Extending AML/CTF regulations to these “gatekeepers” — so called by AUSTRAC because they can act as an entry point for those seeking to misuse legitimate financial systems and corporate structures for money laundering — needs better clarity and definition from the regulator and representative bodies so companies fully understand their obligations, create compliant processes and be aware of potential repercussions for non-compliance.
The compliance and regulatory obligations around AML/CTF are much clearer for the finance and gambling sectors who have had these stipulations in place for the last 12 years, even if some organisations aren’t following. What is not clear at all, is what these gatekeepers need to do to set up and manage their regulatory requirements, and when they should start preparing.
It seems strange that companies are being asked to enhance their risk management procedures and identity management controls without a defined framework that sets out how to meet these obligations, and allows for different processes across different needs; for example, the compliance around an individual property settlement versus a complex M&A shouldn’t be the same.
What the regulator needs to provide is a simple and clear framework, where gatekeepers can meet regulations without needing a complex system or process, especially where transactions are smaller or involving individuals, not corporations.
This is very important because when Tranche 2 is implemented here, there simply won’t be enough resources to provide businesses with a plan of what they need to do. At present there are 60 providers that can develop AML programs for the 1400 financial organisations in Australia. Once gatekeepers are obliged to this increased compliance the number of organisations needing this help will jump to 140,000.
A regular question we receive from our clients is “Are we compliant when we do this?” “Do you have a KYC (Know-Your-Customer) product that will cover all our obligations?”
It is important to note that KYC is a process, not a product or service you buy for compliance. It’s the process that that you undertake to identify factors such as the beneficial owner, the identity verification, records, regulation requirements, monitoring and reporting that you require to be compliant with regulations and the VOI, AML/CTF, and sanctions lists legislations.
Third party providers cannot define what will make you compliant, in the same vein we don’t provide our clients with legal or accounting advice, but we can provide the products that will form the basis of your KYC process — fast and effective individual and company searches, integrated reporting and monitoring tools.
Interestingly, it’s not only small individual practitioners who are asking us about how they can be compliant, it is also the larger law firms so it’s clear that the regulator needs to provide stronger clarity around regulation requirements.
Providing a solid understanding is essential as Tranche 2 will see responsibility put back on these gatekeepers by financial institutions, perhaps down to the individual consultant.
Lee Bailie is a general manager of product and innovation at InfoTrack.