1. Auditors exist for a reason
Reporting entities should ensure that their AML/CTF programs are frequently audited, both internally and by an external independent auditor. These audits are necessary to ensure that the program is up to date with legislative amendments.
The AML/CTF rules require Part A of reporting entities’ AML/CTF programs to be subject to regular independent review by an internal or external party. The frequency of review should be considerate of the nature, size and complexity of the business and the type and level of ML/TF risk it may face.
The AUSTRAC CEO can also compel a reporting entity to carry out an external audit or risk assessment under the AML/CTF Act.
2. Ensure someone is always watching
Reporting entities must ensure they are appropriately monitoring transactions and identifying those that need to be reported:
2.1 Details of applicable international funds transfer instructions must be reported to AUSTRAC within 10 business days of the instruction being sent or received;
2.2 Transactions over $10,000 of physical currency must be reported to AUSTRAC within 10 business days of the transaction taking place; and
2.3 Suspicious matter reports must be provided within 3 business days of the reporting entity forming a suspicion, on reasonable grounds, that one of the circumstances listed in section 41 of the AML/CTF Act has arisen.
3. New is not always better
The Commonwealth Bank decision illustrates the potential money-laundering and terrorism-financing risk that new services may pose. Reporting entities have an obligation to identify, mitigate and manage the money-laundering and counter terrorism risks of:
3.1 New designated services prior to introducing them to the market;
3.2 New methods of designated service delivery prior to adoption;
3.3 New or developing technologies used for the provision of a designated services prior to adopting them; and
3.4 Changes in the nature of the business relationship, control structure or beneficial ownership of customers.
4. Ignorance isn’t bliss
The recent Federal Court cases against the Tabcorp Group and the Commonwealth Bank demonstrate that contraventions need not be deliberate for the court to award a penalty. In both instances, a lack of intention was taken into account in determining the size of the penalty.
However, the penalty was significant nonetheless.
A reporting entity’s board and senior management must play an active role in overseeing the implementation of their AML/CTF program.
5. Remember that these laws are in place for a reason
There is a purpose to these laws, with significant consequences for non-compliance. The Commonwealth Bank’s deficiencies denied timely evidence to AUSTRAC and other law enforcement agencies on around $635 million in threshold transactions and on several million dollars in suspicious activities.
Our team has also recently audited a company’s AML/CTF compliance and found recent terrorism financing examples, namely providing remittance services to individuals who allegedly had targeted an Etihad flight in 2017 with an explosive device inside a meat grinder.
Those remittance services involved the transfer of money to Syria.
AML/CTF obligations exist to assist law enforcement detect proceeds of crime and terrorism financing. The AML/CTF laws are very effective in doing so, and should be followed by reporting entities.
Given the evolving nature of technology in money laundering and terrorism financing, it is crucial that businesses remain vigilant and up to date with monitoring and reporting obligations.
Andrea Beatty is a financial services partner at Piper Alderman.