I attended the AML / CTF1 session in Perth on Friday with the Minister (Chris Ellison), Greg Mole and Jeff Gray from the Department and KPMG and two things became even clearer about the legislation.
- It is a fundamentally different type of regulation to that which we are used to here – truly risk based; and
- There is a lot of work to be done.
The difference in point one is that, unlike the old AML act, there are no prescribed minimums. The old 100 point check (passport and driver’s license, please) and reporting certain transactions to AUSTRAC are now gone to be replaced by your own assessments of the risk, with AUSTRAC coming in to look at your systems from time to time. For example, for a grandmother coming into a bank to open a savings account to put her pension in it may even be easier, requiring less identification – perhaps just a utility bill. For a person ordinarily resident overseas opening an account to take the proceeds of sharetrading much more may be required – and it is up to your risk assessment to sort out how much.
In the later stages of the implementation you will need to pick up suspicious transactions, even if they are under the normal limits. What are “suspicious transactions”? Well – risk based again. The grandmother in the previous example starting to receive increasing amounts from a few different accounts around the country and then withdrawing them as cash may well be suspicious – whereas for other clients this may be perfectly normal behaviour.
The great advantage from a regulatory view of this type of system is clear – prospective launderers will not know what the systems are looking for unless they have someone inside – and even someone inside may not know all of the things to look out for. Search algorithms can also be regularly changed and updated in ways that could pick things up that they did not before.
The problem is, of course, point 2. Because there are no prescribed minima, a lot of thought and effort has to go into it. Getting it right will give you a good advantage – low risk customers will find it easier and more convenient to open accounts and trade. Higher risk customers can also be accomodated, but with systems in place to track what they do you are more likely to be covered from reputational risk.
Get it wrong, though and there could be real trouble. If you have your risk assessments wrong you risk a strong discussion with a newly beefed up regulator, or, worse, visits by some odd customers with addresses in fairly remote locations.
Compliance officers, senior management and front line staff will need to give this some serious work.
1 AML / CTF – Anti-Money Laundering / Counter Terrorism Funding