On 11 December 2024, AUSTRAC released draft rules for public consultation, following the recent passing of the Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Amendment Act 2024, which received Royal Assent on 10 December 2024 (Act) (Access our earlier Insight piece on the Act). The public consultation is open for submissions until 14 February 2025, providing a limited window for review and feedback.
The draft updates the existing Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No.1) (Draft Rules), but in practical terms the effects of these Draft Rules will be a comprehensive re-write of the existing rules, in line with the thorough changes to Australia's AML/CTF regime that the Act represents. For existing reporting entities, and also for 'tranche two' entities (including real estate professionals, trust and company service providers, dealers in precious metals and precious stones and professional service firms) which will be subject to the regime, the Draft Rules will need to be carefully reviewed and understood once finalised.
The Draft Rules as now released do not cover updates on the specifics of enrolment, registration, record keeping and suspicious matter, and threshold transaction and international value reports, with a draft for consultation on those rules expected to follow next year. For the most part, the AML/CTF reforms do not take effect until 31 March 2026.
The consultation paper issued with the Draft Rules expresses a view that the current rules are overly prescriptive. The Draft Rules are designed to provide greater flexibility focused on risk and outcomes. There is potentially a trade-off between flexibility on the one hand and certainty on the other. AUSTRAC is contemplating that it will need to support the less prescriptive rules with comprehensive guidance. We are expecting to see a separate consultation process on AUSTRAC guidance during 2025.
Below we set out some of the key points from the Draft Rules:
1. Reporting Groups: The Act replaces the 'designated business group' concept with 'reporting groups'. A reporting group will have a lead entity which need not provide designated services. According to the Draft Rules, the primary definition of a lead entity is that it must control all members of the reporting group. Control does not necessarily mean that a reporting entity must be a subsidiary of a lead entity, it can be that the lead entity has the most direct control of all other members of the group that provide a designated service. A lead entity can take charge of AML compliance for the reporting group.
2. KYC/CDD requirements: Moving beyond the prescriptive rules of the exiting regime, reporting entities must take reasonable steps to establish that the customer is the person the customer claims, in most circumstances prior to providing a designated service. In addition to matters set out in the Act, for an individual the Draft Rules require verification of at least date and place of birth, and for a business customer, amongst other requirements, the reporting entity must also establish the nature of the customer’s business and their ownership and control structure.
Place of birth is potentially a controversial inclusion because for most individuals this would involve producing a birth certificate or passport because other forms of ID do not specify this. While the Act and Draft Rules suggest a more principles based/outcome focused approach to CDD, the full implications of this in practice will require careful consideration.
3. Independent evaluations and Risk assessment review: The Act requires ‘independent evaluations’ of a reporting entity’s AML/CTF program at least every 3 years (which replaces and has a broader scope than the independent reviews required under the existing regime). Continuing on, the Draft Rules also create a positive obligation that a reporting entity review its risk assessment if an independent evaluation report contains adverse findings. Reflecting expectations of dynamic updates to an entity’s AML/CTF policies under the new regime, this review must occur as soon as practicable once the independent evaluation report is received.
4. AML / CTF policies: A reporting entity's AML/CTF program will comprise both the risk assessment and AML/CTF policies. The Draft Rules require that the AML/CTF policies cover a number of issues, and that they be reviewed and updated if there are any adverse findings following and independent evaluation. The issues AML/CTF policies must cover include:
a. Tipping-off prevention protocols - Under the existing regime, reporting entities are currently prohibited from sharing any information about suspicious matters to anyone, other than to AUSTRAC. The reforms reframe this as a prohibition on disclosing or sharing relevant information where that action could reasonably prejudice an investigation, and permits sharing between entities in a reporting group and to their lawyers and accountants (in certain circumstances). Reflecting this the Draft Rules require that a reporting entity's AML/CTF policies must deal with establishing safeguards to prevent tipping off, including by ensuring the confidentiality and appropriate use of information disclosed by the reporting entity to persons employed or otherwise engaged by the reporting entity.
b. Timely assessment of potential suspicious matters - The policies must enable timely review of material that is relevant to potential suspicious matter reports, ensuring determination, as soon as practicable, of whether the reporting entity suspects on reasonable grounds, that a suspicious matter report needs to be made.
c. Personnel due diligence - Due diligence must be conducted of personnel who are relevant to the reporting entity meeting its obligations under the Act. The Draft Rules require that the reporting entities AML/CTF policies mandate the consideration of the person’s skills, knowledge and expertise relevant to the particular responsibilities of the person under the AML/CTF policies and their integrity.
d. Personnel training - Reporting entities must provide training to personnel both at onboarding and ongoing, which must be appropriate to their particular function, the particular money laundering risks relevant to their function and their particular responsibilities under the AML/CTF policies.
e. Senior Manager approval – Politically exposed persons (PEPs). The Draft Rules expressly require that there is senior manager approval prior to providing designated services to foreign PEPs and to domestic/international organisation PEPs, if they are high risk.
5. AML/CTF Compliance Officer - fit and proper: The Act requires that the AML/CTF Compliance Officer is a fit and proper person, and the Draft Rules stipulate that a reporting entity must have regard to certain factors, including that the individual possesses the competence, character, diligence, honesty, integrity and judgement to properly perform the duties, and whether they have been subject to any adverse findings/serious misconduct by a regulatory body in Australia or overseas.
The embedding of risk assessment requirements into compliance program requirements means that a combination of legal and risk consulting expertise will be required to ensure compliance. MinterEllison is uniquely placed to bring an integrated offering of experienced risk and regulatory consultants and lawyers to support existing reporting entities and newly captured businesses on AML/CTF projects and any related regulatory engagements.
MinterEllison would be pleased to assist and advise on the implications of the AML/CTF reforms on your business, and to discuss the Draft Rules further with you, including if you are considering a submission to AUSTRAC on the draft rules.