Reducing the burden of AML/CTF independent reviews
By Taylor Green
The financial services industry is constantly grappling with achieving a balance between reducing the risk of financial crime and being commercially sensible. Many commentators on the anti-money laundering and counter terrorism financing (AML/CTF) regime in Australia note the heavy burden and cost of customer identification, monitoring, reporting, and independent reviews.
We explain there is a common misconception that a simple annual review of Part A of an AML/CTF Program for compliance with legislative change is sufficient to satisfy the independent review requirement of the regime. In fact, independent reviews are significantly more involved.
What does an independent review involve?
Independent reviews should be, in their essence, a quality assurance review with sampling and testing of the practical implementation of the program. To some extent, the Australian Transaction Reports and Analysis Centre (AUSTRAC) allows entities to determine their own fate, scheduling reviews as they see fit dependent upon the size, type, complexity, and level of risk associated with each business. Most funds tend to adopt an annual or biennial approach to independent reviews.
The only guidance as to timing is AUSTRAC’s indication that high-risk organisations should have independent reviews done at least every two to three years. What does this mean for the managed investment scheme industry?
Recently, we have been working with clients to restructure their AML/CTF review processes to achieve the most commercial but risk-focused outcome. Generally, long-term investment funds tend to measure their ML/TF risk as low or medium-low. Given AUSTRAC’s statement, it could be argued that low or medium-low risk industry could extend independent reviews to every five to six years if there is sufficient monitoring and review in between.
Approach for low-risk entities
We have been considering the following approach for low-risk entities (subject to the requirement to conduct ad-hoc independent reviews in the event of a change to your business):
- Annual internal reviews of the AML/CTF risk assessment and general compliance of the AML/CTF Program. This may include breach monitoring, board reporting, and general legislative uplift.
- Internal quality assurance reviews every three years. This may involve internal testing, sampling, and process reviews. These operate as pseudo-independent reviews conducted internally by those familiar with the systems.
- Independent review every five to six years. These reviews will examine the regime and the implementation of the AML/CTF Program from top-to-bottom.
The extended timeframe between independent reviews, with increased internal monitoring between, may drastically reduce costs and ensure independent reviews are not simply ‘tick-box’ activities.
Scheduling these reviews on a rotating one, three, and five-year basis may also enable entities to align their reviews with their customer identification refreshes (particularly if they adopt a ‘one-three-five’ approach where high risk clients are reviewed annually, medium-risk clients every three years, and low risk clients every five years).
Are you meeting your AML/CTF obligations?
Reach out to a member of our Investment Funds team to understand more about AML/CTF compliance and how we can help.