Current state of the bill
The Anti-Money Laundering and Counter-Terrorism Financing Amendment Bill 2024 (the Bill) was introduced in Parliament on 11 September 2024 and passed by the Australian Parliament on 29 November 2024. At the time of writing (6 December 2024) it awaits only the assent of the Governor-General before it becomes an Act.
The Bill contains significant reforms to the existing Anti-Money Laundering and Counter-Terrorism Financing Act 2006, encompassing amendments across twelve schedules. These reforms change many areas including AML/CTF programs, Customer Due Diligence (CDD), regulation of additional high-risk services, program governance, legal professional privilege, tipping-off offences, disclosure of AUSTRAC information, virtual assets services, bearer negotiable instruments, value transfers, international value transfer services, AUSTRAC's powers and definitions, the repeal of the Financial Transaction Reports Act 1988, and transitional provisions.
The reforms align with the Australian Government’s decision, following the Senate Legal and Constitutional Affairs References (LCAR) Committee’s 2023 recommendations, to initiate public consultations on the proposed changes. Two consultation periods, held in June 2023 and June 2024, garnered substantial feedback, reflecting broad support for the reforms aimed at clarifying obligations and removing ambiguities in the existing provisions.
Based on what AUSTRAC has indicated publicly, draft rules may be published later this month (that is, in December 2024). When these are published, it will be important that Reporting Entities (REs) take the time to understand them as they will show how AUSTRAC plans to implement the requirements of the Bill.
Further analysis of the legislation by Minter Ellison can be found in our article, A new dawn: AML/CTF reforms finally see the light of day.
For gatekeepers - what has changed
The Bill introduces a range of changes to lift Australia's efforts in combating financial crimes.
The current AML/CTF framework will be expanded to cover additional high-risk services, known as ‘tranche 2 services’. These services include changes to:
- Real Estate Developers and Agents: The property market, often a target for money laundering, will see stronger oversight. Real estate professionals will be required to identify and report suspicious transactions.
- Trust and Company Service Providers: These entities, which help establish and manage legal structures like trusts and companies, will face increased scrutiny to ensure they are not being exploited for illicit purposes such as money laundering or terrorism financing.
- Legal professionals: Those who often act as intermediaries in certain financial transactions will now be required to comply with AML/CTF obligations. This will help close potential loopholes in the legal profession, ensuring that illicit funds cannot be laundered through legal structures or trusts.
- Accountants: As trusted advisors in managing wealth and financial affairs, when providing certain categories of service, accountants will be required to implement enhanced due diligence and reporting requirements when they detect suspicious financial activities.
- Dealers in Precious Metals and Stones: Given the high-value nature of these goods and their use in laundering illicit proceeds, dealers will now be subject to AML/CTF obligations.
At a broader level, the Bill also outlines a number of other proposed changes that are designed to further embed the risk-based approach (as opposed to a prescriptive approach) to compliance and will impact all reporting entities (not just gatekeepers). Examples of simplified or clarified areas that will affect existing AML/CTF requirements include subjects such as independent reviews (which must occur at intervals of not more than 3 years, changes and clarifications around IFTI reporting, compulsory risk assessments, customer due diligence processes that on the one hand will depend on a risk assessment of each individual client/customer (rather than the class of client/customer of the service provider) but which on the other hand appear to be more flexible, and refocussing of transaction monitoring towards serious predicate offences.
What does this mean for you as a gatekeeper or new RE?
AUSTRAC have promised extensive guidance, simplification and consultation on the practical implications of compliance around these new amendments. Regardless, it is our view that in some cases, the implementation of these changes will have significant implications for organisations that have not been part of the AML/CTF compliance regime in the past. Expect an increase in compliance costs, operational disruptions, and a greater need for improved data management systems - all while navigating a heightened risk of non-compliance once the reforms are bedded down.
Based on our experience operationalising AML/CTF Programs, we have rated the complexity relating to each reform that might necessitate a more focused approach in particular areas.
Enrol with AUSTRAC
Likely requirement: If your business provides a designated service, the reporting entity will be required to enrol with AUSTRAC.
Complexity: Low.
Our experience: Despite this being a seemingly straightforward task, close attention must be paid to ensure it is prioritised, accurate, current, and then maintained.
Develop & maintain an AML/CTF program (which must include an ML/TF risk assessment)
Likely requirement: Conduct an assessment of the ML/TF risk faced by the organisation in providing a designated service. Develop, implement and maintain a group-wide AML/CTF Program to manage the risks identified in the risk assessment, and to ensure that all reporting entity members comply with obligations.
Complexity: Medium.
Our experience: Risk assessments are a critical area of regulatory focus. These need to be specific and comprehensive – frequently they are criticised for being generic and ‘off the shelf’, The adequacy and maintenance of these assessments are a common point of failure for many organisations. The AML/CTF Program must reflect the risks faced by the organisation, as documented in the risk assessment.
Conduct consumer due (CDD) diligence
Likely requirement: Verify customer identity in a manner that addresses the risk.
Complexity: Medium.
Our experience: The consistent execution of procedures can be problematic. Often reporting entities fail to follow their own CDD procedures. The amendments suggest a more flexible and outcome focussed CDD framework going forward.
Conduct ongoing customer due diligence
Likely requirement: Identifying whether a client's risk rating should be amended, and whether additional ’enhanced” procedures’ should be followed, such as validating source of wealth and funds.
Complexity: High (in some cases).
Our experience: Many organisations struggle to identify and validate the change of circumstances. Enhanced procedures such as source of wealth and funds enquiries may be difficult to practically implement.
Report certain transactions and suspicious activity
Likely requirement: Submitting Threshold Transaction Reports (("TTR's), at any time a transaction with a client involves $10,000 or more in cash) and suspicious matter reports (SMRs)
Complexity: High.
Our experience: This is a reoccurring area of failure which can have significant regulatory consequences. It has a critical regulator focus and technological dependencies exist in many cases. AUSTRAC has made several comments recently concerning the lack of 'quality' of submitted SMR's.
Make and keep records
Likely requirement: Reporting entities are required to make and securely store records about their CDD measures.
Complexity: Low.
Our experience: A common area of failure includes the inadequate execution of record-keeping procedures.
What's next?
The 2024 Amendment Bill is a crucial step in strengthening Australia’s regulatory framework, but it is not the end of the journey. As financial crime continues to evolve, so too will the regulator's focus.
The bill contains a number of specific descriptions of designated services which will now be subject to AML/CTF laws. This means that many businesses will be regulated for the first time. It also means that even for those businesses who are currently regulated, there may well be activities that were not previously within the reach of the regulations.
A critical first step for organisations is to understand the detail of the services they provide, and whether those services constitute designated services as detailed in the amendments. This should involve detailed mapping of processes, including walkthroughs, and potentially legal advice to determine what applies,
With the upcoming proposed commencement date for the reforms soon to be determined, the key challenge will be effective implementation. Affected organisations must ensure that they are equipped with the tools and knowledge to meet their new responsibilities. The ease of adaptation and the manner in which an organisation is able to respond to these reforms with minimal customer impact will become a business differentiator over the next few years.
Led by some of Australia’s most respected practitioners, our Risk and Regulatory team work with clients to assess, manage and leverage risks, understand obligations and implement systems that align with constantly developing regulations in a practical and strategic manner. If required, that team can also be supported by legal experts on AML issues from Minter Ellison.