Enhancing AML/CFT Audits for Financial Institutions – Singapore’s First Industry-Led Best Practice Paper; MAS Circular on Audits of AML/CFT Policies, Procedures and Controls

On 21 October 2024, the Monetary Authority of Singapore (“MAS“) issued a Circular on “Audit of AML/CFT Policies, Procedures and Controls” (“Circular“). Concurrently, the Association of Banks in Singapore (“ABS“) in partnership with the Anti-Money Laundering Peer Group (“AAPG“) also launched Singapore’s first industry-led best practice paper (“Best Practices Paper“) to enhance Anti-Money Laundering/Countering the Financing of Terrorism (“AML/CFT“) audits in banks.

Financial institutions (“FIs“) must maintain an audit function to provide an independent and regular assessment of the effectiveness of their AML/CFT policies, procedures and controls, and compliance with MAS’ requirements. To achieve this, FIs are expected to have established policies to steer their periodic AML/CFT audits, and to escalate audit observations for the Board and Senior Management (“BSM“) oversight of money laundering/terrorism financing (“ML/TF“) risks. 

FIs should conduct a gap analysis of their existing audit practices against the practices set out in the Circular and the Best Practices Paper.

The Circular provides additional guidance for FIs in determining the scope of their regular audits and their approach to validate the effectiveness of existing controls:

  1. BSM should ensure that the audit function is adequately resourced with sufficient AML/CFT expertise, commensurate with the size and nature of the FI’s business.
  1. To determine the scope of their periodic AML/CFT audit, an FI’s audit function should: (i) conduct regular AML/CFT risk assessments, and (ii) ensure that the frequency and intensity of AML/CFT audits are commensurate with identified ML/TF risks.
  1. FIs should consider the use of data analytics (DA) for more effective AML/CFT audits, which can better identify key risk areas for audit and identify accounts and transactions requiring closer scrutiny.

The Best Practices Paper:

  1. Provides a common framework to formulate and execute such audits for (i) bank internal auditors; and (ii) external auditors that work with banks.
  1. Sets out: (i) Baseline Standards: Expected minimum audit standards and practices that internal and external auditors should adopt; and (ii) Best Practices: Existing good practices which auditors are encouraged to adopt in line with the risk profiles of their bank or clients, for auditors to consider when conducting such audits.
  1. Provides detailed guidance on several focus areas for both internal audit and external audit functions. Examples include: (i) risk assessment; (ii) the scope and methodology of audits; (iii) reporting and following up on findings; (iv) the nature and extent of external audit coverage; and (v) case studies on how FIs could deploy data analytics to enhance their AML/CFT audit processes, for instance to identify higher risk customers/segments for closer audit scrutiny.

Click on the following links for more information:


 

Disclaimer

Rajah & Tann Asia is a network of member firms with local legal practices in Cambodia, Indonesia, Lao PDR, Malaysia, Myanmar, the Philippines, Singapore, Thailand and Vietnam. Our Asian network also includes our regional office in China as well as regional desks focused on Brunei, Japan and South Asia. Member firms are independently constituted and regulated in accordance with relevant local requirements.

The contents of this publication are owned by Rajah & Tann Asia together with each of its member firms and are subject to all relevant protection (including but not limited to copyright protection) under the laws of each of the countries where the member firm operates and, through international treaties, other countries. No part of this publication may be reproduced, licensed, sold, published, transmitted, modified, adapted, publicly displayed, broadcast (including storage in any medium by electronic means whether or not transiently for any purpose save as permitted herein) without the prior written permission of Rajah & Tann Asia or its respective member firms.

Please note also that whilst the information in this publication is correct to the best of our knowledge and belief at the time of writing, it is only intended to provide a general guide to the subject matter and should not be treated as legal advice or a substitute for specific professional advice for any particular course of action as such information may not suit your specific business and operational requirements. You should seek legal advice for your specific situation. In addition, the information in this publication does not create any relationship, whether legally binding or otherwise. Rajah & Tann Asia and its member firms do not accept, and fully disclaim, responsibility for any loss or damage which may result from accessing or relying on the information in this publication.

CONTACTS

Head, Financial Institutions Group
+65 6232 0456
Singapore,
Deputy Head, Financial Institutions Group
+65 6232 0482
Singapore,
Partner
+65 6232 0398
Singapore,
Co-Head, Fraud, Asset Recovery & Investigations
+65 6232 0156
Brunei, Singapore,
Partner
+65 6232 0591
Singapore,

Country

EXPERTISE

Share

Rajah & Tann Asia is a network of legal practices based in Asia.

Member firms are independently constituted and regulated in accordance with relevant local legal requirements. Services provided by a member firm are governed by the terms of engagement between the member firm and the client.

This website is solely intended to provide general information and does not provide any advice or create any relationship, whether legally binding or otherwise. Rajah & Tann Asia and its member firms do not accept, and fully disclaim, responsibility for any loss or damage which may result from accessing or relying on this website.

© 2024 Rajah & Tann Singapore LLP. All rights reserved. Rajah & Tann Singapore LLP (UEN T08LL0005E) is registered in Singapore under the Limited Liability Partnerships Act (Chapter 163A) with limited liability.