This article is based on a Jade ThirdEye Spotlight on AML podcast, which featured AML/CFT auditing specialist Martin Dilly, who spoke on AML Programme Audits, Independent Reviews, and Assurance.
What impact did COVID-19 have on AML/CFT programmes?
The pandemic and ensuing lockdowns certainly did prove some challenges for reporting entities and auditors alike – no one around the world was immune to its impact. It highlighted a few things for me.
Remote auditing can be done, but in-person audits are better.
Lockdowns saw an increased demand for remote audits, which I generally try to avoid. My preference is to always to go onsite and sit with people and sit with their systems. It just tends to work better. Unfortunately, there are increasing challenges with accessing a company’s systems remotely, as in many cases, the staff were also accessing their systems remotely, and it doesn't always work.
One example was when I was carrying out a remote audit during a lockdown and was asking them to click something on the screen. They then asked me what screen I thought they were on. It turns out the lag had meant they were actually two screens ahead of where I thought they were.
COVID-19 saw the rapid uptake of new AML technology and services
Perhaps the most significant impact that COVID-19 and lockdowns had was that it made reporting entities revisit and perhaps speed up their implementation of new technology like electronic identity verification and outsourcing of customer due diligence (CDD). It became increasingly harder to meet customers face-to-face, get documents, certified copies, etc. So, it was natural that these sorts of services would rise in popularity.
Onus on reporting entities to understand new AML technology and services
When you take on any new system or provider, you have to ensure your AML programme and processes are updated. For example, consider how those processes fit into your wider CDD framework. The introduction of new systems and processes was where I started to see gaps in reporting entities' programmes. They had put things in place very quickly but hadn't thoroughly thought through the changes or the flow-on effects to the rest of their processes.
If you outsource CDD, do take care with any provider of these types of services. The onus is on you as a reporting entity to make sure the services meet your compliance needs. Make sure you understand what they are providing, what they are not providing, and what you need to do to make sure you meet your AML requirements and risk appetite for your programme.
Martin Dilly is an AML auditor advisor, who has consulted full time as an AML/CFT specialist since 2012. Martin has assisted hundreds of entities across every sector through the provision of audit consulting and training services in New Zealand, Australia, Samoa, and Vanuatu.