For many years, Australia has doggedly let criticism of its anti-money laundering (AML) regime wash over its continental beaches without so much as a blink other than to conduct numerous reviews and consultations. Finally, the Australian Government has initiated the long-waited for Tranche 2 reforms to its AML regime with considerable fanfare. On 11 September 2024, the Government introduced into Parliament the much-anticipated Anti-Money Laundering and Counter-Terrorism Financing Amendment Bill 2024 (AML Bill).
The AML Bill addresses three key objectives:
The proposed start date for a number of the key reforms is 31 March 2026.
The intention is that reporting entities will have sufficient time to implement the necessary changes to their policies, processes, systems and controls. This is all directed towards the Government ensuring that the reforms are in place for Australia's mutual evaluation by FATF in 2026-27.
Whether you are an existing reporting entity or a professional organisation where AML/CTF obligations are to be imposed on you, you should seriously consider the following action items ahead of the reforms becoming law:
There are various changes that while on their face, are an attempt to codify current expectations from AUSTRAC, it is possible some uncertainty will arise in their practical implementation. For example:
Reporting entities must understand and document their ML/TF risks and design their frameworks, processes, systems and controls to ensure that ML/TF risks are managed and mitigated.
An AML/CTF program is divided into two parts:
While there is no formal requirement for an AML/CTF program to have two parts, whatever AML/CTF policies exist should be designed to achieve two outcomes:
Importantly, a reporting entity must comply with its AML/CTF policies.
Where the reporting entity provides designated services at or through a place of business in Australia, it must have regard to the following key factors when carrying out that assessment:
An obligation to designate an AMLCO is contained in the AML/CTF Rules which will be moved to the Act, emphasising the importance of the role. Additional requirements will also apply. The AMLCO:
The existing concept of a “designated business group” (DBG) will be replaced with a “reporting group”. There are certain key changes:
An overarching requirement when collecting customer information, reporting entities must use a 'risk based approach' to determine what additional information is to be collected and verified. These obligations will be moved from the Rules to the Act and are framed as obligations to undertake:
Enhanced customer due diligence (ECDD) triggers set out in the AML/CTF Rules will be moved to the Act and will require a reporting entity to apply ECDD where:
Pre-commencement customers are now subject to certain requirements. Pre-commencement customers are subject to customer due diligence only on specified events (e.g. an SMR obligation arises in respect of the customer). Pre-commencement customers will be subject to initial customer due diligence where:
Customer identification information must be verified using reliable and independent documents or data.
Reporting entities will be required to use reliable and independent data that is appropriate to the ML/TF risk of the customer. This is likely to provide reporting entities with more flexibility when determining what sources of data they can use for verification purposes.
The tipping off prohibition applies to reporting entities. To ensure that the tipping off prohibition is an enduring obligation, it will apply to a person:
The existing tipping off prohibition applies to a disclosure to any person (other than certain AUSTRAC entrusted people), except where an exemption applies. The new prohibition imposes obligations that:
A person may share information within a reporting group, in the context of a merger or acquisition or to consultants who are engaged by the reporting entity to support AML/CTF reviews, remediation and uplift.
A number of exceptions apply to the tipping off prohibition. Importantly, the tipping off exception for crime prevention has a 'good faith' requirement, permitting a person to make a disclosure to dissuade a customer from engaging in conduct that could constitute an offence.
Australia is currently one of only five jurisdictions which does not regulate particular 'gatekeeper' professions. The Government has noted that this places Australia at serious risk of being 'grey-listed' by FATF.
AML/CTF regime will be extended to:
The AML Bill proposes the following regime for legal professional privilege (LPP).
The Minister may publish Guidelines on the making or dealing with LPP claims. In our experience, it is likely a regime may be implemented that already applies to a number of Commonwealth agencies (such as the ATO, the ACCC and ASIC), requiring a reporting entity to clearly outline the process for masking and dealing with LPP claims, apart from the contents of the statutory LPP Form.
The nature of LPP claims is likely, in our experience, to give rise to potential contests, particularly if a reporting entity adopts a too broad approach. The fundamental principles of LPP need to be considered: that is, the relevant information or communication must have been created for the dominant purpose of satisfying the legal advice and the litigation LPP tests. Each communication needs to be assessed on its merits, looking at the objective evidence of all the circumstances.
Digital currency exchange services are captured by regulation under AML/CTF laws. The AML Bill extends to 'virtual assets', which is broader than digital currency as it removes the requirement for the asset to be generally available to members of the public without any restriction on use.
A virtual asset is defined as a digital representation of value that:
The AML/CTF regime will now apply to:
providing financial services ancillary to the offer or sale of a virtual asset.
The AML/CTF Act distinguishes between transfers of value undertaken by financial institutions and those undertaken by remittance service providers, which results in different obligations applying to financial institutions and remittance service providers.
The AML Bill removes this distinction, and providers of value transfer services will be regulated. This streamlines and modernises the regulation of telegraphic transfers, remittances, and other transfers of value so that they are all brought under a single definitional umbrella of “value transfer services”.
Digital transactions are not captured as a 'transfer of value'. Value transfer services will include virtual asset service providers. Value transfer services will include virtual asset service providers.
The “travel rule” (the requirement that certain payer and payee information ‘travels’ alongside a transfer of value) applies to financial institutions (ordering and beneficiary institutions) and will be extended to remittance service providers and virtual asset service providers, for both domestic and cross border value transfers.
While intermediary institutions (that pass on a transfer message in a value transfer chain) will be reporting entities, although, they will be exempt from most customer due diligence obligations because they do not have a direct customer relationship with either the payer or payee. And, an intermediary institution must monitor its transactions to identify unusual transactions and behaviours of the customers that may give rise to an SMR obligation.
The AML Bill seeks to bring the obligations up to date with modern payment services. A report must be submitted for an “international funds transfer instruction” (IFTI). In addition, a report must be submitted for an “international value transfer service” (IVTS) to align with the changes to transfers of value and value transfer chain.
The reporting obligation applies to the 'sender' of the IFTI out of Australia, or the 'recipient' of the IFTI into Australia.
In relation to the reporting obligation:
The IVTS reporting obligation will now apply to international transfers of virtual assets from an unverified self-hosted wallet including those incidental to virtual asset exchange designated services.
While all eyes have been on the recent introduction of the privacy reform Bill to Parliament, there have been a number of other updates that continue to inform the shifting patterns of opportunity,...
The Federal Court last week handed down its decision in Australian Securities and Investments Commission v Firstmac Limited [2024] FCA 737. ASIC was successful in its claim that Firstmac Limited...
Welcome to Digital Bytes, our latest quarterly update on current developments in cyber, privacy and data governance.