1. Stop panicking and get organized.
The examiner’s notification letter usually gives
advanced notice and requests documentation of
your AML compliance policies and procedures,
risk assessment and training programs. If the
request can be completed quickly and on
time, it conveys to the examiner that you’re
organized and you take compliance seriously.
2. Get senior management involved and
interacting. In order to demonstrate a “culture
of compliance” it is important to have senior
management interact with the examiners either
at the initial meeting and/or the exit interview.
3. Let everyone know about the visit.
Communicate the pending examination to
the various stakeholders in the firm such as
senior management, the AML department, and
business line heads. Identify someone who will
be the point of contact for the examiner. The
Chief AML Officer is typically that person.
4. Close the gaps and track your progress.
Review all issues noted in the last examination
and the action plan that was implemented
to close those gaps. Ensure that the
corrective actions and deadline dates have
been met and if not, be able to provide
the examiner with the firm’s progress.
5. Update and align the risk assessments.
Ensure the entity’s risk assessment has
been updated to reflect any changes in
services, locations, and new controls. Also
confirm that AML policies and procedures
are aligned with the risk assessment.
6. Update the AML Program. Verify that
the AML Program has been updated
with: changes resulting from the last
examination, changes to the AML
regulations, organizational changes such as
acquisitions and changes in management.
7. Receive senior management sign-off and
approvals. Confirm senior management or
the Board of Directors have approved any
revisions to the risk assessment, policies
and procedures and training programs.
8. Make information available to the
regulator. Make the following information
available: the entity’s AML compliance testing
including any reviews by internal audit or
an external service provider, the results and
any remedial actions taken or to be taken.
9. Check and double-check. Ensure the
effectiveness of suspicious activity monitoring
and reporting processes, KYC policies,
higher risk client identification, enhanced due
diligence and monitoring, PEP Screening etc.
10. Identify the issues yourself, before
they do. If there are potential issues or
deficiencies that are self- evident the
entity should consider identifying them.
It’s easy to be caught up in the anticipation of
the regulator visit. Make sure you plan ahead,
have a solid understanding of your current
status and have all the appropriate information
accessible. These can go a long way to making
the regulator visit a little more pain-free.
Forensic Accounting and
Grant Thornton LLP
Grant Thornton LLP
Ten things you need to do before a regulator comes knocking
By Robert Osbourne and Jennifer Fiddian-Green
All regulated entities, at some point, will have an examination or review by their respective regulator(s).
Receiving the notification that a firm will be subject to an examination can be stressful. This feeling is
common, but it can also indicate the firm’s preparedness for the review and the perceived level of compliance
with their regulatory obligations.
To alleviate stress, a firm should start preparing for their regulator visit as soon as the current one ends.
Preparation should be a year-round task that forms part of an entity’s ongoing operational effort.
It’s normal to feel a little nervous before a regulator visit, especially when its your AML program that the
focus of attention. Here are ten things you should do to get ready: