Know your customer: the legal position Anti-Money Laundering and Counter-Terrorism Financing: Key Obligations

The first set of AML/CTF legislation is almost fully operational. The second set is expected to be introduced later this year. Here's the legal summary of your key obligations.

Background — AML/CTF Regime in Australia

Over the past two years, a series of legislative reforms aimed at bringing Australia's AML/CTF regime into line with international standards have been rolled out:

• The first set of legislation primarily targeted the financial and gambling sectors. It was introduced in December 2006.
• The second set focuses on certain legal, accounting, trust and company services. It is expected to be introduced later this year.

SMSF's and licensed financial advisers are expected to be caught in the second set.

Who must comply?

People who provide 'designated services' are 'reporting entities' and have obligations under the Anti-Money Laundering and Counter Terrorism Financing Act 2006 (Act) and associated Rules. Reporting entities are regulated by the Australian Transaction Reports and Analysis Centre (AUSTRAC). Examples of reporting entities include:

• banks and other financial institutions;
• remittance service providers;
• foreign exchange dealers;
• debit and stored value card providers;
• bullion dealers; and
• casinos and other gambling service providers.

What is required?

Each reporting entity must adopt an AML/CTF Program. The program is to have two parts. Much of the content of a program is prescribed by the Rules.

Program Part A — identify, reduce and manage risks

The primary purpose of Part A of a standard program is to identify, manage and reduce money laundering and terrorism financing (ML/TF) risks that a reporting entity may reasonably face.

A reporting entity must consider the risks posed by the following factors:

• its customer types, including any politically exposed persons (i.e. individuals who are or have been entrusted with prominent public functions in a foreign country);
• the types of designated services it provides;
• the methods by which it delivers designated services; and
• the foreign jurisdictions with which it deals.

The reporting entity must then establish risk-based controls and procedures to manage and mitigate the ML/TF risks identified. Key obligations include:

• developing an employee training program; and
• enhanced screening procedures for certain employees.

Part A of the Program must be audited on an annual basis.

Part B — identifying customers, gathering information, identifying discrepancies

The primary purpose of Part B of a standard program is to set out the reporting entity's customer identification procedures.

Generally, a reporting entity must collect minimum information before providing a designated service to the customer. This information must then be verified against independent documentation or electronic data. However, limited exemptions can apply — for example, if:

• the service is prescribed as 'low risk', or
• the reporting entity has already provided the designated service to that customer before the commencement of the legislation.

The Rules prescribe different Know Your Customer (KYC) procedures for different types of customers — individuals, companies, trustees, partners, unincorporated associations, registered co-operatives and government entities.

Based on the analysis in Part A of the program, a reporting entity must then include appropriate risk based systems and controls to determine whether:

• additional KYC information will be collected; and
• that additional information requires further verification.

Reporting entities must also put in place processes so they can respond to discrepancies that arise in the course of collecting and verifying the KYC information.

The Act allows for a reporting entity to rely upon an outsourced provider to conduct the KYC procedures where that provider is acting as the reporting entity's agent.

AML/CTF Compliance Officer

A reporting entity must appoint an AML/CTF Compliance Officer. AUSTRAC has indicated that a reporting entity should consider the person's independence, seniority, accountability, reporting lines, access to executive/board and relevant skills and experience.

Reporting obligations

From 12 December 2008, reporting entities will be required to monitor their customers and the transactions that they make with a view to reporting any suspicious matters that arise to AUSTRAC.

The Act also requires reporting entities lodge reports with AUSTRAC relating to:

• threshold transactions (i.e. certain transfers in excess of $10,000)¹;
• international funds transfer instructions²; and
• general compliance³.

Record keeping

The Act requires reporting entities to retain certain records for seven years. Reporting entities will need to ensure that its systems are capable of capturing and storing the required information and documentation.

Next steps

Those already caught by the first set of legislation, should be well under way in preparing for:

• enhanced customer due diligence obligations; and
• suspicious matters, threshold transaction and international funds transfers instructions reporting obligations.

For those who may be caught by the second set of legislation, it pays to be prepared. At this stage, people need to consider:

• identifying the designated services that are provided and analysing the level of ML/TF risk;
• identifying customers and considering the systems that will be required in terms of recording and reporting obligations;
• the additional compliance costs likely to incurred; and
• the potential impact upon any third party service provider agreements.

Questions & Further Information

For questions or more information about Anti-Money Laundering and Counter-Terrorism Financing obligations, call Maddocks in Melbourne (03 9288 0555) or Sydney (02 8223 4100) and ask for a member of the Maddocks Funds Management and Superannuation Team.

¹ Section 43 AML/CTF Act
² Sections 45 and 46 AML/CTF Act
³ Section 47 AML/CTF Act