Michael Robson—24 February 2014

Michael Robson

24 February 2014

Issues Paper – AML/CTF Act Review Legislative Review and Mutual Evaluation Criminal Law and Law Enforcement Branch Attorney-General's Department

4 National Circuit

BARTON ACT 2600

BY EMAI L : am l r e vi e w @a g . g ov . au

RE: St a tutory review of t h e Ant i -Mo n ey Lau n dering a n d Coun t er-Terror i sm

F i n a nc i n g Act 2006

Dear Sir/Madam

Please find enc l osed my submission to the statutory review of the AML/CTF Act and the

AML/CTF Rules. Yours faithfully

Michael Robson LLB (1st Class Hons)

R ec o mm e nd a ti o ns f o r la w r e f o r m a nd other gover n ment measures

I have set out below 14 law reform and other government measures to improve the efficacy of the AML/CTF Act and the AML/CTF Rules as follows:

1. the AML/CTF Act or the AML/CTF Rules be amended to create a mandatory obligation upon reporting entities to immediately report serious breaches and anticipated serious breaches of the AML/CTF Act or the AML/CTF Rules;

2. the AML/CTF Rules be amended to create a mandatory obligation upon reporting entities that they maintain a breach register for all breaches;

3. the AML/CTF Act or the AML/CTF Rules be amended to create an offence of strict

liability for failing to report a serious breach or anticipated serious breach of the

AML/CTF Act or the AML/CTF Rules;

4. repeal section 82(2) of the AML/CTF Act by removing the civil penalty provision for a breach of a reporting entity’s AML/CTF Program;

5. amend the AML/CTF Rules to require reporting entities to develop a procedure for the identification of suspicious matters;

6. amend the AML/CTF Act to remove the obligation to collect and verify a prospective customer’s identification;

7. amend the AML/CTF Rules to require reporting entities to develop a risk based procedure for the collection and verification of the identification of a prospective customer;

8. amend the AML/CTF Act by codifying the definition of a ‘politically exposed person’ to include domestic public officials and executives of former government enterprises;

9. the Commonwealth government establish and maintain a politically exposed person register;

10. reporting entities be granted access to the Commonwealth government politically exposed person register;

11. the AML/CTF Rules be amended to fully implement FATF recommendation 6;

12. the AML/CTF Rules be amended to require reporting entities to comply with the

Australian Standard on risk management for the assessment of risk;

13. AUSTRAC provide guidance to industry on the timing and expertise requirements for a regular independent review of their AML/CTF Program and

14. AUSTRAC provide further guidance to industry on the meaning of reasonable grounds for suspicion.

Each of these recommendations is addressed below.

A. R eco mm e nd a ti o n s 1 t o 4

Currently, the AML/CTF Act and the AML/CTF Rules do not require a reporting entity to immediately report serious breaches or anticipated serious breaches of its obligations under the AML/CTF Act, or the AML/CTF Rules. This is consistent with the international model provisions, however a reporting obligation for serious breaches would improve the efficacy of the AML/CTF Act. Mandatory serious breach reporting by financial services businesses has been an effective way for the Australian Prudential Regulation Authority and the Australian Securities and Investments Commission to;

assist in the rectification of the serious breach,1 to improve supervisory effectiveness2 and

to identify and address emerging risks and issues. If the AML/CTF Act or AML/CTF Rules were amended, this would create a mandatory obligation to report any serious breach of the AML/CTF Act or the AML/CTF Rules. These breach reports should be directed to AUSTRAC for review and enforcement purposes.

It is recommended that an offence of strict liability be created for failing to report a serious breach or an anticipated serious breach within a specified timeframe as a means to enhance the likely compliance by reporting entities. This would likely have a positive effect on general compliance with the AML/CTF Act and the AML/CTF Rules.

If reporting entities were required to maintain a breach register, the extent of the entries made in the register would provide AUSTRAC with valuable information concerning the reporting entity’s general approach which may highlight which reporting entities have failed to adequately implement their AML/CTF Program. It could also highlight to the reporting entity any systemic problems which may need to be internally addressed or reported to AUSTRAC because their persistent nature creates a serious breach.

To further encourage reporting entities to report serious breaches or anticipated serious breaches, it is recommended that section 82(2) of the AML/CTF Act3 be repealed to remove the civil penalty applying to a breach of the AML/CTF Program. It is a disproportionate penalty that a breach of an AML/CTF Program by reporting entities

1 See generally Australian Securities and Investments Commission, I R 0 6- 1 4 Ind u s t r y embraces e a r l y n ot i f ica t i on of bre a ches (31 December 2010) Australian Securities and Investments Commission

<ht t p ://ww w . a sic.g o v.au / a s i c /asic. n s f /byhe a d l in e / I R+06-

1 4+Ind u st r y+e m braces+earl y + no t i f ica t i o n+ o f +breaches ? op enD o c u m e n t>.

2 See generally Australian Securities and Investments Commission, I R 0 8- 0 4 APRA and A S I C rele a se new o nl i n e reporti n g system for dual-regulated i n sti t u t i ons (31 December 2010) Australian Securities and

Investments Commission <h t t p : / / w ww.as i c.go v .au/asi c / as i c.ns f /b y h eadli n e/IR+ 0 8-

0 4+ A PR A + a nd+ A S IC+release+new+o n l in e +reporti n g+s y s t e m +f o r +dua l - regu l ated+ i nstitu t i ons ? o penD o c u m e nt>.

3 A M L/CTF Act s 82(2).

which has no force of law could attract the same penalty as a breach of the AML/CTF Act, or the AML/CTF Rules.

B. R eco mm end a t i o n 5

AUSTRAC noted in their report into the non-bank financial services industry that there was no obligation under the AML/CTF Rules that reporting entities develop a procedure for the identification and investigation of suspicious matters.

The use of an objective test will give rise to fewer suspicious matter reports (‘SMR s’) than would a subjective test. This will clearly reduce the likelihood of money laundering offences being detected, however, this will also reduce the investigating burden on AUSTRAC. Overall, a lower number of higher quality SMRs will likely improve AUSTRAC’s effectiveness in identifying money laundering transactions. The use of an objective test therefore will likely have the effect of increasing the efficacy of the AML/CTF Act.

The AML/CTF Rules should be amended to require reporting entities to document a procedure for the identification of suspicious matters as a means to standardise an organisation’s procedure and to document the types of matters which may give rise to a reasonable suspicion.

The implementation of the requirement would improve a reporting entity’s ability to identify a suspicious matter under section 41 of the AML/CTF Act. What is not able to be dealt with legislatively is the fact that different business operators will have different size, scale and complexity issues. This will ultimately mean that small reporting entities will be less likely to be able to identify a suspicious matter as a consequence of their systems or limited financial resources.

AUSTRAC have provided regulatory guidelines with respect to the identification of suspicious transactions however these should be updated regularly to provide greater levels of guidance to reporting entities based upon the most recent typology information which AUSTRAC compiles annually.

C. R eco mm e n d a ti o n s 6 & 7

Pursuant to the AML/CTF Act, a ‘customer’ includes a prospective customer. Since the AML/CTF Act4 contemplates circumstances where a suspicious matter reporting obligation may arise from an enquiry for the provision of a designated service, a f o rt i o ri

4 s 41(1)(c)(i).

the AML/CTF Act5 requires that reporting entities collect and verify the identification of a prospective customer at the time of the enquiry in circumstances where they have formed a reasonable suspicion.

Whilst logically the definition of a customer permits a suspicious matter to be reportable prior to the commencement of any contractual relations, the collection and verification obligation in relation to a prospective customer cannot for various practical reasons be fully implemented by reporting entities. Firstly, at the enquiry stage, since this may occur other than by a face to face meeting, the collection of the necessary identification

cannot be undertaken contemporaneously at the time of the enquiry. Secondly, assuming that the enquiry is done face to face, it seems implausible that a moderately intelligent person involved with money laundering would provide any identification at all at the time of the enquiry.

The AML/CTF Rules6 have envisaged such a problem arising and accordingly a reporting entity will not breach the AML/CTF Act7 in circumstances where they have been unable to collect identification information which must be reported in a SMR.

The prospective customer obligation should be removed in favour of amending the AML/CTF Rules to require reporting entities to develop a risk based procedure for the collection and verification of the identification of a prospective customer.

D. Re c o mm e n da t ion s 8 t o 11

The FATF definition of a politically exposed person (‘P E P’), which is probably the most widely recognised, is as follows:

Individuals who are or have been entrusted with prominent public functions in a foreign country, for example Heads of State or of government, senior politicians, senior government, judicial or military officials, senior executives of state owned corporations, important political party officials. Business relationships with family members or close associates of PEPs involve reputational risks similar to those with PEPs themselves. The definition is not intended to cover middle

ranking or more junior individuals in the foregoing categories.8

5 s 32(1).

6 A M L/CTF Rules Ch 18.

7 s 41(1).

8 Financial Action Task Force, M o ney l a unde r i ng g lossary t o the 4 0 recommen d a tions (29 December 2010) Financial Action Task Force <h tt p : / / w ww . f a t f - g a f i. o r g / gl o s s a r y / 0 ,34 1 4,e n _ 3 2 2 5 0 3 7 9 _ 3 2 236930_354337 6 4 _ 1 _ 1 _ 1 _ 1 ,00.h t m l>.

Whilst there are various definitions for who is a PEP, definitions vary globally and currently domestic public officials are not formally defined as PEPs. In addition, the conduct of the executives of the Australian Wheat Board raises the issue of whether executives of such former government enterprises should be included on the PEP list. The Commonwealth government should revise the PEP definition to take into account both domestic public officials and executives of former government enterprises for a period of at least five years and codify this definition in the AML/CTF Act.

Some reporting entities may be unaware that a customer or potential customer is a PEP because they cannot afford to gain access to a commercially produced PEP list. Even in circumstances where the reporting entity is aware that a person is a PEP, there is uncertainty about when the person should be removed from the PEP list.

As a primary means of identification of PEPs, it is recommended that reporting entities be granted access to a Commonwealth government maintained register of PEPs which is updated continuously. This will also enable the government to assess who is a PEP and when they should be removed from the PEP list thereby reducing all uncertainty for reporting entities.

Reporting entities are not required to comply with FATF recommendation 6 and will mostly only comply in circumstances where the ML/TF risk is assessed as high or when a reasonable suspicion arises. It is recommended that the Commonwealth government amend the AML/CTF Rules to require ongoing customer due diligence and enhanced customer due diligence for all PEPs. It is further recommended that FATF recommendation 6 be adopted in full which would further require that senior management approval is granted before the responsible entity provides a designated service to a PEP.

E. Re c o m me n da t io n 12

The word ‘risk’ is frequently used throughout the AML/CTF Act because of the risk based approach which underpins the legislative model, however the word ‘risk’ is not defined in the AML/CTF Act or the AML/CTF Rules. The Merriam Webster dictionary establishes that the word ‘risk’ is defined as ‘the possibility of loss or injury’.9

There is no universally agreed method for assessing ML/TF risks however the most common risk criteria are country, customer and service risk and these criteria are applied

9 Merriam-Webster dictionary <h t t p : / / w w w . m e r ri a m - w e bs t er.c o m />.

in the AML/CTF Rules.10 This requirement means that there must be a basis for assessing the level of ML/TF risk.

Risk is commonly assessed by Australian businesses using the Australian Standard on Risk Management.11 AUSTRAC has released two guides12 including one dedicated to small to medium sized businesses suggesting the use of the Australian Standard, however there is no positive obligation established under the AML/CTF Act or the AML/CTF Rules this be employed for the purposes of risk assessment. The AML/CTF Act