In addition to credit institutions and insurance companies, internal audit is also mandatory for:

  • creditors and credit intermediaries
  • payment institutions and electronic money institutions
  • fund managers

Information of the internal auditor must be submitted already upon application for the activity license from FSA, the functioning and procedures of internal audit activity must be described in the internal rules and policies.

As the internal auditor cannot perform tasks that cause or may cause a conflict of interest within the company, it is not possible to create a position where one employee would be both the internal auditor and act in other areas of management decision-making. Therefore, the company has essentially two options - either to hire an internal auditor or to outsource the service.

The main topics for internal audits in financial sector are:

  • the compliance of creditworthiness assessment procedures, their implementation in practice and effectiveness
  • compliance with anti-money laundering (AML), counter-terrorist financing (CTF) and know your customer (KYC) procedures in accordance with the law and guidelines, their implementation in practice and effectiveness, including analysis of due diligence measures, risk assessment and risk appetite
  • auditing of other processes related to the granting or intermediation of credit, fund management, payment service provision
  • information security and personal data protection audits
  • compliance audit of financial services advertising
  • outsourcing or relying on someone else's activities
  • personnel management and remuneration

In addition, as internal auditors, we can advise on assessing the risks of the organization, describing the activities of the internal audit function in internal rules, etc.

Send us your inquiry

TESTIMONIAL

PLACET_120x120pix.png"Thanks to the observations, we were able to discuss several possible solutions in our team, and the audit will definitely help us to further develop new solutions. It was very pleasant and smooth to work with Grant Thornton Baltic's internal auditors. The whole process went really smoothly."

Kadri Erm
Placet Group OÜ
Head of Legal and Compliance

Which companies operating in the financial sector in Estonia must have an internal auditor?
What are the requirements for the qualification and activities of the internal auditor?

The financial sector can be divided into four main groups:

  • banking and credit
  • insurance
  • payment services
  • investment

These, in turn, are divided into subgroups, each of which is subject to a different law and statutory requirements for the internal audit function. In addition, the provision of internal audit services is regulated by the Auditors Activities Act, which defines who may engage in the professional activities of an internal auditor.

See the table below for more information

 

In addition to the professional qualifications, the internal auditor is also required to have an impeccable business reputation, the knowledge, skills, experience and education necessary to perform the duties of an internal auditor, and professional suitability. The internal auditor may not perform any other duties which give or may give rise to a conflict of interests.

In addition to special laws mentioned in the table above, the requirements for internal auditors are also regulated by the Auditors Activities Act, according to which the internal auditor must be objective and competent in his or her professional activities, maintain professional secrecy, act with due diligence, act in accordance with the internal auditor's profession and meet the internal auditor's professional standards.

Do you have any questions?

Send us your inquiry

 

Realated specialists

Kai Paalberg
Kai Paalberg
Head of Business Risk Services, Senior Internal...
https://www.linkedin.com/in/kai-paalberg-64944063/ Kai Paalberg VCard
View full profile
Merili Kiipus
Merili Kiipus
Business Risk Services Adviser, Sworn auditor
https://www.linkedin.com/in/merili-kiipus-b1a9851b3/ Merili Kiipus VCard
View full profile
Riin Stamm
Riin Stamm
Business Risk Services adviser
https://www.linkedin.com/in/riin-stamm-4a3464174/ Riin Stamm VCard
View full profile
Read more articles
Business risk services and internal audit
A new risk management course at the University of Tartu
19 Sep 2022
Read more
Business risk services and internal audit
Internal audit set to become compulsory in local governments
28 Jun 2022
Read more
Business risk services and internal audit
Six important questions about whistleblowing
09 Mar 2022
Read more
Read more articles

Contact us

If you have similar challenges and questions, please contact our specialists.

 

Internal audit obligation in financial sector companies

Market participants

Regulatory law

Necessity of internal audit

Requirements to the head of the internal audit unit / internal auditor

Banking and credit

 

 

 

Credit institutions (banks)

Credit Institutions Act, § 59

Mandatory

Certified Internal Auditor

Creditors

Creditors and Credit Intermediaries Act, § 45

Mandatory

No specific professional level is required

Credit intermediaries

Creditors and Credit Intermediaries Act, § 45

Mandatory

No specific professional level is required

Insurance

 

 

 

Insurance companies

Insurance Activities Act, § 103

Mandatory

Certified Internal Auditor

Payment Services

 

 

 

Payment institutions

Payment Institutions and E-money Institutions Act, § 51

Mandatory

Certified Internal Auditor

e-money institutions

Payment Institutions and E-money Institutions Act, § 51

Mandatory

Certified Internal Auditor

Investment

 

 

 

Fund managers

Investment Funds Act, § 349

Mandatory if necessary and proportionate

Certified Internal Auditor

Investment firms

Securities Market Act, § 832

Mandatory if necessary and proportionate

Certified Internal Auditor