AUSTRAC releases new Anti-Money Laundering and Counter-Terrorism Financing rules

The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act), parts of which became effective from 13 December 2006, aims to fulfil Australia’s international obligations to deter money laundering and terrorism financing. The AML/CTF regime consists of principles-based legislation and rules created by the Australian Transaction Reports and Analysis Centre (AUSTRAC). The regulatory regime introduced by the AML/CTF Act has a staggered commencement, with implementation to be completed at six month, 12 month and 24 month intervals from 13 December 2006.

Amendments to the AML/CTF Act

On 12 April 2007, the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2007 was passed to make technical amendments to the AML/CTF Act, and to effect various other miscellaneous and consequential changes to a number of other pieces of legislation. These changes were made in response to reports by parliamentary committees and include:

• providing for review of certain decisions made by the CEO of AUSTRAC, and
• granting of access by designated agencies to information.

For more information on the Senate review process, see our previous article.

New AML/CTF rules

Section 229 of the AML/CTF Act requires and authorises the AUSTRAC CEO to make certain rules. Rules recently made set out legally binding obligations for ‘reporting entities’ who provide certain ‘designated services’ specified within the Act.

The new requirements are largely contained in the Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No 1). They concern customer identification and verification procedures, and anti-money laundering and counter-terrorism financing programs. A second instrument, the Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No 2), clarifies paragraph (e) of the definition of ‘correspondent banking relationship’ in section 5 of the AML/CTF Act.

Know your customer (KYC) and reporting obligations

In keeping with the risk-based approach integral to the AML/CTF Act, each reporting entity will be required to determine for itself the way in which it will meet its obligations. Requirements are risk based, and reporting entities must have programs to manage and mitigate their own risks.

The level of money laundering and terrorism financing risk incurred by a reporting entity will be largely a function of:

• the nature, size and complexity of its business
• its customer types, and whether they include politically exposed persons
• the types of designated services the reporting entity provides
• its delivery methods, and
• its presence or participation in foreign jurisdictions.

Under the AML/CTF Act, risk will have to be identified, analysed, treated, monitored and reported on an ongoing basis.

Accordingly, the Act requires each reporting entity to have and comply with a documented AML/CTF program. Compliance programs are divided into Part A (general) and Part B (customer identification). Part A of a AML/CTF program must be designed to identify, reduce and manage the money-laundering and terrorism financing risk reasonably faced by the reporting entity in the provision of its services, and may include:

• systems to assess risk associated with either products or services
• employee due diligence
• employee training, and
• the training and monitoring of the reporting entity’s agents.

The primary purpose of Part B is to set out the applicable customer identification procedures for the purposes of the application of the AML/CTF Act to customers of the reporting entity.

The new rules specify the minimum requirements for Part B programs, as they variously relate to the identification of a customer who is an individual, company, trust, association, partnership, incorporated or unincorporated association, cooperative or government body.

Minimum requirements will apply to those customers which the reporting entity reasonably regards as medium to low risk. However the reporting entity must also have in place appropriate risk-based systems and controls to determine whether in addition to the minimum, any other KYC information should be collected or verified. The reporting entity must also have systems and controls to allow it to respond to any discrepancy that arises in the course of verifying KYC data.

For customers who are natural persons, and whose money-laundering and terrorism financing risk is assessed as medium or lower, the rules specify documentation-based or electronic-based ‘safe harbour’ methods of verifying customer identification.¹ For companies, the rules provide for a minimum level of KYC information collection and verification, and also set out a simplified verification procedure which may be used in the case of domestic listed public company or a majority owned subsidiary of a domestic listed public company.

For trusts, the reporting entity must also be reasonably satisfied that the trust exists and that it has been provided with reliable information concerning the identity of each trustee and beneficiary, or class of beneficiary, of the trust. A simplified trustee verification procedure may be used for a trust that satisfies certain specified conditions.

The new rules also set out requirements relating to customer identification procedures applying to agents of customers and to a customer’s verifying officer.

Reporting entities are generally not required to identify pre-commencement customers before providing a designated service. However, where the Act imposes an obligation to report a ‘suspicious matter’, a reporting entity will also be required to verify the identity of the pre-commencement customer. The AUSTRAC CEO has the authority to make further rules specifying circumstances where the identity of a pre-commencement customer who has already been identified must be verified.

Despite the clarification provided by the rules, requirements beyond the minimum levels required for medium- and low-risk customers remain open-ended. AUSTRAC emphasises that the keystone of the AML/CTF Act is that the reporting entity must know its customers and appropriately manage its own risks.

Correspondent banking relationships

The AML/CTF Act requires that a financial institution carry out a due diligence assessment before entering into a correspondent banking relationship with another financial institution, as well as carry out regular due diligence assessments. The newly-released rules clarify the meaning of ‘correspondent banking relationship’ and specify the matters to be assessed for both preliminary and regular due diligence assessments, where and to the extent warranted by the risk that the relationship might involve or facilitate money laundering or financing of terrorism. The rules also specify that a senior officer of a financial institution must have regard to the due diligence assessment when approving the entering into of a correspondent banking relationship.

Paragraph (e) of the definition of ‘correspondent banking relationship’ in section 5 of the AML/CTF Act has been clarified by the Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No 2). That provision permits the AML/CTF Rules to exclude banking services from the definition of correspondent banking relationship. The new rules exclude all banking services except ‘nostro’ or ‘vostro’ accounts. While the terms nostro and vostro are not defined in the AML/CTF Act, it is commonly held that a ‘nostro’ account is a bank account established in a foreign country for the purpose of holding that country’s currency. A bank that maintains a nostro account for a foreign entity refers to the same account as a ‘vostro’ account.

These rules will be elaborated upon by AUSTRAC in future guidance notes and in a regulatory guide.² AUSTRAC has also indicated that it plans a Legal Interpretation series, in which the regulator will provide its interpretation of certain key terms and provisions of the AML/CTF Act. The first publication in this series is expected around August 2007.

Compliance and enforcement

AUSTRAC has indicated that, at least initially, it desires to engage in cooperative negotiation before any formal intervention. For a period of 15 months from each deadline specified in the AML/CTF Act, AUSTRAC has received ministerial direction not to seek civil or criminal penalties for breaches if the reporting entity has taken ‘reasonable steps’ to comply. However, AUSTRAC will be engaging in inspection activity during this compliance period, and reporting entities may expect early and assertive interventions for serious non-compliance.

In accordance with their size, complexity and money-laundering and terrorism financing risk profile, reporting entities can expect to be the subject of various AUSTRAC surveillance measures, including:

• on-site inspections, either annually or within the annual cycle for those most at risk
• desk reviews
• annual consultations (as currently done by the Australian Prudential Regulation Authority, for example) involving high-level meetings with the Chief Financial Officer or Chief Risk Officer
• thematic studies, as used in the United Kingdom, to identify and discuss issues common to particular industries
• systematic data gathering of increased scope and frequency of collection
• coordination with other financial services regulators to coordinate as far as possible the regulatory oversight task.

Upcoming and expected developments in the regulation of AML/CTF

AUSTRAC is planning various initiatives to raise industry and public awareness of the new requirements. For example, the AUSTRAC CEO plans to convene consultative meetings with senior industry executives on a twice-yearly basis. Other AUSTRAC education initiatives include an expanded help desk, updated web pages, an advisory visit program, and a workshop and seminar program. The Attorney General’s department will also be conducting a public awareness campaign in various media, particularly focussing on ethnic media. The media campaign will stress how the new requirements are essential to maintain Australia’s international standing as a safe financial centre and to meet its international obligations. Within the next month or two, AUSTRAC also expects to release a self-assessment questionnaire, to be used by reporting entities in measuring their own readiness and compliance. The completed questionnaire need not be submitted to AUSTRAC. The AUSTRAC Regulatory Guide, which is expected to be released progressively from September 2007, will also be a useful resource for businesses needing to assess their compliance with the Act.

To complement the rules already made, various non-binding guidelines are being developed, including guidelines relating to registration of providers of designated remittance services, correspondent banking, designated business groups, AML/CTF Programs and customer identification.

Rules expected to be made and released over coming months are expected to concern:

• section 47 compliance reports: the content of such reports will expand over time
• exemption of certain bill-payment systems from Part 5
• reportable details for threshold transaction reports, internal funds transfer instruction reports and suspect matter reports
• ongoing due diligence.

For additional information on the AML/CTF Act, recent amendments and the new rules see the AUSTRAC website and our previous article.

Footnotes

1. It is expected that AUSTRAC will shortly release guidance as to what the regulator considers ‘reliable and independent electronic data’ for the purpose of identification verification.
2. The regulatory guide will be released progressively, beginning in the fourth quarter of 2007, and will likely evolve in content over a number of years.

This article was written by Philip Kennedy, Solicitor in the Consumer Financial Services group, and Diana Masen, Graduate in the Sydney Corporate group.

For more information please contact

Name : Alan Peckham
Title : Partner
Office : Melbourne
Phone : +61 3 9288 1539
Fax : +61 3 9288 1567
Email : alan.peckham@freehills.com