Annual Report 2016
Annual Report 2016 - Federal Audit Oversight Authority FAOA
Annual Report 2016 - Federal Audit Oversight Authority FAOA
- No tags were found...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
30<br />
Regulatory Audit | FAOA <strong>2016</strong><br />
and examined these in detail in the<br />
year under review. This examination<br />
resulted in the following points:<br />
Audit of compliance with risk<br />
management and risk control<br />
requirements (Art. 12 BankO, Art. 7<br />
LiqO, Art. 12a CISO)<br />
In many cases, insufficient appropriate<br />
evidence was obtained in the<br />
credit and interest rate risk area,<br />
which is fundamental to banks. Credit<br />
exposures and the recoverability of<br />
collateral were not scrutinised with<br />
sufficient professional scepticism.<br />
Furthermore, the scope of sample<br />
testing (determination of total population,<br />
selection criteria, testing of<br />
sample etc.) was incomprehensible.<br />
Using the work of the internal<br />
auditor and involvement of external<br />
experts (e.g. actuaries)<br />
Deficiencies were found in the use<br />
and assessment, as regards ICS effectiveness,<br />
of third party audit reports<br />
on outsourced systems and functions.<br />
For example, ISAE 3402 ITGC reports<br />
did not cover the whole audit period<br />
and no independent work was performed.<br />
In several cases the work<br />
and findings of the internal auditor or<br />
actuary were insufficiently assessed<br />
when relied upon.<br />
Audit of compliance with AMLA<br />
requirements<br />
In several cases deficiencies were<br />
found in sample design, which should<br />
reduce sampling risk to an acceptably<br />
low level (margin note 42 of FINMA<br />
Circular 2013/3). In certain cases no<br />
comprehensive or sufficiently detailed<br />
documentation was prepared, such<br />
that an informed third party could<br />
neither understand nor re-perform<br />
the audit procedures (margin note 39<br />
of FINMA Circular 2013/3).<br />
Root cause analysis and measures<br />
The process for conducting root cause<br />
analysis and determining measures in<br />
the regulatory audit area is basically<br />
the same as for financial audit.<br />
The <strong>2016</strong> findings showed the importance<br />
of measures to improve knowledge<br />
of oversight law. These covered:<br />
– Qualitative and quantitative training<br />
concept improvements at the<br />
regulatory audit firms;<br />
– Involvement of external specialists;<br />
– Fundamental redesign of audit<br />
tools, programmes and checklists;<br />
– Fundamental revision of review<br />
levels;<br />
– Fundamental redesign of internal<br />
quality assurance system, as<br />
well as the implementation and<br />
improvement of regulatory audit<br />
monitoring.<br />
AMLA developments/audit impact<br />
The past year was marked by numerous<br />
prominent money laundering cases<br />
concerning the Brazilian Petrobras<br />
and the Malaysian State Fund 1MDB,<br />
as well as by intense discussion over<br />
the role of offshore structures in the<br />
financial system. FINMA believes 41<br />
that the risk of money-laundering in<br />
Switzerland has increased.<br />
Switzerland is recognised worldwide<br />
as a leading location for private client<br />
cross-border asset management business.<br />
This places correspondingly high<br />
demands on Swiss anti-money laundering<br />
capabilities. As the extended<br />
arm of FINMA, regulatory auditors<br />
and regulatory audit firms are particularly<br />
called upon:<br />
First, audit procedures relating to<br />
money laundering risks require great<br />
professional scepticism. Secondly,<br />
financial intermediaries and regulatory<br />
auditors were confronted by various<br />
developments in the regulation<br />
of money laundering risks last year.<br />
The revised FATF recommendations 42<br />
were embedded into Swiss law as per<br />
1 January <strong>2016</strong>. These encompassed<br />
a revision of the anti-money laundering<br />
law, the relevant ordinances, FIN-<br />
MA circulars and the self-regulation<br />
standards of the profession. For their<br />
part, the financial intermediaries were<br />
required to tailor and update their<br />
internal regulations and processes.<br />
FINMA defines the content and methodology<br />
of the regulatory audit and has<br />
determined specific minimum testing<br />
requirements for the audit of money<br />
laundering risks. Given the increased<br />
risk of money laundering, and the<br />
amendment of the applicable regulatory<br />
bases and specific minimum testing<br />
requirements in this area, the FAOA<br />
will continue to pay particular attention<br />
to audit quality as regards money<br />
laundering risks (see also «Regulatory<br />
audit points of focus for 2017»).<br />
Monitoring of training hours<br />
The licensing conditions that came<br />
into force on 1 January 2015 include<br />
requirements with respect to minimum<br />
annual training hours. The regulatory<br />
audit firms could choose to<br />
confirm the compliance of their regulatory<br />
auditors-in-charge themselves.<br />
Alternatively, each regulatory auditor-in-charge<br />
could confirm compliance<br />
personally using the appropriate<br />
evidence. In the first case, a sample<br />
of the hours confirmed is reviewed by<br />
the FAOA during its inspections. The<br />
personal confirmations of regulatory<br />
auditors-in-charge are reviewed by<br />
the FAOA on an ongoing basis.<br />
The training hours required for licensing<br />
could be verified with few exceptions.<br />
In isolated cases training hours<br />
were incorrectly reported. The most<br />
common fault was to report hours<br />
mistakenly under the training regulations<br />
of EXPERTsuisse. Under these<br />
41 FINMA annual media conference of<br />
7 April <strong>2016</strong>: Speech by Mark Branson<br />
«Geldwäschereibekämpfung ist keine Kür,<br />
sondern Pflicht»<br />
42 https://www.admin.ch/opc/de/federal-gazette/2014/9689.pdf