The Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) legislation and subsequent amendments have been part of significant reforms since 2006, bringing Australia into line within international best practice to prevent money laundering and the financing of terrorism. Australia has continued to achieve this by imposing several obligations on the financial sector, gambling sector, money transfer services, bullion dealers and other professionals or businesses that provide particular services. These obligations include collecting and verifying certain 'know your customer' (KYC) information about a customer's identity when providing those services.

With the amendments to the current AML/CTF rules that passed through parliament in December 2020, it is a good time to reconsider the scope and consequences of these rules on your business. You might be surprised how far reaching the scope really is.

Is your business a "Reporting Entity"?

A reporting entity under the AML/CTF rules is defined as an entity that provides any designated services listed under section 6 of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) ('Act'). These entities generally provide financial, gambling, bullion or digital currency exchange services which have a 'geographical link' to Australia. More specifically, the Explanatory Memorandum to the Act describes these 'designated services' to include:

"opening an account, accepting money on deposit, making a loan, issuing a bill of exchange, a promissory note or a letter of credit, issuing a debit or stored value card, issuing traveller's cheques, sending and receiving electronic funds transfer instructions, making money or property available under a designated remittance arrangement, acquiring or disposing of a bill of exchange, promissory note or letter of credit, issuing or selling a security or derivative, accepting a contribution, roll-over or transfer in respect of a member of a superannuation fund and exchanging currency."

Given the scope of the services that are captured by these rules it is important to determine whether the services you provide qualifies your business as a "reporting entity".

Anti-Money Laundering and Counter-Terrorism Financing ('AML/CTF ') Program

In the event that your business is a 'reporting entity' and falls within the scope of the Act then you must ensure your business has an Anti-Money Laundering and Counter-Terrorism Financing Program. This internal program effectively sets out procedures on how you identify, mitigate and manage money laundering and terrorism financing risks, and must be appropriate to the level of risk the business or organisation may reasonably face.

Anti-Money Laundering and Counter-Terrorism Financing ('AML/CTF ') Program – what must be included?

There are 2 parts to an AML/CTF Program, a Part A and a Part B.

Part A: must include processes and procedures to identify, mitigate and manage the money laundering and terrorism financing risks that a business or organisation might reasonably face.

Part B: focuses on the procedures for identifying customers and beneficial owners including those that are politically exposed persons and verifying their identity.

The Act contains certain requirements as to what your program must include, specifically the program should include the following:

  • Internal policies, procedures and controls
  • AML/CTF Risk Assessment
  • Compliance management arrangements
  • Screening procedures and ongoing training for employees; and
  • An audit function to test the system's compliance to the rules including an independent review

What is Anti-Money Laundering and Counter-Terrorism Financing ('AML/CTF ') Risk Assessment?

Assessment of money laundering and terrorism financing risk to your business is key to the AML/CTF Program as this enables you to develop an AML/CTF Program with the appropriate measures to protect your business from exploitation by criminals. In making this assessment as to whether a risk may be categorised as low, medium or high, there are a few things to consider, such as:

  • the types of customers you have and whether the customers or their beneficial owners are politically exposed persons;
  • the beneficial owner/s of the customers (in the case of a corporate entity or trust);
  • types of designated services you provide (for example face-to-face or online);
  • the foreign countries or regions – known as foreign jurisdictions – you operate in or do business in;
  • customers' source of funds and wealth;
  • the nature and purpose of the business relationship with the customers; and,
  • the control structure of customers who are not individuals, such as companies and trusts.

The above factors will also influence the development of your customer identification and verification procedures. You should also ensure that your risk assessment method is flexible enough to adapt to the changes that affect the risk level (for example changes in the ways designated services are delivered, the engagement of new jurisdictions and the use of new technologies to provide designated services).

The level of risk must also be reviewed when there are certain changes to the customers' circumstances. For example, where there is a change in the nature of the business relationship with a customer, change in the customer's beneficial owner and changes to a customer's corporate structure or other control structures.

Anti-Money Laundering and Counter-Terrorism Financing and Other Legislation Amendment Bill 2019

On 10 December 2020, there were several amendments to the Act by way of the Anti-Money Laundering and Counter-Terrorism Financing and Other Legislation Amendment Bill 2019 which was passed by both the Houses of Parliament. The key changes that came through were:

  • an expansion of circumstances in which reporting entities may rely on customer identification and verification procedures undertaken by a third party (rather than relying on using their own resources to conduct this process);
  • an express prohibition on reporting entities providing a designated service if customer identification procedures cannot be performed;
  • strengthening protections on correspondent banking by making it a requirement that banks conduct due diligence assessments before entering, and during, all correspondent banking relationships;
  • expanding exceptions to the prohibition on tipping off to permit reporting entities to share suspicious matter reports (SMRs) and related information with external auditors and foreign members of corporate and designated business groups; and,
  • the broadening of the scope of cross-border reporting to the AUSTRAC CEO of amounts above $10,000 or more to include the movement of monetary instruments which extends to physical currency, a bearer negotiable instrument or anything prescribed by the Regulations.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.