Getting ready to roll with AML reforms
13 September 2024
On 11 September 2024, the Bill was introduced into the House of Representatives. The introduction of the Bill follows two separate consultations on proposed reforms to Australia’s AML/CTF laws by the Attorney-General's Department and seeks to ensure that Australia's AML/CTF laws align with international standards set by the Financial Action Task Force (FATF).
The Bill proposes a number of changes. The key changes are set out below.
The proposed changes make it clear that reporting entities must understand and document their ML/TF risks and design their frameworks, processes, systems and controls to ensure that ML/TF risks are managed and mitigated. The stated intent of the proposed changes are to modernise Australia's AML/CTF laws to better detect, deter and disrupt ML/TF and other serious financial crimes.
Current requirement | Proposed changes |
AML/CTF programs – clarifying and simplifying | |
An AML/CTF program is divided into two parts – Part A (purpose is to identify, mitigate and manage the money ML/TF risks that a reporting entity may reasonably face in providing designated services) and Part B (applicable customer identification procedures). | No requirement for an AML/CTF program to have two parts. A reporting entity must maintain an AML/CTF program which is defined to include the reporting entity's ML/TF risk assessment and AML/CTF policies. A reporting entity's AML/CTF policies should be designed to achieve two outcomes – the first is to manage and mitigate the ML/TF risks that a reporting entity may reasonably face in providing designated services, and the second is internal compliance management to ensure the reporting entity complies with the AML/CTF Act, AML/CTF Rules and regulations. Generally, these policies will include matters that are currently dealt with in Part A and Part B, however the definition of AML/CTF policies is broad and includes 'the policies, procedures, systems and controls' developed and updated to achieve these outcomes. Importantly, a reporting entity must comply with its AML/CTF policies. |
Requirement to carry out ML/TF risk assessment is inferred. | An express obligation to carry out an ML/TF risk assessment which identifies and assesses the risks of money laundering, financing of terrorism and proliferation financing. Where the reporting entity provides designated services at or through a place of business in Australia, it must have regard to the following four main factors when carrying out that assessment:
In addition, a reporting entity must have regard to any guidance issued by the Australian Transaction Reports and Analysis Centre (AUSTRAC) and any other matters specified in the AML/CTF Rules. The ML/TF risk assessment must be reviewed where there is a significant change to any of the factors, or at least every 3 years. |
The AML/CTF Rules impose an obligation for the AML/CTF program to be approved by a reporting entity's governing board and senior management and subject to ongoing oversight by the governing board and senior management. | A reporting entity's governing body must exercise ongoing oversight of the reporting entity's ML/TF risk assessment, compliance with its own AML/CTF policies, and compliance with the AML/CTF regime. The governing body must also take reasonable steps to ensure the reporting entity is identifying, assessing, mitigating and managing ML/TF risks and otherwise complying with the reporting entity's AML/CTF policies, AML/CTF Act and AML/CTF Rules. A senior manager must approve the reporting entity's AML/CTF policies. The governing body must be notified of any updates to the ML/TF risk assessment. |
An obligation to designate an AMLCO is contained in the AML/CTF Rules. | This obligation will be moved to the Act, emphasising the importance of the role. Additional requirements will also apply. For example, the AMLCO:
AUSTRAC must be notified of the individual appointed to the role within 14 days of appointment. |
'Designated business group' replaced with 'reporting group' | |
Designated business group must fall within particular criteria (such as being related bodies corporate), be providing designated services and have nominated to form a designated business group | Replaced by a 'reporting group' concept.
|
Customer due diligence | |
Customer due diligence includes:
| Moving these requirements to the AML/CTF Act and reframing them as:
|
Ongoing customer due diligence program requirements are set out in the AML/CTF Rules. | This obligation will be moved to the Act, and will include an express requirement to:
|
Enhanced customer due diligence (ECDD) triggers are set out in the AML/CTF Rules and require a reporting entity to apply ECDD where the customer's ML/TF risk is high, a designated service is provided to a customer or beneficial owner who is a PEP, a suspicious matter report (SMR) has been lodged about the customer or where a reporting entity proposes to enter into a transaction with a party physically present in a prescribed foreign country (currently Iran and North Korea) | ECDD triggers will be set out in the Act, and in addition to the existing triggers, ECDD will be required where:
|
Pre-commencement customers: Pre commencement customers are subject to customer due diligence only on specified events (eg an SMR obligation arises in respect of the customer). | Pre-commencement customers will be subject to initial customer due diligence where:
|
Verification data: Customer identification information must be verified using reliable and independent documents or data. | Reporting entities will be required to use reliable and independent data that is appropriate to the ML/TF risk of the customer. This is likely to provide reporting entities with more flexibility when determining what sources of data they can use for verification purposes. |
Tipping off – simplifying the prohibition to focus on ensuring that it doesn't hinder criminal investigations and enables reporting entities to detect, deter and disrupt ML/TF | |
Tipping off prohibition applies to reporting entities. To ensure that the tipping off prohibition is an enduring obligation – it will apply to a person:
| Tipping off prohibition applies to a disclosure to any person (other than certain AUSTRAC entrusted people), except where an exemption applies. The blanket prohibition will be repealed and replaced with a new prohibition that:
Under the changes, a person could share information within a reporting group, in the context of a merger or acquisition or to consultants who are engaged by the reporting entity to support AML/CTF reviews, remediation and uplift. |
A number of exceptions apply to the tipping off prohibition. | The tipping off exception for crime prevention remains but now has a 'good faith' requirement embedded in it whereby a person can make a disclosure to dissuade a customer from engaging in conduct that could constitute an offence. |
Extending the regime to virtual asset services | |
Digital currency exchange services are captured by regulation under AML/CTF laws | AML/CTF laws extend to 'virtual assets', which is broader than digital currency as it removes the requirement for the asset to be generally available to members of the public without any restriction on use. A virtual asset is defined as a digital representation of value that functions as a medium of exchange, store of economic value, unit of account or an investment, that is not issued by or under the authority of a government body and that can be transferred, stored or traded electronically. The AML/CTF Act only regulates the exchange of digital currency for fiat currency. The AML/CTF regime will apply to:
|
Transfers of value | |
The AML/CTF Act distinguishes between transfers of value undertaken by financial institutions and those undertaken by remittance service providers, which results in different obligations applying to financial institutions and remittance service providers.
| This distinction will be removed and providers of value transfer services will be regulated. This streamlines and modernises the regulation of telegraphic transfers, remittances, and other transfers of value so that they are all brought under a single definitional umbrella of ‘value transfer services’. |
Digital transactions are not captured as a 'transfer of value'. Value transfer services will include virtual asset service providers. | Value transfer services will include virtual asset service providers. |
Travel rule (ie the requirement that certain payer and payee information ‘travels’ alongside a transfer of value) applies to financial institutions (ie ordering and beneficiary institutions). | The travel rule will be extended to remittance service providers and virtual asset service providers, for both domestic and cross border value transfers. |
Intermediary institutions (that pass on a transfer message in a value transfer chain) are not reporting entities. | Intermediary institutions will be a reporting entity. Although, they will be exempt from most customer due diligence obligations because they do not have a direct customer relationship with either the payer or payee. Although, an intermediary institution must monitor its transactions to identify unusual transactions and behaviours of the customers that may give rise to an SMR obligation. |
International value transfer services – reducing IFTI reporting complexity, having regard to modern payment services | |
A report must be submitted for an 'international funds transfer instruction' (IFTI). | A report must be submitted for an 'international value transfer service' (IVTS) to align with the changes to transfers of value and value transfer chain. |
The reporting obligation applies to the 'sender' of the IFTI out of Australia, or the 'recipient' of the IFTI into Australia. | The reporting entity closest to the Australian customer will have the IVTS reporting obligation. This will enable more accurate customer information to be included in IVTS reports. |
Intermediary institutions may be involved in reporting an IFTI where they are the 'sender' or 'recipient'. | A reporting entity may rely on an intermediary institution to discharge its IVTS reporting obligation where the intermediary institution provides a relevant designated service and the two entities have entered into a written agreement. |
No reporting obligation for digital currency transfers. | The IVTS reporting obligation will apply to international transfers of virtual assets from an unverified self hosted wallet including those incidental to virtual asset exchange designated services. |
Regulating additional high-risk gatekeeper professions | |
Australia is currently one of only five jurisdictions which does not regulate particular 'gatekeeper' professions. The Government has noted that this places Australia at serious risk of being 'grey-listed' by FATF | AML/CTF regime will be extended to:
|
Moving some exemptions to the AML/CTF Act and time limiting others | |
A number of exemptions appear in the AML/CTF Rules. | Some exemptions currently in the AML/CTF Rules will move to the AML/CTF Act by either reframing the primary obligation or incorporating an express exemption, and exemptions that remain in the AML/CTF Rules will be time limited. |
The proposed commencement date for a number of the key reforms is 31 March 2026. The intention is that reporting entities will have sufficient time to implement the necessary changes to its policies, processes, systems and controls whilst ensuring that the reforms are in place for Australia's mutual evaluation by FATF in 2026-27.
Ashurst Risk Advisory Pty Ltd (ABN 74 996 309 133) is part of the Ashurst Group. The services provided by Ashurst Risk Advisory Pty Ltd do not constitute legal services or legal advice, and are not provided by Australian legal practitioners acting in that capacity. The laws and regulations which govern the provision of legal services in the relevant jurisdiction do not apply to the provision of non-legal services.
For more information about the Ashurst Group, which Ashurst Group entity operates in a particular country and the services offered, please visit www.ashurst.com.
This material is current as at 13 September 2024 but does not take into account any developments after that date. It is not intended to be a comprehensive review of all developments in practice, or to cover all aspects of those referred to, and does not constitute professional advice. The information provided is general in nature, and does not take into account and is not intended to apply to any specific issues or circumstances. Readers should take independent advice. No part of this publication may be reproduced by any process without prior written permission from Ashurst. While we use reasonable skill and care in the preparation of this material, we accept no liability for use of and reliance upon it by any person.
The information provided is not intended to be a comprehensive review of all developments in the law and practice, or to cover all aspects of those referred to.
Readers should take legal advice before applying it to specific issues or transactions.