Review of the AML/CTF
Regime
December 2013
28/02/2014
This document contains information on meeting with Australia’s anti-money laundering and
counter-terrorism financing obligations. The content is based on industry experience across a range of clubs and hotels.
About the Author
Trojan Corporate is a consulting company formed in 1999 as McGurgan Group Management to provide specialist management and consulting services to the hospitality leisure industry. Our purpose as dedicated professional consultants and trainers is to develop effective profitable solutions for the hospitality and tourism industries. The team has commitment to providing outstanding service to each and every client ensuring responsiveness, accessibility, involvement and accountability.
Trojan Corporate offers services to many and varied clients who require specialise knowledge and industry experience to develop compliance solutions and manage legislative risks with a hands on approach.
Trojan Corporate has had a trusted working relationship with Twin Towns Services Club (TTSC) since
2007. Trojan Corporate is a dedicated resource team that is responsible for the compliance program at the Club. Our team works onsite to advise, mentor, monitor and support the organisation in the development of a sustainable compliance framework and culture with the Twin Towns Services Club team.
Review of the AML/CTF Regime – December 2013
Associated Costs:
1. Preparation of an AML/CTF Compliance Program
The costs of preparing an AML/CTF Compliance Program will vary greatly, dependent upon the AML/CTF knowledge held by the reporting entity and in turn the appointed AML/CTF Compliance Officer. Costs of programs can vary from $0 for a program that has been “acquired”, or up to many
$1,000’s; dependent on the use of consultants or lawyers, or the reporting entities own time spent on writing the program. Many clubs and hotel operators have used templates provided by industry associations or paid lawyers to develop programs, which have failed greatly when it came to audit and assessment. Additional costs have then been incurred where the failed document has needed to be updated or in many cases, completely rewritten. Many operators have been disillusioned thinking ‘if they can’t get it right, what chance have I got? This on their part leads to regulatory burden for them.
In developing an AML/CTF compliance program a venue should expect a consultant to spend anywhere between 8 – 40 hours to develop a program. How quickly the process takes is largely dependent upon the commitment of the venue to provide information, complete questionnaires and review documents.
2. Staff screening, induction and on-going training
Venues have many different options as to the way that they can implement risk awareness training. Many venues overburden their employees by incorporating the entire version of the AML/CTF Compliance Program into the induction process and require all staff to read it, this is not practical and not relevant and can lead to confusion amongst team members. Training can be delivered as an online option by training providers from approximately $40 per person. Face to face training can cost anywhere between $400 per course (allowing approximately 20 participants), through to $3645 to enrol an AML/CTF Compliance Officer into a Diploma of AML/CTF Management Course. Other options for venues include; developing their own program or engaging a third party. Both options come at a cost; however, the third party option costs may begin at around $400 through to $2,000 or so.
Since 2008, total AML/CTF training costs at TTSC are estimated to be approximately $5148 annually. These figures do not include time allocated to TAB training which is delivered by TABCORP. A breakdown of estimated cost is included below:
TTSC (employing approximately 400 staff) has completed 20 training sessions for 307 team members (face to face delivery) as a 2 hour course. Approximate cost of employees attending plus trainer costs is approximately $20,000 from 2008 to 2013; an average of
$4000/year. This includes researching and updating content and time allocated for record keeping.
Online training has been completed by 12 employees at a cost of $45 per course, equating to
$540 to date.
For induction training costs are approximately $5200 since 2008; allowing approximately 15 mins of a Senior Duty Manager time to cover AML/CTF Compliance to 692 employees.
One of the most common questions asked by clubs and hotels is ‘how often do I need to complete training with my staff and who needs to attend?’ Many operators are used to dealing with very prescriptive regulation with regard to training i.e. RSA and RSG/RCG. In comparison to dealing with a minor or an intoxicated person, the likelihood of having a person laundering money in a club or hotel is relatively low. RSA RSG training in NSW is required to be completed once every 5 years and in QLD must be completed within 30 days of commencing employment in a gaming or liquor related role; there is no requirement for recertification in Qld.
Many clubs and hotels are completing AML/CTF training on an annual basis. Often we see the wrong people rostered to attend training; and those who should attend the training, do not. This has direct and indirect costs to the business. Some operators have been led to understand that risk awareness training MUST be completed annually. The AML/CTF Rules do not specify annual training requirements. Generally speaking where a venue has an appropriately developed AML/CTF risk awareness training program (supported by good management practices i.e. staff meetings, information updates etc) training should only need to be provided once every 2-3 years thereby reducing the training costs. Perhaps the frequency needs to be a little more prescriptive and could be applied by AUSTRAC based on the venues risk rating.
Perhaps the AML/CTF Rules or guidance material could include a statement similar to:
‘Training may be carried out by either an internal or external party who has the relevant skills and experience, including knowledge of the business and AML/CTF legislative obligations’.
Some marketing material from training companies/consultants has added confusion with regard to the frequency for training.
3. Transaction monitoring and reporting
Many AML/CTF programs detail what needs to be complied with for gaming compliance and venue policy rather that what procedures are in place for meeting with the obligations of the AML/CTF Act. The implementation of the transaction monitoring program for AML/CTF purposes in some cases is limited given that the focus has been toward meeting compliance with the Gaming Machine Act. As clubs and hotels come to gain more knowledge in this area it would be fair to say that the costs of transaction monitoring will increase.
4. Independent review of the AML/CTF program
The cost of reviewing and updating programs depends on how well the initial program was developed and written. A club could expect a consultant to spend anywhere between 4 to 40 hours on independent review.
For the 2013 independent review of the TTSC compliance program 3 days were allocated to completing the review by the Finance Officer. Further review is currently underway and may see another 1 – 2 days allocated to the process by the independent party. Additional time will be spent updating the program based on recommendations and another 1 -2 days minimum should be allowed for this process. Not included is the time taken by relevant managers and directors to read over related documentation or time taken to discuss and approve the program at Compliance and Board of Management levels.
Many compliance programs state that independent review will occur annually; however, the reality is that for a high proportion of venues this does not happen. Some operators have been led to understand that independent review is to occur annually and this increases the cost of doing business, which in-turn leads to a regulatory burden.
The AML/CTF Rules do not state a frequency for review. However, the ACR includes the following question:
Was an independent review of your AML/CTF program conducted by: (a) an internal party?
Yes ¨ No ¨
(b) an external party? Yes ¨ No ¨
To many, this implies that IR must occur annually. The ACR could also ask, how often the venues
compliance program states that independent review occurs and then seek confirmation that this has occurred accordingly.
Some marketing material from training companies/consultants has added confusion to the frequency for independent review.
5. Record Keeping
Not really known as different personnel perform different tasks and time taken is not recorded.
The level of usefulness of guidance and/or feedback from AUSTRAC
For Clubs and Hotels the new AML/CTF Compliance guide for hotels and clubs licensed to operate electronic gaming machines appears on the surface to be on track to assisting small to medium sized operators develop a suitable program. There has been a notable disconnection between having a written program in place and the actual implementation that is required amongst some operators. The template approach should simplify the program development process. The tool does refer to useful AUSTRAC publications and the inclusion of the Self Assessment Questionnaire could be
questioned – the questionnaire is extremely complicated and for a smaller operator possibly irrelevant.
AUSTRAC should focus their attention to developing stronger ties with industry and providing guidance on how to meet with the obligations of the Act, particularly with regard to OCDD. If the reality is that gaming machines are being used for laundering money and financing terrorism a better understanding is required between those who understand the EGM’s and gaming and with those who understand money laundering and terrorism financing. The link between organised crime and money laundering should be focused upon. This should assist in appropriate guidance and feedback from AUSTRAC.
The AUSTRAC e-learning centre is a great tool for reporting entities; however, offers little value to many clubs and hotels due to the complex nature of the information therein. Further, confirmation of the training having been completed would be beneficial to many operators. The confirmation could be sent to the email address of the person completing the training, much like that when the ACR is lodged.
The classification of the money-laundering risk for club electronic gaming machines and the risk based approach in the legislation
Nowhere in the ACT, Regulations, Rules or guidance material does it state a classification of the money laundering (or terrorism financing) risk for club electronic gaming machines. This is for each operator to understand and determine. This risk based approach is extremely hard for venues to understand and perhaps for smaller operators a more prescriptive approach would be a better option.
Industry has generally been willing to accept that it is “low risk” and taken comfort in this; however, all venues are different and this is where they have fallen down. Yes, the industry is low risk in comparison to say the finance industry; however, few have understood the risk assessment process and how this applies to their own venue.
Does a less prescriptive approach create innovation? The WHS Act is an interesting comparison; where people are involved in consultation and finding a solution to a problem, the control measures are generally more appropriate and more likely to be followed. For this reason the risk based model is worthy and supported. Education is the key to its success.
AUSTRAC has its own tools to rate the risk of each reporting entity with which it deals. This risk tool should be able to be used more proactively to determine whether a prescriptive based approach to regulation is more fitting or if the risk based approach is most relevant.
Reducing the regulatory burden for clubs and hotels
Is there a regulatory burden or is it just a lack of regulatory understanding that implies a burden? Understanding AML/CTF obligations is critical, once an operator understands it will seem less onerous. Higher risk venues should expect to be part of a robust audit methodology, lower risk venues less; however, where a higher risk venue is found to have good practice and implementation in place the frequency of audit should be adjusted accordingly.
Many operators have experienced difficulty in understanding what the compliance assessment reports (from AUSTRAC) are requiring or recommending. As such, they will approach a third party, consultant or lawyer for assistance and incur additional costs. If financial assistance could be provided to operators who use approved consultants this would assist the burden on the venue, add to the education process and ensure the final result is adequate and less burdensome on the business.
The issues paper, FATF recommendations and ACC Organised Crime in Australia 2013 all discuss globalisation and rapidly changing technology, this is the very reason the Act is risk based approach. The risk based approach to regulation allows for differences in the types of operations across different industries. Within hospitality there are many different venues with different levels of risk.
There needs to be a greater emphasis placed on consultation between the regulator, industry associations and industry operators to develop far greater understanding between the legislative obligations and what this means in practical terms for operators.
Education is the key to both self regulation or the existing risk based approach. A rebate or grant system would assist greatly with the costs of implementing a program using approved/accredited consultants/lawyers under the current system. If rebates for attending training courses or even regulator information sessions were available then this may also assist.
The Privacy and AML/CTF Act are both very complicated Acts, more effective on the ground guidance from both AUSTRAC and the Privacy Commissioner on the practical implementation of both legislations and the relevance of each to the other would be of assistance to many operators.