HM offers internal audit services to Singapore financial institutions, including audits of AML/CFT of companies applying for a Payment Services Act license and need to evidence compliance with MAS Notice PSN02 and the travel rule.


Per Paragraph 2.6.1 of the Monetary Authority of Singapore’s (“MAS”) Guidelines on Risk Management Practices – Internal Controls (the “Internal Control Guidelines”), licensed and exempt financial institutions are recommended to “have in place an adequately staffed, independent and permanent internal audit function for assessing whether existing policies, processes and internal controls (including risk management, compliance and corporate governance processes) are independent, effective, appropriate, and remain sufficient for the institution’s business.” Section 2.6 of the Internal Control Guidelines also includes other recommendations relating to the frequency, scope and methodology of independent audits.


While many large institutions have permanent internal audit functions overseen by sufficiently senior personnel, this is not always true for smaller organizations, primarily for cost reasons.  Smaller financial institutions frequently outsource their internal audit function.  This outsourcing is considered a “material outsourcing arrangement” per the MAS’ Guidelines on Outsourcing, which means it will be something in which the MAS is “particularly interested” and that a financial institution “should be ready to demonstrate to MAS its observance of [the MAS’ Guidelines on Outsourcing].”


We offer outsourced internal audit services to small and medium-sized financial institutions.  While our approach to internal audit is consistent with best practices in independence, methodology and rigor, we distinguish our service on the following basis:

  • We designed our service as a result of the experiences our management team had (in other roles) with outsourced auditors who did not sufficiently understand the businesses or material risks of the companies they audited and instead approached the work as a one size fits all/check the box exercise.

  • We choose our words carefully and do not inflate our initial risk ratings with the expectation that they will be negotiated down.  While we solicit client feedback and take it seriously, our risk assessments are principle-based rather than unreasonably cautious findings or levers to generate follow-on remediation work.

  • We prioritize solving gaps identified during the internal audit and helping companies ensure that the issue does not recur.  In the internal audit, world, the only thing worse than finding a deficiency is finding the same deficiency two years in a row.


Get in touch with us, We’re ready to help you achieve greatness.

Get In Touch