The long awaited report on the statutory review of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act), which commenced in December 2013, was tabled in parliament on 29 April 2016. The report made a total of 84 recommendations, which have been welcomed by AUSTRAC.
In this article we focus on the key recommendations made in respect of the customer due diligence procedures (CDD procedures).
Reporting entities that are enrolled with AUSTRAC are required to perform CDD procedures prior to providing a designated service to a customer. These procedures include collection of “know your customer” information (KYC information), verification of KYC information and further due diligence, where required, based on a money laundering/terrorism-financing risk (ML/TF risk) assessment.
The primary issue faced by most reporting entities undertaking CDD procedures is the difficulty in identifying the “beneficial owners” of non-individual customers. In particular where trusts are involved.
Whilst the report made 13 recommendations to improve the existing CDD procedure requirements, the recommendations did not completely address this key issue. Other countries have taken significant steps toward developing national registers of beneficial ownership for AML/CTF purposes. However, in Australia this is an issue that will remain dependent on the willingness of relevant government agencies to further explore this.
Some of the issues that were addressed in the report are set out below.
KYC information alternatives
Currently reporting entities are required to collect a minimum “level” of KYC information as part of its CDD procedures. The report recommended that AUSTRAC explore alternative options to the existing minimum KYC information requirements, with one possibility being biometric technology (i.e. technologies that measure and analyse human body characteristics such as DNA and fingerprints for authentication purposes). It was recognised that the use of mobile phone numbers would not be an appropriate alternative due to the ease by which phone numbers can be obtained using a false identity.
Expansion of simplified CDD procedures
The report recommended that AUSTRAC consider expanding the existing simplified or “safe harbour” CDD procedures to a wider range of scenarios (i.e. designated services, customers) that have low ML/TF risk. However, the extension of the simplified CDD procedures has a number of limitations as it was deemed not to be appropriate to apply a simplified CDD procedure regime to a class of customers, for example individuals generally, as each individual may have a different level of ML/TF risk.
Self-attestation
To provide clarity for reporting entities, the report recommends making the use of self-attestation an express option in the AML/CTF Act/Rules, as a “last resort” where the reporting entity has otherwise been unable to verify the identity of the customer and where the customer is deemed to have a low ML/TF risk.
The AML/CTF Rules currently allow a reporting entity to verify the identity of an individual in a manner deemed appropriate by the reporting entity, which would include self-attestation. However, industry feedback shows that reporting entities are unsure in what circumstances self-attestation is appropriate to satisfy its CDD procedure obligations.
Where reporting entities have accepted self-attestation as a means of verification, the reporting entity would be required to apply ongoing CDD procedures and transaction monitoring in respect of those customers.
Disclosure certificates
Currently, reporting entities are permitted to accept disclosure certificates (which are a form of self-attestation for non-individual entities) for verification purposes. However, there are strict requirement about who can “certify” a disclosure certificate. For example in the case of a trust, only the trustee may certify the document. The report recommends that reporting entities are permitted to accept disclosure certificates that have been certified by an appropriate officer, which will extend the persons who are able to certify such a document.
Relying on CDD procedures carried out by other entities
A reporting entity may currently rely on customer identification procedures carried out by another reporting entity in only limited circumstances. The report recommends that the existing reliance provisions are extended to allow a reporting entity to rely on customer identification procedures carried out by a prescribed third party, which is likely to be limited to credit or financial institutions or other professional entities. To rely on a third party’s customer identification procedures, the reporting entity would need to obtain that third party’s consent and would ultimately remain responsible for conducting the required CDD procedures.
What does all this mean?
The CDD procedures required to be performed by reporting entities under the AML/CTF Act can be difficult to navigate and implement. Implementation of the recommendations in respect of CDD procedures may to some degree assist reporting entities in complying with these obligations. However, to successfully achieve this, the CDD procedures need to be considered and amended as a whole, rather than a number of small “fixes”. Cowell Clarke can provide reporting entities with an AML/CTF Compliance Program that meets the requirements of the AML/CTF Act and assist reporting entities to upgrade or amend existing AML/CTF Compliance Programs. If you would like to find out more about how Cowell Clarke can help you please contact Richard Beissel on (08) 8228 11140 or Julia Winzar on (08) 8228 11125.
Other key recommendations relating to remittance service providers, payment systems and the potential extension of the AML/CTF regime to non-finance professions, including accountants, will be addressed in several subsequent articles.