Do AML Laws and Regulations Apply to My Business? Anti-Money Laundering and Counter-Terrorism Financing Obligations Guide for Australia

Reading Time: 6 minutes

Introduction

Anti-money laundering and counter-terrorism financing (AML/CTF) laws play a significant role in protecting Australian businesses and upholding the integrity of the financial system. These regulations are designed to prevent the misuse of businesses for illegal activities by establishing compliance requirements for designated service providers.

Businesses that offer certain financial services must adhere to AML/CTF obligations, involving the implementation of measures to identify and report suspicious transactions. This guide provides an overview of these obligations and helps businesses understand their responsibilities under the AML/CTF framework.

Who Does AML Apply To: Australian Businesses Subject to AML/CTF Obligations

Australia’s AML/CTF regulatory framework targets businesses that provide designated services under the legislation. These businesses are broadly categorised based on the types of services they provide and the corresponding risk profile. The two primary categories are Financial Service Providers/Tranche One Entities and Tranche Two Entities.

Tranche One Entities/Financial Service Providers

Businesses providing financial services are subject to AML/CTF obligations. This category typically includes entities that hold an Australian Financial Services Licence (AFSL) and arrange for clients to receive designated services. Examples include:

• Life insurance
• Custodial services
• Superannuation fund management
• Securities markets
• Investment services

In addition to traditional financial services providers, the AML/CTF framework also requires businesses offering the following services to register with the Australian Transaction Reports and Analysis Centre (AUSTRAC):

• Digital currency exchange
• Remittance (money transfer) services
• Currency exchange services

Tranche Two Entities

The new Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 (Cth) has expanded the obligations to include higher-risk service providers, identified as Tranche Two Entities. This category encompasses professionals and certain service providers who deliver higher-risk services, including:

• Lawyers
• Accountants
• Trust and company service providers
• Dealers in precious metals and stones

These entities are now required to implement enhanced compliance measures that specifically target the risks associated with money laundering and terrorism financing, in accordance with international standards set by the Financial Action Task Force.

Key Compliance Obligations for Reporting Entities under Australia’s Anti-Money Laundering and Counter-Terrorism Financing Regime

Australian reporting entities providing designated services must meet a range of compliance obligations under AML/CTF regulations. These obligations can be broadly grouped into four key areas:

1. Enrolling with AUSTRAC

Enrolling with AUSTRAC is a fundamental obligation for businesses providing designated services under the AML/CTF regime. The process involves several key steps to ensure your business complies with regulatory requirements:

• Determine Reporting Entity Status: Confirm that your business provides one or more designated services, making it a reporting entity.
• Register with AUSTRAC: Complete the online registration through AUSTRAC Online, where you will submit necessary documentation and business details.
• Set Up AUSTRAC Online Account: Upon successful registration, you will receive access to AUSTRAC Online, enabling you to submit transaction and compliance reports efficiently.
• Provide Required Documentation: Prepare and submit all required documents, such as business identification and details of the services offered.
• Maintain Updated Information: Regularly update your registration details to reflect any changes in your business operations or services.

Ensuring timely and accurate enrolment with AUSTRAC not only fulfils your legal obligations but also helps regulate your business activities effectively.

2. Developing an AML/CTF Program

Reporting entities must create and maintain a tailored AML/CTF program to identify, assess, and mitigate risks. The components of an effective program include:

Developing a tailored AML/CTF program is essential for managing specific risks associated with your business operations. This program should address the unique aspects of your services and customer base to effectively prevent money laundering and terrorism financing.

• Conduct a Risk Assessment: Identify and evaluate the money laundering and terrorism financing risks relevant to your business by considering factors such as customer types, services provided, delivery channels, and jurisdictions involved.
• Implement Risk Mitigation Measures: Develop policies, procedures, and internal controls to mitigate identified risks. This includes establishing clear guidelines for customer due diligence, transaction monitoring, and reporting suspicious activities.
• Employee Training and Due Diligence: Ensure that employees handling AML/CTF functions receive comprehensive training and conduct due diligence on staff involved in these processes.
• Independent Program Evaluation: Schedule regular independent evaluations of your AML/CTF program, at least every three years, to assess its effectiveness and make necessary improvements.
• Establish Reporting Groups: If applicable, form reporting groups within your corporate structure to centralise compliance efforts and enhance risk management across all entities.

By tailoring your AML/CTF program to address specific risks and comply with regulatory standards, your business can effectively contribute to the anti-money laundering and counter-terrorism financing regime.

3. Conducting Customer Due Diligence

a. Initial Customer Due Diligence

Initial Customer Due Diligence (CDD) involves identifying and verifying customers before providing designated services to mitigate money laundering and terrorism financing risks. The steps include:

• Identifying the Customer: Collect information that identifies the customer and assesses the associated risks. This can involve checking a driver’s licence, passport, or company registration on the Australian Securities and Investments Commission (ASIC) website.
• Verifying Identity: Use independent and reliable data to confirm the customer’s identity. For individuals, this might include matching the photograph on a licence to the customer.
• Assessing Risk: Determine if the customer is a politically exposed person or subject to targeted financial sanctions. This assessment helps in categorising the level of due diligence required.

Depending on the assessed risk, businesses may apply different levels of CDD:

• Standard CDD: Collect and verify standard Know Your Customer (KYC) information in line with AML/CTF rules.
• Enhanced CDD: Apply additional measures for high-risk customers, such as foreign politically exposed persons.
• Simplified CDD: Utilise simplified measures for low-risk customers, requiring less rigorous evidence and fewer details.

b. Ongoing Customer Due Diligence

Ongoing Customer Due Diligence (CDD) requires continuous monitoring and updating of customer information to manage evolving risks. Key aspects include:

• Monitoring Activities: Keep an eye on transactions and behaviour for any suspicious activities or unusual patterns.
• Periodic Reviews: Regularly review and update KYC information to ensure it remains accurate and reflects any changes in the customer’s risk profile.
• Risk-Based Approach: Apply CDD measures proportionate to the customer’s risk level throughout the business relationship.

Similar to initial CDD, ongoing CDD can be categorised based on risk:

• Standard Ongoing CDD: Continuously monitor customers according to AML/CTF requirements and the business’s compliance program.
• Enhanced Ongoing CDD: Implement additional monitoring for high-risk customers, requiring more detailed scrutiny.
• Simplified Ongoing CDD: Apply less frequent reviews and lower thresholds for transaction alerts for low-risk customers.

Effective ongoing CDD helps businesses stay compliant with AML/CTF regulations and protects against potential misuse by criminals.

4. Reporting and Record-Keeping Requirements

Robust reporting and record-keeping are essential for transparency and regulatory oversight:

a. Transaction Reporting

Reporting entities must submit specific transaction reports to comply with AML/CTF regulations. These reports include:

• Threshold Transaction Reports: Any transaction involving cash amounts of $10,000 or more must be reported to AUSTRAC.
• Suspicious Matter Reports (SMRs): If there is reasonable suspicion that a client is not who they claim to be or that criminal activity may be involved, an SMR must be filed.

Submitting these reports allows AUSTRAC to monitor and prevent money laundering and terrorism financing activities effectively.

b. Record-Keeping Obligations

Maintaining accurate and secure records is essential for demonstrating compliance with AML/CTF regulations. Obligations include:

• Customer Due Diligence Records: Keep detailed records of all CDD measures taken, including the information collected, and the steps used to verify a customer’s identity.
• Service Records: Document all services provided to customers as part of the AML/CTF program.
• Compliance Activities: Maintain records of ongoing compliance efforts, including any internal reviews or audits.

While businesses are not required to keep copies of identity documents, they must document the verification process and the information used. All records must be retained in accordance with legal requirements, including compliance with the Privacy Act 1988 (Cth), to ensure data protection and regulatory adherence.

By implementing these key compliance obligations—including enrolment with AUSTRAC, developing a customised and effective AML/CTF program, conducting thorough customer due diligence, and maintaining rigorous reporting and record-keeping practices—reporting entities can effectively address and manage the risks associated with money laundering and terrorism financing. This comprehensive approach is essential f

or ensuring ongoing compliance and upholding the integrity of Australia’s financial system.

Are There Any Differences Between Obligations of Tranche One Entities and Tranche Two Entities?

While both Tranche One Entities and Tranche Two Entities share similar core obligations such as enrolment, developing a compliance program, customer due diligence, reporting, and record keeping, the key distinctions are:

• Staggered Commencement Dates: Tranche One Entities are already subject to the obligations, whereas Tranche Two Entities must be prepared for a future effective date (July 2026).
• Specific Services Covered: Tranche Two obligations extend to additional services, particularly in the legal sector, involving activities like facilitating real estate transactions, managing funds, and providing certain corporate services.

These differences ensure that the regulatory framework captures the appropriate risks associated with different types of services while maintaining a consistent compliance structure across all reporting entities.

Conclusion

Understanding and complying with Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) obligations is crucial for Australian businesses, particularly those providing designated services like financial, legal, or real estate services. The new AML/CTF Amendment Act 2024 (Cth) expands these obligations to higher-risk service providers. By adhering to these regulations, businesses protect themselves from legal repercussions and contribute to the integrity of Australia’s financial system.

Our specialists possess unparalleled expertise in navigating the complexities of AML/CTF regulations, ensuring your business meets all obligations efficiently and effectively. Don’t wait until compliance issues arise—reach out to our support team now to safeguard your business and uphold the highest standards of legal and financial integrity.

Frequently Asked Questions