to assist financial institutions in applying national measures to combat money laundering and terrorist financing and in complying with Financial Intelligence and Anti-Money Laundering Act 2002 (‘FIAMLA’) and the Financial Intelligence and Anti-Money Laundering Regulations 2018 (‘FIAML Regulations 2018’).

The FSC has amended the handbook to include a new chapter on independent audit and additional provisions to assist financial institutions in implementing an adequate business risk assessment.

The key amendments are as follows:

Chapter 4 – Risk Based Approach

• The FSC has now outlined the responsibilities of Management, Compliance, and Risk Assessment

• The FSC details the system to be adopted for risk management. The FSC outlines that the financial institution is expected to perform the whole cycle of identification, analysis and testing of the effectiveness of controls at regular intervals. This is because risks are not static

• The Handbook also outlines that the risks of ML/FT vary from business to business and are not static and such it is the responsibility of the financial institution to identify the vulnerabilities and risks faced, maintain an up to date understanding of these risks, and develop and implement appropriate strategies to mitigate and control those identified risks

• The Handbook also provides that the risk provided under Chapter 4.3 of the handbook are not limitative and it is for the financial institution to assess and decide what is appropriate and relevant in the circumstances of the business

Chapter 13 – Independent Audit

• The Handbook has provided guidance on who can conduct the Audit. As per the FSC, it can be either an internal or external person however the person must be independent from the operational and executive team

• The Handbook also provides that The person or firm conducting the audit should have the necessary skills, qualifications, relevant experience of the audit process, have a proper understanding of the FIAMLA and its supporting regulations as well as sufficient knowledge of the financial institution industry

• The Handbook now put forward certain non-exhaustive criteria to assess the independence of the independent auditor. Such criteria are as follows:

    – Was the audit professional involved in the development of the entity’s risk assessment? Or the creation, implementation or maintenance of the AML/CFT programme?

    – Does the audit professional have financial interest in the business? If yes, would their interests be harmed by the results of the audit, or could there be influence over the audit outcome?

    – Does the audit professional have any relationship with any shareholder, director, senior management and or employees?

• Following the supervisory cycle during which the FSC had the opportunity to look at independent audit report, the regulator has now provided for key areas of the AML/CFT framework of the Financial Institution which must be tested and reviewed

• The Audit report must also be signed and dated. The Independent Auditor is expected to make recommendations wherever there is a need to make findings. The Board of the Financial Institution must then take corrective actions to address such deficiencies.

• There is no statutory requirement to file the audit report with the FSC unless so directed by the Regulator.