Contact a Lawyer

Independent Audits

02.08.2022 Publications

By Helen Murphy

As part of maintaining a healthy and robust compliance function, it is essential for all relevant financial businesses to undertake a regular and independent assessment. Within this article, we will touch upon a business’ legal and regulatory obligations to perform an independent audit and how the business can satisfy those obligations.

 

What is an independent audit under the Proceeds of Crime Act 2015?

 

In accordance with section 26(1A) of the Proceeds of Crime Act 2015 (“POCA”), all relevant financial businesses must undertake an independent audit to test the business’ policies, controls, and procedures in terms of its customer due diligence and ongoing monitoring, reporting, record-keeping, internal control, risk assessment and management, compliance management and employee screening.

 

What are the expectations of the GFSC?

 

Meanwhile at a regulatory level, the GFSC has issued guidance wherein it sets out the expectations of financial businesses in terms of the independent audit. As well as addressing the efficacy and adequacy of a business’ policies, controls and procedures, it must also consider their implementation and how changes are introduced and communicated.

 

The GFSC expects an assessment to take place at least annually, depending on the nature of the business. It follows that a business must be able to show, at request of the GFSC, that an independent audit has occurred within the year. It may also be necessary to show the results of the audit and if action has been taken per the audit’s recommendations.

 

What are the additional benefits of having an independent audit?

 

Section 16(1ZA) of the POCA goes on to state that a financial business’ policies, controls and procedures should be proportionate to the nature and size of the business. Therefore, the independent audit can address whether the current policies, controls and procedures are relative to the business. The financial business ought to be able to rely upon the audit report to prove that its measures in place are proportionate to the business.

 

Furthermore, in keeping with the business’ obligation to maintain an up-to-date risk assessment under section 25 of POCA, the results of an independent audit can also be fed into the risk assessment. This is because the independent audit is ultimately assessing the performance of the compliance function, and so, if exposures of risk are highlighted and measures are recommended, then those additional measures can be introduced and form part of the business’ risk assessment.

 

What does it mean to have an ‘independent’ audit?

 

The GFSC’s guidance states that the audit should be performed by individuals who are dissociated with the business’ compliance function. To avoid any conflict or influence from the compliance function, an option could be to outsource the audit to a third party which should satisfy the business’ need to assess the independence of the individuals performing the audit.

 

Another route would be to make in-house arrangements, providing there is capacity and resources in place, but there would need to be an assessment on the independence of those in-house arrangements.

 

Although there is no requirement to engage a third party, the regulator does note there would be added benefit of instructing a third party from an operational standpoint.

 

Who oversees the independent audit?

 

The senior management will need to monitor and review the independent audit process.

 

In recent weeks we have seen an increase in relevant financial businesses being reminded of their obligation to undertake an independent audit to test their compliance function.

 

If your firm’s assessment is overdue or needs an independent auditor, we have a team at Triay Lawyers who would be happy to help you and your business.

 

Disclaimer:
This document has been issued on the 02th Aug 2022 by Triay Lawyers Limited, trading as Triay Lawyers, a Gibraltar private company limited by shares with registered office at 28 Irish Town, Gibraltar, GX11 1AA and with incorporation number 112599. The information in this document is for general information purposes only and does not constitute professional advice, legal or otherwise and does not intend to be comprehensive. Triay Lawyers does not accept responsibility for any loss that may arise from accessing or relying upon the information contained in this document.

Recent Posts

Fintech Laws and Regulations Gibraltar

By Helen Murphy

ICLG Fintech Laws and Regulations Gibraltar Chapter covers a broad overview of common issues in fintech law and regulation.

Independent Audits

By Helen Murphy

When was the last time the compliance function of your financial business was independently audited? Did you know that there is an expectation by the GFSC for an audit to take place at le

Why Take up Residence in Gibraltar?

By Daniel Herbert

Gibraltar offers compelling tax advantages for High Net Worth Individuals via the opportunity to take-up Category 2 or High Executive Possessing Specialist Skills (HEPSS) status. Category 2 &

Triay Lawyers announce the appointment of a new Director

Triay Lawyers is delighted to announce the appointment of Javi Triay as a Director of the law firm (previously known as a Partner appointment).

The draft Bill for a new Gambling Act

HMGoG has issued the Command Paper on the draft Bill to replace the Gambling Act 2005.

Significant judgment impacting misuse of private information claims under the Data Protection Act

By Daniel Herbert

In Underwood & Another v Bounty UK Ltd & Another [2022] EWHC 888 (QB), the High Court of England and Wales dismissed claims for misuse of private information

Categories

Similar Articles

Fintech Laws and Regulations Gibraltar

By Helen Murphy

ICLG Fintech Laws and Regulations Gibraltar Chapter covers a broad overview of common issues in fintech law and regulation.

Independent Audits

By Helen Murphy

When was the last time the compliance function of your financial business was independently audited? Did you know that there is an expectation by the GFSC for an audit to take place at le

A LEADING INDEPENDENT GIBRALTAR
LAW FIRM WITH A REPUTATION FOR
LEGAL EXCELLENCE SINCE 1905

Tria & Triay Logo