Financial Services Regulation

The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) may require lawyers to 'know their customers' and report suspicious transactions to the Australian Transaction Reports and Analysis Centre.


According to the Financial Action Task Force (FATF), the growth of anti-money laundering (AML) regulation and advances in technology have led to money launderers using increasingly complex commercial arrangements which require the services of professionals outside the financial services industry, including lawyers. The FATF Forty Recommendations on AML and its Nine Special Recommendations on counter-terrorist financing (CTF), (collectively the FATF Recommendations) are intended to, subject to domestic application, impose new and significant obligations on lawyers, who FATF include in a category of businesses and professions commonly referred to as 'gatekeepers'.

By the nature of the services they provide, FATF considers 'gatekeepers' to be the gateway through which the launderer or terrorism financier accesses the legitimate market. In the case of lawyers these services can include, among other things, the creation of corporate vehicles, managed investment schemes, trusts and other corporate arrangements and the performance of financial transactions for clients.

The Anti-Money Laundering and Counter-Terrorism Financing Act 2006

Lawyers are already subject to AML/CTF legislation. Section 15A of the Financial Transactions Reports Act 1988 (Cth) (the FTRA) requires lawyers to report cash transactions of $10,000 or more to the Australian Transaction Reports and Analysis Centre (AUSTRAC), Australia's anti-money laundering regulator and specialist financial intelligence unit. The Australian Government has indicated that, in due course, the FTRA will be repealed and replaced by the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (the Act). However, in the interim the provisions of the FTRA will continue to apply.

The Act (the first part of which came into effect in December 2006) implements the first tranche of the Government's proposed AML/CTF reforms (intended to bring the Australian AML/CTF regime into compliance with the FATF Recommendations) and is intended to cover lawyers to the extent they are in direct competition with the financial sector.

The Act introduces radical changes. Not only does it have considerable resource implications for the legal profession, but will also have a significant impact on the way lawyers (and those other businesses affected by the Act) interact with their clients.

The Act is to be supplemented by Regulations (mainly technical in nature), AML/CTF Rules (which will contain the practical operational detail of the AML/CTF regime and have legislative force), and Guidelines (which will not be legally binding and which are intended to assist reporting entities (see below) to interpret their obligations and are anticipated in time to represent a 'best practice' approach for reporting entities).

Who is affected?

The Act imposes AML/CTF obligations on entities (known as reporting entities) who provide one or more of a wide range of services (known as designated services). Section 6 sets out a comprehensive list of 70 different types of designated services. Those most likely to apply to lawyers include:

  • providing a custodial or depository service;
  • being involved in designated remittance arrangements. The Act defines a 'designated remittance arrangement' broadly so that any entity, other than those excluded by the Act or the AML/CTF Rules, who accepts money or property from one party to transfer to another will provide a designated remittance arrangement. In the absence of relevant exclusions, this has the practical effect that lawyers who operate a trust account and/or conduct property settlements on behalf of clients will become reporting entities and, as such, will be subject to various obligations under the Act. Additionally, they will be required to register with AUSTRAC as providers of registrable remittance services. This is at odds with the Government's statements that lawyers will not be regulated by the Act in its current form (see below) unless they are in direct competition with the financial sector; and
  • in the capacity of a holder of an Australian Financial Services Licence, making arrangements for a person to receive a designated service (other than a service covered by this item) (a licensee arranger). This designated service is extremely widely drafted in that it appears to contemplate that lawyers (and others) who hold AFSL licences will fall within this category if they arrange for a client to receive any of the other 69 designated services.1

The Act represents the first tranche of the Government's AML/CTF reforms. Lawyers (and other gatekeepers) will be specifically targeted in the second tranche of the reforms. Implementation of the second tranche is progressing. It is anticipated that activities to be covered in the second tranche will include where a lawyer is instructed in the planning or execution of transactions for their client concerning:

  • buying and selling real property;
  • buying and selling business entities;
  • managing client money, financial products or other assets;
  • opening or management of accounts with a financial institution;
  • operation or management of corporations, trusts, partnership or similar structures.

Lawyers providing a designated service will only be reporting entities if the service is provided at, or through, the lawyer's permanent establishment (that includes where the lawyer is carrying on business either himself or through an agent) in Australia or at, or through, a foreign branch or an overseas subsidiary.


The AML/CTF obligations in the Act will be phased in stages over a two-year period. Some substantive obligations came into force on 13 December 2006, including the requirement that lawyers (and others) who provide designated remittance services must register with AUSTRAC.

The schedule for implementation of obligations is as follows:

  • 13 December 2006: obligations relating to:
    • electronic funds transfer instructions and records of some electronic funds transfer instructions;
    • records of transaction records, customer-provided transaction documents and transferred ADI accounts;
    • registration of designated remittance providers; and
    • reports on cross-border movements of currency and bearer negotiable instruments;
  • 13 June 2007: obligations relating to:
    • AML/CTF compliance reports; and
    • correspondent banking (and records about correspondent banking);
  • 13 December 2007: obligations relating to:
    • customer identification and records of identification procedures; and
    • AML/CTF programs;
  • 13 December 2008: obligations relating to:
    • ongoing customer due diligence; and
    • suspicious matter and threshold reporting.

A 15-month amnesty period will follow after each of the stages outlined above is implemented. During that period AUSTRAC will only take criminal or civil penalty action against a reporting entity where the reporting entity has manifestly failed to take steps towards compliance with its obligations.

The Government has indicated that a Technical Amendments Bill will be introduced in the autumn 2007 sitting of Federal Parliament to address some of the amendments arising out of the report of the Senate Scrutiny of Bills Committee and outstanding technical issues.2

Operational detail is contained in the AML/CTF Rules. Some draft AML/CTF Rules (including rules on customer identification, reverification, third parties, ongoing customer due diligence and AML/CTF programs) were issued for consultation in 2006. Some AML/CTF Rules remain outstanding. Some final AML/CTF Rules were issued in December 2006. The Government has said that all AML/CTF Rules necessary for those provisions that will come into effect on 13 December 2007 will be finalised by 31 March 2007.

The core requirements

Core requirements that will affect lawyers include customer due diligence, suspicious matter and threshold transaction reporting, development of – and compliance with – an AML/CTF program, and record keeping.

Lawyers who provide designated remittance services are also required to register with AUSTRAC.

Allens has commented in detail on some of these core requirements in Focus publications (22 December 2005, 27 July 2006, 3 August 2006, 2 November 2006, 17 November 2006, 8 December 2006 and 14 December 2006).

Customer due diligence

As a general requirement, reporting entities must identify and verify the identity of all new clients before they can provide the client with a designated service.

How that procedure, which is referred to in the Act as the 'applicable customer identification procedure', is implemented will be set out in AML/CTF Rules.3 Draft AML/CTF Rules adopt a risk-based approach, meaning that it will be up to the lawyer to decide what client identification information is required, based on what they assess as their money laundering/terrorism financing (ML/TF) risk.

Existing customers and low-risk service customers

Existing clients and clients who receive only low-risk designated services are exempt from the general customer identification requirements and generally will only need to be identified/verified if a suspicious matter reporting obligation arises.

In those circumstances, reporting entities (in addition to making a suspicious matter report) must take such action as is specified in the AML/CTF Rules.4 There is no prohibition against providing, or continuing to provide, a designated service pending such action.

However, where an existing client is accessing a new designated service which presents a different increased risk, that client may need to be identified and verified as part of the lawyer's ongoing due diligence obligations.


Reporting entities must take action (to be specified in the AML/CTF Rules) to re-verify clients who have already been the subject of a customer identification procedure where an event, circumstance or period specified in the AML/CTF Rules occurs or expires.5

Designated business group

The Act introduces the concept of a designated business group (DBG), which will facilitate sharing of client identification information and allow for a group-wide compliance program. Members of a DBG can rely on another member of the group to discharge their ongoing customer due diligence, record keeping and compliance reporting obligations and can, in some circumstances, share suspicious matter information.

Members of a DBG6 can enter into joint AML/CTF programs, but can adopt some systems and controls to suit their individual needs.

The Explanatory Memorandum to the Act (the EM) indicates they can also share customer identity information within the DBG.

However, lawyers may not be able to take advantage of a DBG. This is because, although a DBG is defined in the Act as a group of two or more persons (not just companies),7 the Draft AML/CTF Rule on DBGs8 restricts membership to:

  • related bodies corporate (within the meaning of s50 of the Corporations Act 2001 (Cth)) who are reporting entities; or
  • persons who provide designated services pursuant to a joint venture agreement to which each member is a party; or
  • a company:
    • in a foreign country, which if it were resident in Australia would be a reporting entity; and
    • is related to another member (within the meaning of s50 of the Corporations Act); and
    • the other member is a reporting entity.

Other requirements for membership are that each member has elected in writing to be a member of a DBG and is not a member of another DBG.

Ongoing customer due diligence

As part of the customer due diligence requirement, reporting entities must monitor their provision of designated services in Australia with a view to identifying, mitigating and managing the risk they may reasonably face that they might facilitate 'money laundering' or 'financing of terrorism'.9

Elements of a customer due diligence program are set out in the Draft AML/CTF Rules and will require lawyers to put in place know your customer systems and transaction monitoring, and enhanced customer due diligence programs.

Third parties

Lawyers will often provide services after their client has been identified by another reporting entity. The Act facilitates this by providing that lawyers will be able to rely on customer identification procedures carried out by other reporting entities (subject to any conditions set out in the AML/CTF Rules).

Lawyers can also engage agents to carry out their customer identification procedures, but will remain liable for conduct of their agents subject to the usual agency principles.

Allens' Focus of 27 July 2006 deals with the customer identification obligations in more detail.

Suspicious matter reporting

Reporting entities are required to make a report to AUSTRAC if they suspect on reasonable grounds that:

  • a client, potential client or client's agent is not who they claim to be; or
  • information about the provision of (or prospective provision) of a designated service may be:
    • relevant to the investigation or prosecution of a person for:
      • a criminal offence;
      • tax evasion, attempted tax evasion; or
      • a money laundering or terrorism financing offence;
    • of assistance in the enforcement of laws relating to proceeds of crime; or
    • preparatory to the commission of a money laundering or terrorism financing offence.

The obligation to report may arise before there is any business relationship between the lawyer and potential client. The suspicion (and the grounds on which it is based) must be reported within three business days (or, in some circumstances, 24 hours). The EM indicates that the relevant time period will only begin when a 'responsible officer' forms the relevant suspicion.

However, legal professional privilege will override the requirement to report.

Tipping off is an offence. There are several exceptions. Disclosure to a lawyer to obtain legal advice is permitted. Disclosure by a lawyer is also permitted if the information relates to the affairs of a client and the disclosure is made for the purpose of dissuading the client from engaging in conduct that could be tax evasion or a criminal offence.

Some suspicious matter information can be shared within a DBG where members of the DBG share a joint AML/CTF program, where the information relates to the affairs of a client and where the disclosure is made for the purpose of informing another member of the DBG about the risks involved in dealing with the particular client.

Allens' Focus of 3 August 2006 deals with the suspicious matter reporting obligations in more detail.

The AML/CTF program

Reporting entities must put in place and maintain an AML/CTF program. Providing a designated service without doing so will attract a civil penalty (of up to $11 million) There are three types of programs:

  • a standard AML /CTF program which applies to individual reporting entities (but not to licensee arrangers);
  • a joint AML/CTF program which applies to reporting entities that are members of a DBG (but not to licensee arrangers); and
  • a special AML/CTF program which applies only to licensee arrangers and is restricted to customer identification procedures.

Every standard or joint AML/CTF program must be divided into two distinct parts ? Parts A and B.

The primary purpose of Part A (the general part) is to identify, mitigate and manage the risk that a reporting entity may reasonably face that the provision of designated services at, or through, a permanent establishment in Australia might (inadvertently or otherwise) involve or facilitate:

  • money laundering; or
  • financing of terrorism.10

In practice, Part A will include risk awareness training and employee due diligence programs, procedures for board and senior management oversight, independent auditing and the appointment of a Money Laundering Compliance Officer.

Part B sets out the applicable customer identification procedures which will apply to clients.

Some general principles apply to the implementation of an AML/CTF program by lawyers.

  • It can be implemented using a risk-based approach involving risk-based systems and controls. However, these risk-based systems and controls must have regard to the nature, size and complexity of a lawyer's business and the type of ML/TF risk it might reasonably face.
  • It must be designed to identify and recognise significant changes in ML/TF risk and assess the ML/TF risk posed by all new designated services and delivery methods and technologies (before they are adopted).
  • It must be applied to all areas of a lawyer's business that are involved in the provision of a designated service, including in relation to any function carried out by a third party. (These would include all third party providers, intermediaries, introducers etc).

Although there is no specific requirement in the Act to carry out an ML/TF risk assessment, such an assessment will form the basis of any AML/CTF program. AUSTRAC can, where it is satisfied that the reporting entity has not carried out an ML/TF risk assessment or that it has and it is inadequate or out of date, compel a reporting entity to carry out a risk assessment and provide a written report to AUSTRAC.

Record keeping

Generally, reporting entities will be required to retain records (or copies of records) for seven years. Record keeping obligations relevant to lawyers apply to:

  • transaction and customer-generated documents which are related to the provision of a designated service;
  • records of customer identification procedures;
  • records relating to AML/CTF programs; and
  • records relating to electronic funds transfer instructions.
Registration of providers of designated services

Lawyers (and other reporting entities) are expressly prohibited from providing a registrable designated remittance service (see our comments above on how this applies to lawyers) unless they have provided AUSTRAC with their names and details. This information will be maintained in a register to be maintained by AUSTRAC. AML/CTF Rules on what registrable information is required were issued in December 2006.11 Where the reporting entity is a partnership, the information to be provided includes names, residential addresses and home telephone numbers of all partners.


The Act provides AUSTRAC, in its role as AML/CTF regulator, with a number of enforcement tools. Allens' Focus of 3 August 2006 deals with AUSTRAC's enforcement powers in more detail.

Failure to comply with the AML/CTF obligations under the Act can attract civil penalties of up to $11 million for a body corporate or $2.2 million in all other cases. Allens' Focus of 14 December 2006 discusses the civil penalty regime.

The Act also sets out various criminal offences, such as disclosing that a suspicious matter report has been made to AUSTRAC, or providing a designated service using a false customer name or where the customer is anonymous.

Legal professional concerns

The Law Council of Australia has expressed its concerns on a number of issues relevant to its members, via submissions and representations to the Attorney General's Department and to the Senate Committee inquiries. These issues include the following:

Compliance costs

The Law Council has expressed concern that the costs of compliance with the new AML/CTF regime will place an unreasonable cost burden on legal firms, particularly smaller firms and sole practitioners, and has urged the Government to work with the profession to avoid the potential negative consequences of the new regime.

Legal services

The Law Council has suggested that a specific exclusion should be included in the Act that exempts legal practitioners providing legal services and services incidental thereto from any obligations under the Act. For example, they quote the position whereby legal practitioners who are involved in remittance arrangements will be caught as reportng entities, notwithstanding that this involvement is generally incidental to, or part and parcel of, very standard legal work and does not entail them into entering into direct competition with the financial sector.

Legal professional privilege

Of considerable concern is the perceived conflict between the obligation to report a suspicious transaction and the principle of client legal privilege. The Act specifically states that it does not affect the law relating to legal professional privilege. The Law Council argues that merely protecting client legal privilege is inadequate. In particular, they suggest that it is essential that client confidentiality beyond legal professional privilege is maintained and the independence of lawyers is protected in order to safeguard the administration of justice. (Given that FATF's position is that the exception from the reporting obligation should not be extended to include the wider concept of confidential information, this argument may not be successful).

Similar issues have arisen overseas.

Article 23 of the recent Third Directive of the European Council and Parliament on the Prevention of Money Laundering and Terrorist Financing provides that lawyers can be exempted from the suspicious transaction reporting requirements in respect of information they receive from a client in the course of ascertaining the client's legal position and representing the client in legal proceedings, including when providing advice on instituting or avoiding such proceedings. The results of a challenge (by, among others, the Council of the Bars and Law Societies of the European Union) on the reporting requirements in the Second EU Directive is pending.

The decision of the UK Court of Appeal in the case of Bowman v Fels (2005 EWCA Civ.226) reiterated the principle of legal professional privilege in the UK AML regime. The effect of the judgment is that lawyers engaged in litigation (including in its preparatory stages) and preparatory transactional work do not need to make suspicious matter reports. However, lawyers engaged in transactional work still have reporting obligations if they have knowledge or form a suspicion of money-laundering. The Law Society of England and Wales has recently amended its AML guidelines to deal with the effect of that judgement.

In Canada, the Proceeds of Crime (Money Laundering) and Terrorist Financing Act SC 2000 initially contained a provision requiring lawyers to report suspicious transactions of their clients where the information was not protected by legal professional privilege. In 2002, the Federation of Law Societies and the some of the law societies across Canada successfully challenged that provision on the basis that the exemption in the legislation for information attracting legal professional privilege was not sufficient because it did not apply to solicitor/client confidentiality and created a conflict between lawyers' duties to their clients and their obligation to report confidential information to the government. In March 2003, the Canadian Government decided to repeal controversial parts of the regulations to the Act requiring solicitors to report.12

A copy of the Law Council's submissions and its update on the Act can be found at

FATF and lawyers

In November 2006, Allens Partner Anna Lenahan attended a high-level meeting between FATF and representatives of the legal and accounting professions for the purpose of identifying and discussing issues of concern to the professions arising from the implementation of the FATF Recommendations. A working group of those attending the meeting has been set up with the object of continuing the dialogue between FATF and the private sector.

Our Focus of 15 December reports on the FATF meeting and its outcomes.

  1. Licensee arrangers are not subject to all the AML/CTF obligations. The customer identification/verification and record keeping obligations apply. Their AML/CTF program obligations are restricted to customer identification procedures. Although not currently subject to the suspicious matter reporting regime, the Act will be amended to rectify this.
  2. It is expected amendments will include:
    • an amendment to s42(6) extending the suspicious matter reporting obligation to licensee arrangers;
    • an amendment so that remedial directions under s191 can be reviewed by the Administrative Appeals Tribunal; and
    • amending some of the absolute liability offences to strict liability.
  3. These are likely to be similar to the Draft AML/CTF Rules on Customer Identification Programs released in July 2006.
  4. The Draft AML/CTF Rules provide that a reporting entity must, within 14 days, take specified action including carrying out an applicable customer identification procedure or collecting and verifying know your customer (KYC) information (or a combination of both) for the purpose of being reasonably satisfied the customer is who it claims to be.
  5. The Draft AML/CTF Rules suggest that re-verification will be required where the reporting entity has reasonable grounds to doubt the customer is who it claims to be and that the specified action will be similar to that required for existing and low-risk service customers (referred to above).
  6. Except licensee arrangers.
  7. Persons are widely defined to include:
    • an individual;
    • a company;
    • a trust;
    • a partnership;
    • a corporation sole; and
    • a body politic.
  8. Released for consultation in January 2007.
  9. Because the definition of 'money laundering' and 'financing of terrorism' includes ML/TF offences committed overseas (corresponding to Australian offences) the ongoing customer due diligence requirements will extend to the risk of overseas offences, and consequently a reporting entity may have to be familiar with AML/CTF regimes of, and risks in, jurisdictions other than Australia.
  10. Because of the definition of 'money laundering' and 'terrorism financing' in the AML/CTF Act, this obligation extends to overseas money laundering and financing of terrorism offences.
  11. This can be found at
  12. Although the Canadian Government is reconsidering this.