AUSTRAC Compliance Reports, and the 2024 Report

As the calendar turns to a new year, the AUSTRAC Compliance Report submission period begins

Compliance Reports, generally

January 1 ushers in the new year and also the obligation to submit the AUSTRAC Compliance Report. Thus, the 2024 compliance reporting period has started, and the report must be lodged by 31 March 2025 through AUSTRAC Online.

Most reporting entities are required to submit this report. Exemptions include:

• Reporting entities that provide only item 54 services (refer to Note 1),

• Pubs and clubs, licensed to operate 15 or fewer electronic gaming machines, and

• A remittance services provider that provides services only as an affiliate on behalf of a remittance network provider.

While compiling the report, it is useful to compare the questions in the latest report with those in the previous version. It is likely that the latest report template has added, deleted, or modified the questions compared to the previous one.

When finalising your responses, it will be helpful to review and compare them with your previous year’s responses and use that as a baseline. In certain cases, a response that differs from the previous year may require closer review.

If you are a Designated Business Group (DBG), only one member should lodge the Compliance Report on behalf of all members in the DBG, submitting a combined report. Ofcourse, the option remains for a member to specifically submit its own report, if substantially different from the other DBG members.

Ensure that appropriate governance procedures are followed in finalising the report, and retain complete documentation.

2024 Compliance Report - what is new?

The 2024 Compliance Report covering the period 1 January - 31 December 2024 is due by 31 March 2025.

As it usually happens, the latest report questionnaire introduces quite a few changes compared to the 2023 version. Some questions have been added – for instance, the report now seeks to know from the Digital Currency Exchanges (DCEs) whether they provide services to other DCEs. Conversely, some questions have been removed, such as from where the blockchain technologies were procured by a reporting entity (RE), or the reasons behind introducing new delivery methods (channels) for providing designated services.

On the subject of outsourcing, AUSTRAC has broadened its focus. It now requires REs to disclose their outsourcing arrangements for Enhanced Customer Due Diligence (ECDD) and training, in addition to arrangements for customer identification, program development, transaction reporting, and monitoring. REs must also provide the names of the service providers for each outsourced function. Another new addition is a question specifically asking whether Part A of the AML/CTF program has been independently reviewed.

Some questions have undergone changes in nuance. For example, the report now asks if the AML/CTF program has been approved by the board or senior management, and when it was last approved. This contrasts with the 2023 report, which focused on specifying time bands for the last approval.

There are changes in the risk assessment section too. The question about whether the businesses assess ML/TF risks for each employee has been dropped. However, the REs are now required to confirm whether they have a documented customer risk assessment methodology.

New questions have been added regarding non-standard identification documents, likely reflecting AUSTRAC’s intention to understand practices. The information will probably feed into finalising its draft guidance on the topic.

If no unusual or suspicious activity was identified or reported by an RE's staff during the year, the report now requires an explanation of why this was the case. This change highlights AUSTRAC’s focus on ensuring that reporting entities remain vigilant and proactive in identifying suspicious behaviors.

Lastly, AUSTRAC is seeking feedback through a few new questions. These include gauging the usefulness of its guidance materials, assessing the effectiveness of its collaboration and engagement efforts, and determining whether its regulatory approach over the past 12 months has been consistent with its published policies.

Entities should carefully review these updates and other questions, to formulate their responses. Happy reporting!

Regulatory references:

• Compliance reports - click here.

• 2024 compliance report - click here.

• 2024 compliance report questionnaire - click here.

From our blogs library:

• 2023 compliance report - click here.

While at it, refer to more from our blogs:

• AML & FCC developments in 2024 - click here.

• Updates to the AML / CTF legislation expanding and reforming the AML regime - click here.

• AUSTRAC National Risk Assessments - click here.

• And more.

1. This refers to provider of only item 54 designated services of table 1, Section 6(2) of the AML/CTF Act.

   
   

9 January 2025

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Compliense Advisors is an AML/CTF and FinCrime compliance and risk management advisory firm.

Our experience includes implementing legislative changes; undertaking ML/TF risk assessment; setting up, implementing, uplifting AML/CTF program; and advising on AML/CTF and FinCrime compliance and risk matters.

The article above is for general awareness and informational purposes only. Please carefully evaluate your circumstances, and seek professional advice for your specific needs. You are responsible for your compliance obligations, and for any action taken or omitted. We are not a law firm, and do not provide legal advice.

Write to us on compliense@compliense.com.au. Visit our website for more such knowledge resources. You can also sign up for new articles and updates.