Summary
On 2 May 2024, the Attorney-General’s Department (AGD) released a second set of consultation papers to implement the most significant reforms to the AML/CTF Act (the Act) since its introduction. The key objectives of the reforms are to bring “Tranche 2” entities in scope (including real estate professionals, professional service providers and precious metal and stone dealers) and to simplify and modernise the regime.
The consultation is split into five papers. Below is a summary of the proposals in Paper 4 (reforms relevant to remittance providers, digital asset sector participants and financial institutions) and Paper 5 (broader reforms to simplify and modernise the regime, applicable to all reporting entities) that are likely to have the most significant impact.
The papers deliver a mixture of good and bad news for reporting entities. The papers propose positive changes to tipping off and customer due diligence (CDD). However, some will be disappointed that parts of Papers 4 and 5 do not address key issues currently impacting reporting entities or provide enough detail to assess the merit of certain proposals. Further, some parts of the Papers appear to restate existing requirements without any clear purpose or regulatory benefit.
There are therefore opportunities for further refinement, for which industry input will be critical. Consultation responses are due by 13 June 2024.
Proposals that are likely to have a significant impact
Tipping off
The existing tipping off offence will be replaced with a new offence that will focus on preventing the disclosure of suspicious matter report (SMR) information where it is “likely to prejudice an investigation or potential investigation”. This will enable greater flexibility in relation to sharing information with other members of corporate groups, service providers, Courts and tribunals. In our experience, this also better aligns with the approach in other leading markets, which will be particularly valuable for international institutions seeking to implement consistent global policies and procedures.
To support the increased flexibility, reporting entities may be required to implement controls and protections to ensure, for example, recipients have appropriate policies (eg employee screening and AML/CTF training), or that disclosures are only made in the circumstances prescribed in their Program).
Customer Due Diligence
The Rules will allow initial CDD to be undertaken after commencing to provide a designated service where the additional risk associated with delayed verification is low and it is essential to avoid interrupting the ordinary course of business. This is an expansion of the existing relief in chapter 79. However, where this relief is not available, risk rating and ECDD must be undertaken before a designated service is provided. This is likely to have a significant impact on reporting entities.
Reporting entities will only have ongoing customer due diligence obligations for customers in an “ongoing business relationship”. An ongoing business relationship will be defined as a relationship between a reporting entity and a customer involving the provision of a designated service that has or is expected to have an element of duration (for example, opening a bank account and allowing transactions). This means that providers of certain types of designated services (occasional transactions) will only be required to undertake initial KYC and transaction monitoring. They will not be required to periodically re-verify KYC information or update the customer risk rating. While this is a welcome change, the experience in other markets suggests that it can be difficult to determine when an ongoing business relationship is established.
The existing relief for pre-commencement customers will be removed. All pre-commencement customers must be given a risk rating and those that are medium or high ML/TF risk must be subject to CDD.
IFTI reporting
The person required to report an IFTI will no longer be the first person to receive the instruction into Australia or the last person to send an instruction out of Australia. Further, the reporting obligation will not be triggered by sending or receiving an instruction. Instead, the obligation will be imposed on the institution that “initiates the outgoing transaction” or “initiates the transfer” and that “makes the incoming payment available” or “makes the transferred value available”. It is not clear what specific actions these phrases are intended to refer to, so further explanatory material with worked examples would be valuable.
An express obligation will be introduced to submit an IFTI report where a reporting entity provides an FX or gambling service and the entity “transfers or arranges to transfer value out of Australia on behalf of the payer” or “makes available, or arranges with the payee to make available, value transferred into or out of Australia to a payee”.
Payment designated services
The items 29 to 32 designated services will be replaced with 3 new designated services. These designated services are intended to capture:
- the person that accepts an instruction to transfer value (an ordering institution);
- the person that makes transferred value available (the beneficiary institution); and
- any person that passes on a message in the value transfer chain (an intermediary institution).
To support these new services the definitions of “electronic funds transfer instructions” and “designated remittance arrangements” will be replaced by a new concept of “value transfer service”. Paper 4 does not propose a definition of value transfer service but it does suggest that it will only capture entities that provide value transfer services as part of their “core business”.
The “travel rule” (ie that payer/payee information must travel with a transfer of value) will be extended to all persons that provide these value transfer services (ie it will not be limited to financial institutions). Further, where payment messages are missing the required information, beneficiary institutions will be required to take a risk-based approach in determining whether to make the relevant value available to the payee. Paper 5 may be taken to suggest that reporting entities should have systems to identify where information in a payment message is incorrect. This would have a significant impact.
New custody designated services
Item 46 under the current AML/CTF Act captures the provision of custodial and depository services. Paper 2 proposes to introduce two new designated services that are similar to item 46 but will capture a much broader range of entities and activities.
These new designated services apply to:
- receiving, holding and controlling or disbursing money, accounts, securities/securities accounts, digital assets (including private keys) or property, on behalf of another person; and
- acting as or arranging for a third person to act as a nominee shareholder;
Although pre-payment for goods and services, property management activity and prescribed disbursements will be excluded it is not proposed that other exemptions that apply to item 46 designated services will apply to these new services (for example, there will be no exemption for security trustees). Further, the service is not limited to holding financial products on behalf of a customer. These designated services are likely to capture digital wallet providers, escrow service providers, security trustees and paying agents.
AML/CTF Program requirements
The Act will impose two new broad obligations on reporting entities:
- an obligation to “develop, implement and maintain enterprise-wide policies, systems and controls proportionate to the nature, size and complexity” of the reporting entity’s business; and
- an obligation to “establish internal practices” to ensure the business, its managers, employees and agents comply with AML/CTF obligations.
The Act and the Rules will specify minimum measures that are required to meet these obligations. For example, the Act may specify that reporting entities must have “risk mitigation measures” that enable it to identify and report suspicious matters.
Digital asset sector updates
Paper 4 also contains proposals to amend the existing item 50A designated service and include the following additional or modified designated services for the digital asset sector (each provided in the carrying on a digital asset business):
- Amend and expand item 50A (exchange of digital asset designated service): Expanding item 50A designated service to also include “making arrangements for the exchange of digital asset for money (or vice versa)”.
- New designated service of exchanging digital asset for digital asset: Creating a new designated service of “exchanging or making arrangements for the exchange of digital asset for digital asset”.
- New custodial designated services for digital assets: Creating a new designated service of “providing custodial services of a digital asset or a private key”. This could include “custody” of one of multiple private keys or smart contracts but not businesses that provide ancillary infrastructure.
- New designated service regarding “financial services” relating to a digital asset: Creating a new designated service of providing a financial service in Table 1 of the AML/CTF Act (including making loans etc.) relating to an issuer's offer or sale of a digital asset.
These changes should be considered in light of other proposed reforms to the digital asset sector (see our primer here).
There is no precise timetable for implementation of these changes, although both the Overview Paper and specific Papers imply there will be a reasonable time to meet obligations and that there will be further guidance and information sessions in due course.