The Australian Transaction Reports and Analysis Centre (AUSTRAC) conducted a consultation on its recently released draft guidance around outsourcing arrangements. The deadline for submissions closed on 18 March 2024.

AUSTRAC has said that it will consider all submissions on the draft guidance and make changes as required. A final version of the guidance will be published on AUSTRAC’s website. We will report once the final guidance is released.

Reporting entities can engage an external provider to help them meet the following anti-money laundering and counter-terrorism financing (AML/CTF) obligations:

• AUSTRAC reporting obligations including threshold transaction reports, international funds transfer instruction reports and suspicious matter reports^​;¹
• developing and maintaining an AML/CTF program;
• carrying out an independent review of the AML/CTF program;
• carrying out applicable customer identification procedures; and
• employee due diligence, AML/CTF risk awareness training and transaction monitoring.

The guidance is intended to help reporting entities to:

• comply with their AML/CTF obligations when outsourcing;
• identify, mitigate and manage money laundering and terrorism financing (ML/TF) risks that could arise from outsourcing; and
• take steps to ensure providers tailor outsourcing arrangements to your business and its specific ML/TF risks.

In summary, AUSTRAC recommends that entities engaging external providers in these arrangements should:

• conduct due diligence on the external provider to ensure they can meet AML/CTF obligations and can tailor their services to unique ML/TF risks;
• understand the restrictions on information sharing under the Act and Rules;
• have in place a written legally enforceable agreement which covers performance, oversight and enforcement to ensure the provider meets (and continues to meet) AML/CTF obligations;
• entities should be documenting how the board and senior management will:
  • be responsible for oversight, accountability and resourcing required to identify, mitigate and manage ML/TF risks;
  • receive reports on non-compliance and ML/TF risks arising from outsourcing arrangements on a risk basis; and
  • effectively resolve non-compliance with outsourcing agreements and adapt to changing ML/TF risks.

This article was written by Polat Siva, Partner, Vesa Prekazi, Special Counsel, and Gabriel Hawkins, Associate.

^​1 For further details and information about reporting obligations please see AUSTRAC guidance on Reporting.