The Anti-Money Laundering & Counter-Terrorism Financing Act 2006 (AML/CTF Act)

An AML/CTF Program is required by anyone who provides a designated service under the AML/CTF Act. Typical industries that require AML/CTF Programs are: · Pubs and Clubs · Banking · Bullion Dealers · Bookmakers & Betting Agencies · Casinos · Digital Currency (cryptocurrency) · Financial Services Providers · Remittance Service Providers · Superannuation

Any organisation with an AML/CTF Program must have Part A of their AML/CTF program independently and regularly reviewed.

An AML/CTF program must show how your business addresses the money laundering and terrorism financing risks your business or organisation may reasonably face. The AML/CTF Program is supported by documented policies, procedures and controls used to identify, mitigate and manage those risks. Your organisations AML/CTF program must be risk-based. This means it must take into account the likely level of risk of your business or organisation being used for money laundering and terrorism financing, based on its size, nature and complexity, taking into account: who your customers are the services you provide how you deliver those services the foreign jurisdictions with which you operate

There are two parts to an AML/CTF program: Part A must include processes and procedures to help you identify, mitigate and manage the money laundering and terrorism financing risks that you may reasonably face. Part B is focused on the procedures for identifying customers and beneficial owners including those that are politically exposed persons (PEPs), and verifying their identity. Each organisation is different and has its own unique set of money laundering/terrorism financing risks. This means your organisations AML/CTF Program must be tailored to meet your specific needs, risks and characteristics.

Part A of your program must include the following elements to help you identify, mitigate and manage your risk of being used for money laundering (ML) or terrorism financing (TF). A ML/TF risk assessment of your business or organisation that is regularly reviewed and updated. Board and senior management approval and their ongoing oversight of your program. If your business or organisation does not have a board, Part A must be approved and overseen by your chief executive officer or equivalent. Having an AML/CTF compliance officer at the management level to manage your compliance with your obligations. An employee due diligence program to identify any employees who may put your business or organisation at risk of ML/TF. An AML/CTF risk awareness training program for employees so they know the risks to your business or organisation and what they must look out for. Consideration of guidance material and feedback from AUSTRAC, including anything we have circulated or published about the industry you operate in. Systems and controls to make sure you meet your AML/CTF reporting obligations. Ongoing customer due diligence (OCDD) systems and controls to make sure information collected about a customer or beneficial owner is reviewed and kept up to date, and to determine whether extra information should be collected and verified. OCDD includes having transaction monitoring and enhanced customer due diligence (ECDD) programs. Part A of your program must be regularly independently reviewed. Part B of your program is focused on identifying customers and beneficial owners including politically exposed persons. It must include the following elements to outline how you know your customers and their beneficial owners, and the money laundering/ terrorism financing risk they pose. What customer information you collect and verify to make sure they are who they claim to be, or (for companies and organisations) that they exist, and how you do this. What information you collect and verify about beneficial owners, and how you do this. How you determine if your customer or the beneficial owner is a politically exposed person (PEP). How you respond to discrepancies in customer information. How you decide when you should collect additional information about a customer.

Yes, there are three types of AML/CTF programs. A ‘standard program’ for individual reporting entities. A ‘joint program’ for members of a Designated Business Group (DBG) who choose this option for their AML/CTF program. A ‘special program’ for holders of an Australian Financial Services Licence (AFSL), such as financial planners, who arrange designated services from other reporting entities for their clients. Special programs only need to include Part B of an AML/CTF program.

An independent review is an impartial assessment of Part A of your AML/CTF program. It checks that you’re complying with your program and that it: properly addresses your money laundering and terrorism financing risks complies with your legal obligations is working as it should.

The independent reviewer must be someone who: understands your business or organisation understands ML/TF risks was not involved in any part of developing the program, including assessing your money laundering/terrorism financing risk, developing controls or implementing or maintaining the program. The reviewer can be someone in your organisation or someone external to it. An example of an internal reviewer might be an auditor in your business who doesn’t have a compliance role. An external reviewer might be a lawyer, an accountant or an AML/CTF consultant. You must make sure there are measures in place to ensure the reviewer’s independence. In assessing how suitable someone is to be an independent reviewer, you may want to consider: whether they belong to a professional body that requires its members to meet relevant professional standards whether they are influenced by the people who were involved in the risk assessment or developing the program how well the person understands and applies AML/CTF obligations in relation to your business or organisation. The independent reviewer should not have been involved in: performing any of the functions or measures being reviewed designing, implementing or maintaining Part A of your AML/CTF program developing your money laundering/terrorism financing risk assessment or related internal systems and controls.

An AML/CTF Program Independent review could examine and/or test some or all of the following: whether Part A of your AML/CTF program is current and properly assesses that your policies and procedures are adequate to manage your money laundering/terrorism financing risks the assumptions on which the ML/TF risk assessment was based any changes to your money laundering/terrorism financing risk profile any changes to your AML/CTF practices and policies how well your employees understand and comply with your program how well the business responded to previous recommendations post implementation reviews of how effective changes to Part A of your program were what caused any deficiencies or violations found – and your plans to rectify them whether your AML/CTF employee training program is adequate and effective how you responded to previous recommendations whether your compliance officer has enough seniority and authority how well your transaction monitoring systems are working in identifying suspicious matters whether functions you outsourced are complying with Part A of your program how well your branches and subsidiaries (including those overseas) have implemented Part A of your program.

An organisation may decide how often reviews are done, with a good frequency being every 2-3 years. Where your business or organisation changes significantly (i.e. introduces new products, services), more frequent reviews may need to be done.