Focus: Anti-money Laundering – May 2007
Amending legislation and other changes
In brief: Amendments to the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) and the introduction of some significant AML/CTF Rules have provided a greater degree of certainty as to what reporting entities must do to comply with their anti-money laundering and counter-terrorism financing obligations. Partners Peter Jones and Anna Lenahan (view CV) and Senior Associate Judy Maguire look at developments to date and the next milestones.
How does it affect you?
- Some significant obligations are already in force.
- Changes to the Act and finalisation of Rules on customer identification will mean that those affected can plan better how to comply with their obligations.
- Correspondent banking obligations will come into force on 12 June 2007 and those affected by the Act will be expected to file compliance reports with AUSTRAC by mid-September 2007.
What is in force now
The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (the AML/CTF Act) will be implemented in four stages, between 12 December 2006 and 12 December 2008. However, a number of obligations already apply, including the following:
Record keeping: Some record keeping obligations have been in force since 13 December 2006, specifically those relating to:
- retention of transaction records;
- retention of customer-provided transaction documents; and
- provision and retention of records relating to transferred ADI accounts.
This means that reporting entities, that is businesses who provide any of the designated services specified in the AML/CTF Act, must retain1 these records in accordance with the AML/CTF Act. If they are not currently doing so, they are in breach of the AML/CTF Act and could be subject to a civil penalty order (tempered by the Policy Principles Order discussed below).
Electronic funds transfer instructions: Likewise, the obligations requiring institutions involved in electronic funds transfer instructions to obtain and include in those instructions certain customer information have also been in force since 13 December 2006 (as are the requirements to retain that information) and failure to comply could attract a civil penalty order.
Providing registrable designated remittance services: Since 13 December 2006, it has also been a criminal offence and a breach of a civil penalty provision for a person2 (that is not an ADI, bank, building society, a credit union or a person specified in the AML/CTF Rules (no relevant Rules have been made and we understand that none are currently contemplated)) to provide a registrable designated remittance service (DRS) without having first registered with the Australian Transaction Reports and Analysis Centre (AUSTRAC).
Accordingly, any person that:
- is accepting money or property to be transferred to someone else; or
- making money or property (which it has received from a third party) available to someone else,
and has not registered may be committing an offence with a maximum penalty of two years imprisonment or a fine of $275,000 (for corporations) or both.
There is ongoing discussion between the Government and industry on the scope of DRSs and it is possible this consultative process may result in some businesses being excluded from the DRS obligations (on the basis that they should not be covered in the first place if the underlying policy is to regulate underground or alternative banking systems). In the interim, businesses that are providing this service now and have not registered appear to be in breach of the AML/CTF Act.
The Amendment Act
The Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2007 (Cth) (the Amendment Act) came into force on 12 April 2007 and amends the AML/CTF Act. The more significant amendments include:
- requiring licensee arrangers to make suspicious matter reports;
- permitting licensee arrangers, if they are members of a designated business group (DBG), to adopt the DBG's joint AML/CTF program;
- amending the absolute liability offences to strict liability offences;
- allowing review by the Administrative Appeals Tribunal of some decisions made by AUSTRAC;
- limiting the scope of certain designated services3 to accounts that are held with financial institutions but extending the scope of those designated services to include signatories/additional card holders;
- extending the definition of 'complete payer information' in electronic funds transfer instructions to include details of country and town, city or locality of birth;
- excluding securities or options issued by government bodies from designated service 35; and
- excluding certain electronic funds transfer instructions4 from the electronic funds transfer instruction obligations.
In addition to these amendments, the definition of correspondent banking relationships in the Act has been amended to exclude all banking services that are not nostro and vostro accounts.5
The AML/CTF Rules
Final AML/CTF Rules dealing with matters such as DBGs, correspondent banking, applicable customer due diligence and AML/CTF programs were made by AUSTRAC on 10 April 2007.
Significant changes from the Draft AML/CTF Rules include:
Identification – Reporting entities that verify individual customers using electronic data and who wish to take advantage of the electronic-based safe harbour procedures6 must now verify:
- the customer's name and address using reliable and
independent data from at least two separate sources; and either
- the customer's date of birth using reliable and independent electronic data; or
- that the customer has a transaction history of at least three years. It appears that this transaction history does not have to be with the reporting entity verifying the customer.
Documentary and electronic safe harbour verification procedures cannot be combined.
Identification of younger customers has been facilitated by including cards (issued by a state or territory that prove a person's age) and notices (issued by school principals for under 18-year-olds) as identification documents.
The identification of foreign customers has also been facilitated by the inclusion of foreign drivers' licences and citizenship certificates as identification documents.
Simplified verification procedures for customers that are companies and trusts now apply so that if a reporting entity confirms that the customer is:
- a domestic listed company (or a subsidiary of one) or a licensed company that is subject to Australian regulatory oversight; or
- a trustee of a trust which is:
- a managed investment scheme registered by ASIC (or an unregistered scheme that only has wholesale clients and does not make small scale offerings);
- registered and subject to Australian regulatory oversight; or
- a government super fund,
no further verification or additional Know Your Customer information is required.
Industry has suggested that these simplified verification procedures should be extended to apply to customers that are overseas listed companies and overseas trusts that are regulated by an approved regulator. AUSTRAC, however, has indicated that it does not intend to amend the AML/CTF Rules to allow these simplified verification procedures to apply to these types of customer but that it is considering issuing a Guidance on identification/verification of foreign listed companies.
For other corporate entities and trusts, the AML/CTF Rules are generally prescriptive as to what constitutes minimum information to be collected and verified but the need to collect and verify additional Know Your Customer information is more risk based.
Third parties: The Government has confirmed that reporting entities can use agents to carry out any of their obligations under the Act (and that agency agreements need not be in writing).7
The AML/CTF Rules on customer identification procedures deemed to have been carried out by another reporting entity (the first reporting entity) have been relaxed. It is no longer necessary that a reporting entity who relies on the customer identification procedures carried out by the first reporting entity has to obtain a copy of those procedures as long as it has access to them (under a written agreement between the two entities for the management of records).
AML/CTF programs: The obligation on the board and senior management of a reporting entity to approve and have ongoing oversight of its AML/CTF program has been facilitated in that, where the reporting entity is part of a DBG and has a joint AML/CTF program, the obligation can now be discharged by the governing board and senior management of the main holding company of the group.8
AUSTRAC
AUSTRAC has provided some guidance on how it intends to carry out its role as AML regulator and how it expects reporting entities to implement the Act in a series of presentations that can be found on the AUSTRAC website http://www.austrac.gov.au/presentations.html
The presentations indicate that:
- guidance will be released by AUSTRAC on a number of issues, eg the scope of the DRS obligations, correspondent banking, DBGs, AML/CTF programs and customer identification;
- further AML/CTF Rules will be introduced by AUSTRAC on a number of matters, including compliance reports, exemption of certain bill payment systems, reportable details for suspicious matter, threshold and international funds transfer instructions reports and ongoing due diligence;
- AUSTRAC will commence workshops and seminar programs in April 2007; and
- an AUSTRAC Regulatory Guide will be released progressively from September 2007.
Policy (Civil Penalty Orders) Principles 2006
The Policy Principles formalise a 15-month amnesty period that will follow after each stage of the AML/CTF Act comes into force. During that period AUSTRAC will only take civil penalty action against a reporting entity where the reporting entity has failed to take reasonable steps towards compliance with its obligations.
It seems that AUSTRAC may be prepared to go beyond the strict interpretation of the Policy Principles which do not extend to the criminal offences in the Act (such as providing a registrable DRS without registering with AUSTRAC) as recent presentations by AUSTRAC9 indicate that it will not take criminal or civil action against a reporting entity during the amnesty period.
What next
The next significant milestone is 12 June 2007, when the correspondent banking and compliance reporting obligations under the AML/CTF Act come into force.
Correspondent banking: In essence, from 12 June 2007 financial institutions will be prohibited from entering into a correspondent banking relationship with a 'shell' bank (or another institution that has a relationship with a 'shell' bank) and will be required to carry out a due diligence assessment of the money laundering/terrorism financing risks associated with any such correspondent banking relationship before entering into, and during the course of, the correspondent banking relationship.10
Compliance reporting: These obligations require reporting entities to give to AUSTRAC reports on their compliance with the AML/CTF Act, Regulations (if any) and AML/CTF Rules. The form of these reports is still being developed. It is expected that Compliance Reporting Rules will specify that the first reporting period will be from 13 December 2006 to 12 June 2007 and that the reports will have to be lodged three months after the end of that period.
AUSTRAC has indicated that it expects reporting entities to comply with this obligation even though their obligations under the Act at that stage may still only extend to those relating to record keeping, electronic funds transfer instructions and DRSs. Businesses should therefore be prepared to provide to AUSTRAC a report on whether, and to what extent, they are in compliance with their obligations by no later than mid-September 2007.
Further analysis of the AML/CTF legislation and its impact on the Australian financial services sector can be found at AAR's AML/CTF website.
Footnotes
- And where an ADI account is transferred between financial institutions, those institutions must transfer and retain relevant records in accordance with the AML/CTF Act.
- Widely defined to include individuals, companies, trusts and partnerships.
- Designated services 18, 19 and 20, which deal with debit cards.
- Certain instructions that:
- arise from the use of a credit or debit card at a branch of a financial institution; or
- are given by way of the operation of a merchant terminal.
- Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No 2).
- An electronic based verification procedure is a procedure by which customers are verified using electronic data. If reporting entities verify individual customers using electronic data in accordance with AML/CTF Rule 4.2.13 they will not need to collect or verify any additional customer identification information.
- In a letter from Senator Ellison, the former Minister for Justice and Customs, to the Australian Bankers Association, dated 8 March 2007.
- AUSTRAC has confirmed in its discussions with AAR that the reference in this Rule to the 'governing board and senior management of the main holding company of the group' is to the main holding company of the corporate group. AUSTRAC has indicated that it will be issuing guidance on DBGs. This may provide clarication of this point.
- These can be found at the AUSTRAC website at http://www.austrac.gov.au/presentations.html
- Rules on correspondent banking were made by AUSTRAC on 10 April 2007.
For further information, please contact:
- Anna LenahanPartner,
Sydney
Ph: +61 2 9230 4132
Anna.Lenahan@aar.com.au - Catherine ParrPartner,
Sydney
Ph: +61 2 9230 4994
Catherine.Parr@aar.com.au - Craig PhillipsPartner,
Melbourne
Ph: +61 3 9613 8938
Craig.Phillips@aar.com.au - John BeckinsalePartner,
Brisbane
Ph: +61 7 3334 3520
John.Beckinsale@aar.com.au - Kim ReidPartner,
Perth
Ph: +61 8 9488 3727
Kim.Reid@aar.com.au
