The consultation paper (available here) is divided into two parts:
Part 1 relates to proposals to “simplify and modernise” the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) and Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (AML/CTF Rules); and
Part 2 relates to proposals to extend the operation of the AML/CTF regime to lawyers, accountants, real estate agents, dealers in precious metals and stones and trust/company service providers (commonly described as “Tranche 2 entities”).
This article is about the proposals contained in Part 1 of the consultation paper. You can read more about the proposals in Part 2 of the consultation paper relating to Tranche 2 entities here.
The stated purpose of the proposed reforms is to “simplify and modernise” the operation of the regime. The consultation paper recognises the results of earlier reviews and industry feedback regarding the overly complex nature of the AML/CTF regime and the need for simplifying the AML/CTF Act and AML/CTF Rules and streamlining the obligations of regulated entities. In that respect, the intention of the proposals is to be welcomed. However, it appears to us that in addition to simplification and modernisation, some of the proposed reforms are likely to impose additional obligations on regulated entities which we discuss below.
The consultation will occur throughout 2023. Submissions on the first consultation paper, which contains specific questions in relation to each of the proposed reforms, will close on 16 June 2023. The Department will also conduct roundtable discussions with key stakeholders. A second consultation paper, which will be informed by industry submissions on the first consultation paper, will then be released later this year, with a second round of consultation scheduled to commence in September 2023.
So, what can we expect from the proposed reforms?
In a nutshell, the reforms will aim to assist regulated entities to better understand the outcomes they are expected to achieve under the AML/CTF Act and the AML/CTF Rules.
1. Streamlining AML/CTF programs
The Government acknowledges that the current requirements relating to AML/CTF programs, which are comprised of a separate Part A and Part B, are “confusing and difficult to follow“. It is proposed that these requirements be clarified by:
- streamlining Part A and Part B into a single program;
- amending the AML/CTF Act to include overarching obligations for a regulated entity to:
- take appropriate steps to identify, assess and understand its money laundering and terrorism financing (ML/TF) risks before implementing its AML/CTF program. This will mean that a regulated entity will need to conduct, review, and update its risk assessments (whilst this is currently an implied requirement under the AML/CTF Act, there is no explicit obligations on reporting entities to do so). The AML/CTF Rules would then set out specific details on the risk assessment requirements including event triggers for reviewing a risk assessment; and
- mitigate its risk by developing and implementing enterprise-wide controls to address any risks. The AML/CTF Rules would then set out minimum risk mitigation measures expected to be documented in AML/CTF programs.
2. Customer due diligence
At the core of regulated entities’ obligation to identify, mitigate and manage its ML/TF risks is the requirement that a regulated entity know its customer and the risk associated with the customer. It is proposed that the AML/CTF Act should set out the overarching core obligations, discussed below, relating to customer due diligence and the AML/CTF Rules would then specify how each obligation would be met:
- Understanding customer risk: the AML/CTF Act would provide an overarching obligation to assess and understand the risk for each new and ongoing business relationship with a customer based on an assessment of key risk factors. The AML/CTF Rules would set out specific risk factors to be considered as part of the customer risk rating with guidance from AUSTRAC on how to assess different risk profiles.
- Know your customer: the AML/CTF Act would require that a regulated entity know its customer before a designated service is provided. The AML/CTF Rules would set out high level standards for risk-based customer due diligence policies, procedures, and controls. Identification and verification of a customer after they receive a designated service would continue to apply only in special circumstances.
- Ongoing customer due diligence: the AML/CTF Act would contain the obligation for a regulated entity to conduct ongoing customer due diligence and the AML/CTF Rules would require a regulated entity to:
- have risk-based systems and controls to update and review customer due diligence information;
- have a tailored monitoring program for transactions; and
- continue the requirement to re-verify customer information where the regulated entity has doubts about its adequacy or veracity.
- Enhanced customer due diligence: the AML/CTF Act would require a regulated entity to apply its enhanced customer due diligence measures if the risk associated with the customer is high, there is a suspicion of ML/TF, identity fraud, the customer is a foreign politically exposed person, or the customer or its beneficial owner is from a high risk jurisdiction, which is similar to what is currently contained in the AML/CTF Rules. It is proposed that the AML/CTF Rules could then set out specific circumstances that AUSTRAC assesses should trigger extended customer due diligence.
- Simplified due diligence and safe harbour: the AML/CTF Act would permit regulated entities to apply simplified due diligence measures where the entity has reasonably assessed that the risk associated with the customer is low, and none of the triggers for extended customer due diligence apply. This would mean replacing the safe harbour provisions currently contained in the AML/CTF Rules. The AML/CTF Rules would set out specific factors for a regulated entity to consider before it applies its simplified due diligence measures and circumstances which AUSTRAC has assessed it would be inappropriate for simplified due diligence.
3. Regulation of digital currency exchanges
The AML/CTF Act currently regulates digital currency exchange providers that exchange digital currency for fiat currency (AUD for example) or vice versa. It is proposed that the AML/CTF regime be expanded to also include:
- exchanges between one or more other forms of digital currency;
- transfers of digital currency on behalf of a customer;
- safekeeping or administration of digital currency; and
- scenarios where start-up companies sell investors a new digital token or cryptocurrency to raise funds.
4. Other proposed reforms
There are a host of other proposed reforms that are the subject of the consultation. These include the following proposed changes:
- Lowering the identification threshold for the gambling sector: it is proposed to lower the current threshold for a casino to be exempt from conducting initial due diligence when providing gambling services. The threshold would change from AUD10,000 to AUD4,000;
- Expanding tipping off exceptions: under the AML/CTF Act, it is an offence for a regulated entity to disclose that it has formed a suspicion or lodged a suspicious matter report with AUSTRAC. The disclosure of a suspicion is known as “tipping off”. There are a number of exceptions to tipping off set out in the AML/CTF Act. It is proposed that the tipping off provisions be modernised to better support the industry to comply with its obligations, while balancing the interests that the tipping off offence was designed to protect. The consultation paper refers to the outcome-focused regime adopted in the United Kingdom and Canada, which targets and prohibits conduct or any intention to compromise a law enforcement investigation. The consultation paper also refers to the possibility of such an approach creating opportunities for “private-to-private information sharing“.
- Modernising the travel rule obligations: the travel rule requires the inclusion of payer and payee information when funds are transferred from one business to another. Currently, financial institutions are required to include information about the payer of an electronic transfer of money but they are not required to include payee information. It is proposed that the travel rule be updated to require that remitters and digital currency exchange providers include payer and payee information for transfers on behalf of customers to other businesses.
- Exemption for assisting an investigation of a serious offence: the AUSTRAC CEO can exempt regulated entities from compliance with particular sections of the AML/CTF Act, where providing a designated service to a customer would assist in the investigation of a serious offence. The current regime of seeking exemptions is considered inefficient, too broad, and inconsistent with international standards and best practice. It is proposed that the exemptions framework be embedded in the AML/CTF Act and the process streamlined. For example, under the new proposed reforms, eligible agencies would not be required to apply to AUSTRAC for an exemption but would provide a written ‘keep open’ notice directly to regulated entities and copied to AUSTRAC, using a form specified in the AML/CTF Rules. The regulated entity could then rely on the legislative exemption once it has received a notice from an eligible agency.
- Revised obligations during COVID-19 pandemic: as in many other areas of law that saw temporary measures introduced as a result of the Covid-19 pandemic, AUSTRAC introduced rules in 2020 to support flexible customer verification measures. These measures, that are due to lapse, allowed regulated entities to conduct customer due diligence remotely, including by relying on uncertified copies of documents in accordance with their risk-based systems and controls. With many businesses continuing to provide online and remote service delivery, it is proposed that the reforms could provide longer-term flexible options for meeting customer due diligence obligations.
- Group wide risk management for designated business groups: it is also proposed that related entities within a business group that perform functions to support regulated entities to comply with their AML/CTF obligations should now be captured under a designated business group. This will become particularly important with the proposed extension of the AML/CTF regime to Tranche 2 entities, which we discuss in our article here.
- International funds transfer instruction reporting requirements and the definition of bearer negotiable instruments: in addition to the proposed reforms detailed in the consultation paper, the Department has also stated that it is considering streamlining these matters.
The proposed reforms are in their early stages, with much of the detail still to be worked through, including through the consultation process. Given the timeline proposed for the consultation process, it seems unlikely that any amendments to the AML/CTF regime will be in place before late 2023 or early 2024 at the earliest.
If you have any questions about the proposed reforms or the consultation process, our dedicated AML/CTF team are available to assist.
This article was written by Anthony Seyfort, Partner, Polat Siva, Partner and Vesa Prekazi, Special Counsel.