New AML / CTF Obligations Coming Into Force in December 2008

On 12 December 2008 certain parts of the Anti-Money Laundering and Counter Terrorism Financing Act 2006 (Cth) ("Act") will come into force. The provisions include Division 6 of Part 2 concerning ongoing customer due diligence and Divisions 1 to 4 and Division 6 of Part 3 dealing with reporting obligations. These parts are the last of the provisions of the Act to come into force. The other provisions came into force at six and twelve month intervals from 13 December 2006. The Australian Transaction Reports and Analysis Centre (AUSTRAC) also has – and has already exercised – the power to issue legally binding rules under section 229 of the Act.

Overview

The provisions of the Act coming into force will impose new obligations on "reporting entities". A "reporting entity" is any entity that provides a "designated service", being the provision of financial, bullion, gambling or money transfer services.

From 12 December 2008, reporting entities will be required to monitor its customers in relation to the provision of its services with a view to identifying, mitigating and managing the risk that provisions of its services might involve or facilitate money laundering or financing of terrorism. This ongoing customer due diligence requirement is comprised of three mandatory components, being "know your customer" or "KYC" requirements, monitoring customer transactions and undertaking enhanced customer due diligence.

Reporting entities will need to ensure that they:

1. collect and verify information about a customer's identity;
2. determine when it may be necessary to collect further KYC information or update or verify existing KYC information;
3. establish a transaction monitoring program which should be able to detect complex, unusual large transactions and unusual patterns of transactions which have no apparent economic or lawful purpose; and
4. establish an enhanced customer due diligence program which can be applied when the reporting entity determines that there is a high money laundering or terrorism financing risk or a suspicious matter has occurred.

The Part 3 provisions that are coming into force will require reporting entities to give AUSTRAC reports about suspicious matters, transactions involving the transfer of money of $10,000 or more (whether in physical currency or e-currency) and international funds transfer instructions.

Suspicious Matters

Reports about suspicious matters must be reported:

• generally, within 3 business days; or

• if the suspicion relates to the financing of terrorism, within 24 hours

after the day on which the reporting entity forms the relevant suspicion. Whether a matter is suspicious and therefore reportable will depend upon whether the reporting entity has a suspicion on reasonable grounds:

1. about the person that the entity is dealing with;
2. that the provision of the service is preparatory to the commission of an offence; or
3. is relevant to an investigation or prosecution of an offence in Australia.

Given that a suspicion must be based on "reasonable grounds", the provisions in the Act allow an entity to investigate a customer's transactions or information before being required to make a report to AUSTRAC. The AUSTRAC Regulatory Guide states that the obligation to report a suspicion based on reasonable grounds means that the reporting obligation arises if a reasonable person would conclude from all the circumstances surrounding the provision or proposed provision of a designated service that a suspicious matter report would need to be submitted. This suggests that if a reporting entity does not have an actual suspicion based on reasonable grounds but should have had such a suspicion, then the reporting entity is required to report the matter.

AUSTRAC has taken the view that where a reporting entity uses an agent to provide a designated service and the agent forms a suspicion as to a relevant matter, that agent's knowledge is not to be imputed to the principal. In other words, the reporting entity must have actual knowledge. However, AUSTRAC has stated that if a reporting entity enters into any type of agency agreement, the agreement should expressly require the agent to immediately report any relevant suspicions to the principal.

In addition, the Act provides that AUSTRAC may make rules as to which matters may be taken into account in determining whether there are reasonable grounds for a reporting entity to form a suspicion of a relevant matter. The Act also requires that appropriate compliance programs are in place.

AML/CTF Programs

Since 2007, reporting entities have also been required to establish so-called "AML/CTF programs" as a way for reporting entities to identify, mitigate and manage the risk of their products or services. Each reporting entity must develop its own AML/CTF program based on:

1. the risk profile of its customers;
2. the risk of the designated service being used in contravention of the Act;
3. the methods by which designated services are provided;
4. risk profiles of foreign countries dealt with; and
5. risks resulting from the provision of designated services through permanent offices in foreign jurisdictions.

Most AML/CTF programs must have two parts. Part A must set out procedures relating to such things as:

• assessing the risk of products and designated services that a business provides;

• screening employees prior to hiring and ongoing monitoring of staff; and

• training employees in AML/CTF trends, risk-based processes and the consequences of non-compliance with the Act and the AML/CTF Rules issued by AUSTRAC.

Part B of the program requires specified procedures for establishing methods for identifying customers and their agents that will enable the reporting entity to be reasonably satisfied about a customer's true identity and to gather and validate minimum KYC information.

Compliance Reports

Under the Act, AUSTRAC has the power to require entities to provide compliance reports to demonstrate their compliance with the Act. The last compliance report was in respect of the 2007 calendar year. The Act provides that an entity must give a report even if to do so might tend to incriminate the entity or expose the entity to a penalty.

However, section 48(2) of the Act provides that, in most cases, a compliance report will not be admissible in evidence against the reporting entity in civil or criminal proceedings. Similarly, section 124 exempts most suspicious matter reports from being admitted in evidence in court or tribunal proceedings, subject to certain exceptions – such as where the reporting entity intentionally gives false or misleading information to AUSTRAC. The effect of these provisions is that if a reporting entity reports a suspicious customer to AUSTRAC and that customer subsequently claims civil damages from the reporting entity as a result of giving that report (e.g. for defamation), the customer is unlikely to be successful in such claim.

AUSTRAC has stated that it recognises that some entities may not be fully compliant with the provisions by 12 December 2008 but expects that entities will take reasonable steps towards compliance and be fully compliant by 12 March 2010 at the latest. However, AUSTRAC will require an entity that fails to implement any transaction monitoring program by 12 December to apply their monitoring program, once implemented, to those transactions that occurred between 12 December and when the entity began complying with its obligations under the Act.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.