Rules Exposure Draft

Written By giulia dondoli

As the Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Bill passed Parliament in November, AUSTRAC has issued a Rules Exposure Draft and is now looking for submissions from the public.

Submissions can be sent via this link, until Friday 14th February 2025.

A brief outline of key aspects of the Rules Exposure Draft is as follows:

  • The AML/CTF Bill states that your AML/CTF risk assessment must be reviewed if there is any change in your business’ nature size and complexity, products offered, customer base, jurisdictional exposure, and delivery methods; or at least every three years. The Rules Exposure Draft adds that you must also review your AML/CTF risk assessment if an independent evaluation report contains adverse findings in relation to your AML/CTF risk assessment.

  • You must develop policies on: (i) safeguarding concerning tipping off (for suspicious matter reports); (ii) ensuring that the board of directors receive sufficient AML/CTF information; (iii) requiring the AML/CTF compliance officer to report to the board of directors on AML/CTF matters at least annually; (iv) ensuring that reports to AUSTRAC are complete and accurate; and (v) ensuring that you can determine as soon as practicable when you have formed a suspicion about a certain matter.

  • Due diligence and training policies must be applied to your staff (either employed or contracted), when the person is first engaged or employed and throughout their engagement. Training must be conducted in alignment with the person’s role and responsibilities.

  • Policies on independent evaluations must: (i) require the production of a report to be provided to the relevant senior manager; (ii) state how you will respond to independent evaluation reports; and (iii) deal with how you will review your AML/CTF programme on the light of adverse findings from the independent evaluation.

  • The AML/CTF Bill states that your AML/CTF compliance officer must be a ‘fit and proper person’. The Rules Exposure Draft outlines that when determining whether a person is fit and proper, you must consider whether the person has: (i) the competence, character, diligence, honesty, integrity and judgement to perform the duties of the role; (ii) been convicted of a serious offence or been subject to adverse findings or found to engage in serious misconduct by a regulatory body; (iii) executed a personal insolvency agreement; and (iv) a conflict of interest.

  • The AML/CTF Bill replaces the current ‘designated business group’, with a ‘reporting group’, to recognise both traditional corporate structures and non-corporate structures (e.g., franchises). Members of the reporting group can be reporting entities and non-reporting entities if the latter discharge AML/CTF obligations for the reporting group. If you establish a reporting group, you will need a ‘lead entity’, which is in charge of establishing the AML/CTF programme and ensuring compliance across the group. The Rules Exposure Draft explains that a business will be a lead entity if it is: (i) resident in Australia; or (ii) provides designated services; or (iii) is registered as a foreign company in Australia; and (iv) controls all other businesses in the group that provide designated services.

  • Where the customer is an individual, the designated service they receive or propose to receive is in Australia and the designated service is an account-based or transfer of value designated service (e.g., money transfers and remittances), you need to verify the individual’s date and place of birth.

  • When the delay in customer due diligence (CDD) is essential to avoid interrupting the ordinary course of business and appropriate risk mitigations are implemented, you may verify CDD information after you have commenced providing a designated service when: (i) you only accept deposits; (ii) the service is the acquisition or disposal of a security, derivative or foreign exchange contract on a declared financial market that must be performed rapidly due to financial market condition; (iii) other CDD items have been established, you may delay politically exposed person (PEP) and sanction screening; and (iv) the service is to be provided in a foreign country and the law of that country allows for delayed verification.

  • You must have policies for applying simplified CDD measures.

  • The Exposure Draft Rules state that the focus on transaction monitoring is on money laundering, terrorism financing, proliferation financing, and serious money laundering predicate offences, rather than the current ‘all crimes’ approach to monitoring.

  • If you were a reporting entity before the commencement of the Amended AML/CTF Act, you are not required to collect or verify additional CDD information to existing customers just because of the reforms to the AML/CTF regime.

  • You may conduct CDD on customers who have difficulties providing standard identification by using data reasonably available to them. You would need to develop appropriate policies to allow for it.

  • You need to establish an agreement or arrangement with another reporting entity (or another equally regulated entity abroad) if you wish to rely on them for providing CDD information on customers on an ongoing basis. The agreement must enable you to receive CDD information as soon as possible following your request to the other reporting entity and it must document your respective responsibilities, including record-keeping responsibilities. You may also establish similar agreements on an ad hoc basis.

  • Under the updated travel rule for international payments, the transaction information needs to travel with the transfer of value. The Exposure Draft Rules state that beneficiary institutions must (i) take reasonable steps to monitor for missing payer and payee information in a transfer of value; (ii) verify the entity of a payee in a transfer of value to ensure the accuracy of the information; (iii) monitor if payee information is inaccurate; and (iv) determine what to do where the information is incomplete or inaccurate. Intermediary institutions are only required to (i) take reasonable steps to monitor for missing payer information; (ii) determine what to do in the case such information is incomplete; and (iii) ensure that the required payer and payee information is retained with the transfer of value.

  • A senior manager must approve or be informed before commencing to provide a designated service if the customer or a beneficial owner is a foreign, domestic, or international organisation PEP.

AUSTRAC also proposes some questions to reporting entities, a selection of key questions is as follows:

  • Do any aspects of the Exposure Draft Rules create unnecessary friction with existing approaches to risk mitigation in your business or sector? If so, what are they? Are there alternative approaches that could achieve the same regulatory outcomes?

  • Are there practical implementation challenges you anticipate you may face in meeting the CDD obligations set out in the Exposure Draft Rules? If yes, what are they and do you have alternate suggestions as to how the same regulatory outcome can be achieved?

  • Does the 12-month reporting period of January – December, with a report lodgement period of the following January – March present significant challenges to your business due to conflicts with other Commonwealth, State or Territory reporting or lodgement requirements? What are these challenges?

  • Is there a preferable reporting or lodgement period?

  • Do the proposed requirements for the collection, verification and passing on of travel rule information create any friction other international travel rule obligations you may be required to comply with?

What’s Next?

Get in touch if you have any questions on the Rules Exposure Draft or if you would like any support in preparing a submission.

 

giulia dondoli
Previous

Rules Exposure Draft
Next

AML/CTF Bill