• Introduction
• Overview
• Publications
• Legislation & links
• Contacts
• News
• Asia Pacific
• Archive
  • Industries
    • Accountants
    • Financial service providers
    • Gambling service providers
    • Insurance
    • Lawyers
    • Dealers in precious metals & stones
    • Real estate agents

Financial services providers

With the introduction of its new anti-money laundering (AML) and counter-terrorism financing (CTF) legislation, the Australian Government has progressed its plan to bring Australia's AML/CTF regime into compliance with the global standards of the Financial Action Task Force (FATF), an international inter-governmental body that develops policies to combat money laundering and terrorist financing. These global standards are contained in the FATF Forty Recommendations on AML and its Nine Special Recommendations on CTF (collectively the FATF Recommendations).

• The Anti-Money Laundering and Counter Terrorism-Financing Act 2006
• Issues for the financial sector
• The CTF regime

The Anti-Money Laundering and Counter Terrorism-Financing Act 2006

It is intended that, in due course, the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (the Act) will replace the Financial Transaction Reports Act 1988 (Cth) (the FTRA), which will be repealed. However, in the interim, the current obligations under the FTRA continue to apply.

The Act, which came into effect in December 2006, introduces radical changes to the Australian AML/CTF regime. Not only does it have considerable resource implications for the financial services industry, but it will also have a significant impact on the way financial institutions (and those other businesses affected by the Act) interact with their customers.

The Act is to be supplemented by Regulations (mainly technical in nature), AML/CTF Rules (which will contain the practical, operational detail of the AML/CTF regime and have legislative force), and Guidelines (which will not be legally binding and which are intended to assist reporting entities (see below) to interpret their obligations and are anticipated in time to represent a 'best practice' approach for reporting entities)

• Who is affected?
• Timing
• The core requirements
• The risk-based approach

Who is affected?

The Act imposes AML/CTF obligations on a wide range of financial service providers (known as reporting entities), including those in the banking, life insurance, managed funds and superannuation sectors, who provide one or more designated services.

Section 6 sets out a comprehensive list of 70 different types of designated services including:

• opening accounts or allowing a transaction or a person to become a signatory;
• making loans in the course of a business of making loans;
• providing cheque books or similar facilities;
• issuing debit cards;
• issuing or selling securities or derivatives in the course of a business of issuing or selling securities and derivatives (and the issue does not consist of the issue by a company of securities or options to buy securities issued by the company);
• buying or selling securities, derivatives or fx contracts on behalf of another where the purchase or sale is in the course of carrying on a business of buying/selling securities in the capacity of an agent;
• providing some life insurance and sinking funds policies;
• payments, contributions and rollovers by super funds, approved deposit funds and retirement savings accounts;
• providing a custodial or depository service;
• being involved in funds transfers; and
• in the capacity of a holder of an Australian financial services licence, making arrangements for a person to receive a designated service (a licensee arranger).

As a practical matter those financial service providers that are likely to become reporting entities may consider it a useful exercise to identify (before 13 December 2007 when the customer identification requirements come into force) and maintain a record of those customers to whom they currently (or have in the past) provided a service which is a designated service under the Act. This will ensure that these customers are recorded as being existing customers and as such will not need to undergo an applicable customer identification procedure should they receive a designated service after 13 December 2007, unless a suspicious matter reporting obligation arises or as part of ongoing due diligence requirements.

The person¹ providing the designated service will be a reporting entity only if the service is provided:

• at, or through, a permanent establishment (that includes where the person is carrying on business either themself or through an agent) in Australia; or
• by a resident of Australia at or through an overseas permanent establishment of that resident (a foreign branch); or
• by a subsidiary of a company that is a resident of Australia at or through an overseas permanent establishment of the subsidiary (an overseas subsidiary).

A person who provides a service while travelling or operating on a mobile basis in a country is taken to provide the service at a permanent establishment in that country.

The Act therefore applies to foreign financial institutions that provide a designated service in Australia, even if they have no place of business in Australia and only provide the service through an agent who does.

Foreign branches or overseas subsidiaries of Australian financial institutions are exempt from some of the requirements. For example, the identification requirements do not apply to a designated service that is provided overseas by a foreign branch or overseas subsidiary.

Timing

The AML/CTF obligations will be phased in stages over a two-year period. The schedule for implementation of obligations is as follows:

• 13 December 2006: obligations relating to:
  • electronic funds transfer instructions and records about some electronic funds transfer instructions;
  • records relating to transaction records, customer-provided transaction documents and transferred ADI accounts;
  • registration of designated remittance providers; and
  • reports on cross-border movements of currency and bearer negotiable instruments;
• 13 June 2007: obligations relating to:
  • AML/CTF compliance reports; and
  • correspondent banking (and records about correspondent banking);
• 13 December 2007: obligations relating to:
  • customer identification and records of identification procedures; and
  • AML/CTF programs;
• 13 December 2008: obligations relating to:
  • ongoing customer due diligence; and
  • suspicious matter and threshold reporting.

The Government has stated that a 15-month amnesty period will follow after each of the stages outlined above is implemented. During that period, the Australian Transaction Reports and Analysis Centre (AUSTRAC) will only take criminal or civil penalty action against a reporting entity where the reporting entity has manifestly failed to take steps towards compliance with its obligations.

The Government has said that a Technical Amendments Bill will be introduced in the autumn 2007 sitting of Federal Parliament to address some of the amendments arising out of the report of the Senate Scrutiny of Bills Committee and outstanding technical issues. Although the amending legislation is not intended to address significant policy matters, it is anticipated that it will introduce some significant amendments.²

Operational detail is contained in the AML/CTF Rules. Some final AML/CTF Rules were issued in December 2006. The Government has said that all AML/CTF Rules necessary for those provisions that will come into effect on 13 December 2007 will be finalised by 31 March 2007.³

The core requirements

These include:

• customer due diligence requirements, (including enhanced customer identification and verification procedures, and transaction monitoring);
• suspicious matter and threshold transaction reporting;
• development of, and compliance with, an AML/CTF program;
• correspondent banking obligations; and
• record keeping.

Allens has commented in detail on some of these core requirements in Focus publications (22 December 2005, 27 July 2006, 3 August 2006, 2 November 2006, 17 November 2006, 8 December 2006 and 14 December 2006).

The risk-based approach

The Act (and the Draft AML/CTF Rules released as at 31 December 2006) adopt a risk-based approach. In practice this should mean that reporting entities will decide how to best to assess and to mitigate their money laundering and financing of terrorism (ML/TF) risk and it should allow reporting entities to concentrate their resources on areas where that risk is higher.

The Act recognises that the core of an effective risk-based approach is a comprehensive and current risk assessment. It does so by empowering AUSTRAC to require a reporting entity to carry out a ML/TF assessment and report the results of the assessment to AUSTRAC.

Examples of an effective risk-based regime can be found in overseas jurisdictions. Examples are the guidelines developed by the UK Joint Money Laundering Steering Group,³ the Revised Supplement to the Guideline on Prevention of Money Laundering and Interpretative Notes issued by the Hong Kong Monetary Authority,⁴ and the guidance developed by the Wolfsberg Group to assist financial institutions to manage their AML risks.⁵

Issues for the financial sector

Many of the concerns raised by the representatives of the financial services industry during the consultation period on the legislation have been resolved but some difficulties remain. Some of these are discussed below.

Existing customers

The Act provides that existing customers will only have to be identified, verified or re-verified in the event that a suspicious matter obligation arises, that is, where a reporting entity suspects on reasonable grounds that:

• the customer (or the customer's agent) is not who they claim to be; or
• information about the provision (or prospective provision) of a designated service may be:
  • relevant to the investigation or prosecution of a person for:
    • a criminal offence;
    • tax evasion; or
    • a money laundering or terrorism financing offence;
  • of assistance in the enforcement of laws relating to proceeds of crime; or
  • preparatory to the commission of a money laundering or terrorism financing offence.

In those circumstances, the reporting entity must take such action as is required by the AML/CTF Rules.⁶ There is, however, no prohibition against providing or continuing to provide a designated service pending taking such action.

However, where an existing customer is accessing a new designated service which presents a different increased risk, the reporting entity may need to verify the identity of that customer as part of its ongoing due diligence obligations.

Designated business group

The Act introduces the concept of a designated business group (DBG), which will facilitate sharing of customer identification information and allow for a group-wide compliance program. In particular, members of a DBG can discharge ongoing customer due diligence, record keeping and compliance reporting requirements for other members and can, in some circumstances, share suspicious matter information.
Members of a DBG (except licensee arrangers) can enter into joint AML/CTF programs, but can adopt some systems and controls to suit their individual needs.

The Explanatory Memorandum released with the Act indicates members of a DBG can also share customer identity information within the DBG, although there is no specific provision to this effect in the Act.

In practical terms, this may not go far enough. Reporting entities within the same DBG that provide designated services to each other, such as treasury operations, will still be required to carry out customer identification on each other and will each have to carry out customer identification/verification on each other's customers (although this may be tempered by AML/CTF Rules that could be made under s38).

Additionally, customers of one reporting entity in a designated business group may not be an existing customer of another member of the group. If the customer is new for one member, that member as a reporting entity will have an obligation to identify it. This will apply even if the customer is existing for another member of the DBG.

A DBG is defined as a group of two or more persons (not just corporates), each of whom has elected in writing to be a member of a DBG. A member of a DBG cannot be a member of another DBG at the same time.

However, the Draft AML/CTF Rule on DBGs, released for consultation in January 2007, restricts membership to:

• related bodies corporate (within the meaning of s50 of the Corporations Act 2001 (Cth)) that are reporting entities; or
• persons who provide designated services pursuant to a joint venture agreement to which each member is a party; or
• a company:
  • in a foreign country, which if it were resident in Australia would be a reporting entity; and
  • is related to another member (within the meaning of s50 of the Corporations Act); and
  • the other member is a reporting entity.

Third parties

Reporting entities can appoint agents to carry out their customer application procedures although, as general agency principles apply, they will remain responsible for the acts of their agents. This is tempered by the reasonable precautions and due diligence defence provisions in the Act (s236). Reporting entities will still have to identify, manage and mitigate any risk posed by the use of third parties in order to comply with requirements of their AML/CTF program.

Reporting entities can also rely on customer identification procedures undertaken by other reporting entities, but this is subject to conditions to be set out in the AML/CTF Rules.

Electronic verification

The AML/CTF Rules now specifically allow for customer verification by electronic verification (EV) as well as reliance on documentation. There are specific safeguards where EV is used in that there must be systems and controls in place to ensure that the data is reliable and independent and (among other matters) accurate, secure, up to date and comprehensive.

A safe harbour provision is available, but only where EV is used where the customer has a three-year credit or transaction history.

Allens' Focus of 27 July 2006 deals with the customer identification obligations in more detail.

Licensee arrangers

Licensee arrangers are not subject to all the AML/CTF obligations. The customer identification/verification and record keeping obligations apply. Their AML/CTF program obligations are restricted to customer identification procedures. Although not currently subject to the suspicious matter reporting regime, the Act will be amended so that licensee arrangers will be required to report suspicious matters during the period that they provide the designated service.

The CTF regime

The FATF Mutual Evaluation Assessment of the Australian AML/CTF regime (the FATF report), released in October 2005, identified some serious deficiencies in the Australian CTF regime.

The Government remedied these by amendments to the Criminal Code Act 1995 (Cth) (the Criminal Code) and the FTRA. The changes to the Criminal Code included the addition of new offences relating to the collection of funds for terrorist organisations and financing individual terrorists. The changes to the FTRA have been superseded by the Act.

For an analysis of some of the changes to the Criminal Code, see Focus: Anti-money Laundering - December 2005.

For a detailed look at the FATF report see our summary.

Allens has commented on these and other key issues of relevance to the financial sector in articles and in our submissions to the Government on the draft legislation and AML/CTF Rules.

Further information about the AML/CTF reform process, go to the Attorney-General's website.

Footnotes

1. Persons are widely defined to include:
   • an individual;
   • a company;
   • a trust;
   • a partnership;
   • a corporation sole; and
   • a body politic.
2. It is expected amendments will include:
   • an amendment to section 42(6) extending the suspicious matter reporting obligation to licensee arrangers.
   • an amendment so that remedial directions under section 191 can be reviewed by the Administrative Appeals Tribunal
   • amending some of the absolute liability offences to strict liability.
3. A Draft AML/CTF Rule on designated business groups was released in January 2007.
4. These guidelines are set out in the JMLSG Guidance Notes Part 1 and Part 2.
5. http://www.info.gov.hk/hkma/eng/guide/index.htm.
6. http://www.wolfsberg-principles.com/risk-based-approach.html.
7. Draft AML/CTF Rules released by AUSTRAC require a reporting entity within 14 days to carry out a customer identification procedure, and/or collect and verify any KYC information for the purpose of being reasonably satisfied the customer is who it claims to be.