1. Compliance
  2. AML/CFT
  3. Independent audit

Independent audit

Page last updated: 26 Feb 2019

Each reporting entity must ensure its risk assessment and AML/CFT programme are audited every 2 years or at any other time at the request of the FMA. We may also request a copy of any audit report.

We will use the audit report as a supervisory tool to give us a good insight into a reporting entity's AML/CFT compliance and is an effective way of helping us supervise. 

For most reporting entitiess, a first audit report was due to be completed by 29 June 2015.

However, if your business was established after 30 June 2013, you will have two years from the date your financial activities are captured by the Act to have your first audit report completed.

IMPORTANT – You do not need to submit your audit report to us unless we request to see it.

How to get started 


  1. Engage an independent and qualified auditor early – this is to ensure one is available to assist you.
  2. Review and address issues in your risk assessment, AML/CFT compliance programme and supporting policies and procedures internally before the independent audit.
  3. Refer to the guidelines and reports and our FAQs that detail specific information on what is necessary to complete your AML/CFT audit.
  4. It will take time for your auditor to review your risk assessment, compliance programme, test supporting evidence and prepare an audit report. You should also allow sufficient time (sometimes up to several weeks) to review the audit findings, and agree the final report.