Thethird line of defense (internal audit)is responsible forproviding independent assurance to the Board of Directorsaboutthe effectiveness of AML/CFT controls.
Option C (Correct):Theinternal audit function provides independent review and oversight of AML risksto theboard.
Option A (Incorrect):There is no "fourth line of defense" in AML risk management frameworks.
Option B (Incorrect):Thesecond line (compliance & risk management)is responsible formonitoring AML processes but does not provide direct board assurance.
Option D (Incorrect):Thefirst line (business units) manages AML risks dailybut does not provide board assurance.
Best Practices for Internal Audit in AML Programs:
Ensure audits are risk-based and independent.
Report findings directly to the board’s audit committee.
Regularly test AML controls to assess effectiveness.
[Reference:, FATF Recommendation 18 (AML/CFT Internal Audit Function), Basel Committee’s AML Risk Management Principles, Wolfsberg Group AML Oversight Guidelines, , , , ]
Submit