AUSTRAC issues updated guidance on source of funds and source of wealth checks

On October 5, 2022, the Australian Transaction Reports and Analysis Centre (AUSTRAC) published guidance aimed at helping reporting entities identify and verify sources of funds and wealth as part of their know-your-customer (KYC) processes. The advice was drafted earlier this year and underlined the importance of having appropriate risk-based controls for customers that present a higher risk, such as politically exposed persons (PEPs). 

The new guidance builds on an earlier draft, with the addition of questions to consider when developing source of funds (SoF) and source of wealth (SoW) processes and a reminder of reporting entities’ obligations under the Privacy Act.

Developing SoF and SoW processes

When developing SoF and SoW processes, AUSTRAC recommends firms ask the following questions to ensure all procedures align with their risk appetite: 

• Can the customer’s (or beneficial owner’s) SoF or SoF be easily explained, such as through their occupation, investments, or inheritance?
• Is the customer’s background consistent with their former, current, or planned business activity and turnover?
• Do the SoF and SoW explanations corroborate the information obtained through enhanced due diligence, including open-source checks?
• Do high-risk customers require the same verification level to establish the SoF and SoW?
• Should higher thresholds for “reasonable measures” be determined when a foreign PEP is the customer or the customer’s beneficial owner?

According to AUSTRAC, “reasonable measures” means what is practical and necessary in line with the firm’s identified money laundering and terrorist financing risks.

The Privacy Act

In the guidance, AUSTRAC reminds reporting entities that the Privacy Act covers all personal information collected and verified about a person’s identity. Since this type of information can be considered “sensitive,” firms should consider storing the data with a higher level of privacy protection per the Australian Privacy Principles.  

Chapter 11 of the Australian Privacy Principles details the reasonable steps reporting entities should take to ensure the security of personal information obtained throughout the KYC process, including SoF and SoW checks. These include:

• Implementing a culture of data governance and maintaining it through regular training
• Employing data handling practices, procedures, and systems across business models
• Ensuring robust IT and access security
• Developing internal strategies in case of data breaches
• Identifying a process for the destruction and de-identification in certain circumstances

AUSTRAC enforcement investigation

The new guidance follows AUSTRAC’s ongoing investigation of Star Entertainment Group, where concerns had been raised regarding the casino’s customer due diligence and compliance with anti-money laundering and counter-terrorism laws.

Earlier this year, the group’s Chief Financial Crime Officer, Skye Arnott, revealed that the company provided fake SoF letters to the Bank of China to make deposits by high-net-worth individuals appear to have been earned by gambling. During the inquiry, Arnott acknowledged that providing fake SoF letters raised “very significant concerns” regarding anti-money laundering compliance.

While AUSTRAC’s enforcement investigations into the Star Group are ongoing, the recent revelations are a strong reminder of reporting entities’ obligation to maintain accurate SoF and SoW documentation. More information from AUSTRAC on record-keeping best practices can be found here.

Key takeaways

Identifying the SoF and SoW are key elements of an effective risk management framework. Compliance staff should ensure these procedures and processes are accurately documented and applied consistently and in accordance with the firm’s risk appetite. The systems and controls that identify the SoF and SoW must also be subject to regular independent review. 

When conducting the checks, reporting entities must also avoid the common misconception that funds from a bank can be presumed clean. Further action may still be required to prove the funds are not derived from criminal proceeds. 

For more information, the compliance team should consult the frequently asked questions on SoF and SoW issued by The Wolfsberg Group.