On 20 April 2023, the Attorney General’s Department announced consultations on proposed reforms to Australia’s anti-money laundering and counter-terrorism financing (AML/CTF) regime.

These reforms aim to expand the scope of the AML/CTF legislation to cover additional high-risk services, known as “tranche 2” services. These include services provided by lawyers, accountants, trust and company service providers, real estate agents, and dealers in precious metals and stones.

Key objectives of the proposed reforms

The reforms seek to:

• Simplify and modernise the AML/CTF regime to align with international standards and best practices;
• Reduce complexity and regulatory burden on industries;
• Ensure the regime is adaptive to evolving threat environments;
• Strengthen Australian businesses and sectors against exploitation by serious organised criminals.

Following a second round of consultations that concluded on 15 June 2024, the final draft of the Anti-Money Laundering and Counter-Terrorism Financing Amendment Bill 2024 was presented to Parliament by Attorney General Mark Dreyfus on 11 September 2024.

As the Bill progresses through Parliament, it’s critical for the legal sector to assess the implications for their businesses. This article provides an overview of new obligations for lawyers and guidance on how to set up an effective AML/CTF program.

Step 1: Assess if your services are ‘Designated’

The first step is determining whether the services you provide meet the criteria for a “designated service” under the AML/CTF Act.

AUSTRAC defines designated services as those that pose a potential risk for money laundering and terrorism financing. Certain services, such as auditing financial statements, representing clients in legal proceedings, or providing pure advisory work with no underlying transaction, are not considered high-risk and therefore not regulated under the proposed changes.

The proposed reforms list eight designated services specifically for the legal sector, which can be reviewed in the appendix.

Step 2: Understanding your obligations

If your business provides a designated service, here are the key obligations under the new AML/CTF requirements:

• Enrol with AUSTRAC: ensure your business is properly registered;
• Develop and maintain an AML/CTF program: this program will outline your processes for compliance;
• Conduct customer due diligence (CDD): you must verify the identity and determine the risk level of your clients before providing services;
• Ongoing customer due diligence (OCDD): regularly monitor for changes to your clients’ risk profiles to ensure they are up-to-date;
• Report suspicious activity: certain transactions and suspicious activities must be reported to AUSTRAC;
• Recordkeeping: maintain accurate records of all customer interactions and transactions.

Step 3: Tailoring your compliance program

Your approach to managing AML/CTF obligations should be guided by the risk level and volume of services you provide. Higher-risk services demand more rigorous customer verification, while businesses handling a higher volume of transactions may need automated solutions to minimise manual effort.

Key considerations for your AML/CTF program:

• Risk: evaluate your risk exposure by analysing the services you offer and the specific characteristics of your client base.
• Efficiency: simplify customer due diligence and ensure clear, concise records for reporting and auditing.
• Technology: the right service provider can help automate identity verification and ongoing monitoring, making compliance effortless.

What you need to know about your compliance program

Customer Due Diligence (CDD)

Customer Due Diligence involves verifying a client’s identity and assessing the risk they pose before providing a designated service. This includes checking identity data against reliable sources, such as government or compliant private databases, and evaluating the client’s risk through checks against politically exposed persons (PEP), sanctions, and adverse media sources.

In essence, CDD involves three steps:

1. Gather personal data: collect information from the client, such as ID documents.
2. Verify the data: check the client’s information against reliable sources to confirm accuracy.
3. Evaluate the risk: assess the results against your business’s risk criteria.

Ongoing Customer Due Diligence (OCDD)

Ongoing Customer Due Diligence is the continuous monitoring of a client’s activities to ensure their risk profile remains accurate. This involves reviewing transactions and investigating any changes in behaviour that could indicate suspicious activity.

For example, if a client begins transacting in unusual amounts or frequency, you may need to update their risk profile and conduct further verification. Additionally, if you suspect an individual transaction is linked to a crime, you must report it to Austrac.

Suspicious Matter Reporting (SMR) is required where you reasonably suspect a person is committing a crime, is not who they claim to be, or could be the victim of a crime.

Understanding Watchlists: PEP, Sanctions, and Adverse Media

Watchlists help you to determine the risk an individual poses to your business or the likelihood of them committing a financial crime. You will need to assess the risk initially and continue to assess or monitor changes over time.

• PEP (Politically Exposed Persons): Individuals who hold prominent public positions may pose a higher risk of corruption or financial crime.
• Sanctions: these lists include individuals or entities subject to sanctions by governments or international bodies.
• Adverse Media: this involves monitoring for negative news or media coverage that may indicate a risk, even if the individual isn’t on a PEP or sanctions list.

Challenges and solutions in Customer Due Diligence

Challenges:

• Manual identity verification can be time-consuming and costly.
• Delays in verifying identities can lead to poor customer experiences.
• Incomplete information may increase the risk of non-compliance.

Solutions:

• Automation: automating online identity verification reduces manual effort and speeds up the process, improving customer experience and reducing costs.
• Global data integration: access to comprehensive, up-to-date data improves accuracy and match rates, reducing the need for manual verifications.
• Alternative options: offer face-to-face identification or postal options for flexibility or if clients cannot be verified online.

Partnering with the right provider

Implementing an effective AML/CTF compliance program doesn’t have to be complicated. The right service provider can streamline your compliance process, ensuring you meet all regulatory requirements while minimising disruption to your business.

Talk to GBG today to simplify your AML/CTF compliance.