An audit visit is a review of a company’s ability to comply with anti-money laundering (AML) regulations. If your company is scheduled for an inspection, be prepared that your knowledge and understanding of AML laws will be crucial in determining how the inspection unfolds. No two inspections are the same, but the feedback from inspections highlights common areas of concern that you should be particularly mindful of.
Insufficient risk assessment
Across nearly all companies selected for inspection so far in 2024, risk assessments were found to be insufficient. This pertains to the risk assessment required under Section 7 of the AML legislation, which many fail to perform adequately or timely. A sufficient risk assessment involves identifying risks by analysing:
For each customer type, you must evaluate both the likelihood and consequences of money laundering activities. The risk assessment must also be documented in writing and updated regularly to align with changes in customer composition, legislation, or the company’s structure.
Inadequate Know Your Customer (KYC) procedures
Many companies also lack sufficient processes for KYC, which is crucial for preventing money laundering and terrorist financing. KYC comprises various components, and here are some areas where companies have received notices and injunctions.
The number of warnings for inadequate KYC procedures highlights the high level of detail expected. Companies must collect, validate, assess, and update all documentation for their customer relationships to remain fully compliant.
Failure to screen for Politically Exposed Persons (PEP)
Several companies have received notices or injunctions for failing to check whether their customers or the beneficial owners of their customers are politically exposed persons (PEP). This screening does not only cover the customer but also whether the customer is a close associate or close business partner of a PEP, making this check quite extensive. The screening must also be documented – like everything else – and there should be procedures in place for how to conduct it.
The PEP check can be divided into three main steps:
Insufficient monitoring and documentation
Companies subject to AML laws must ensure comprehensive monitoring of customer relationships and adequately document the monitoring efforts. Several companies have not performed continuous monitoring of their customer relationships or sufficiently documented their control measures. Consequently, injunctions have been issued to establish adequate continuous monitoring and notices were issued for not having the necessary documentation in order.
To fully comply with this requirement, companies should start by implementing robust monitoring processes, such as automated system solutions. Then, ensure good internal practices where all employees can thoroughly document all control and monitoring efforts.
Are you ready to be audited?
There are many more points in the various audit reactions that all highlight the high level of detail required to comply with AML regulations – you can delve into all the decisions on the Danish Business Authority's website.
The major recurring issues in inspection feedback, as mentioned, are risk assessment and KYC procedures, which many companies have not sufficiently developed. Therefore, it would be a very good place to start if you want to thoroughly check up on your company’s ability to comply with AML laws.