Key Points:

Both Part A and Part B of AML/CTF Programs should now be reviewed and updated.

On 1 June 2014, AUSTRAC's proposed additional customer due diligence requirements will come into effect. These new requirements were registered on 19 May and will form part of the Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No 1) (AML/CTF Rules)Given the fast-approaching start date, all reporting entities should now be reviewing and updating their AML/CTF Programs to meet the new requirements.

Background to the changes

In May 2013 the Australian Government released a discussion paper "Consideration of possible enhancements to the requirements for customer due diligence", seeking views on the need for changes to Australia's anti-money laundering and counter-terrorism financing (AML/CTF) customer due diligence (CDD) regime to bring it into line with the Financial Action Task Force's international standards.

The changes were registered by AUSTRAC on 19 May 2014 following a period of comprehensive industry consultation.

The enhancements to the CDD requirements are significant, and mean that all reporting entities will need to review and update their AML/CTF Program and associated business policies and procedures.

What's changing?

The new requirements mean that reporting entities must, in addition to existing requirements under the AML/CTF Act and Rules:

Identify and verify beneficial owners of their customers: Reporting entities must identify and take reasonable measures to verify the identity of "beneficial owners" of customers who are companies, trusts, partnerships, incorporated and unincorporated associations, registered co-operatives and government bodies. For customers who are individuals, reporting entities may assume that the customer and beneficial owner are one and the same, unless the reporting entity has reasonable grounds to consider otherwise.

The definition of "beneficial owner" has been amended to refer to natural persons who ultimately own or control a reporting entity or customer (directly or indirectly). The Explanatory Statement states that the phrase "directly or indirectly" has been included to cover circumstances where a beneficial owner may directly own a customer (such as a company), however, another entity may control that owner indirectly (and therefore could be considered to be the ultimate beneficial owner of that company).

The first limb of the definition (concerning the beneficial owner of reporting entities) is relevant to those chapters in the AML/CTF Rules which deal with the Remittance Sector Register and the Reporting Entities Roll, where the reporting entity is required to provide information about itself in regard to beneficial ownership.

These new verification procedures are not required where the customer is an individual, provided that there are not reasonable grounds to consider that the individual's interest is not beneficially owned and for those customers where a simplified verification procedure can be used (for example domestic listed public companies and licensed entities such as AFSL holders).

The requirement to identify and verify beneficial owners is one of the most significant of the changes and has attracted a number of submissions. We are already seeing the practical challenges this definition may pose for clients, particularly where a reporting entity is dealing with a customer who has multiple layers of ownership structure. Whilst it is not necessary to identify all layers (due to the inclusion of the term "ultimately" in the definition), it will be necessary to peel away the various layers of ownership to identify the "ultimate" individual owner or controller of the customer.

Collect and verify the name of settlors of trusts that are customers: Reporting entities must collect and verify the full name of the settlor of the trust, except when the settlor has made a material asset contribution to the trust of less than $10,000 the settlor is deceased, or the trust is verified using the simplified trust verification procedure.

Conduct enhanced requirements in relation to politically exposed persons (PEPs):Reporting entities must ensure that their Enhanced Customer Due Diligence Programs are triggered in regard to customers who are foreign PEPs, and must seek senior management approval for continuing a relationship with a customer who is a foreign PEP or whose beneficial owner is a foreign PEP.

Consider additional risks associated with its customers: The risks that a reporting entity must consider before providing a designated service to a customer have been expanded to include risks relating to:

  • the beneficial owner of the customer;
  • whether the customer or owner is a politically exposed person;
  • the source of funds or wealth of the customer; and
  • understanding the nature and purpose of the business relationship with the customer.

In practice, this will mean that reporting entities will need to revisit their ML/TF risk assessments to determine whether these additional factors alter the current assessment.

Conduct reasonable measures to update information collected: Reporting entities must conduct reasonable measures to keep, update and review the documents, data or information collected under the applicable customer identification procedure and the new beneficial owner identification requirements.

We consider this change will also raise a number of practical challenges for reporting entities in determining what are "reasonable measures" for updating beneficial owner identification information.

AUSTRAC's supervisory approach

AUSTRAC has recognised that many reporting entities will need to put in significant effort to become compliant with the changes. It has stated that it will adopt a supervisory approach under which it will not commence civil penalty proceedings for failure to comply with the additional CDD requirements prior 1 January 2016 in certain circumstances.

These circumstances include where the reporting entity or designated business group (as appropriate):

  • complies with the new obligations as soon as practicable in respect of any person who becomes a customer between 1 June 2014 and 1 January 2016 who is assessed as high risk; and
  • establishes a transition plan before 1 November 2014 which includes actions and time frames to comply as soon as practicable with the new requirements, and achieves full compliance prior to 1 January 2016. The reporting entity must provide a copy of the transition plan and information on its progress to AUSTRAC upon request.

Next steps

The changes to the CDD requirements in the AML/CTF Rules mean that both Part A and Part B of AML/CTF Programs should now be reviewed and updated.

All reporting entities should be considering the amendments and either working on updating their AML/CTF Programs, or establishing an appropriate transition plan to comply with the new requirements by 1 January 2016.

Those reporting entities who are also due to conduct an independent review of their AML/CTF Program may want to consider wrapping up the new CDD requirements with their independent review.