An independent review of Part A of an AML/CTF program must be carried out on a regular basis by an internal or external party determined by the reporting entity (for example, an internal or external auditor). The Australian Standard for Compliance Programs (AS: 3806) recommends that the review should be conducted in accordance with good review and audit practices. The review should be carried out by a competent person who is free from bias and conflict of interest.

A reporting entity will need to decide if the review can be conducted by an internal area such as an internal auditing section (or another 'independent' area) or whether an external reviewer will need to be engaged.

The auditor must be mindful that an AML/CTF program has dual purposes - firstly to comply with legislative requirements, but perhaps more importantly, ensure that the business has good defence against exploitation by criminals with ML/TF intentions and the negative subsequent impact on the business.

Whether the reviewer is internally or externally sourced, in either case it is important to be able to demonstrate the independence and quality of the review process.

The purpose of the review should be to assess:

• the effectiveness of Part A (including the adequacy and performance of ML/TF risk management systems and controls), considering the ML/TF risk of the reporting entity, or of each reporting entity in a designated business group
• whether Part A complies with the relevant AML/CTF Rules and has been effectively implemented
• whether the reporting entity, or each reporting entity in a designated business group, has complied with Part A.

The independent review process can be described by listing its inputs and its outputs.