Thinking | 23 March 2008

AML: Compliance reports due 31 March 2008 (other than managed investment schemes)

From 12 December 2007, reporting entities under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (Act) are generally required to adopt and implement an AML/CTF Program which includes risk-based identification and verification procedures that must be undertaken in respect of new customers. Compliance reports describing an entity’s compliance is another requirement under the Act.

A reporting entity is generally a legal person who provides designated services. The Act provides for a wide range of designated services, including banking and finance related services, life insurance, annuities, superannuation, stockbroking, financial planning and others.

As announced by AUSTRAC on 15 May 2007, the initial compliance reporting period was 13 December 2006 to 31 December 2007. The 3 month deadline for lodging the compliance report is 31 March 2008. Civil penalties may apply for failure to provide an AML/CTF compliance report to AUSTRAC.

We note that although recent regulations officially included managed investment scheme operators as reporting entities under the Act, these regulations were not retrospective and were only effective from 31 January 2008. As such, compliance reports for the first reporting period are not required of such entities.

For other reporting entities however, compliance reports can be submitted online, which AUSTRAC believes will lessen the burden on businesses.

The Act does provide a 15 month prosecution-free period, however it is subject to certain conditions. Policy principles released over a year ago by AUSTRAC provide that this period will only apply if AUSTRAC is satisfied that the reporting entity has failed to take ‘reasonable steps’ to comply with the Act including that a reporting entity has:

taken responsibility for ensuring it understands and complies with its obligations under the Act
a commitment to fostering a culture of voluntary compliance and
most importantly, taken preparatory steps to implement systems and controls relevant to its identified risks and the extent to which those systems and controls have been implemented.

AUSTRAC has stated that, by submitting a compliance report, an entity will demonstrate that it is identifying and mitigating the AML risks that their business may face, and, whether fully compliant or not, will no doubt be counted towards taking ‘reasonable steps’.

AUSTRAC has also stated that they will be looking to ensure that reporting entities have allocated adequate resources and established appropriate reporting lines, communication protocols and processes for review.