Skip to content.

Home

Allens Arthur Robinson

If you'd like to be added to our mailing lists and alerted when we add new publications to our main site, please go to the subscription page in our main site publications area.

Deadline for Ongoing Customer Due Diligence - 22 September 2008

With the 12 December 2008 deadline looming AUSTRAC has issued guidance on Ongoing Customer Due Diligence and clarified its position on non-compliance.

OCDD

The guidance is contained in Chapter 8 of the AUSTRAC Regulatory Guide. The Guide is intended to provide non-binding advice to reporting entities (REs) to assist them to understand and comply with their obligations under the Act and Rules.

The Program

The systems and procedures that a RE develops to meet its Ongoing Customer Due Diligence (OCDD) obligations must be clearly set out and documented in its AML/CTF Program (the Program).

Pre-commencement customers

OCDD must be applied to all customers (including pre-commencement customers). This raises the issue of how a RE will assess the ML/TF risk of providing designated services to its pre-commencement customers who have not already been identified/verified under the Act (or the Financial Transaction Reports Act 1988 (the FTRA)) and about whom it may not have full identification information.

It may be that a RE should, as a preliminary step, consider whether it is necessary to conduct a risk assessment across its pre-commencement client base, or whether an assessment of ML/TF risk on a case-by-case basis (eg when a risk trigger applies in respect of a transaction) is sufficient. That will depend on a number of factors including whether the pre-commencement customer has been identified under the FTRA, whether it falls into a generally recognised low-risk category and the history of its relationship with the RE.

KYC

The Rules require a RE to put in place risk-based systems and controls to determine whether to collect additional (or update and verify) KYC information. In this context, the Guide notes that pre-commencement customers may need to be identified under an applicable customer identification procedure as part of the OCDD if warranted. The Guide gives the following examples of when a RE might need to collect additional KYC information (or update and verifiy existing KYC information):

  • a significant transaction or series of transactions (in amount, size or volume takes place);
  • a significant change occurs in the way an account was previously operated by a customer; or
  • there are doubts about the identity of a customer.

It is, of course, up to the RE to determine what would constitute a significant transaction or significant change in the context of its own business and what other risk triggers will require additional KYC to be conducted. Some REs may have already determined this issue as part of their initial ML/TF risk assessment. Those who have not will have to determine what risk triggers will apply as a pre-requisite of putting the necessary systems and controls in place.

The Guide goes further than the Rules and mandates that each RE must set out and define in its Program its own set of risk triggers for collecting (or verifying) KYC information (including defining what is meant by a 'significant' transaction or change). This is probably good practice rather than a mandatory requirement under the Act or Rules.

Transaction monitoring

From 12 December 2008, Part A of a RE's Program must include a transaction monitoring program. The Guide describes transaction monitoring as a three-step process:

  1. Monitor all customer transactions in accordance with the RE's policies and procedures. Although the Guide suggests that all customer transactions should be monitored, the Rules provide that this obligation is risk based. Accordingly it will be up to the RE to determine to what extent it will monitor transactions. Where a RE determines that a type of transaction is low risk, it may decide that only minimal monitoring is required.
  2. Identify suspicious transactions (within the terms of section 41); and
  3. Take appropriate action. Where a suspicious transaction is identified, the appropriate action is to make a suspicious matter report. This is required by the Act and not by OCDD. The Guide, however, includes this requirement as part of a transaction monitoring program.

The Rules require that a transaction monitoring program must have regard to 'complex, unusually large transactions and unusual pattern of transactions, which have no apparent economic or visible lawful purpose'. The Guide suggests that a RE define such transactions (or patterns of transactions) in its Program (having regard to its size, customer products and other relevant circumstances).

The Guide clarifies that it is not necessary for a RE to purchase a transaction monitoring system, and that, in smaller businesses transaction monitoring can be conducted using client advisers/relationship managers who understand their clients and their clients' businesses.

Where a RE decides to implement a manual rather than an automated system, it should document what systems and procedures will be put in place to ensure effective monitoring and ensure that those with responsibility for monitoring are familiar not only with clients and their businesses but also relevant ML/TF typologies, relevant risk triggers and flags.

REs should be taking steps to amend their AML/CTF Programs to include a transaction monitoring program.

Enhanced customer due diligence program

From 12 December 2008, Part A of a RE's Program must also include an enhanced customer due diligence program (the enhanced CDD program). An enhanced CDD program must be applied when:

  • a RE determines under its risk-based systems and controls that there is a high ML/TF risk; or
  • a suspicious matter reporting obligation has arisen.

The Guide provides various examples of situations that might indicate high risk but makes it clear that it is the responsibility of a RE to supplement them, taking into account its customer base, products and services offered, delivery channels and the jurisdictions it deals with.

Non-compliance

AUSTRAC has set out its position on OCDD non-compliance. The main points are as follows:

  • Because the OCDD Rules were finalised in December 2007, REs have had 12 months to develop and implement their systems and controls. This is a valid point but, given that many REs have spent the past 12 months amending or putting in place new complex IT systems to deal with their customer ID obligations, industry may consider that it is unrealistic on AUSTRAC's part to expect them to have transaction monitoring systems in place by the 12 December 2008 deadline
  • REs are obliged to comply with the OCDD obligations irrespective of the Policy Principles.
  • To avoid enforcement action REs must:
    • be compliant by 12 March 2010; and
    • have applied their transaction monitoring program from 12 December 2008, regardless of the date during the 15-month period that they reached full compliance.
  • REs that are implementing complex OCDD tools (including computerised transaction monitoring) and who will not be fully functional by 12 December 2008 are expected to utilise manual or other existing technological tools during the interim period.
  • Where a RE fails to implement a transaction monitoring program by 12 December 2008, AUSTRAC will require that RE to apply its program, once implemented, to those transactions that occurred between 12 December 2008 and when the RE began complying with its transaction monitoring program. This might require the RE to carry out additional KYC or enhanced due diligence methods.

Applying a retroactive transaction monitoring program and then carrying out additional KYC or enhanced customer due diligence on customers (who may no longer be customers of the RE) poses significant practical difficulties.

Some REs may decide that, adopting a risk-based approach, only minimal monitoring of low-risk transactions is required during any interim period and concentrate their resources on monitoring transactions and customers that they have identified as higher risk.

Financial institutions who are already required to report suspicious transactions under the FTRA will have monitoring already (for example, staff who are trained to pick up suspicious transactions) which they can rely on during the interim period.

Financial institutions may also have some transaction monitoring in place as part of their general risk program.

Smaller REs who intend to utilise manual monitoring (relying on their knowledge of the customer rather than an automated system) are probably best placed to comply with the OCDD obligations because they may be in a position to train the relevant staff before the December 2008 deadline.

AUSTRAC has said that where a RE believes that it has a particular set of circumstances that will result in significant non-compliance, it should approach AUSTRAC with a specific proposal for consideration.

REs that will not be in compliance should approach AUSTRAC sooner rather than later (and before the 12 December deadline) with a detailed project plan on how they intend to implement full compliance and what steps they intend to take to manage the ML/TF risks of non-compliance in the interim period.

Suspicious matter reporting

AUSTRAC has indicated that it intends to extend the Regulatory Guide to include the suspicious matter reporting and tipping-off provisions in October.

Return to top

Release dates for AML/CTF Rules - 30 April 2008

A schedule of release dates for Draft AML/CTF Rules and guidance notes was announced in April 2008. Under section 229 of the AML/CTF Act, the Chief Executive Officer of AUSTRAC may, in writing, make AML/CTF Rules. The Rules are legislative instruments and are therefore binding.

Return to top

Compliance Officers' guidance note - 23 April 2008

AUSTRAC has released a guidance note to provide information and assistance to reporting entities regarding the requirement to designate an AML/CTF Compliance Officer under chapters 8 and 9 of the AML/CTF Act. The guidance note focuses on the requirements under Part 7 of the AML/CTF Act, particularly the requirement that a reporting entity have a written AML/CTF program and the obligation to designate an AML/CTF Compliance Officer. The guidance note sets out considerations that should be taken into account when designating an AML/CTF Compliance Officer and their duties. The guidance note also considers whether the Compliance Officer must be an employee or if an independent contractor can fulfil the role, as well as reiterating the existence of civil penalties for breaches of the AML/CTF program provisions.

Return to top

Draft AML/CTF Rules relating to the definition of 'loan' - 17 April 2008

AUSTRAC has issued for public consultation Draft Rules relating to the definition of a 'loan' in the AML/CTF Act. The Draft Rules aim to remove the potential dual application for different types of designated services applying to a particular transaction, one of which is a 'loan' designated service. An example of such a product is a money market instrument which falls within the 'loan' definition of table 1 and 'deposit taker' in items 4 and/or 5. One of the consequences of the potential dual application is that parties to the transaction are treated as reporting entities on different sides and at different times of a transaction. The Draft Rules remove from the definition of 'loan' certain products such as money market instruments, government or corporate bonds, debenture stock, bonds and debt instruments, that may also be considered as another type of designated service. The consultation period ends 8 May 2008.

Return to top

Declaration modifying s28 relating to managed investment schemes - 11 April 2008

The declaration modifies the application of section 28 of the AML/CTF Act so that for designated services covered by the AML/CTF Regulations, pre-commencement customers are customers to whom a reporting entity commenced to provide a service prior to 31 January 2008. The declaration has not yet been made.

Return to top

AUSTRAC Public Legal Interpretation series - 8 April 2008

On 8 April 2008, AUSTRAC announced the launch of a series of new publications which aim to assist reporting entities discern their obligations under the AML/CTF Act and encourage a spirit of voluntary compliance. The Public Legal Interpretation series will express AUSTRAC's 'views on the legal meaning and effect of various provisions of the legislation' according AUSTRAC's Chief Executive Officer, Neil Jensen. The interpretations in this new series intend to help address some of the more complex questions that have arisen for reporting entities. The Public Legal Interpretation series complements the AUSTRAC Regulatory Guide, Self Assessment Questionnaire, online learning materials, guidance notes, frequently asked questions and other resources developed for reporting entities. The first publication, Establishment of the AUSTRAC Public Legal Interpretations (Public Legal Interpretation No. 1), was released on 8 April 2008 and introduces the publication series and outlines its purpose and legal authority. A further six publications will be released throughout 2008. The 2008 series will cover; registration as an 'alternative remittance' provider; Australian financial services licence holders; what constitutes a reporting entity; access to AUSTRAC information; suspect transactions and suspicious matter reports; and threshold transactions.

The Public Legal Interpretation series and the list of 2008 topics and release dates are available on AUSTRAC's website.

Return to top

No-action letters guidance note - 1 April 2008

AUSTRAC has released guidance relating to situations where a reporting entity has breached, or anticipates a future breach of, the AML/CTF Act and the reporting entity requests that AUSTRAC does not take enforcement or other regulatory action as a result of that breach or anticipated future breach. Each case is to be assessed by AUSTRAC individually. AUSTRAC may consider the provision to a reporting entity of a no-action letter, by which it states that it will not take regulatory or enforcement action over a particular act or omission by that reporting entity. A no-action letter is a statement of AUSTRAC's regulatory approach with respect to the particular circumstances which have resulted, or are likely to result, in a breach of the AML/CTF Act. It is not an expression of legal views on the particular matter that resulted in AUSTRAC issuing the no-action letter. Generally, AUSTRAC is prepared to consider issuing a no-action letter where there is doubt as to whether a particular act or conduct would be lawful and AUSTRAC is of the view that enforcement action in relation to that act or conduct would not advance the policy of the AML/CTF Act. There may be other circumstances where AUSTRAC would be prepared to consider issuing a no-action letter. This guidance note is to be read in conjunction with the AUSTRAC guidance note Application of the Policy (Civil Penalty Orders) Principles 2006.

Return to top

Compliance report deadline - 1 March 2008

AUSTRAC has reminded industry participants to submit their AML/CTF compliance reports by 31 March 2008. As of 12 December 2007, all reporting entities were required to have in place an AML/CTF program, as well as customer identification and verification procedures. The compliance report aims to give AUSTRAC an indication of the reporting entities progress in implementing their AML/CTF obligations. The compliance report is to cover the period from 13 December 2006 to 31 December 2007. The implementation of an AML/CTF program and the submission of a compliance report are legislative requirements under the AML/CTF Act and businesses may face civil penalties for non-compliance. An electronic submissions link can be found on AUSTRAC's website.

Return to top

Draft AML/CTF Rules exempting certain types of transactions relating to over-the-counter derivatives market - 16 January 2008

AUSTRAC has issued Draft AML/CTF Rules with the purpose of exempting certain types of transactions relating to the 'over-the-counter' derivatives market. The exemption under items 33 and 35 of table 1 in section 6 of the AML the CTF Rules applies to the wholesale price of electricity, gas or renewable energy certificates in over-the-counter Australian derivatives market. The transaction must be between registered market participants under the National Electricity Rules who hold an Australian financial services licence, or act through an agent who holds such a licence.

Return to top

Draft AML/CTF Rules relating to issuing or selling a security or derivative - 16 January 2008

AUSTRAC has issued revised Draft AML/CTF Rules relating to item 35 of table 1 in section 6 of the AML/CTF Act. The Rules (version 2) provide that the following trading types are exempt from the operation of the AML/CTF Act:

  • an issue or sale of a security or derivative that occurs on an Australian prescribed financial market (secondary trading); or
  • an off-market issue of an interest in a managed investment scheme in circumstances where the issue is in accordance with relevant requirements of the Corporations Act 2001 (Cth), pursuant to a dividend or distribution plan (also known as a distribution reinvestment plan) and the interest is to be quoted on a prescribed financial market; or
  • an off-market issue of an interest in a managed investment scheme quoted or to be quoted on a prescribed financial market in circumstances where the issue is in accordance with relevant requirements in the Corporations Act 2001 pursuant to fundraising (including an initial public offering, public offering and rights issue) and the interest is to be quoted on a prescribed financial market.

Return to top