How to avoid anti-money laundering compliance headaches - financial product issues

By Peter Haig
Anti-bribery & AML Banking Financial Services Financial Services Royal Commission Funds Insurance Superannuation

In brief

Written by Partner Peter Haig, Senior Associate Stephanie Malon and Associate Andrew Shetliffe

Issues of securities, interests in managed investment schemes and other types of financial products typically involve a number of 'designated services' under Australia's anti-money laundering and counter terrorism financing (AML/CTF) regime. However, in the midst of preparing governing documents, disclosure documents and negotiating with service providers, it is all too easy for parties to neglect AML/CTF issues when preparing for a product launch. They should not, particularly in light of recent developments on the AML/CTF front.

Given the various parties involved in such product issues, which typically might include the issuers themselves, administrators, custodians, brokers and market participants, it is perhaps little wonder that a 'someone else will have this covered' mentality often pervades when it comes to AML/CTF issues. Too often, a failure to coordinate at an early stage which parties bear which AML/CTF obligations leads to unseemly finger-pointing and a compliance headache in the days before product launch, with last-minute scrambling to put in place appropriate arrangements and update application forms. All this at a time when the focus of parties involved should be on getting the product to market.

With the end of the assisted compliance period for new customer due diligence (CDD) rules coinciding with AUSTRAC being pressed to take a more robust approach to enforcement of our AML/CTF regime, (see our Focus: What next after FATF's mixed review of Australia's anti-money laundering and counter-terrorism financing regime?) it is increasingly essential to grapple with AML/CTF issues at an early stage.

We set out below some observations on some of the complex AML/CTF issues that we're seeing emerge in the weeks or days before a product launch.

Not my customer!

An entity's AML/CTF obligations are triggered by the provision of a 'designated service', with the obligations applying in respect of the customers of such services. It's an entity's customers of designated services that a company must 'know' for the purpose of its 'know your customer' (KYC) requirements. But when is a customer a customer for these purposes?

A common misconception is that an entity's only customers for AML/CTF purposes are its ongoing customers. This is dangerous, as entities may find that a transaction involves the provision of a designated service to a customer with whom they will have no ongoing relationship.

The list of designated services is long, with many having surprisingly broad application. For example, book-building activities by an Australian financial services licensee might involve making 'arrangements' for a customer with no ongoing account with the reporting entity to receive a designated service. Making such 'arrangements' may well comprise the provision of a 'designated service' within the meaning of item 54 of table 1 of section 6(2) of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (the Act).

There's an undeniable logic underpinning this misconception: surely the AML/CTF compliance burden should fall upon the entity which is to have an ongoing relationship with the customers to be identified (the relevant investors). However, each entity which provides a designated service is itself required to conduct the applicable CDD procedures in respect of each customer. It might seem duplicative, but it's the law.

Delegating customer due diligence

Parties are understandably eager to streamline CDD processes. Reporting entities keenly avail themselves of provisions in the Act and the Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No 1) (the Rules) which permit them to delegate CDD obligations.

A reporting entity may appoint an agent to carry out CDD on its behalf. The general law principles of agency do not, however, permit a principal to appoint a person as agent to perform duties which that person has already performed and then ratify those duties as having been performed as agent. This is a nuance that can easily be overlooked and may affect allocation of responsibility for CDD; where a reporting entity involved in a transaction has already conducted CDD on prospective investors (other than as agent for a second reporting entity), it will still be necessary for the second reporting entity to carry out its own CDD processes afresh.

Where an agent is appointed, it is also easily overlooked that the agent must conduct CDD in accordance with the principal reporting entity's AML/CTF program. That is, if the agent is itself a reporting entity, compliance with the agent's AML/CTF program should not be assumed to be sufficient. Arrangements with agents should include a clear obligation to comply with the principal's AML/CTF program. The way in which those requirements are communicated to the agent may need to be considered. When properly understood, some prospective agents may baulk at complying with another entity's AML/CTF program.

There are, however, some limited circumstances in which a reporting entity may rely on CDD undertaken by another, not as its agent. Section 38 of the Act and Part 7.2 of the Rules permit a reporting entity to rely on CDD already undertaken by an Australian financial services licensee who has 'arranged' the provision of another designated service by that reporting entity, but only if certain conditions are satisfied. Parties intending to rely on these provisions should take care to ensure that satisfaction of each of the specific conditions set out in Part 7.2 of the Rules is satisfied and clearly documented. These conditions include that the reporting entity intending to rely on CDD conducted by another determine that it is appropriate to do so. The reasons for this determination should be recorded.

Reliance on information not collected from the customer

On 10 June 2015, AUSTRAC released for consultation proposed changes to Chapter 4 of the Rules. While they're not significant amendments when compared with last year's overhaul of the CDD rules, a notable proposal is the dropping of the requirement that certain information about the customer be collected from the customer. The proposal is welcome to the extent it enables a reporting entity to rely on information recorded, for example, in a relevant registry. The seemingly unremarkable proposed changes could materially reduce the compliance burden on reporting entities.

Liability rests with reporting entity

AML/CTF is an area that should be front of mind for all parties involved in a product issue. In AUSTRAC's words, 'it is important to note that a reporting entity can outsource responsibility, but not accountability.'1 Beyond any penalties, the reputational risk of involvement with a breach of the AML/CTF regime cannot be ignored, regardless of whether a party is itself providing a designated service in the context of the transaction (a question that is not itself always clear).2 In short, it's in everyone's interests to ensure the application forms in the prospectus, PDS or IM elicit the necessary information, and that everyone knows who's on the hook if they don't.


  1. See AML/CTF compliance report – Instruction guide.
  2. See AUSTRAC has required Canberra Southern Cross Club to appoint an external auditor.