As an Australian Financial Services License (AFSL) holder, you have certain obligations to help prevent financial crime — particularly when it comes to anti-money laundering (AML) and counter-terrorism financing (CTF). From cryptocurrency and social media scams to huge penalties and liabilities, this is one issue you can’t afford to overlook.
Here’s what all AFSL holders need to know about AML and CTF obligations.
AML/CTF programs: The basics
If you offer or arrange any designated service, you’re required to have an AML/CTF program. However, there are different kinds of financial crime prevention programs, and the right fit for your firm depends on what exactly you do.
The AML/CTF Act is government legislation that regulates and empowers the Australian Transaction Reports and Analysis Centre (AUSTRAC). Under this act, ASFL holders who are reporting entities are required to have an AML Program based on the services they provide:
- Standard: In this group, you need a standard program that covers two parts of the Act:
- Part A: How you identify, mitigate and manage the risk of money laundering and terrorism financing.
- Part B: How you identify customers and beneficial owners, including politically exposed persons (PEPs).
-
- Joint Program: If you are part of a Designated business group (DBG) you can have a shared program across reporting entities.
- Special: If you only arrange designated services from other reporting entities (as covered by Item 54 of Table 1 in Section 6 of the Act), you’ll need a special program covering Part B.
Your obligations depend on your offerings, which means it’s important to consider the services you provide and how they’re defined under the language of the Act. If you’re unsure, MIntegrity experts recommend that you consult legal counsel.
Core obligations for AFSL holders
To align with all relevant requirements, you have a few key responsibilities. These include:
-
- Implementation: Your program must be fully implemented and maintained on an ongoing basis.
- Customer verification and identification: You must perform identity checks before providing any services and enhanced due diligence is required after the initial onboarding. This also looks at your Know Your Client (KYC) requirements.
- Reporting: You must stay up-to-date with Threshold Transaction Reports (TTR), International Funds Transfer Instructions (IFTI) and Suspicious Matter Reports (SMR).
- Record-keeping: Correctly and regularly report transactions, customer identification procedures and the processes involved in your AML /CTF program.
- Approach design: Prevent financial crime by adopting a risk-based approach, identifying and assessing business risks and managing them appropriately.
- Approval: Senior Management and/or the Board must approve and oversee the implementation of all risk-based systems and controls.
Remember that your specific responsibilities depend on your firm and offerings; this isn’t an exhaustive list.
What are the risks?
To create an effective AML/CTF program, you need to identify risks specific to your business. Consider these elements:
- The types of customers you have, especially if some are higher risk (for example PEPs).
- The type of designated services you provide.
- How you provide those services (for example, face-to-face or online).
- The foreign countries or regions — known as foreign jurisdictions — you operate or do business in.
As you review your environment and offerings, rank each service as ‘high,’ ‘medium’ or ‘low’ depending on the level of risk.
When developing appropriate customer identification and verification procedures, you should consider risks such as:
- The beneficial owner/s of your customers.
- Whether your customers or their beneficial owners are PEPs.
- Your customers’ source of funds and wealth.
- The nature and purpose of your business relationship with your customers.
- The control structure of customers who aren’t individuals, such as companies and trusts.
Managing these risks
The key to solid risk management is tracking the processes for identifying, managing and escalating each issue. If you have out-of-date documentation or processes that aren’t fit for purpose, you’ll raise a red flag to regulators looking for firms not properly managing AML/CTF obligations.
Best practices include:
- Risk-assessing services provided based on client type/jurisdictions where you operate.
- Periodically reviewing risks.
- Training staff on obligations, risks, consequences of non-compliance and your processes.
- Appointing an AML/CTF officer.
- Keeping AUSTRAC updated with changes.
- Submitting annual compliance reports.
Noting red flags
Scammers and fraudsters are continually looking for new ways to launder their illegally gained funds. Getting those assets into the financial markets is a quick way to clean that money up.
Look out for indicators of this behaviour:
- New accounts with increasing deposits purchasing securities where the account owner has no plausible way to explain the increase in funds.
- Unprofitable trades where one account is making losses after a security has had a price increase (especially in illiquid stocks that somehow have become liquid).
- Unusual selling down of stable portfolios.
- Changing bank account details followed by selling down investments.
- Account name changes.
- Fund transfers to third parties.
What AFSL holders should do
Compliance with the law is mandatory, and restricting money laundering and terrorism financing is critical to a well-functioning financial market. Penalties for non-compliance have been harsh and remediation programs are expensive. Staying on the right side of regulation is a cost-effective way to minimise this risk.
The best way to do that is to regularly have your AML/CTF program Part A reviewed by an independent expert. This can reduce the risk of non-compliance, ensuring your policies and procedures are adequate based on your obligations. Plus, this is an opportunity to make improvements or enhancements before AUSTRAC takes action.
Image by rawpixel.com on Freepik
