Outsourcing Guidelines

Written By giulia dondoli

Outsourcing involves engaging external providers to fulfil some of your AML/CTF activities, such as reporting to AUSTRAC, developing and maintaining your AML/CTF program, carrying out an independent review of your AML/CTF program, carrying out customer identification procedures, employee due diligence, AML/CTF risk awareness training, and transaction monitoring.

AUSTRAC released a draft Guidance on Outsourcing Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) obligations. The key points outlined in the guidance are:

  • Your business remains liable for any breach of your AML/CTF obligations, even under outsourcing arrangements. You should take steps to ensure you manage any outsourcing risks and have appropriate oversight of your providers.

  • Outsourcing may increase your risks when a provider lacks the expertise or resources to meet your AML/CTF obligations, does not tailor its services to your business, is not aware of the legal restrictions on information sharing, and is not subject to adequate performance, oversight and enforcement mechanisms.

  • To mitigate risks, you should do thorough due diligence on outsourcing providers, including verifying their expertise, qualifications, and ability to tailor services to you. For example, you could ask the provider to show you a demonstration of their services and watch out for providers who are not familiar with your industry or your AML/CTF obligations and use generic or template products not tailored to your business or your obligations under Australia’s AML/CTF framework.

  • You should consider legal restrictions on sharing restricted information before outsourcing, for example about ‘tipping off’ and privacy laws.

  • You should outsource through legally binding agreements that outline the services and performance targets, and include monitoring and enforcement clauses.

  • You should update your provider regularly on any changes to your business, complete quality assurance checks of the services provided and report to your board and senior management any significant updates about outsourced services.

  • Your AML/CTF program should document any outsourcing arrangements that carry ML/TF risk and the controls you apply to mitigate and manage these risks.

Get in touch if you have any questions about outsourcing.

giulia dondoli
Previous

Russia Sanctions: Obligations for Reporting Entities
Next

Financing of Terrorism