Are you launching a new business providing Designated Services?

Is a new business proposing to provide products or services that are ‘Designated Services’ under the Anti-money Laundering & Counter-Terrorism Financing Act, 2006 (AML/CTF Act)? If yes, then read on to find out more about AML compliance.

One of the key tasks for a business proposing to provide designated services, before it goes live, is setting up a new AML / CTF compliance program, per the requirements under the AML/CTF Act.

There are many elements to consider while setting up an AML/CTF compliance program (‘AML compliance program’) for a business. This article highlights a few key matters to consider in setting up the AML compliance program. Broadly, the points below are also relevant if a business is launching a new service or product that is a designated service.

1. Scope of Designated Services

Broadly speaking, financial services (banking, insurance, super and pension, stockbroking, digital currency exchange, remittance, loans or finance, investments, financial advisory services etc.), bullion trading activity, and gambling services (betting and gaming) are in scope products and services within the scope of the AML /CTF legislation and are called ‘designated services’.

Correctly deciding the applicable designated services for the intended products and services is an important first step. This has implications for the enrollment/registration with AUSTRAC, AML compliance program, risk assessment with a further flow-on effect for other components of the AML compliance framework (e.g., on transaction monitoring).

Designated Services across different businesses can have their own nuances. If someone is carrying on multiple businesses or providing a range of products and services, it may involve multiple designated services.

2. AML/CTF Program

The enterprise AML/CTF compliance framework consists of several interconnected components in line with the regulatory requirements. This includes establishing a risk-based AML/CTF program taking into account the applicable designated services. An AML/CTF program has two parts – Part A and Part B - described below.

Part A of the Program: Part A contains a number of principles and requirements, and must be Board approved (or similar governance body, if there is no board). Key items in Part A include:

- A brief description of the business, and the designated services,

- Methodology for undertaking risk assessment for the business including new designated services before they are launched, new methods of delivering designated services before they are adopted, new or developing technologies to deliver designated services before adopting, identifying and assessing the Money Laundering/Terrorist Financing (ML/TF) risks the business faces, and controls and actions to manage and mitigate those risks. The risk assessment should be based on a risk-based approach, and keeping in view the size, nature and complexity of the business,

- Undertaking AML/CTF risk awareness training,

- Setting up an Employee Due Diligence (EDD) program to identify, assess and mitigate ML/TF risk that can arise from any staff member, and the periodic refresh of such due diligence, as well as when an employee is promoted / transferred,

- Appointing an AML/CTF Compliance Officer, and delegation of duties,

- Board and Senior Management approval and ongoing oversight,

- Procedures for regulatory reporting including international funds transfer instructions (IFTI) report, threshold transactions report (TTR), suspicious matter report (SMR), and annual compliance report,

- Procedures for undertaking enhanced customer due diligence (ECDD), ongoing customer due diligence (OCDD), and transaction monitoring,

- Record keeping,

- Regular Independent review of Part A of the AML/CTF program for an impartial assessment of the program that includes a review of compliance and effectiveness.

Part B of the Program: Broadly, the following have to be covered in Part B:

- Framework for Know Your Customer (KYC) procedures, documents and information to be collected and verified,

- Customer due diligence and risk assessment taking into account customer types, products, jurisdiction, delivery channel, and risk levels,

- Identifying and verifying beneficial owners and politically exposed persons (PEP), their screening and assessment,

- Procedures to manage and responding to discrepancies in customer information,

- How to determine when additional information for a customer is to be collected.

3. Types of AML/CTF Programs

For a business undertaking activities as a financial advisor / financial planner, and-

- in the capacity of holder of an Australian Financial Services Licence (AFSL), arranging designated services from other reporting entities for its clients, and

- undertaking no other designated services,

in that case a ‘special program’ needs to be set up containing only Part B of an AML/CTF program.

Otherwise, depending on the nature of the activities, one of the following AML/CTF program comprising Part A and Part B needs to be set up:

- if an individual reporting entity – a standard program, or

- for members of a designated business group (DBG) – a joint program, to be adopted by each reporting entity that is part of the DBG.

4. A Few More Things to Consider

It is important to also consider the following for the AML program:

- The AML program should be designed on a risk-based approach. This requires identifying and assessing the ML/TF risks that present the biggest risks to the business; and implementing controls and solutions that will have the biggest mitigating impact for the highest assessed risks, and make way down.

- The AML program should consider the size, nature and complexity of the business. For example: an AML/CTF compliance framework for a large pan-country multi-jurisdiction bank will be vastly different than for a community owned bank focused on a region. The program should be tailored to the business and requirements.

- The AML program should also tie in with other policies and frameworks of the business including risk & compliance framework, privacy, incident and breach management, standard, corporate governance framework and so on and so forth.

5. In conclusion

Setting up an AML/CTF compliance framework is an extensive and critical activity, and requires ongoing efforts to keep it current and relevant. They also require working out and documenting a comprehensive and detailed framework and procedures in line with the regulatory requirements, initially and on an ongoing basis.

Regulatory References:

AUSTRAC - AML/CTF programs – click here.

Also read:

Failure to enrol with AUSTRAC result in increased penalties – read our note here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Post script

On 20 April 2023, the Australian Attorney-General announced a public consultation on proposed reforms to Australia's anti-money laundering and counter-terrorism financing (AML/CTF) regime. Part of the reforms aims to simplify and modernise Australia's AML regime (while another set of reforms aims to expand the universe of reporting entities covered under the AML legislation).

The reforms, once implemented, will result in combining Part A and Part B of the AML program into a single document. Some other changes are also proposed, which will impact the AML program.

Read our article on the above subject here, for further insights into these proposed changes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Post Script 2 - 29 Sept 2024

The AML/CTF Amendment Bill 2024 has been introduced in the Parliament on 11 September 2024, to reform and modernise Australia's AML/CTF regime. The Bill proposes significant changes to the AML/CTF Act including in regards to risk assessments. The commentary above is subject to the new provisions.  

Read our article here on the AML/CTF Bill.

Compliense Advisors is an AML and FinCrime compliance and risk management advisory services provider. We provide solutions aligned with your business profile to minimise and mitigate your risks associated with money laundering and FinCrime activities, and achieve compliance.

Our experience includes AUSTRAC registration/ enrollment; setting up, implementing, uplifting AML program; risk assessment; preparing and documenting procedures and framework; and a range of other matters including Sanctions, Anti-bribery & Corruption, and Privacy compliance.

This article explains few key issues involved and factors to consider while developing a new AML compliance framework, but is not exhaustive. The article above is for general informational purposes only and should not be considered as a professional advice or a recommendation to take specific actions. You should carefully evaluate your own circumstances and seek professional advice for your specific needs. You are responsible for your compliance obligations, and for any action taken or omitted. We are not a law firm, and do not provide legal advice.