The OCC and NYSDFS both released guidance on the topic in 2014 and firms should take note. How serious can it get? NYSDFS nearly stopped Standard Charter from doing business in its state after misconduct was uncovered with its auditor, Deloitte. In today’s regulatory environment, with outside pressures from Congress and others, there are likely other agencies looking to make examples of offenders.
So, going forward, what does the OCC, Fed and NYSDFS expect from financial institutions when picking auditors?
First is better documentation detailing the independence of your auditors. Banks will be required to proactively disclose and document any personal or financial relationship with independent auditors and failure to do so could result in regulatory sanctions.
Secondly, and as always, the audits should be high quality and truthful. Not all programs will be perfect all the time. Firms and independent auditors have a responsibility to document blemishes and detail plans to fix any major issues.
We recommend doing an independent audit of AML and compliance programs every 12 to 18 months. Some firms have a regulatory requirement to do them more frequently, but most can proactively set their own schedule.
Independence is obviously a key area regulators are looking at right now, but don’t lose sight of three other critical components when selecting an auditor:
- Confirm the auditor uses standard, global industry best practices and thoroughly documents each step in the process. Regulators expect documented answers to any questions they may have.
- Verify the auditor will provide experts in AML and compliance to work on your project, not that they claim to have them on staff. Mistakes and misinterpretations of rules won’t work well in this environment of heightened regulatory and legislative pressure.
- Make sure your organization has input into the final work product. It will not do your firm any good if auditor conclusions are inaccurate or their recommendations are not realistic for your firm.
So, while auditor ‘independence’ will be the hot AML topic for regulators in 2014, firms should not forget the other core components when measuring the success of their compliance programs.
About the Author: John Walsh, CEO of SightSpan
An industry leader in financial crime risk management, financial institution and corporate security, anti-money laundering and combating terrorist financing, he founded SightSpan Inc, in 2007, and serves as CEO. He has held several high-level positions in the financial services industry, including leadership roles at Wachovia Bank, Bank of America, Merrill Lynch and international trading entities. With more than 25 years of experience in the financial services sector in the US and the Middle East, Europe and Latin America, his expertise and insight into international business management, compliance, security and overall operational risk management distinguish him as a leader in financial crime detection and control.