Money Laundering Regulations 2017—independent audit function—law firms
Money Laundering Regulations 2017—independent audit function—law firms

The following Practice Compliance guidance note provides comprehensive and up to date legal information covering:

  • Money Laundering Regulations 2017—independent audit function—law firms
  • The requirement to establish an independent audit function
  • Responsibilities of the independent audit function
  • Who should carry out the audit?
  • Audit frequency
  • Planning the audit
  • The audit report
  • Monitoring compliance with recommendations
  • The difference between independent audit and risk assessment

The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017), SI 2017/692 introduced a new requirement for certain firms to establish an independent audit function to audit their compliance with the MLR 2017. This Practice Note provides guidance on establishing an independent audit function. It sets out the key responsibilities of and best practices for the independent audit function and the differences between independent audit and your money laundering risk assessment. This Practice Note reflects the requirements of the MLR 2017, which came into force on 26 June 2017.

The requirement to establish an independent audit function

The Financial Action Task Force (FATF) has long recommended that financial institutions' anti-money laundering (AML) and counter-terrorist financing (CTF) programmes include an independent audit function to test their systems. In the UK, for example, the Prudential Regulation Authority (PRA) Rulebook and Financial Conduct Authority (FCA) Handbook require certain financial institutions and financial services providers to have an independent audit function to examine and evaluate the adequacy and effectiveness of the firm's systems, internal control mechanisms and arrangements generally (not limited to AML and CTF)—see, eg FCA Handbook, SYSC 6.2.1 R. The FATF's recommendation was extended in the fourth Money Laundering Directive (4MLD) to all types of entities to which it applies.

This does not mean all firms