System & Controls

System & Controls

IAB Inspections

“How effectively does the business manage systems and controls to ensure AML compliance?”

Systems & Control

The following are required:
• assess client risk
• perform CDD
• monitor client risk
• maintain appropriate records.

Additional systems may be necessary:
• screen staff
• business continuity
• review practice
• SAR reports


  • A comprehensive ‘Firm Risk Assessment’
  • A policy statement which demonstrates engagement; owned by the responsible member and tailored to that business, setting out the procedures and controls that will be used in practice.
  • Sufficient and relevant written procedures which explain the detailed actions that will be carried out (for example information gathering and risk assessment in relation to dealing with a new client OR How SAR reports are instigated and progressed)
  • Methods of working and oversight which ensure consistency and adherence to practice procedures.
  • Effective and updated training for AML and SAR reporting
  • Checks and measures to ensure integrity of employed staff and performance in relation to contracted services being provided to, or by, the practice.