If you work in the financial services sector and you don’t like the thought of internal audit, perhaps you’re in the wrong business. If that sounds surprising, think about this: what other function provides the opportunity to drill down and analyse an entire transaction from first contact all the way to its conclusion and outcomes? And then consider whether you have the tools to do this well.
Internal audit is part of a process
Being part of a process is what makes it powerful. But there is an important qualification: to work well it needs to operate within a culture of accountability but no blame. Then it can leverage the enquiry to fully understand what happens with each transaction – and learn accordingly. Then comes the capacity to build and maintain efficient and effective compliance, and a healthy business as a result.
There are other functions involved too. First there are those who work with customers, starting with the onboarding process to assess and manage risk. They’ll be applying policies in the context of their business and its objectives. A second layer is made up of those who have drafted the policies, and provided the tools and frameworks within which they can be implemented. Regular interaction between these core functions makes them more robust.
Practical implementation matters
Ensuring effective compliance is about more than following rules. A lot is contextual, so what’s appropriate for one business may be inappropriate for another. Much depends on the levels of exposure to risk and this may vary between transactions as well as between businesses.
There are other ways internal audit does not operate in a vacuum. It’s closely aligned with risk assessment and monitoring – which deserve close scrutiny not explored in detail here. For that, I’d recommend a recent article by Jean-Michel Ferat and Shelly Mady in Global Investigations Review*.
Instead, let’s return to the mechanics of the internal audit, and in particular how it can be conducted efficiently.
Internal audit should strengthen compliance
Compliance serves two purposes. Good compliance with relevant laws and regulations should result in effective policies which reduce the likelihood your business is damaged by unlawful or criminal activity. Secondly, good compliance reduces the risk of your falling foul of regulations – which could result in substantial fines and loss of reputation.
Internal audit plays a vital role in ensuring good compliance. In turn, it depends on having all the right information available when it’s needed. In short, compliance systems need to be comprehensive and integrated throughout your business.
The wish list: integration for seamless risk management and constant audit readiness
What’s needed is a set of integrated services that effectively collects information and assesses risk on a continual basis – from the start of Onboarding to checks for Anti-Money Laundering, Counter-Terrorism Funding and Sanctions lists, and including Politically Exposed Persons evaluation.
In the process, each action needs to be recorded, thus building a real time, always available, audit trail. No more tedious gathering of data from multiple sources. It’s always there, in one place.
Thus, compliance, risk assessment, monitoring and audit are parts of the same stream of activity. They become interconnected processes that constantly inform each other. They provide continual learning, so the business can act safely and smoothly, with compliance as a natural outcome.
The challenge is that many businesses use multiple systems for these processes. Consequently, audits can be cumbersome, slow and vulnerable to missing data. In that scenario, business are regularly at risk from financial crime and unintended breach of compliance.
Except it doesn’t have to be that way. Full integration, always-on transaction monitoring, and the creation of an always-ready audit trail is already available. It’s called Compli, from Essiell Compli.
By Bjorn Larsson, Chairman of Essiell Compli.
Compli is a unique suite of integrated compliance services designed to deliver comprehensive checks for KYC, AML, CTF sanctions busting and political exposure. With always-on transaction monitoring, it provides the ideal set of tools to support safe and seamless business practices in the financial services sector. In turn, it enables an always-ready audit trail.
Compli is infinitely scalable and customizable to individual business requirements. It functions worldwide with an intuitive user interface.
If you’d like to find out more about Essiell Compli and Compli and how we can help your business stay safe, remain compliant, and defeat financial crime, why not book a call back or a demo?
You can also get in touch via our website www.essiell-compli.com , or by email to enquiries@essiell-compli.com