A Policies, Controls, and Procedures (PCPs) Audit involves a comprehensive examination of the firm’s protocols and frameworks designed to prevent, detect, and report money laundering activities.

PCPs are referenced in Regulation 19 of the MLR 2017. This audit assesses the effectiveness of the PCPs in place to ensure compliance with AML regulations and mitigate associated risks.

Policies

The audit typically begins with a review of the firm’s AML policy, which outline the overarching principles and guidelines for AML compliance. This includes assessing the adequacy of procedures in addressing regulatory requirements, risk management strategies, CDD processes, and transaction monitoring procedures. In other words, we review both what the firm understands about compliance as well as what it claims to carry out in practice.

Controls

Controls are then evaluated to determine their ability to enforce AML policies and prevent unauthorised activities. This includes assessing the design and implementation of internal controls such as segregation of duties, authorisation procedures, and access controls to sensitive information and systems.

Procedures

Procedures are scrutinised to ensure they align with AML policies and controls and are effectively implemented throughout the firm. This involves reviewing documentation, training materials, and operational practices to identify gaps or deficiencies in adherence to established protocols.