“Effectiveness of Internal Controls”​ and How Do You Document It In One Hour Because You Have a Call With Auditors…

Published by Yana on

A client called and asked me: “WTF is internal control, how is it different from compliance and how do I document that my internal control is effective quickly because I have a call with auditors in 1 hour…”

Well, Internal Controls are a sum of all your compliance, risk, and similar activities, tools, and processes that help you to meet the regulatory requirements. Effectiveness of the Internal Controls means that you (or someone else) tested and reviewed what you do and confirmed that you do what you are supposed to do and that your processes are efficient. 

Well, it’s good that I have assembled so many templates for FinTech startups so that I don’t have to reinvent the wheel and create anything from scratch. I simply referred that customer to the Annual Compliance Report Template, which is a part of the FinTech Self-Starter Package.

Here is a sneak preview of what such a report may include:

The following activities have been performed by the company during the year 2020 to assess the efficiency of the internal controls:

  • An AML-focused audit has been performed by the audit firm [PWKPEY] and established that the AML program of the company has been efficient/has been efficient with the exception of XXX;
  • company XXX and has re-certified our compliance with the applicable governance and security standards (e.g. through the PCI DSS assessment);
  • The Internal Audit team has performed the following mandates covering the areas of [AML, complaints handling, segregation of funds processes, handling of high-risk accounts…] and concluded that the respective controls have been appropriately designed and operate efficiently;
  • The compliance team has performed the following testing (insider accounts, fraud monitoring rules, vendor approval processes…) and confirmed that the first line of defense has appropriately executed their respective functions.
  • The following findings have been identified by the internal/external auditors that have been rated as high risk and require remediation to be completed by [DATE]. At the time of preparing this report, the status of these items is XX% complete/resolved.

Do you see now how it starts making sense and can work for you, right? 🤩

Categories: AMLRisks
Tags:

Related Posts

Risks

The Differences Between the Banking Crisis of 2008 and 2023 and the Root Cause of Regulatory Penalties

I’d like to share with you ideas on how the banking crisis of 2008/2009 is different from the crisis of 2022/2023 and why I believe that the differences in priorities for compliance and risk management Read more…

2FA
Risks

When Can I Skip Applying Strong Authentication (aka 2FA)? – It Kills 10-15% Of My Conversions 😩

The requirements on when to apply strong authentication for EEA-based customers are outlined in the RTS on Strong Authentication (aka “2FA” or “2-Factor Authentication”). It is effective since 2019, but some countries delayed its implementation Read more…

AML

What Data Points Or Transactional Details Must Accompany Transfers of Funds? And Is It the Same As the “Travel Rule”​?

Today, I wanted to talk (again 😬) about the “Travel Rule” for blockchain transfers and what might be the first simplified implementation of it for a FInTech startup that’s getting very confused by various complex Read more…

>