Structure of Reforms
The
reforms will comprise:
- The Anti-Money
Laundering and Counter-Terrorism Financing Act (Act)
- Regulations (yet to be
released);
- Legally binding rules
(Rules) issued by the Australian Transaction Reports and Analysis
Centre (AUSTRAC) which will contain practical details of the
reforms. Sample Rules have been released for AML/CTF Programs,
Customer Identification and Suspicious Matters; and
- Non binding guidelines
issued by AUSTRAC on how the Act and rules will be applied.
Reporting Entities
The Bill
imposes a number of obligations on ‘Reporting Entities’.
Reporting Entities are entities that provide ‘Designated
Services’. The Bill sets out a list 64 different types of
Designated Services that broadly cover:
- opening accounts and
conducting transactions with banks and authorised deposit taking
institutions;
- making loans in the
course of carrying on a business;
- supplying goods under
finance lease or hire purchase;
- issuing debit and stored
value cards;
- issuing or selling
traveller’s cheques and money orders;
- being involved in funds
transfers;
- issuing, selling,
acquiring or disposing on behalf of another securities (including
interests in a managed investment scheme), derivatives or foreign
exchange contracts;
- issuing life insurance
policies;
- licensed financial
advisers advising on life policies, rollovers or transfers to a
superannuation fund, approved deposit fund or Retirement Savings
Account;
- issuing pensions or
annuities;
- accepting superannuation
fund or Retired Savings Account contributions;
- providing a custodial or
depository service;
- currency exchange,
delivery or collection (including payrolls);
- buying or selling
bullion; and
- providing a gambling
service.
A
service would not be a Designated Service unless:
- the service is provided
at, or through, a permanent establishment of the service
provider in Australia,
or
- the service provider is
an Australian resident or a subsidiary of a company that is a
resident of Australia
and the service is provided at or through a permanent
establishment of the service provider in a foreign country.
AML/CTF Program
A
Reporting Entity is required to develop an anti-money laundering and
counter-terrorism financing program.
The
draft Rule outlines what must be part of an AML/CTF Program to properly
identify and monitor their customers.
|
COMMENT: The Bill requires the reporting
entity to identify and materially mitigate the risk that the
reporting entity would be used for an anti-money laundering or
terrorism financing purpose. “Materially mitigate” is not
defined in the draft bill and failure to meet this obligation may
form the basis of a civil penalty provision or for a serious breach,
a criminal offence that can impose a two year imprisonment or 120
penalty units or both. It is hoped that AUSTRAC will provide guidance
on what is meant by “material mitigation”.
|
To
comply with this obligation, the Reporting Entity must:
- Identify customers that
pose a high level of risk based on the type of designated service
provided combined with any foreign jurisdictional risk in
providing the designated service. This includes identifying a
politically exposed person.
- Have programs in place
to assess customer risk on an on-going basis and have the ability
to assess any change or level of risk their customers may pose.
- Formulate policies and
programs on customer identification procedures.
- Conduct employee risk
awareness training programs and conduct reviews to take into
account any changes in legislation, internal processes or risk
profile.
- Assess any risk a
potential employee may pose in facilitating money laundering or
taking part in terrorist funding.
- Include a program on how
they assess and monitor compliance with the AML/CTF Bill and
Rules.
|
COMMENT: The AML/CTF draft Rule
requires the Reporting Entity’s governing board and senior
management to approve all elements of the AML/CTF Program and where
there is no board it will be the role of the Chief Executive Officer
or equivalent. Consideration should be given in employing a senior
person in a designated role to act as AML compliance and reporting
officer. This person should be able to manage the program, set
policies and act as the main contact point with AUSTRAC or other
government agencies.
|
Customer Identification Procedures
Generally,
the identity of potential customers must be determined prior to any
designated services being provided. A check similar to the current
‘100 point’ requirement now in place will be utilised for
identifying customers. The draft Rule stipulates what a Reporting
Entity is required to do when verifying the identity of a new customer
or an existing customer (exceptions apply).
Know
Your Customer (KYC)
The
Reporting Entity will be able to apply different customer
identification procedures depending on whether a customer is a natural
person or a non-natural entity. The following is minimum KYC that has
to be established for customers:
- Natural
person - the customer’s name, address, residential address,
date and place of birth, and countries of residence and their
country of citizenship.
- Non-natural
entity - the company’s name, address, date and country
of incorporation, principal place of business, ABN/ABRN, name of
each director, company secretary, substantial shareholder and
proof of authorisation given by the company to deal with the
Reporting Entity. If the company is an unlisted entity, the
information must also include the identity of any person (e.g.
company officer/substantial shareholder) who controls the entity
as determined under the Social
Security Act 1991(Cth).
|
COMMENT: A Reporting Entity will have to
understand the legal structures behind the entity and identify the
beneficial holder of the funds. A non-natural entity includes a
company, trust, partnership, government body or association.
|
Reporting
Entities can authorise a third party to carry out the identification
procedure for its customers or its agents.
An
electronic verification procedure may have to be utilised that will
allow reporting entities to verify customer details in a non face‑to‑face
environment.
Risk Profiling
Reporting
Entities will have to classify each customer with a risk profile rating
that takes into account the following:
- the
customer’s KYC information;
- if
the designated service is high risk;
- if
the delivery method of the service is high risk;
- if
the service is provided to a high risk jurisdiction; and
- if
the customer is politically exposed.
Risk
profiling of the customer should be conducted at regular intervals. If
a customer is identified as a higher risk, a reporting entity must
determine if additional KYC information is needed that may lead to
closer monitoring or the basis of triggering a suspicious matter
report.
Further
rules will be released on customer identification procedures.
Reporting
Obligations
Suspicious
Matter Reporting
The
draft Rules require a Reporting Entity to report to AUSTRAC if it has
reasonable grounds to believe that it possesses information in
connection with a Designated Service that triggers a suspicion that the
information:
- may be relevant to the
investigation of tax evasion;
- may be relevant to the
investigation or prosecution of a Commonwealth, State or Territory
based offence;
- may assist in the
enforcement of the Proceeds of
Crime Act 2002 or its regulations; and
- may be relevant to the
investigation or prosecution of a financing of terrorism offence,
or the provision or prospective provision of a Designated Service
that may be preparatory to the commission of such an offence.
The
reports are required when a Reporting Entity provides, or proposes to
provide, a Designated Service, a person requests the provision of a
Designated Service or a person enquires as to whether the Reporting
Entity would be willing to provide a Designated Service. The
reports are required to be submitted to AUSTRAC within 24 hours of the
formation of suspicion if the information relates to the financing of a
terrorism offence. Otherwise, all other categories of suspicious matter
reports are required within 3 business days.
Any
report made by a Reporting Entity must remain confidential and not be
disclosed to the person who is the subject of the report. The
Bill makes it a criminal offence to disclose that a person is the
subject of a suspicious matter report (e.g. has triggered a suspicion),
the information within the report and that the report has been
submitted to AUSTRAC. Contravention of the proposed offence
carries a two year imprisonment or 120 penalty units, or both. This
also extends to the Reporting Entity’s agent if it provides the KYC
information service collection on behalf of the Reporting Entity.
Financial Transaction Threshold
A
Reporting Entity must also generally report all transactions of cash or
e-currency of $10,000 or more to AUSTRAC within 10 business days after
the transaction takes place, as is currently required.
International Funds Transfer
A
Reporting Entity must provide a report to AUSTRAC that includes
originator information (e.g. name, address, date and place of birth,
ABN) for international funds transfer instructions. The content of this
report will be specified in the further release of Rules by AUSTRAC.
Record Keeping
A
Reporting Entity is required to keep a number of records for a period
which is yet to be determined. The period for which records must be
kept is subject to public comment.
When
providing a Designated Service a Reporting Entity must retain:
- a record of the
provision of a Designated Service and any record received from the
customer in respect of that service; and
- a record of an
applicable customer identification procedure after the end of the
Reporting Entity’s relationship with the relevant customer
when it is either undertaken by itself or by a third party on its
behalf.
Privacy
The Bill
recognises that some Reporting Entities, (e.g. small businesses) will
be obliged to collect personal information about their customers, but
will not be under statutory obligations imposed by the Privacy Act 1988 (Cth) (the PA) to protect that information.
Most
Reporting Entities will be caught under the National Privacy Principle
1 (the collection principle) and will have to disclose to customers the
following:
- the
purpose for which the information is collected;
- the
organisations or types of organisations to which the information
is disclosed;
- any
law that requires the particular information to be collected; and
- the
main consequences if all or part of the information is not
provided.
|
COMMENT: The collection of information
from a customer for the purpose of suspicious matter reporting to
AUSTRAC would normally need to be disclosed to new or existing
customers. A difficulty
arises where a Reporting Entity is obliged to seek further
information because certain identified risks are triggered. The act
of seeking the additional information may “tip off” the
customer and adherence to the PA obligations may prove problematic.
This has not been addressed in the Bill or Rules to date.
|
Correspondent Banking
A
correspondent banking relationship exists between financial
institutions when they deal with each other on behalf of their
customers.
The Bill
provides that financial institutions can only enter a correspondent
banking relationship upon executing a formal written agreement that
encompasses and addresses the following:
- the
other party of the proposed relationship is not a shell bank or a
financial institution with accounts in a shell bank;
- a
full due diligence assessment of the corresponding financial
institution has been carried out prior to entering the
relationship;
- the
rights, obligations and responsibilities of the parties to the
proposed relationship are set out in a written agreement; and
- regular
due diligence reviews are to be a carried out throughout the
relationship.
AUSTRAC
Authorised
officers (appointed staff within AUSTRAC) are empowered to:
- enter
a reporting entity’s business premises with the Reporting
Entity’s consent or pursuant to a monitoring warrant to
audit compliance obligations;
- ask
occupiers of the premises any question and to produce any document
relating to the operation of the Act or regulations; and
- issue
infringement notices for unreported cross-border movements of
physical currency and bearer negotiable instruments.
Offences
The Bill
expects a high level of compliance by reporting entities and has
created a number of criminal offence sections and civil penalty
provisions that Reporting Entities should be aware of. The proposed
offences can be categorised into two types:
Proposed offences by customers when a customer
identification procedure is undertaken
- A
person gives information or produces information that is false or
misleading.
- A
person makes or possesses a false document.
- A
person possesses or makes equipment that is used for making a
false document.
- A
person receives a Designated Service using a false name or
allowing customer anonymity.
- A
person structures two or more transactions to avoid reporting
obligations for financial threshold and cross border movement of
physical currency of $10,000 or more.
Proposed offences by reporting entities
- Providing
a Designated Service using a false name or allowing customer
anonymity.
- Tipping
off a person subject to a suspicious matter report that a report
has been lodged with AUSTRAC and/or the disclosure of the
information within the report.
Although
the proposed offences have been categorised into two types, all the
facts and circumstances of each breach will have to take into account
the involvement of the Reporting Entity. Failure to identify and
materially mitigate the risk of the Reporting Entity being used for anti-money
laundering or terrorism financing may expose the Reporting Entity to
civil penalty or criminal sanctions as outlined above
|
COMMENT: Officers of Reporting Entities could
face up to two years imprisonment or 120 penalty units (currently
$13,200) or both for the proposed offences above whilst the customer
could face penalties up to 5 years imprisonment or 300 penalty units
(currently $33,000) or both for most of the proposed customer
offences. Importantly, the Bill has not created extra penalty
categories for corporations that are actively involved in the
commission of criminal offences by the customer.
|
Other Information
A useful
AML/CTF reform question and answer guide has been released by the
government on how it impacts on the operation of certain industry
sectors. Information for accountants, financial planners,
securities and derivatives dealers and the insurance sector are all
included.
All of
the documents released can be found here by clicking here.
Please
do not hesitate to contact any member of our financial services
practice team for further information and assistance.
