Auditors who are practitioners and employees who work for audit firms in the UAE are required to know and assess the Risk of money-laundering involved in their profession. Auditors mainly face the risk of money laundering when criminals try to exploit the services of audit professionals to make their illegal companies or legal arrangements look more legitimate. Auditors examine the accounts, records, governing structures, internal controls of entities and therefore they are in a unique position to identify the AML-CFT risks in the entities they audit.

This unique position means audit professionals must ensure that they and the companies they audit are complying with the AML-CFT compliance requirements laid out in the Cabinet Decision No. (10) of 2019 Concerning the Implementing Regulation of Decree-Law No. (20) of 2018 On Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations. This article deals with the best practices by which audit professionals can identify and assess their own ML/FT risks as well as the auditor’s responsibilities to help their clients with AML / CFT obligations. Read ahead.

AML/CFT Obligations on Auditors (DNFBPs)

Identifying and assessing ML/FT risks

Establishing, documenting, and updating policies and procedures to mitigate the identified ML/FT risks

Maintaining adequate risk-based customer due-diligence (CDD) and ongoing monitoring procedures

Identifying and reporting suspicious transactions

Putting in place an adequate governance framework for AML/CFT, including appointing an AML/CFT Compliance Officer, and ensuring adequate staff screening and training

Maintaining adequate records related to all of the above

Complying with the directives of the competent authorities of the state in relation to the United Nations Lists and council resolutions.

Assessing Auditor’s Own ML / CFT Risks

External auditors are generally involved in examining or rendering their opinion on a range of financial transactions that may expose them to money laundering risks. These activities may include the valuation of certain types of assets or liabilities; the approval of changes in a company’s capital structure or the payout of dividends; the approval of a merger or acquisition; the approval of a write-off of uncollected debt, or the use of a reserve account, or similar corporate actions etc.

Apart from that, auditors often receive payment from clients which can be proceeds from a crime. To avert such risks, the auditors should give attention to risks such as customer risk, geographic risk, channel risk, and product and services risk. The due diligence process should include the following considerations:

The type, size and complexity of the client. Check whether the client is a single legal entity or is part of a larger, more complex group

Check whether the client is associated with a high-risk country. This scrutiny must cover beneficial owners, senior managers, legal representatives or signatories, etc.

Industry/sector of the client must be scanned to assess sectoral risk

Assess the mode of communication through which the client is introduced (referral, walk-in, in-person meeting, remote communication via the internet)

Type, size, geographical origins, unusual nature of financial arrangements

For example, the risk profile of a mainland UAE public joint-stock company producing goods for domestic consumption may vary from the ML/FT risk profile of a free zone company engaged in international trade in electronics, and whose ownership involve persons from a high-risk country. The auditors should identify and assess risks based on the client’s profiles and allocate the auditor’s AML/CFT resources efficiently to mitigate the risks.

Guide to Client’s AML / CFT Internal Controls

While conducting the external audit, the auditors should examine the client’s AML / CFT internal controls, policies, procedures and governance structures. In this regard, the auditors should test the following:

1. Check whether the client has allocated appropriate resources such as AML/CFT compliance officer, senior management, risk managers etc.
2. Check if the entity’s policies and procedures are consistent with its stated risk appetite
3. Relevant internal controls, policies & procedures and governance structures must be complete and should comply with AML / CFT laws
4. Ensure the client has applied a risk-based approach in the internal controls, policies and procedures
5. Check for the extent of awareness and training of employees in connection with AML / CFT internal controls
6. Verify the effectiveness of the internal controls, policies and procedures
7. Documentation, record-keeping, and application of periodic reviews/updates in respect of the relevant internal controls, policies and procedures

Common Money Laundering Threats Auditors Must be Aware of:

The methods used by money launderers in legitimising illegal funding keep evolving and the perpetrators use sophisticated methods for laundering money. In this background, it is hard to prepare an exhaustive list of money laundering threats but research done across the world points toward three broad forms of money laundering methods. They are:

1. Concealing or disgusting the identity of the ultimate beneficial owner (UBO)
2. Concealing or disguising the illegal source of funds involved
3. Transferring or extracting value or utility from the assets for the benefit of the criminal perpetrators

Auditors should realise that their clients may use multiple forms of money laundering techniques in a single transaction or series of related transactions. Auditors should, therefore, watch for suspicious transactions of all categories. Consulting with top AML consultants in Dubai is a better way to mitigate money laundering risks.

Jitendra Chartered Accountants Can Help You

External auditors in the UAE are categorised as Designated Non-Financial Business and Professions (DNFBP) and are regulated by the Ministry of Economy for AML / CFT compliance purposes. As a DNBP, the auditors are required to abide by AML / CFT obligations such as registering in the goAML system. Failing to perform the mandatory AML / CFT obligations will result in hefty penalties up to AED 1 million, which necessitates the expert assistance of top AML consultants in Dubai such as Jitendra Chartered Accountants (JCA).

JCA has a highly qualified team that can help DNFBPs such as auditors, real estate agents, gold & precious metal traders, trusts and corporate service providers to implement a robust AML system within their organisation. JCA can provide services such as developing a compliance policy and procedures, reviewing current AML policy, implementing AML/ KYC/ CFT Plan and framework, AML audit and reporting, help with due diligence frameworks and providing AML training to the employees. Hire JCA’s AML compliance services in Dubai to fight money laundering with the best regulatory practices.