The Attorney-General’s report on the Australian anti-money laundering and counter-terrorism financing regime was tabled in Parliament on Friday 29 April 2016. The recommendations signal fundamental changes to the regime.

The long-anticipated report concludes the statutory review that started in 2013. It is now up to the Government to act – they have committed to consider the recommendations and consult industry on the design of any reforms.

The momentum must be sustained to meet emerging threats and to support the Government’s innovation agenda. Reform should clarify the application of the AML/CTF regime to new products and encourage the design of regtech tools to help reporting entities meet their obligations.

Here are the ten recommendations you need to know.

1. End of the AML/CTF Rules?

The AML/CTF regime consists of the Act, the Rules, regulations and guidance. The report recommends that the Act and Rules be simplified, rationalised and presented in a user-friendly format.

The report appears to favour the UK’s approach where detailed rules and guidance have been replaced with two pages of high-level principles and guidance issued by industry. The benefits of principles-based regulation should be weighed against the certainty of more prescriptive rules.

2. Green light for tranche two

The report recommends that options be developed for regulating lawyers, conveyancers, accountants, high-value dealers, real estate agents and trust and company service providers under the AML/CTF Act. This proposal has been the subject of public debate since its inception in 2006.

In a positive move the report notes that the Attorney-General is open to “options” for regulation, such as applying only some of the existing AML/CTF obligations under the Act or allowing relevant industry bodies to self-regulate. This recognises the difficulty of simply extending the existing regime to these new sectors.

3. Designated services to change

To be regulated under the AML/CTF Act an entity must still provide a designated service. But the list of designated services will change.

The report recommends that digital wallets and convertible digital currencies (like Bitcoin) be added to the list, and that AUSTRAC assess whether cheque cashing facilities and all stored value cards (not just those above the current thresholds) should also be added.

Some services may be removed while the scope of others (including remittance) will be clarified which should limit their application.

Although not contemplated by the report, further support for the Government’s innovation agenda could be achieved if AUSTRAC was given greater power to add or remove designated services in response to new product developments. We encourage industry to consider this in discussions with AUSTRAC.

4. Easier KYC

There is strong support for simplifying customer due diligence and allowing reliance on KYC performed by a third party.

The report also recommends that AUSTRAC explore new technologies to confirm the identity of individual customers, specifically calling out the use of biometrics like facial recognition, voice recognition, fingerprints and retinal scanning.

Together with the recommended enhancements to the Document Verification Service and the creation of a beneficial ownership database, this will reduce costs and customer onboarding time.

5. Serious breach reporting

Continuing the trend of reporting breaches set by the Corporations Act and Privacy Act, the report recommends that entities be required to report serious breaches of the AML/CTF Act. To encourage compliance, the report recommends that entities who self-report serious breaches should be eligible for a reduction or waiver of any pecuniary penalty that may apply to the breach.

6. AUSTRAC may become the sanctions regulator

In a surprise move, the report recommends that AUSTRAC and DFAT explore the feasibility of AUSTRAC monitoring and supervising compliance with Australian sanctions laws.

This would be a timely opportunity to also streamline the complex sanctions regime.

7. Offshore businesses and branches to be regulated

Currently entities are only regulated if the services have a geographical link with Australia. This leaves many offshore providers unregulated. The report recommends developing a model for capturing at least high risk designated services provided from offshore.

Changes are also proposed to the regulation of Australian entities’ foreign branches and subsidiaries, requiring them to apply the higher standard between the AML/CTF requirements in their home country and Australia’s. This will require Australian entities to perform a gap analysis of the two countries’ laws. The report also supports giving AUSTRAC the power to require the AML/CTF programs of the branches and subsidiaries to be reviewed by a locally-based independent auditor. The practical implications of this approach in an increasingly global market should be carefully considered.

8. No templates for AML programs or risk assessments

There is demand for AUSTRAC-approved templates or at least some prescription for creating an AML/CTF program and risk assessment. The call has been firmly rejected. The report notes that templates are likely to undermine the objective of the risk-based approach, which requires reporting entities to take responsibility for understanding the risks associated with their business.

9. Transparent exemption process

AUSTRAC has traditionally been reluctant to grant individual exemptions. The report recommends that AUSTRAC establish a more accessible, streamlined and expedient exemptions process and develop associated guidance.

This alone is a welcome change but the report goes further, calling on AUSTRAC to adopt a more proactive approach to identifying opportunities to reduce unnecessary regulatory burden where the designated service is low risk.

10. Technology neutrality in principle, not practice

An overarching recommendation in the report is that the AML/CTF regime adopt the technology neutrality principle – that the requirements should not favour one technology at the expense of another and should anticipate future technology use.

The potential effects of this commitment are significant and there are hints of what is to come (see recommendations 3 and 4). But we will have to wait for the reforms, particularly in customer due diligence, to see future-proofing in practice.