From 2018 onwards, accountants, lawyers and real estate agents are also reporting entities, (known as 'Phase 2') if they perform certain captured activities.
Broadly, all reporting entities must have in place the following:
- Identify aspects of your business that may be susceptible to ML/FT; then
- Consider each of the at-risk areas you have identified, analysing the likelihood that your business will be used for ML/FT.
Each of the following areas must be considered in the assessment:
- the nature, size and complexity of its business;
- the products and services it offers;
- the way it delivers its products and services;
- the types of customers it deals with;
- the countries it deals with; and
- the institutions it deals with.
The Risk Assessment must then be used as the basis for your AML/CFT Programme. It must enable you to meet the relevant obligations under the AML/CFT Act and regulations, especially the obligations to conduct customer due diligence and ongoing customer due diligence.
AML / CFT Programme
- policies set out expectations, standards and behaviours in a business;
- procedures are more detailed and set out day-to-day operations; and
- controls are tools that management use to ensure the business complies with policies and procedures.
- Vetting and training senior managers, compliance officer, and other relevant employees
- Customer Due Diligence
- Ongoing CDD and account monitoring
- Examining and keeping findings related to money laundering or financing of terrorism
- Suspicious transaction reporting
- Record keeping
- Products and transactions that favour anonymity
- Managing and mitigating ML/FT risk
- Ensuring compliance with the Programme
- Review and audit of the Programme
Independent AML/CFT Audit
- you meet the minimum requirements for your AML/CFT risk assessment and AML/CFT programme;
- the AML/CFT programme was adequate and effective throughout a specified period; and
- any changes are required.
The auditor can perform a limited assurance audit (conclusion expressed in a negative form) or a reasonable assurance audit (conclusion expressed in positive form). The reasonable assurance audit requires more work from the auditor than a limited assurance audit. Therefore, there is increased risk that the auditor may not become aware of a significant error / non- compliance with the AML/CFT Act in a limited assurance audit.
Complianz has experienced independent consultants that can audit your AML/CFT policies, procedures and controls and provide guidance on any inadequacies.
An employee of your business must be nominated as the AML Compliance Officer (s56(2) of the AML/CFT Act). They are responsible for administering and maintaining the AML/CFT Program and are the key contact named with the AML/CFT Supervisor. If your business does not have employees, you must appoint a suitable person to act as the AML/CFT Compliance Officer. Note that this role does not have to be a standalone position but can be filled by employee who is a Senior Manager or reports to a Senior Manager.
We can support your Compliance Manager or act as your AML Compliance Officer (in some situations).
Vetting and Training
- Relevant AML/CFT legislation and any changes to legislation
- ML/FT risks shown in your Risk Assessment
- The current AML/CFT Programme
- Tasks and duties that can be carried out by staff that have appropriate AML/CFT training
- Overview of the customer due diligience process
AML training should be provided at the start of employment/directorship and then annually.
Customer Due Diligence (CDD)
The three types of CDD include Standand, Simplified and Enhanced.
Suspicious Activity Reporting / Prescribed Transaction Reporting
As a general rule, a suspicious activity or transaction will often be one which is inconsistent with the customer's known activities and profile or with the normal business expected for that type of client.
A Reporting Entity must identify any suspicious transactions or activity and raise a Suspicious Activity Report ("SAR") to the Police if it has reasonable grounds to suspect a transaction or activity may relate to specified money-laundering or terrorism offending.
Suspicious activity covers activity in relation to a transaction or service, or proposed transaction or service, in which the Reporting Entity suspects the activity in question is or may be relevant to the investigation or enforcement of various Acts, such as the Crimes Act 1961, Misuse of Drugs Act 1975, and the Terrorism Suppression Act 2002.
Reports must be provided to the Financial Intelligence Unit ("FIU") no later than 3 working days after forming the suspicion.
An SAR or information relating to an SAR must not be provided to an unauthorised person. It is offence to do so and is known as ‘tipping off’.
Prescribed Transaction Reporting ("PTR") is required if a person conducts a PTR through a reporting entity and the transaction within 10 working days. Only an ordering institution and a beneficiary institution are required to file a PTR report in respect of an international wire transfer.
A prescribed transaction is a transaction conducted through a Reporting Entity in respect of:
- an international wire transfer equal to or above $1,000; or
- a domestic cash transaction equal to or above $10,000.
The Annual Report contains questions about the following:
- Organisational structure
- AML/CFT Risk Assessment
- AML/CFT Programme
- Audit results of the Risk Assessment and Programme
- Products and Services
- Channels (methods of acceptance i.e. face-to-face or otherwise)
- List of countries that non-resident customers reside