Key obligations under AML/CTF legislation for financial services providers

Are you providing a designated service under the Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Act? Is your board of directors and senior management comfortable with your AML/CTF risk management systems and processes? Are you complying with your obligations under the AML/CTF Act?

If you are providing financial, gambling, bullion or digital currency exchange services (ie a “designated service”) you may be a “reporting entity” under the AML/CTF Act. If you are a reporting entity, you must meet obligations under the AML/CTF Act.

AUSTRAC’s well publicised announcements of AML/CTF enforcement activity into some of Australia’s largest financial service providers, including Westpac and Afterpay, signals a shift in the Australian regulatory environment. The heightened degree of enforcement means that reporting entities must ensure strict compliance with their reporting, customer identification, record keeping and requested information obligations. If you breach your obligations under the AML/CTF Act, the AUSTRAC CEO has the power to issue infringement notices and fines, or seek civil penalty in court.

Given this, it might be time to review your AML/CTF compliance program to ensure you are covered. Hamilton Locke assist designated service providers, as well as their board of directors and their senior management, to comply with their obligations under the AML/CTF Act.

Our regulatory experts highlight some of the key obligations under the AML/CTF Act and AML/CTF Rules that reporting entities will need to consider in assessing your requirements.


Enrolment and registration with AUSTRAC

All reporting entities need to enrol with AUSTRAC, within 28 days of providing a designated service.


Implement an AML/CTF Program

Reporting entities need to establish and maintain an AML/CTF Program to help identify, mitigate and manage the money laundering (ML) and terrorism financing (TF) risks it may face. There are three types of AML/CTF programs:

  1. Standard program – applies to individual reporting entities;

  2. Joint program – applies to reporting entities that are members of a “designated business group”; and

  3. Special program – applies only to holders of an Australian Financial Services Licence offering a particular kind of designated service.

AML/CTF Programs typically have two key parts:

  1. Part A, relating to the identification, management and reduction of the risk of ML/TF (not required for a special program); and

  2. Part B, relating to customer identification procedures, including collecting and verifying minimum “know your customer” (common referred to as “KYC”) information.


Carry out a risk-based approach to compliance

The AML/CTF Programs are risk based.

Designated service providers must be aware of the various factors that should be considered when assessing the risk that they may facilitate ML/TF activities.

Reporting entities must assess the risk that they may be used for ML/TF by analysing that risk taking into account the following:

  • Customers of the business, including politically exposed persons, source of funds and wealth, the nature and purpose of the business relationship, and the complexity of their business structure;

  • Product or services provided;

  • Delivery channel used to provide the services; and

  • Jurisdiction and geographical area in which the entity operates.


Customer due diligence (CDD)

Reporting entities are required to carry out CDD on all customers, which is documented in Part B of an AML/CTF Program. The purpose of the CDD process is to enable reporting entities to identify and verify their customer in order to determine any ML/TF risk posed, determine whether to proceed with the business relationship or transaction, and assess the level of monitoring required to manage ML/TF risk.

Enhanced CDD may be required in some circumstances, where more stringent CDD procedures should be carried out.


Reporting obligations

Reporting entities have a number of reporting obligations, for example, they must notify AUSTRAC of suspicious matters, threshold transactions, international funds transfer instructions, cross-border movements and AML/CTF compliance reports.


Record keeping obligations

Reporting entities are required to keep all records such as, transactions, customer identification, electronic funds transfer instructions and details of AML/CTF programs for at least 7 years. Other key records that reporting entities must keep include those relating to the provision of a designated service, ML/TF risk awareness training and variations to the AML/CTF Program.


How we can help

The above are some of the key elements in the AML/CTF regime. Each AML/CTF Program needs to be considered and developed in the context of each reporting entity’s specific circumstances.

Whilst there are many publicly available resources relating to AML/CTF and that provide guidance on developing AML/CTF Programs, including on AUSTRAC’s website, Hamilton Locke’s specialists have experience and expertise in this area. We assist designated service providers, as well as their board of directors and senior management, to comply with their obligations under the AML/CTF Act.


About the authors

Samuel Jones and Nick Huett are members of our Funds and Financial Services Regulatory team and are experienced in providing high quality advice on regulatory and risk matters.

Please contact our Funds and Financial Services team for more information.

The information contained in this article is for information purposes only and does not constitute legal advice.