FINANCE AND BANKING / by Miguel Gallardo Guerra
The annual audit on Prevention of Money Laundering and Terrorist Financing (PLD/FT) constitutes an express regulatory obligation for financial entities subject to supervision by the Comisión Nacional Bancaria y de Valores.
Pursuant to the applicable Guidelines governing the audit report, such report must be submitted within 60 calendar days following the end of the fiscal year. Accordingly, the deadline for the audit corresponding to fiscal year 2025 expires on March 1, 2026.
Purpose and scope of the audit report
The PLD/FT audit report is not merely a formal requirement. Its purpose is to provide the Obligated Entity with information that enables it to strengthen and enhance the efficiency of its PLD/FT processes, mechanisms, and tools.
The audit must cover the entire review period and be submitted to the Chief Executive Officer or Sole Administrator and, where applicable, to the Communication and Control Committee. Furthermore, it may only be conducted by internal auditors or independent third parties holding a valid certification issued by the CNBV.
Substantive assessment of the PLD/FT system
From a technical standpoint, the auditor must establish a work program and support its assessment through a risk-based analysis, considering the type of clients or users, the products and services offered, as well as the entity’s internal areas and organizational structures.
Consequently, the report must include an assessment of the effective compliance with the obligations set forth in the applicable PLD/FT regulations, including, among others, the following aspects:
- Policies and procedures for customer identification and customer due diligence.
- Identification of beneficial owners and Politically Exposed Persons.
- Client risk classification and transaction monitoring.
- Generation and review of alerts and regulatory reports.
- Functioning of internal governance structures, committees, and the Compliance Officer.
- Training programs, automated systems, record retention, and screening lists.
- Identified findings and proposed corrective actions.
Risks of late preparation
When the audit process is initiated reactively or close to the filing deadline, structural deficiencies without sufficient time for remediation, lack of adequate historical evidence, and findings that may lead to supervisory follow-up by the regulatory authority are frequently identified.
In this regard, it is important to recall that CNBV supervision includes powers of inspection, oversight, on-site examinations, and information requests, which may be triggered when non-compliance or significant weaknesses are detected.
Conclusion
The deadline to comply with the PLD/FT audit for 2026 is already running. Initiating the process in a timely manner allows entities not only to comply with the regulatory obligation, but also to anticipate risks, strengthen internal controls, and reduce the likelihood of subsequent observations and corrective measures.
If your entity has not yet initiated the PLD/FT audit process corresponding to 2025, this is the appropriate moment to do so with a technical, preventive approach aligned with regulatory expectations. landscape, that also means trust.
Let’s keep in contact!
For more information write to us at:
mgallardo@bgbg.mx
Visit the area of
2025 Trends: Where Is Regulatory Compliance Headed?