Skip to main content
Entire section Custom print Text Only Rich Text Print / Save as PDF
Download Original PDF

Section 10: Independent Audit Function

No: 18318/486 Date(g): 17/11/2019 | Date(h): 20/3/1441 Status: In-Force
In order for the financial institution to ensure the adequacy and appropriateness of the risk-based approach, the financial institution shall have the AML/CTF internal controls tested by an independent party to ensure that they are adequate to ML/TF risks and implemented effectively. However, the internal or external auditors involved shall have sufficient experience to conduct a risk-based test of the effectiveness of implementing the AML/CTF policies and procedures approved by the financial institution. 
 
Article (14/1) of the Implementing Regulations of the Anti-Money Laundering Law and Article (18) of the Implementing Regulations of the Law on Combating Terrorism Crimes and Financing state the obligations of the financial institution that include setting up an independent audit mechanism to test the effectiveness and adequacy of the AML/CTF policies, procedures and controls.

10.1
The financial institution shall put in place appropriate arrangements for the independent audit function, including providing sufficient resources to test compliance with the AML/CTF requirements and ensuring that the independent audit employees are qualified and have the necessary professional competence and capabilities to examine the compliance of all units in the financial institution with the AML/CTF requirements.
 
10.2The auditor in the financial institution shall work independently of the AML/CTF function, and the financial institution shall ensure that the independent auditor is not involved in any of the functions or measures audited.
 
10.3The independent auditor shall conduct an independent test of the appropriateness, adequacy and effectiveness of the AML/CTF compliance program and procedures at the level of the financial institution, document the audit results and send them to the board of directors to take the proper actions.
 
10.4The independent auditor shall conduct independent tests of the AML/CTF controls, policies, and procedures and their adequacy for the risks identified.
 
10.5When testing the appropriateness, adequacy and effectiveness of the AML/CTF compliance program and procedures, the independent auditor’s work shall be based on ML/TF risks and focus on the risk areas that are more likely than others to be exploited in carrying out ML/TF transactions.
 
10.6When necessary, the financial institution should consider including the auditing of the appropriateness, adequacy and effectiveness of the AML/CTF compliance function within the scope of the external auditor's work.
 
10.7The senior management should take adequate measures to ensure that any weaknesses or deficiencies discovered as a result of the independent audit are addressed.