Bring out the good china and hope your AML/CTF compliance is up to scratch
AUSTRAC recently released its supervision, enforcement and intelligence strategies for 2011 and beyond, providing an indication to industry of its regulatory focus in the coming years.
For many reporting entities this may result in a visit from the Regulator given it plans to undertake roughly 2,700 behavioural assessments, 355 desk reviews and 80 on-site assessments in 2010-11. This is in addition to surveys planned across five industry sectors.
Reporting entities should consider reviewing their compliance measures in the following areas identified by AUSTRAC to determine whether they are sufficient:
- transaction reporting
- AML/CTF programs and customer identification
- ongoing customer due diligence
- AML/CTF compliance officers.
Remitters should be particularly conscious of their obligations. AUSTRAC has indicated that it will focus on investigating and taking enforcement action against reporting entities in the remittance sector that have a high ML/TF risk exposure, following the introduction of rules earlier this year allowing the AUSTRAC CEO to remove a person's name and registrable details from the Register of Providers of Designated Remittance Services. AUSTRAC proposes to release a practical guide for remitters in 2010-11.
Regulation of remitters may become even more stringent with the release on 11 November 2010 of the exposure draft of the Combating the Financing of People Smuggling and Other Measures Bill (open for public consultation until 10 December 2010), which proposes to amend the AML/CTF Act. The Bill would introduce a more comprehensive regulatory regime for the remittance sector by extending regulation to providers of remittance networks, replacing the existing 'automatic' registration regime with an approval-based system, and providing AUSTRAC with a new set of associated enforcement powers such as the ability to suspend, cancel or impose conditions on registrations.
Based on its strategies and discussions at recent industry forums, AUSTRAC's key priority in the coming years will be transaction reporting.
Reporting entities are required to provide reports on threshold transactions (cash transactions over $10,000), suspicious matters and instructions for international funds transactions.
AUSTRAC has indicated that it will have a particular focus on under reporting, non-reporting and the quality of transaction reports.
Anomalous transaction reporting behaviour will be detected by comparing reporting entities' transaction reporting against their industry cohorts.
Reporting entities should consider whether they have appropriate systems in place to ensure that they are reporting when they should be, that the reports provided are accurate and complete, and that they are provided within the time constraints imposed by the AML/CTF Act.
Reporting entities whose reporting behaviour is outside the range of expected behaviours for their sector may be subject to escalated engagement with AUSTRAC such as desk reviews and on-site assessments to determine the basis for the behaviour.
The penalties for failing to provide transaction reports are severe including monetary penalties of up to $11 million for companies and $2.2 million for individuals.
AUSTRAC's public legal interpretation series (www.austrac.gov.au/pli.html) provides guidance on the transaction reporting requirements.
On 9 November 2010 AUSTRAC released a new draft guidance note in relation to international electronic funds transfer instruction reporting requirements. The draft guidance note is open for public consultation until 7 December 2010 (www.austrac.gov.au/guidance_notes.html).
AML/CTF programs and customer identification
Assessing AML/CTF programs and compliance with know your customer (KYC) obligations will also be a priority for AUSTRAC in coming years.
At a recent industry forum AUSTRAC expressed several concerns in relation to these areas including:
- lack of procedural detail in AML/CTF programs – AUSTRAC commented that there was a tendency for reporting entities to adopt 'cookie-cutter' style programs when the AML/CTF Act was introduced, which state what the reporting entity will do at a high-level by essentially reciting the legislation without fleshing-out the actual procedures that will be followed (employee due diligence, dealing with AUSTRAC feedback, oversight and independent reviews were flagged as frequently neglected areas)
- inpendent reviews – AUSTRAC claims that many reporting entities are failing to conduct independent reviews and that where they are being conducted there are often issues associated with the reviewer not having the appropriate AML/CTF expertise or taking a biased/conflicted approach because of their ownership of the original AML/CTF program and related policies, ie there is a lack of independence. AUSTRAC indicated that an independent review should assess the effectiveness of the AML/CTF program in terms of reflecting the regulatory requirements as well as the effectiveness of implementation of those requirements. AUSTRAC's Supervision Strategy indicates it is working to develop additional guidance on independent reviews
- reliance on other entities' KYC procedures – AUSTRAC's view is that where a reporting entity relies on outsourced service providers to meet its compliance obligations such as relying on the customer identification procedure conducted by a financial planner, the reporting entity must either incorporate the service provider within its compliance regime ie train its staff and subject its activities to the reporting entity's oversight or conduct a due diligence and risk assessment in relation to the service provider's own procedures to satisfy itself that reliance on the service provider is appropriate
- KYC staff training and systems – AUSTRAC was critical of reporting entities that fail to properly train staff collecting and verifying KYC information and also those that implement systems that can be easily circumvented by staff, for example where a mandatory field can be completed by merely entering a space or null data such as '123456789' where a number is required.
Consideration of these common deficiencies by reporting entities may reveal weaknesses in their own compliance measures.
Ongoing customer due diligence
Compliance with the ongoing customer due diligence obligations will also be a key focus for AUSTRAC.
These obligations require reporting entities to implement:
- risk-based systems and controls to determine when further KYC information should be collected or whether existing KYC information should be updated or verified
- a transaction monitoring program
- an enhanced customer due diligence program.
AUSTRAC has stated that measuring the effectiveness of these programs in the non-banking financial services and gambling and bullion sectors will be a priority, and that for major reporters (AUSTRAC's highest volume reporters) this will include an assessment of the resources allocated to transaction monitoring, processing, procedures and the management of alerts generated by transaction monitoring.
AML/CTF compliance officers
In a recent industry forum, AUSTRAC expressed its concern that not enough of AML/CTF compliance officers' time is spent on AML/CTF matters.
This concern echoes the finding of its late 2009 survey in relation to compliance officers which revealed that almost half of all respondents spent 10% or less of their time on AML/CTF matters.
Reporting entities should consider whether the time spent by their AML/CTF officers is sufficient to meet their compliance obligations.
What should reporting entities be doing?
Transaction reporting – review transaction reporting procedures to ensure reports are provided when they should be, on time and include the correct data
AML/CTF programs and customer identification -
- review AML/CTF programs to ensure they provide an appropriate level of procedural detail rather than merely high-level outlines of compliance measures
- ensure independent reviews will be conducted and at appropriate intervals, reviewers have the necessary expertise and independence, and that the implementation of the program is reviewed as well as the regulatory compliance of its content
- if relying on another party to meet AML/CTF obligations, ensure they are either subject to the reporting entity's compliance measures or have their own sufficient measures
- ensure staff involved in KYC procedures have appropriate training and test whether systems can be circumvented
Ongoing customer due diligence – review the appropriateness of procedures, resources allocated to ongoing customer due diligence and management of alerts triggered by transaction monitoring
AML/CTF compliance officers – ensure officers have adequate time to fulfil the role.
We can assist by reviewing AML/CTF programs and procedures to ensure they address AUSTRAC's concerns.
AUSTRAC's supervision, enforcement and intelligence strategies and accompanying media release are available at www.austrac.gov.au/30sep10.html.