Perspectives
Perspective 005Practice

Preparing for an AML inspection before you receive the letter.

The firms that perform well during inspections are rarely those making last-minute changes. They are the ones that prepared earlier.

By Everett MorganAutumn 20267 min read
European supervisory office building
Executive brief

Reading time · 11 minutes  ·  Primary audience · MLROs, Heads of Compliance, CEOs, Boards, Internal Audit

Why this matters

Inspection preparation is a governance discipline, not an event. The firms that perform well during on-site engagement have almost always spent the previous twelve to twenty-four months tightening the same handful of things: legacy files, transaction monitoring calibration, management information and the escalation record. The firms that begin preparation when the letter arrives typically discover that the useful work cannot be compressed into weeks.

Key findings
  1. 01European supervisors have become more granular in their inspection methodology. File sampling, live meeting observation and MI walk-throughs are now standard practice.
  2. 02The most reliable predictors of a difficult inspection are the same three items: legacy CDD debt, generic transaction monitoring calibration and activity-led management information.
  3. 03The most useful preparation is not documentary. It is closing the small number of substantive weaknesses the firm already knows about and can evidence progress against.
  4. 04Firms that engage supervisors constructively during inspection tend to have practised that engagement in advance, through independent challenge and internal simulation, not for the first time under scrutiny.
Questions Boards should ask
  1. 01If we received an inspection notice tomorrow, what three items would we want to have closed and evidenced before the on-site work began?
  2. 02Do we have a current, honest self-assessment of where our framework is weakest, and can we describe the plan and progress against each item?
  3. 03Have we ever run an internal inspection simulation, and if not, what would we learn from doing so before the real one?

What has changed in inspection practice

A decade ago, AML inspections could largely be prepared for by refreshing the document set and rehearsing the framework narrative. Inspection teams asked about policies, reviewed organisation charts and examined a small number of files by way of illustration. Preparation was, in effect, a presentational exercise.

The methodology has moved substantially. Current European inspection practice concentrates on three activities: file sampling in depth, direct observation of operational processes, and structured interrogation of the management information used at governance level. The purpose of each is to test whether the framework operates as its documentation implies. Preparation that treats inspection as a presentation exercise misses the point.

Perspective 004 set out the three tests supervisors now apply to governance directly. Inspection is where those tests are conducted at the file, meeting and MI level. This Perspective is about the twelve to twenty-four month window before an inspection, and how to use it.

Three levers that consistently determine outcome

Across the inspections I have observed or supported, three items appear repeatedly as the pivot on which the supervisor's conclusion turns.

Legacy customer due diligence

Legacy files, particularly on higher-risk customers onboarded before current standards, are the single most common source of adverse inspection findings. The issue is not usually a lack of documentation. It is that the documentation on file no longer reflects the customer's current activity, ownership, geography or risk profile. Periodic review has fallen behind, or has been carried out in a way that ticks the calendar without refreshing the substance.

Transaction monitoring calibration

Transaction monitoring findings are the second consistent theme. Supervisors are testing three things: whether the scenarios in use are the right scenarios for this firm's business, whether their thresholds have been tuned to the firm's actual population, and whether the alert closure rationale evidences analytical judgement.

The most avoidable finding is a rule set that was implemented at the vendor's default settings and has never been recalibrated. That finding writes itself and is difficult to defend at closing. Firms that expect inspection engagement should be able to demonstrate, document by document, when the current calibration was approved, on what basis, and when it will next be reviewed.

Management information

The third lever is the MI reaching the Board and executive committees. Perspective 004 set out the properties of effective MI. In inspection, those properties are tested directly. The inspection team will ask the Chair, or a non-executive director, to explain the firm's residual financial crime risk with reference to a pack the inspection team has read in advance. Where the pack does not support that answer, the finding sits with governance rather than with the reporting function.

A twelve-month preparation runway

Where a firm has visible advance notice of a likely inspection, either through supervisory dialogue or through its own risk profile, the following sequence has consistently proved workable. It is presented as a runway because the sequence matters. Attempting the steps out of order tends to produce activity without measurable change.

Conduct during the inspection

Preparation is not only about the state of the framework. It is also about the practised discipline of engagement. Inspections are conducted in a limited number of interviews and observed processes. Small choices made in real time have a disproportionate effect on the finding.

How Claritas approaches inspection readiness

Claritas readiness work is designed to be executed inside the twelve months preceding likely inspection. It has three components, each intentionally short in duration.

A structured readiness assessment tests the framework against the three items on which inspections consistently turn: legacy CDD, transaction monitoring calibration and MI. A prioritised remediation runway sequences the corrective work by materiality and by the time available. A closing simulation, run within the last three months before expected inspection, tests the firm's ability to engage constructively under scrutiny and identifies the small number of preparation gaps that only surface in live conversation.

The engagements are proportionate to the size of the firm. For a smaller regulated institution, the full runway is typically delivered in a few weeks of effort spread across a year, not in a continuous programme.

What success looks like
  • 01The firm has an honest, current baseline of where the framework is weakest and where progress is being made against each item.
  • 02Legacy CDD debt on higher-risk cohorts is either closed or on a defensible remediation trajectory with visible Board MI.
  • 03Transaction monitoring calibration is documented, dated and can be walked through file by file.
  • 04The Board MI pack answers the questions a supervisor would ask, in the order they would ask them.
  • 05At least one inspection simulation has been run in the twelve months before the expected engagement and its findings have been closed.
References
About the author
Everett Morgan
Founder & Principal Adviser, Claritas Risk Advisory

Everett has more than twenty years' experience in financial crime, AML governance, regulatory compliance and operational risk gained within Deutsche Bank, Morgan Stanley and BNP Paribas. He established Claritas Risk Advisory to provide smaller regulated financial institutions with experienced independent judgement, practical insight and proportionate recommendations.

Need an independent perspective?

Preparing for regulatory change starts with understanding where your organisation stands today.

If you would like to discuss your financial crime framework or explore how Claritas Risk Advisory can help, I would be pleased to arrange a confidential conversation.

Let's start with a conversation