5 tips for compliance with AML/CTF rules in Australia

Australia is home to thousands of banks and financial services companies, including banking institutions and over 800 FinTechs. Those financial institutions must learn to navigate a robust legal framework of AML rules in Australia, put in place to protect the country’s financial system against money laundering threats and the financing of terrorism. 

Australia is currently in the process of reforming its AML/CFT regime. Following the Commonwealth Bank and Westpac scandals, the Australian Transaction Reports and Analysis Center (AUSTRAC) has indicated that it will take strong action against financial services firms who do not comply with AML rules in Australia.

Managing Australia’s AML/CFT compliance regulations should be a high priority for FinTechs. Stay on top of your obligations with our list of key AML compliance tips.

1. Understand core FinTech regulatory obligations

Following Financial Action Task Force (FATF) guidance, banks and financial service providers in Australia must meet a number of key AML/CFT obligations. With that in mind, it’s important that all financial organizations understand the following fundamental regulatory compliance steps:

• AUSTRAC registration: All firms that provide designated financial services in Australia must  register with, and obtain an operating license from, AUSTRAC. The types of firms that are required to register with AUSTRAC are set out in Article 6 of the Australian Anti-Money Laundering and Counter-Terrorism Financing Act 2006.
• AML/CFT Program: The FATF requires firms in Australia to implement an internal AML/CFT program consisting of policies and procedures that mitigate the risk of financial crime. The program should be built around effective Know Your Customer (KYC) procedures, including customer due diligence (CDD) measures – and enhanced due diligence (EDD) measures for high risk customers. A suitable AML Compliance Officer should be appointed to oversee the program. 
• Reporting: Where an AML/CFT program detects suspicious activity, firms must be able to report that detail, via a suspicious activity report (SAR), to AUSTRAC. Certain transactions must be automatically reported, such as those involving amounts of $10,000 or more. 
• Record-keeping: In order to aid money laundering investigations, firms in Australia must maintain AML/CFT records for no less than seven years. AML/CFT records must be made available to law enforcement agencies upon request. 

2. Stay up to date with AML/CFT regulations

Following the FATF’s Mutual Evaluation Report (MER) in 2015, the Australian government has been working to address a range of regulatory deficiencies in its financial system. Priority issues include insufficient CDD requirements, a lack of controls for correspondent banks, and, significantly, Australia’s failure to impose money laundering regulations on designated non-financial businesses and professions (DNFBP) – such as real estate agencies, law firms, and casinos. 

With that effort in mind, firms should be aware that Australia’s AML/CFT landscape is in a state of change, with the Attorney General introducing reforms to the AML/CFT Act (2006). Those reforms include:

• A requirement for financial services firms to implement risk-based CDD measures (or engage third-parties to do so). 
• A requirement to implement tighter due diligence controls on correspondent banking relationships. These include reporting requirements for cross-border money transfers of $10,000 or more.  
• More robust information sharing requirements between the public and private sectors. 

Reforms concerning DNFBPs have also been announced. In February 2022, the AML/CFT Increased Transparency Bill introduced a requirement for the Australian government to implement a schedule for DNFBP legislation, including a DNFBP beneficial ownership registry. At the time of writing, the status of this bill under the Labor government elected in May 2022 remains unclear. 

3. Review AUSTRAC guidance

Like other jurisdictions, AML/CFT compliance in Australia relies on an up-to-date understanding of regulator guidance. In practice this means that Australian firms must ensure their MLRO and compliance employees are aware of, and have access to, all the latest news and publications from AUSTRAC – and can implement these effectively across their AML/CFT infrastructure. 

Recent examples of AUSTRAC guidance for AML/CFT in Australia include:

• Payment field misuse: AUSTRAC has issued guidance to help firms prevent criminals using payment text fields to communicate with each other – rather than to simply transfer money. 
• Source of funds and wealth: AUSTRAC has issued guidance on how firms should establish a customer’s source of wealth in suspicious transactions. The guidance includes a range of red flag financial behaviors and highlights the need to monitor high risk customers such as politically exposed persons (PEP). 
• Reporting errors: In order to help firms better report suspicious transactions, AUSTRAC issued guidance on some of the most common reporting errors. 
• Sexual servitude: AUSTRAC has issued guidance to help firms better identify suspicious transactions linked to forced sexual servitude. The guidance set out red flag indicators and stressed the need for firms to implement effective transaction monitoring alerts. 

4. Develop an effective hiring strategy

Australian firms should carefully consider what experience and expertise they need to meet their AML/CFT obligations. Following FATF guidance, all firms need to appoint a Compliance Officer with the authority and expertise to oversee compliance with the AML/CFT Act. As a business grows, however, the MLRO must be supported by capable compliance employees. 

While firms must take their unique risk exposures into account when populating their compliance teams, it’s important to also consider Australia’s evolving compliance landscape – and the skill-sets that environment requires. For example, the Australian Attorney General continues to issue recommendations for reforms to Australia’s AML/CFT Act – with a second tranche of reforms, specifically concerning DNFBPs, yet to be released. 

With those factors in mind, firms in Australia should ensure that their compliance team has a high level of AML/CFT awareness, including knowledge of the following key areas:

• The Australian AML/CFT framework including key regulations and regulatory bodies.
• Key regulatory responsibilities and compliance penalties.
• The key money laundering and terrorism financing risks revealed by their firm’s risk assessment.
• Their firm’s core AML/CFT policies and procedures.
• The personal compliance responsibilities of individual employees.

5. Focus on real risks

Following AUSTRAC guidance, firms in Australia must build their AML/CFT solution around an annual risk assessment. That risk assessment must reflect the risk environment in which the company operates – meaning that it should take into account relevant money laundering predicate crimes and criminal typologies. In Australia, for example, many financial institutions serve large numbers of customers from East Asian diaspora communities which means they must be particularly vigilant for risks such as shadow banking, illegal capital flows, and money laundering involving high end property. 

While focusing on real risks is crucial, firms in Australia must also integrate effective risk-focused tools to manage potential AML/CFT threats. Beyond hiring suitable compliance employees, this means integrating a software solution capable of collecting and analyzing the vast amounts of customer data required by AML rules in Australia, and of adapting to a shifting risk landscape.