What has changed in inspection practice
A decade ago, AML inspections could largely be prepared for by refreshing the document set and rehearsing the framework narrative. Inspection teams asked about policies, reviewed organisation charts and examined a small number of files by way of illustration. Preparation was, in effect, a presentational exercise.
The methodology has moved substantially. Current European inspection practice concentrates on three activities: file sampling in depth, direct observation of operational processes, and structured interrogation of the management information used at governance level. The purpose of each is to test whether the framework operates as its documentation implies. Preparation that treats inspection as a presentation exercise misses the point.
Perspective 004 set out the three tests supervisors now apply to governance directly. Inspection is where those tests are conducted at the file, meeting and MI level. This Perspective is about the twelve to twenty-four month window before an inspection, and how to use it.
Three levers that consistently determine outcome
Across the inspections I have observed or supported, three items appear repeatedly as the pivot on which the supervisor's conclusion turns.
Legacy customer due diligence
Legacy files, particularly on higher-risk customers onboarded before current standards, are the single most common source of adverse inspection findings. The issue is not usually a lack of documentation. It is that the documentation on file no longer reflects the customer's current activity, ownership, geography or risk profile. Periodic review has fallen behind, or has been carried out in a way that ticks the calendar without refreshing the substance.
Transaction monitoring calibration
Transaction monitoring findings are the second consistent theme. Supervisors are testing three things: whether the scenarios in use are the right scenarios for this firm's business, whether their thresholds have been tuned to the firm's actual population, and whether the alert closure rationale evidences analytical judgement.
The most avoidable finding is a rule set that was implemented at the vendor's default settings and has never been recalibrated. That finding writes itself and is difficult to defend at closing. Firms that expect inspection engagement should be able to demonstrate, document by document, when the current calibration was approved, on what basis, and when it will next be reviewed.
Management information
The third lever is the MI reaching the Board and executive committees. Perspective 004 set out the properties of effective MI. In inspection, those properties are tested directly. The inspection team will ask the Chair, or a non-executive director, to explain the firm's residual financial crime risk with reference to a pack the inspection team has read in advance. Where the pack does not support that answer, the finding sits with governance rather than with the reporting function.
A twelve-month preparation runway
Where a firm has visible advance notice of a likely inspection, either through supervisory dialogue or through its own risk profile, the following sequence has consistently proved workable. It is presented as a runway because the sequence matters. Attempting the steps out of order tends to produce activity without measurable change.
Conduct during the inspection
Preparation is not only about the state of the framework. It is also about the practised discipline of engagement. Inspections are conducted in a limited number of interviews and observed processes. Small choices made in real time have a disproportionate effect on the finding.
How Claritas approaches inspection readiness
Claritas readiness work is designed to be executed inside the twelve months preceding likely inspection. It has three components, each intentionally short in duration.
A structured readiness assessment tests the framework against the three items on which inspections consistently turn: legacy CDD, transaction monitoring calibration and MI. A prioritised remediation runway sequences the corrective work by materiality and by the time available. A closing simulation, run within the last three months before expected inspection, tests the firm's ability to engage constructively under scrutiny and identifies the small number of preparation gaps that only surface in live conversation.
The engagements are proportionate to the size of the firm. For a smaller regulated institution, the full runway is typically delivered in a few weeks of effort spread across a year, not in a continuous programme.
- 01The firm has an honest, current baseline of where the framework is weakest and where progress is being made against each item.
- 02Legacy CDD debt on higher-risk cohorts is either closed or on a defensible remediation trajectory with visible Board MI.
- 03Transaction monitoring calibration is documented, dated and can be walked through file by file.
- 04The Board MI pack answers the questions a supervisor would ask, in the order they would ask them.
- 05At least one inspection simulation has been run in the twelve months before the expected engagement and its findings have been closed.
- SEPBLAC. Memoria 2025 (Annual Report, June 2026). www.sepblac.es/wp-content/uploads/2026/06/MemoriaSepblac2025_ES.pdf
- Central Bank of Ireland, Anti-Money Laundering Supervisory Priorities. www.centralbank.ie/regulation/anti-money-laundering-and-countering-the-financing-of-terrorism
- BaFin, enforcement action against AIL Leasing München AG (2024).
- Financial Conduct Authority, Final Notice: Starling Bank Limited (October 2024). www.fca.org.uk/publication/final-notices/starling-bank-limited-2024.pdf
- European Banking Authority, Risk-Based Supervision Guidelines (EBA/GL/2021/16).


