Internal audit may be the quiet cousin of the compliance world: methodical, necessary and tucked away behind the scenes.

But buried beneath process maps and control testing is a more powerful role than most anti-financial crime (AFC) professionals realize.

It is not the loudest role. It does not always get top billing at conferences and, at times, it is dismissed as a bureaucratic checkpoint. However, for some, it is an MBA in financial crime. It offers:

• Holistic business and process understanding
• High organizational visibility and interaction
• Expansive and deep anti-money laundering (AML) knowledge
• Mobility and marketability

Together, these dimensions form the foundation for accelerated learning, influence and career agility.

Past the process maps

Commonly known as the “third line of defense,” internal audit is, at a minimum, responsible for testing the following financial crime prevention controls according to a risk-based plan, while remaining independent of the day-to-day firefighting:¹

• Know your customer (KYC) practices
• Suspicious activity monitoring
• Operations and technology
• Policies and procedures
• Management oversight
• Sanctions screening
• Employee training
• Risk assessment
• Record keeping

At the most basic level, this involves identifying and assessing inherent financial crime risks across the organization, as well as evaluating process design and control enhancements, to provide assurance on the effectiveness of the AML/Bank Secrecy Act (BSA) program.²

Deloitte describes internal audit as “the backbone supporting organisations on their journey forward, acting as a strategic partner and providing insight and innovation for organisations to thrive today and in the future.”³

In modern times, internal audit is increasingly situated at the intersection of:

• Technology
• Business innovation
• Regulatory compliance

This allows AML⁴ practitioners at all stages (whether just entering the field, contemplating a career pivot or seeking to broaden their scope) to occupy a front-row seat to both regulatory evolution and technological disruption.

In due course, they acquire highly coveted skills, business acumen and process knowledge that would otherwise take many years and multiple job changes to attain.

1. Holistic business and process understanding

One of the greatest advantages of an AML audit role is the panoramic perspective it provides on how the business operates and how seemingly disparate processes interconnect.

Rather than focusing on a single function (such as transaction monitoring or KYC onboarding), an internal auditor in the financial crime domain gains exposure across the entire business. They interact with senior leadership, engage with regulators and study AML processes like it is their job (because it is).

By design, the annual audit plan rotates through different business lines and products to ensure that no two assignments are the same. This provides auditors with:

1. Cross-functional literacy
2. End-to-end process insights
3. Specialization discovery

Cross-functional literacy

With each review, auditors learn the dialects of IT, operations, legal, risk, compliance and the business. They gain a sharper sense of how these departments function—independently and interdependently.

Over a few years, an AML auditor could potentially examine every part of a financial institution, including all critical AML processes: customer onboarding, transaction monitoring, case investigations, suspicious activity report filing, governance, training and more.

The outcome is a granular understanding of how different functions operate to form a safe and sound system of internal controls.

End-to-end process insights

From day one of the job, audit teams are trained to think in terms of process flows and integrated control frameworks, allowing them to track how risk is managed from start to finish.

Audit professionals learn to:

• Map processes
• Identify points of failure
• Understand upstream and downstream impacts

This big-picture view supports an enterprise mindset that enables auditors to spot root-cause issues and perceive AML risk through the lens of the organization’s risk profile and respective risk appetite.

Specialization discovery

And yet, there is another hidden perk to embracing an internal audit role. By rotating through a range of functions and focus areas, auditors engage in a form of “career prototyping” where they test many different paths in a condensed period of time. This includes:

• Sampling various domains without locking into a single track
• Identifying areas that align with core interests and strengths
• Understanding how each function contributes to the firm’s broader risk posture

As auditors explore different facets of AML and financial crime work, patterns emerge. Certain areas resonate more than others. Curiosities turn into capabilities. Eventually, these experiences become the “compass” for more intentional and informed career decisions.

2. Organizational visibility and interaction

Few roles offer the kind of visibility, access and influence that internal audit provides.

In a field where credibility and communication are just as important as subject-matter expertise, an audit role is a crash course in building both.

Olaf Sleijpen, executive board member at De Nederlandsche Bank, articulated this well (and with a touch of humor) during a May 2025 international conference of internal auditors:

“Internal auditors need to have thorough understanding of the organisation and a good network within it. That sounds logical, but such a network does not arise all by itself and it must also be maintained. Because let’s face it: Most people in the organisation don’t see you as their best friend. You ask them all kinds of difficult questions, and as a reward for their efforts, you tell them that they are doing it all wrong. And you also tell their bosses. So your colleagues may see you as a necessary evil, at best. That means it requires skills to develop and maintain good contacts.”⁵

Interdepartmental collaboration

From front-office product teams to back-end IT systems, auditors engage with leaders and staff across every function. Auditors routinely:

• Interview department heads and process owners
• Lead meetings to share preliminary findings
• Validate and track action plans

This cross-functional engagement teaches auditors how to manage competing priorities, adjust to different working styles and speak the language of multiple stakeholders.

As audits are performed in a constructive and collaborative manner, auditors establish critical relationships and are viewed as valuable partners.

Access to senior management

Internal auditors may find themselves presenting audit results to the board of directors or the audit committee, or at least to the C-suite executives responsible for the area under review. Even junior auditors get a seat (often literally) at the table with top decision-makers.

In some cases, a standout auditor might be tapped for a special project by an executive or recruited for leadership opportunities precisely because they have had the chance to demonstrate value directly to senior management.

These moments strengthen an auditor’s confidence, hone their communication skills and raise their profile.

Regulatory interaction

Although not an everyday occurrence, AML auditors coordinate with regulators and external auditors, particularly during exams or independent reviews.

Auditors might be called into meetings with examiners to explain their findings or methodologies. In some instances, internal audit may liaise with external consultants brought in under regulatory orders (e.g., through monitorships).

This provides exposure to the wider compliance community outside the organization, educating auditors on how to handle regulatory scrutiny and expectations.

Understanding the regulatory thought process in such depth is a skill that can later be leveraged when interviewing for roles at other institutions or the public sector.

3. Breadth and depth of AML knowledge

One of the defining features of an AML audit role is how quickly it results in subject-matter expertise.

By necessity, an AML auditor must become knowledgeable about all aspects of financial crime compliance, including their organization’s:

• business lines
• customer types
• products/services
• transactional activity and
• regulatory requirements

This accumulation of knowledge is a major asset to one’s career and often involves:

• In-depth, multi-domain expertise
• Continuous learning
• Rapid skill development

In-depth, multi-domain expertise

Each audit assignment forces auditors to learn the ins and outs of that domain. In every instance, the auditor must:

• Understand the regulatory backdrop
• Analyze how policies translate into operational behavior
• Benchmark design and execution against best practices
• Maintain awareness of the latest money laundering typologies

The result is what some may refer to as “generalist-expert capability”—a combination of cross-domain fluency and technical depth.

Continuous learning

Every phase of an audit is an opportunity to learn. From scoping and planning to stakeholder interviews, walk-throughs, control testing and report writing, auditors are in constant dialogue with subject-matter experts and functional leaders. They absorb how risks are identified, how controls are designed and where weaknesses can emerge.

More importantly, because audit plans evolve in response to new risks, regulatory updates and organizational changes, auditors are often the first to gain exposure to these areas. And because each audit demands tailored research and preparation, internal auditors develop an enduring habit of professional curiosity, a mindset that serves them across any future AFC role.

Skill development

Across projects, auditors develop a suite of transferable competencies that are highly valued in AML and compliance roles. These include:

• Analytical rigor: Interpreting control gaps, pattern recognition in transactional data and pressure-testing policies against edge-case scenarios
• Critical thinking: Probing assumptions, asking “what could go wrong here?” and identifying systemic risks
• Regulatory acumen: Developing a reflexive understanding of regulatory expectations by constantly mapping internal processes to external mandates
• Communication: Writing persuasive, well-supported audit reports while leading stakeholder discussions and presenting complex findings clearly to senior management
• Project management: Juggling deadlines, workpapers, fieldwork schedules and team coordination

While many AML professionals might develop these skills over time, internal audit accelerates the timeline dramatically because of the diversity of exposure and pace of delivery.

4. Career mobility and marketability

Perhaps the most consequential benefit of an internal audit background is the boost it gives to one’s career optionality and marketability.

The governing principles, methodologies and practices (e.g., control assessments, sample testing, thematic reviews, data analytics) used in internal audit mirror those of external regulators, which makes the experience directly transferable to roles in:

• First-line control testing
• Enterprise risk management
• Second-line compliance oversight
• Financial crime advisory and remediation
• Vendor assurance and regtech implementation

Because audit exposes professionals to every corner of AML (from sanctions and onboarding to cryptocurrency controls, artificial intelligence-based monitoring and environmental-, social- and governance-linked risks), it serves as a platform to pivot into niche, high-growth roles in areas like digital assets, fintech compliance or fraud analytics.

In simple terms, audit experience builds reputation, adaptability and versatility—the very attributes that hiring managers appreciate in today’s regulatory-conscious and innovation-driven environment.

As the financial crime prevention field becomes increasingly integrated with tech, data science and global policy, audit-trained professionals are uniquely positioned to bridge the old and the new.

For AFC professionals, this translates into a broader array of career paths, more control over one’s trajectory and often faster advancement into leadership roles.

Conclusion

Whether exploring new ground or reevaluating a career path, internal audit delivers what few roles can: a high-resolution, wide-angle view of the AML ecosystem.

What starts as exposure becomes elevation, through a combination of:

• Holistic understanding of business and compliance processes
• High-profile visibility and relationship-building opportunities
• Greatly enhanced career flexibility and marketability
• Accelerated development of AML expertise

Internal audit is a role that shows you how everything connects—functions, systems, risks and people—and in doing so, it helps you figure out where “you” connect best.

It challenges you to think like a strategist, communicate like a leader and assess like a regulator—all while surfacing the kind of insight that only comes from seeing the full picture.

Jonathan Estreich, CAMS-Audit, CFE, award-winning four times certified career strategist, founder, Natfluence (Career Growth Fuel), New York, NY, USA, jon@natfluence.com,

The views expressed in this article by the author and contributing experts do not necessarily represent the views or opinions of their organizations.

1. “BSA/AML Examination Manual,” Federal Financial Institutions Examination Council, 2015, https://bsaaml.ffiec.gov/manual/AssessingTheBSAAMLComplianceProgram/03
2. “FCC Testing Within the Banking Industry,” ACAMS Today, September 1, 2020, https://www.acamstoday.org/fcc-testing-within-the-banking-industry/
3. “Financial services: Internal audit planning priorities 2025—Banking and capital markets,” Deloitte, https://www.deloitte.com/content/dam/assets-zone2/uk/en/docs/services/risk-advisory/2024/financial-services-planning-priorities-2025-banking-and-capital-markets.pdf
4. For the purposes herein, the term AML refers collectively to the BSA, AML, AFC and sanctions activities.
5. “Tough love: The importance of the internal audit function for central banks,” De Nederlandsche Bank, May 23, 2025, https://www.dnb.nl/en/general-news/speech-2025/tough-love-the-importance-of-the-internal-audit-function-for-central-banks/