Section 10: Independent Audit Function
| No: 18318/486 | Date(g): 17/11/2019 | Date(h): 20/3/1441 |
Effective from 2019-11-17 - Nov 16 2019
To view other versions open the versions tab on the right
| In order for the financial institution to ensure the adequacy and appropriateness of the risk-based approach, the financial institution shall have the AML/CTF internal controls tested by an independent party to ensure that they are adequate to ML/TF risks and implemented effectively. However, the internal or external auditors involved shall have sufficient experience to conduct a risk-based test of the effectiveness of implementing the AML/CTF policies and procedures approved by the financial institution. | |
| Article (14/1) of the Implementing Regulations of the Anti-Money Laundering Law and Article (18) of the Implementing Regulations of the Law on Combating Terrorism Crimes and Financing state the obligations of the financial institution that include setting up an independent audit mechanism to test the effectiveness and adequacy of the AML/CTF policies, procedures and controls. | |
10.1 | The financial institution shall put in place appropriate arrangements for the independent audit function, including providing sufficient resources to test compliance with the AML/CTF requirements and ensuring that the independent audit employees are qualified and have the necessary professional competence and capabilities to examine the compliance of all units in the financial institution with the AML/CTF requirements. |
| 10.2 | The auditor in the financial institution shall work independently of the AML/CTF function, and the financial institution shall ensure that the independent auditor is not involved in any of the functions or measures audited. |
| 10.3 | The independent auditor shall conduct an independent test of the appropriateness, adequacy and effectiveness of the AML/CTF compliance program and procedures at the level of the financial institution, document the audit results and send them to the board of directors to take the proper actions. |
| 10.4 | The independent auditor shall conduct independent tests of the AML/CTF controls, policies, and procedures and their adequacy for the risks identified. |
| 10.5 | When testing the appropriateness, adequacy and effectiveness of the AML/CTF compliance program and procedures, the independent auditor’s work shall be based on ML/TF risks and focus on the risk areas that are more likely than others to be exploited in carrying out ML/TF transactions. |
| 10.6 | When necessary, the financial institution should consider including the auditing of the appropriateness, adequacy and effectiveness of the AML/CTF compliance function within the scope of the external auditor's work. |
| 10.7 | The senior management should take adequate measures to ensure that any weaknesses or deficiencies discovered as a result of the independent audit are addressed. |