Rules Exposure Draft

Written By giulia dondoli

As the Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Bill passed Parliament in November, AUSTRAC has issued a Rules Exposure Draft and is now looking for submissions from the public.

Submissions can be sent via this link, until Friday 14th February 2025.

A brief outline of key aspects of the Rules Exposure Draft is as follows:

  • The AML/CTF Bill states that your AML/CTF risk assessment must be reviewed if there is any change in your business’ nature size and complexity, products offered, customer base, jurisdictional exposure, and delivery methods; or at least every three years. The Rules Exposure Draft adds that you must also review your AML/CTF risk assessment if an independent evaluation report contains adverse findings about your AML/CTF risk assessment.

  • You must develop policies on: (i) safeguarding concerning tipping off (for suspicious matter reports); (ii) ensuring that the board of directors receive sufficient AML/CTF information; (iii) requiring the AML/CTF compliance officer to report to the board of directors on AML/CTF matters at least annually; (iv) ensuring that reports to AUSTRAC are complete and accurate; and (v) ensuring that you can determine as soon as practicable when you have formed a suspicion about a certain matter.

  • Policies on independent evaluations must: (i) require the production of a report to be provided to the relevant senior manager; (ii) state how you will respond to independent evaluation reports; and (iii) deal with how you will review your AML/CTF programme on the light of adverse findings from the independent evaluation.

  • The AML/CTF Bill states that your AML/CTF compliance officer must be a ‘fit and proper person’. The Rules Exposure Draft outlines that when determining whether a person is fit and proper, you must consider whether the person has: (i) the competence, character, diligence, honesty, integrity and judgement to perform the duties of the role; (ii) been convicted of a serious offence or been subject to adverse findings or found to engage in serious misconduct by a regulatory body; (iii) executed a personal insolvency agreement; and (iv) a conflict of interest.

  • The AML/CTF Bill replaces the current ‘designated business group’, with a ‘reporting group’, to recognise both traditional corporate structures and non-corporate structures (e.g., franchises). Members of the reporting group can be reporting entities and non-reporting entities if the latter discharge AML/CTF obligations for the reporting group. If you establish a reporting group, you will need a ‘lead entity’, which is in charge of establishing the AML/CTF programme and ensuring compliance across the group. The Rules Exposure Draft explains that a business will be a lead entity if it is: (i) resident in Australia; or (ii) provides designated services; or (iii) is registered as a foreign company in Australia; and (iv) controls all other businesses in the group that provide designated services.

  • You must have policies for applying simplified customer due diligence (CDD) measures.

  • The Exposure Draft Rules state that the focus on transaction monitoring is on money laundering, terrorism financing, proliferation financing, and serious money laundering predicate offences, rather than the current ‘all crimes’ approach to monitoring.

  • You may conduct CDD on customers who have difficulties providing standard identification by using data reasonably available to them. You would need to develop appropriate policies on it.

  • You need to establish an agreement or arrangement with another reporting entity (or another equally regulated entity abroad) if you wish to rely on them for providing CDD information on customers on an ongoing basis. The agreement must enable you to receive CDD information as soon as possible following your request to the other reporting entity and it must document your respective responsibilities, including record-keeping responsibilities. You may also establish similar agreements on an ad hoc basis.

  • Due diligence policies must be applied to your staff (either employed or contracted), when the person is first engaged or employed and throughout their engagement.  As a legal professional, you already have protocols in place to ensure that employed personnel are appropriately skilled and act with integrity, i.e., the Australian Solicitors Conduct Rules. You may elect to leverage such existing protocols regarding a person’s integrity to fulfil personnel due diligence requirements under the AML/CTF regime. You still need to document such protocols in your AML/CTF programme, and you need to develop supplementary policies where personnel are not subject to them (e.g., conveyancing paralegals).

  • Training policies must be applied to your staff (either employed or contracted) when the person is first engaged or employed and throughout their engagement. Training must be conducted in alignment with the person’s role and responsibilities.

  • When the delay in CDD is essential to avoid interrupting the ordinary course of business and appropriate risk mitigations are implemented, you may verify CDD information after you have commenced providing a designated service when: (i) you only accept deposits; (ii) the service is the acquisition or disposal of security, in certain specified circumstances; (iii) other CDD items have been established, you may delay politically exposed person (PEP) and sanction screening; and (iv) the service is to be provided in a foreign country and the law of that country allows for delayed verification. AUSTRAC is seeking feedback from you as to what other circumstances should be considered for delayed verification.

  • A senior manager must approve or be informed before commencing to provide a designated service to a customer if the customer or a beneficial owner is a foreign, domestic, or international organisation PEP.

AUSTRAC also proposes some questions to reporting entities, a selection of key questions is as follows:

  • Do any aspects of the Exposure Draft Rules create unnecessary friction with existing approaches to risk mitigation in your business or sector? If so, what are they? Are there alternative approaches that could achieve the same regulatory outcomes?

  • Are any rules not sufficiently flexible to be scalable to specific circumstances of small businesses, sole traders or sole practitioners? Are there alternative approaches that could achieve the same regulatory outcomes?

  • Are there practical implementation challenges you anticipate you may face in meeting the CDD obligations set out in the Exposure Draft Rules? If yes, what are they and do you have alternate suggestions as to how the same regulatory outcome can be achieved?

  • Are there any additional circumstances (e.g. particular types of transactions that require the urgent provision of a designated service) in which your sector may need to delay aspects of initial CDD to prevent disruption of the ordinary course of business?

What’s Next?

Get in touch if you have any questions on the Rules Exposure Draft or if you would like any support in preparing a submission.

 

giulia dondoli
Previous

AML/CTF Report
Next

Rules Exposure Draft