14.6. Audit
14.6.1. Audit obligation
An Authorised Person must ensure that its audit function, established under GEN 5.5.1 includes regular reviews and assessments of the effectiveness of the Authorised Person's AML policies, procedures, systems and controls, and its compliance with its obligations in these Rules. Guidance on audit
- (a) The review and assessment undertaken for the purposes of AML 14.6.1 may be undertaken:
- (i) internally by the Authorised Person's internal audit function; or
- (ii) by a competent firm of independent auditors or compliance professionals.
- (b) The review and assessment undertaken for the purposes of AML 14.6.1 should cover at least the following:
- (i) sample testing of compliance with the Authorised Person's CDD arrangements;
- (ii) an analysis of all notifications made to the MLRO to highlight any area where procedures or training may need to be enhanced; and
- (iii) a review of the nature and frequency of the dialogue between the senior management and the MLRO.