Let’s take a test drive where you get to decide if your smoothly running organisation, much like a well-oiled vehicle, cannot be made the better for a core compliance mindset where AML/CFT, corporate governance and other relevant regulations come together to power your way to sure success – rather than act as a road-bump to be overcome or manoeuvred around.
The bigger picture
In 2018, Fenergo, a provider of Client Lifecycle Management solutions for financial institutions, released data detailing the global fines imposed by regional and in-country regulators over the past decade. It is reported that a staggering US$26 billion in fines has been imposed on financial institutions worldwide (especially US, Europe, Asia Pacific and Middle East) for non-compliance with Anti Money Laundering Laws, Know Your Customer (KYC), and sanctions laws.
At a global level, Thomson Reuters’ definitive report entitled ‘Cost of Compliance 2019’ makes it clear that the risks over the next 10 years are likely to be enhanced in the areas of automation of compliance activities, continuing regulatory change, enhanced role for compliance within the business, the ‘new normal’ of culture, risk expectations and the rise of technology risk. The same report also highlights that compliance budgets are expected to continue to rise the world over, in keeping with a conscious balancing of the investment into compliance efforts against the costs of non-compliance. Indeed, there has been a year-on-year, consistent rise in the percentage of firms that expect to make more budget available for compliance: 63% in 2019, compared to 61% in 2018.
Keeping these weighty issues in mind, companies must gear themselves to engage the services of experts to ensure that their compliance strategy is aligned with the forward-looking statements made by global consulting behemoths, lest their organisations be derailed from the right track.
Scope and extent of an independent audit in Mauritius
Within the broad framework of the Anti-Money Laundering and Combatting the Financing of Terrorism (AML/CFT) laws and subsidiary legislations applicable in Mauritius, licensees of the Bank of Mauritius and the Financial Services Commission (FSC) and other relevant practitioners are required to ensure that there is an independent audit function to review and verify compliance and effectiveness of the measures taken in accordance with the Financial Intelligence and Anti-Money Laundering (FIAML) Act 2002 and the relevant regulations, guidelines and codes.
At the same time, it cannot be stressed enough that it is important to adhere to the requirements of an independent compliance audit, not merely in letter but also in spirit.
However, it is unfortunately seen only too often that licensees are willing to go the extra mile in the conduct of a financial audit, but rarely so in case of a compliance audit, which is equally if not more important. Indeed, an independent compliance audit, conducted properly, is an overarching strategic exercise that requires the auditing specialist / firm, with knowledge of the relevant AML/CFT Acts, Rules and Regulations and financial experience, to undertake the following checks:
- Regulatory compliance
- Corporate governance compliance
- Post-licencing compliance with the conditions of the licence
Ensuring that the licensees and other relevant practitioners are adhering to all applicable regulations with focus on AML/CFT, the Code of Corporate Governance, as well as post-licencing conditions relevant for their specific licence, is an onerous burden indeed, and one that requires expert intervention in a timely manner. Thus, the investment of time, effort and resources for the independent auditor in case of a compliance audit is as much, if not more, than for a financial audit.
The modern organisation calls for tech-intensive audits
Moreover, regulations are evolving steadily as compliance-related costs, and associated risks of non-compliance, continue to rise alongside. Then, it is increasingly important for financial service providers and other practitioners subject to AML/CFT compliance regulations to decide the optimum allocation of resources to mitigate risk and avoid being caught short by regulators. At the same time, tools and technologies, with focus on emerging fields, such as RegTech and FinTech compliance, must be availed by financial services organisations and practitioners to protect their investment and obtain the maximum return thereon.
At the heart of it all lies the compliance function, which is assuming an ever-increasing role in this complex environment. The compliance function must secure the top management’s mandate in the planning and implementation of a suitable strategy that encompasses the necessary tools and technology, as well as invest time and money to hone the skill sets of implementing resources on the ground to ensure that execution does not lag behind strategy.
In view of the above, it would not be stretching our metaphor to call compliance the in-built GPS of the modern organisation re-imagined as a well-oiled vehicle, which provides a roadmap to success and ensures that the organisation steers the right path to a bright future in the complex corporate domain.
Costs of non-compliance
It is also important to point out that the costs of non-compliance can be severe, both for the offending firm, including its Board members and employees, and the reputation of the jurisdiction. As an International Financial Centre, Mauritius must be protected from reputational risks arising from non-compliance on the part of licensees and other relevant practitioners, who are in turn increasingly exposed to the risk of regulatory sanctions.
At this point, it is worth highlighting that the licences of two Management Companies were suspended during 2018 as a result of multiple instances of non-compliance with regulations. Moreover, fines and even imprisonment can attend upon non-compliance with AML/CFT regulations. Under the aegis of the FIAML Regulations 2018, offenders are liable to a fine of up to Rs 1 million and to imprisonment for up to five years.
Similarly, under the FIAML Act 2002, any financial institution that fails to comply with attendant regulations, including AML/CFT Regulations, may find itself under FSC proceedings on the ground that it is carrying on its business in a manner which is detrimental to public interest. Along the same lines, members of a relevant profession or occupation may also find themselves facing action by the FSC.
Recent cases of non-compliance in the global context
In 2019, the State Bank of Pakistan has, for the first time in its history, imposed a whopping Rs 186 million fine on four commercial banks for non-implementation of AML laws:
Rs 13.07 million and Rs 16.11 million worth of fines were imposed on the Bank of Punjab for breaches of AML laws, foreign exchange (FX) operations and unclaimed deposits. The bank has been advised to make improvements in its AML framework and internal processes.
Rs 48.22 million fines were imposed on JS bank for breach of AML laws and it has been directed to conduct a thorough review of its relationship managed accounts.
Rs 51.75 million fines were imposed on Bank Al Habib Limited and Rs 55.483 million fines imposed on Soneri Bank Limited for non-compliance with AML Laws. Both banks have been directed to update their systems and processes and provide appropriate training to the concerned officials as well as to make significant improvements in the area of AML monitoring.
The Bank of Tanzania (BoT) has fined five banks in 2019 for inability to comply with the AML procedures by failing to file suspicious transactions reports with the Financial Intelligence Unit (FIU).
The recent case of non-compliance with AML laws is Australia’s Westpac Bank, which has been accused of a total of 23 million breaches – and could potentially be fined more than A$1 trillion (with the actual quantum of fine likely to vary depending on how and if it is able to bargain down the amount).
Wespac is accused of ignoring red flags and failing to investigate customers who made transactions that could potentially be linked to child exploitation in the Philippines and South-East Asia.
Recent developments in an African context
Uganda is emerging as a jurisdiction of choice for financial services providers, with a robust regulatory regime for ensuring AML/CFT compliance. Indeed, according to a circular sent on 30th August by its Financial Intelligence Authority (FIA), with effect from this financial year in Uganda, all commercial banks, credit institutions, microfinance deposit taking institutions and mobile money service providers are required to engage independent external auditors to audit their AML/CFT programmes, and subsequently at least once every two years.
Thus, as the first step of the FIA’s mandate, financial sector players must arrange for an external independent review of their AML/CFT programmes and submit a report to the FIA by February 2020.
As other African jurisdictions take the lead in placing a well-articulated framework around the independent compliance audit function, Mauritius risks being left behind unless our regulators follow suit in emphasising the importance of such an audit and strengthening its enforceability.
Notre service WhatsApp. Vous êtes témoins d`un événement d`actualité ou d`une scène insolite? Envoyez-nous vos photos ou vidéos sur le 5 259 82 00 !