a. Understanding how compliance requirements apply to operations and conducting test to ensure that procedures are followed. However, internal auditors need not be the experts on AML/CFT.
b. Reviewing the adequacy and effectiveness of the AML/CFT process in a business/support unit:
(a) KYC/CDD program.
(b) Customer acceptance policy.
(c) System for monitoring, identifying,investigating and reporting on suspicious money laundering transactions.
(d) Retention and maintenance of financial transaction document, as well as KYC/CDD documentation.
c. Reviewing the business/support units’ compliance with the policy.
d. Assessing overall effectiveness and whether the customer acceptance policy and KYC/CDD procedure are effective in view of AML/CFT objectives.
e. Monitoring and testing of compliance with the policies and procedure is the responsibility of the internal audit unit. The internal audit unit will also conduct reviews of exception reports to alert the compliance officer, bank management or the board of directors if it finds incidents of non-compliance