Common areas of non-compliance

AML/CFT News and updates

20 October 2022

We recently reviewed the independent audit reports from a group of 38 reporting entities to understand their level of compliance with the AML/CFT Act.

The most common areas of non-compliance identified by auditors were:

  • Regarding AML/CFT Risk Assessment, many reporting entities were found deficient in:
    • assessing the type of customers they deal with,
    • assessing the institutions they deal with, and
    • keeping the risk assessment current.
  • Regarding AML/CFT Programme, many reporting entities hadinadequate and/or ineffective procedures, policies, and controls for:
    • staff training on AML/CFT matters,
    • determining a politically exposed person,
    • determining when to apply enhanced customer due diligence,
    • examining and keeping written findings relating to large, complex and unusual patterns of transactions, and
    • monitoring of compliance.
  • Regarding generic templates, many reporting entities continue to adopt a generic template without adequately amending it to reflect the money laundering and terrorism financing risks faced by its business. Generic content relating to the ML/TF risks associated with a sector, without consideration of that reporting entity’s business, will not comply with section 57 or 58 of the AML/CFT Act. 

Our recommendations to all reporting entities

The Department provides guidelines to help you develop your AML/CFT programme and risk assessment. You can find these guidelines and other resources here: AML-CFT Information for Businesses -

You should remediate any deficiencies identified in your audit report in a timely manner.