20 February 2018
Thomas Hook

Thom Hook

Thomas Hook - Pegasystems Inc.

15Posts 95,926Views 0Comments
Finextra community

Financial Services Regulation

This network is for financial professionals interested in staying up to date on financial services regulation happening anywhere in the world. CFOs, bankers, fund managers, treasurers welcome.

AML Internal Audit: Friend Not Foe

27 February 2017  |  3744 views  |  0

I’ve been on both sides of this coin. When I worked in a Financial Intelligence Unit in a major global financial institution, internal audit was looked at as an enemy. Internal auditors were there to play “gotcha” and expose any error, no matter how small. My first thought was not, “how can they help us improve the program?” but rather, “how can we get them out of our hair as fast as possible?” Subsequently, I did a lot of work training AML internal audit teams at various financial institutions and conducting AML independent examinations and internal audits myself. I couldn’t believe it, I was part of the dark side. But while in that role, I realized how important AML internal audit is and what a tremendous resource they can be for a compliance program. 

For anyone who has done any writing, they know that if you are reviewing your work over and over again, you stop noticing mistakes. Not because they aren’t there, but because you are too close to the work to see them. That’s when another set of eyes can be invaluable in spotting errors and ways that you can improve what you wrote. The same concept applies to internal audit.  When you are running an AML compliance function, you are deep in the weeds and focused on the day to day operation – you may be too close to see potential problems. You need a separate set of eyes to make sure you aren’t missing something.  Enter AML internal audit. Your editor, your partner, your third line of defense. They are there to spot the problems before the regulators do. Doesn’t that sound invaluable?

Work together, this isn’t a game of “gotcha,” this is a partnership in creating a top notch compliance program.  AML internal audit has a vested interest in it as well. When a compliance failure is identified by regulators it isn’t just compliance that catches heat, internal audit gets hit too for not spotting the problem first (it’s their job after all). In her speech regarding AML to the Securities Industry and Financial Markets Association (SIFMA) in February 2017, Susan Axelrod, the Executive Vice President of Regulatory Operations for US regulator Financial Industry Regulatory Authority (FINRA), stated “[a]nother commonly cited area is a firm’s independent testing efforts. Put simply, we continue to see tests that are inadequate, such as tests reflecting a review of procedures, but not implementation of those procedures.” Regulators are not just looking at compliance, they are looking at internal audit too.

Redefine and reset your approach to the compliance/internal audit relationship. Compliance should be open and forthright during audits and not make it difficult for internal audit to do their job.  Don’t fight things that are clearly issues, instead focus on working with audit to identify the best way to fix the issues. At the same time, AML internal audit should not make mountains out of mole-hills or assume that the reason for an issue (small or large) is that compliance is inept. Instead, dig for the root cause of issues. Mistakes happen and often external factors out of compliance’s control (e.g., staffing shortages) can lead to issues. Identifying those root causes and helping identify solutions is what makes internal audit truly valuable. Through this approach, compliance and audit can support each other. If it is a staffing issue, internal audit can highlight this and reinforce compliance’s request for additional resources.  If it’s a technology issue, internal audit can help compliance identify the best solution and push for the budget to get it.

AML internal audit can also be proactively helpful.  Instead of just auditing existing programs, truly make them your partner. Bring them in to help with your decisions if you are making changes to your program or identifying a new compliance technology to implement.  They should have a seat at the table early, because it’s better to get their opinion up front before a problem occurs rather than afterwards.

You’re in this together. It’s still the beginning of the year, so start off your 2017 partnership on the right foot. 


TagsRisk & regulationInnovation

Comments: (0)

Comment on this story (membership required)

Latest posts from Thomas

A Technological Approach to Identifying Beneficial Ownership

11 December 2017  |  4422 views  |  0 comments | recomends Recommends 0 TagsRisk & regulationInnovationGroupFinancial Services Regulation

Financial Crime Compliance Benefits of Blockchain and DLT

11 September 2017  |  8998 views  |  0 comments | recomends Recommends 0 TagsBlockchainRisk & regulationGroupFinancial Services Regulation

Thomas's profile

job title Director - Risk, Compliance & Onboarding
location Cambridge
member since 2016
Summary profile See full profile »
Thom provides industry expertise to the development of Pega KYC and CLM and other financial crime compliance solutions. With several years of AML and Sanctions experience, Thom has worked in audit, co...

Thomas's expertise

Member since 2016
15 posts0 comments
What Thomas reads
Thomas's blog archive
2017 (9)2016 (6)

Who's commenting on Thomas's posts