New Draft Rules shake up AML/CTF regime

The exposure drafts published by AUSTRAC to date indicate that the Draft Rules will set out how reporting entities, both new and existing, will need to comply with their obligations under the AML/CTF Act. This includes:

• obligations to conduct initial customer due diligence and to undertake ongoing customer due diligence;
• what reporting entities will need to have in their AML/CTF Programs;
• how groups of entities are to be organised or formed for the purpose of compliance with the AML/CTF Act (to replace the existing concept of ‘designated business groups’);
• details to be provided to AUSTRAC upon application for enrolment or registration under the AML/CTF Act;
• details to be provided to AUSTRAC as part of the lodgement of a suspicious matter report, threshold transaction report, or international funds transfer instruction; and
• the requirement to include information about both the payer and payee when making remittances and other transfers of value.

AUSTRAC has considered a wide range of submissions from industry on the first exposure draft of the Draft Rules. This second exposure draft contains:

• requirements that AUSTRAC have amended following submissions provided by industry in response to the first exposure draft; and
• new requirements not previously seen in the first exposure draft of the Draft Rules being:
  • reportable details for threshold transaction reports and suspicious matter reports
  • information required for enrolment and registration applications

As part of the first exposure draft, AUSTRAC left many aspects of ‘initial customer due diligence’ blank pending receipt of submissions from industry. Aspects of customer due diligence are now included in the New Rules, with the issues receiving the most submissions summarised below:

Customer due diligence

AUSTRAC will not require reporting entities to collect or verify ‘place of birth’ information when conducting customer due diligence on individuals. 

Delayed verification

AUSTRAC has broadened the circumstances in which all reporting entities can conduct ‘delayed verification’ on customers as part of their customer due diligence processes. Where AUSTRAC previously proposed that delayed verification would only be permitted when a reporting entity was, for example:

• opening an account and deposit; and
• conducting certain financial market transactions,

delayed verification is now open to all reporting entities providing any designated service, so long as the conditions in the Draft Rules are met.

Senior manager approval

AUSTRAC has responded to submissions from the first exposure draft on the requirement to obtain ‘senior manager approval’ prior to a reporting entity providing designated services, and the requirement to conduct checks on ‘politically exposed persons’ (PEP checks) of a customer.

In the first exposure draft, the Draft Rules included an exemption from the requirement to conduct PEP checks. However, it also contains a requirement to obtain senior manager approval as to the PEP status of the customer prior to providing a designated service. This meant entities relying on the PEP check exemption could not also obtain senior management approval, as the PEP status of the customer would not be known to the reporting entity.

AUSTRAC has resolved this issue in the Draft Rules by amending the requirement to obtain senior manager approval such that this is triggered ‘when the reporting entity has established the PEP status on reasonable grounds’.

Definition of ‘lead entity’

AUSTRAC has also responded to submissions from the first exposure draft regarding ‘reporting groups’ (replacing the current concept of ‘designated business groups’) are to be formed. A ‘reporting group’ is any ‘business group’ where one of the entities provides designated services. A ‘reporting group’ will have a ‘lead entity’ that is responsible for oversight of the reporting group’s compliance with the AML/CTF Act. 

The Draft Rules now contain a new test that a ‘lead entity’ of a reporting group can be determined by agreement between the members, so long as that entity meets certain requirements (eg cannot be under the control of another member that provides designated services).

AUSTRAC has stated they welcome further feedback in submissions regarding the applicability of the new test for determining a reporting group’s ‘lead entity’.

The Class Exemption Instrument

As foreshadowed in the first consultation paper, AUSTRAC will be separating the current AML/CTF Rules into two separate instruments - the Draft Rules and the Class Exemption Rules. These Class Exemption Rules are carried over from the current exemptions from the Act, or certain provisions of the Act, in certain circumstances.

The exemptions that are being carried into the Class Exemption Rules include:

• current Chapter 21 - issuing or selling a security or derivative in specific circumstances;
• current Chapter 22 - Over-the-Counter derivative markets in respect of specific commodities or products;
• current Chapter 45 - the provision of certain designated services when provided by a person in the capacity of a debt collector;
• current Chapter 47 - provision of designated services to a risk-only life policy member of a superannuation fund under certain conditions; and
• current Chapter 48 - certain designated services provided by a reporting entity when carrying on a business of providing administrative services relevant to salary packaging for an employer client.

Enrolment and Registration Details

Part 2 of the Draft Rules contain updated and modernised requirements for enrolment applications. The enrolment form will be updated and collect information such as:

• what designated services the enrolling entity provides, when it commenced (or proposes to commence) providing those services; and
• information about the applicant, including name, registered office, beneficial owners, details of each director (if a body corporate), ultimate holding company, etc.

Part 3 of the Draft Rules have been updated and contain new requirements for information to be provided by applicants applying for registration as a remittance service provider or a virtual asset service provider (VASP) under the Act. As described by AUSTRAC, these new requirements ‘represent a more transparent and robust entry process to registration’.

The registration form will be updated and collect information such as:

• the applicant’s ML/TF risk exposure and management of ML/TF risks;
• the applicant’s AML/CTF program and capability to meet AML/CTF obligations;
• due diligence on key personnel’s criminal history, and any other court proceedings or findings by regulators;
• evidence of the knowledge, training and experience of key personnel to support compliance with the applicant’s AML/CTF obligations;
• any registration information and any registration or licensing details related to overseas operations; and
• additional detail on the applicant’s business operations.

New Suspicious Matter Reports and Threshold Transaction Reports

AUSTRAC has stated they will be releasing new ‘approved forms’ of suspicious matter reports and threshold transaction reports. These updated forms will capture the new requirements for information that must be included in these reports, including:

• for suspicious matters: the date the suspicious matter reporting obligation arose, information about the person completing the report, information about the entity that has formed the suspicion, and information about the suspicious matter; and
• for threshold transactions: information about the threshold transaction and, if the transaction involves an account, product, transfer of property or virtual asset information about that account, product, transfer of property or virtual asset. 

AML/CTF policies relating to financial sanctions

Section 4-12 of the Draft Rules will introduce a new requirement for reporting entities to have in place AML/CTF policies to ensure they do not contravene targeted financial sanctions obligations, including asset freezing, in providing designated services.

These policies are to be implemented by a reporting entity to ensure it can respond appropriately in respect of whom targeted financial sanctions apply to, including what to do with any value, virtual assets or property the reporting entity holds on behalf of the customer, or subject to transactions being assisted by the reporting entity, to avoid designated services being used for sanctions-related money laundering, terrorism financing or proliferation financing offences. AUSTRAC has commented that the rules will assist reporting entities from inadvertently dealing with frozen assets or returning frozen assets to a sanctioned person in the mistaken belief that this will reduce risk.