Contact a Lawyer

Independent Audits

01.09.2022 Publications

By Helen Murphy

As part of maintaining a healthy and robust compliance function, it is essential for all relevant financial businesses to undertake a regular and independent assessment. Within this article, we will touch upon a business’ legal and regulatory obligations to perform an independent audit and how the business can satisfy those obligations.

 

What is an independent audit under the Proceeds of Crime Act 2015?

 

In accordance with section 26(1A) of the Proceeds of Crime Act 2015 (“POCA”), all relevant financial businesses must undertake an independent audit to test the business’ policies, controls, and procedures in terms of its customer due diligence and ongoing monitoring, reporting, record-keeping, internal control, risk assessment and management, compliance management and employee screening.

 

What are the expectations of the GFSC?

 

Meanwhile at a regulatory level, the GFSC has issued guidance wherein it sets out the expectations of financial businesses in terms of the independent audit. As well as addressing the efficacy and adequacy of a business’ policies, controls and procedures, it must also consider their implementation and how changes are introduced and communicated.

 

The GFSC expects an assessment to take place at least annually, depending on the nature of the business. It follows that a business must be able to show, at request of the GFSC, that an independent audit has occurred within the year. It may also be necessary to show the results of the audit and if action has been taken per the audit’s recommendations.

 

What are the additional benefits of having an independent audit?

 

Section 16(1ZA) of the POCA goes on to state that a financial business’ policies, controls and procedures should be proportionate to the nature and size of the business. Therefore, the independent audit can address whether the current policies, controls and procedures are relative to the business. The financial business ought to be able to rely upon the audit report to prove that its measures in place are proportionate to the business.

 

Furthermore, in keeping with the business’ obligation to maintain an up-to-date risk assessment under section 25 of POCA, the results of an independent audit can also be fed into the risk assessment. This is because the independent audit is ultimately assessing the performance of the compliance function, and so, if exposures of risk are highlighted and measures are recommended, then those additional measures can be introduced and form part of the business’ risk assessment.

 

What does it mean to have an ‘independent’ audit?

 

The GFSC’s guidance states that the audit should be performed by individuals who are dissociated with the business’ compliance function. To avoid any conflict or influence from the compliance function, an option could be to outsource the audit to a third party which should satisfy the business’ need to assess the independence of the individuals performing the audit.

 

Another route would be to make in-house arrangements, providing there is capacity and resources in place, but there would need to be an assessment on the independence of those in-house arrangements.

 

Although there is no requirement to engage a third party, the regulator does note there would be added benefit of instructing a third party from an operational standpoint.

 

Who oversees the independent audit?

 

The senior management will need to monitor and review the independent audit process.

 

In recent weeks we have seen an increase in relevant financial businesses being reminded of their obligation to undertake an independent audit to test their compliance function.

 

If your firm’s assessment is overdue or needs an independent auditor, we have a team at Triay Lawyers who would be happy to help you and your business.

 

Disclaimer:
This document has been issued on the 01th Sep 2022 by Triay Lawyers Limited, trading as Triay Lawyers, a Gibraltar private company limited by shares with registered office at 28 Irish Town, Gibraltar, GX11 1AA and with incorporation number 112599. The information in this document is for general information purposes only and does not constitute professional advice, legal or otherwise and does not intend to be comprehensive. Triay Lawyers does not accept responsibility for any loss that may arise from accessing or relying upon the information contained in this document.

Recent Posts

Celebrating 100 Years: Sergius Pelayo Triay & Helena Normanton

By Dhiraj Nagrani

Celebrating 100 Years: Sergius Pelayo Triay & Helena Normanton

Triay Welcome Three Trainee Lawyers

Triay are delighted to announce that , Kayleigh-Anne Revagliatte-CĂ©line Bolanos and Johnluis Pitto have joined Triay Lawyers Ltd as part of our latest cohort of Trainee Lawyers.

Triay Lawyers Ltd becomes the latest Strategic Partner to join CWEIC

The role of CWEIC is to use the convening power and trusted network of the Commonwealth, which is led by Her Majesty The Queen, to drive trade and investment.

Independent Audits

By Helen Murphy

When was the last time the compliance function of your financial business was independently audited? Did you know that there is an expectation by the GFSC for an audit to take place at le

Triay Lawyers secures arrest and sale of M/Y AXIOMA

Triay Lawyers secures arrest and sale of M/Y AXIOMA

Fintech Laws and Regulations Gibraltar

ICLG Fintech Laws and Regulations Gibraltar Chapter covers a broad overview of common issues in fintech law and regulation.

Categories

Similar Articles

Independent Audits

By Helen Murphy

When was the last time the compliance function of your financial business was independently audited? Did you know that there is an expectation by the GFSC for an audit to take place at le

Fintech Laws and Regulations Gibraltar

ICLG Fintech Laws and Regulations Gibraltar Chapter covers a broad overview of common issues in fintech law and regulation.

A LEADING INDEPENDENT GIBRALTAR
LAW FIRM WITH A REPUTATION FOR
LEGAL EXCELLENCE SINCE 1905

Tria & Triay Logo