The beginning of the year tends to be when a lot of reporting entities consider to get an independent review done on their Anti-Money Laundering and Counter-Terrorism Financing Program (‘AML/CTF Program’, the ‘Program’). I’d like to share my thoughts on topic and related considerations, and to address a few common questions that we tend to come across.
Independent Part A Review: The Frequency
The Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No 1) (Cth) (‘AML/CTF Rules’, the ‘Rules’) require Part A of an AML/CTF Program to be subject to regular independent review (r 8.6.1 for a standard Program or r 9.6.1 for a joint Program). The frequency depends on the ‘nature, size and complexity’ (i.e., the type of a reporting entity’s business, the size of its operations, the complexity of the organisation) and the money laundering / terrorism financing (‘ML/TF’) risks it faces.
The Rules do not prescribe anything further, recognising that a reporting entity is in the best position to assess all the relevant factors and determine an appropriate frequency in all the circumstances of its business, although the Australian Transaction Reports and Analysis Centre (‘AUSTRAC’) expects high-risk reporting entities to have independent reviews conducted every 2-3 years at a minimum.
Output of An Independent Part A Review: The Report
A formal report should be produced as a result of an independent review for the Board and senior management. The report should ideally document the purpose and scope of the review, the methodology and limitations, and provide detailed findings and recommendations where appropriate.
It is important for the report to provide sufficient information on the factual basis upon which the reviewer has come to a particular conclusion and their reasoning. Our entire AML/CTF regulatory framework is risk based and principles based. There is often plenty of room for reasonable opinions to differ on a particular matter. The factual basis upon which the findings are based and reasoning will assist the reporting entity’s Board and senior management to make their own informed decision as to whether they agree with the opinions of the reviewer, and whether they wish to adopt any recommendations proposed in the report.
A Few More Words on the Review of an AML/CTF Program
Regularly conducted Part A Program reviews themselves is not a fool-proof way to ensure that the AML/CTF Program remains appropriate. Part B of the AML/CTF Program (the ‘Part B Program’)
Part B of the AML/CTF Program (the ‘Part B Program’)
While there is no explicit requirement for any regular independent review of the Part B Program, it may be worthwhile to consider to add it to the scope of an independent review, for example, to test the Part B Program’s compliance with the Rules and the reporting entity’s implementation and ongoing compliance with its it.
Such a review may be particularly valuable where a reporting entity primarily relies on electronic verification platforms to onboard its customers, in which case it should ensure that the parameters embedded into the electronic onboarding processes are consistent with the Part B Program.
Internal Review and Update of the AML/CTF Program
Reporting entities should have processes in place to adequately review and update their AML/CTF Program for the following reasons.
Firstly, regulatory requirements change from time to time. The Rules were updated 6 times in 2020 alone. A reporting entity that only relies on independent Part A reviews to trigger Program updates very well run the risk of non-compliance.
Secondly, it is implied in the overall ‘risk-based’ theme of our regulatory framework that a reporting entity must ensure that its AML/CTF Program remains appropriate given the ‘nature, size and complexity’ of its business at all times. A reporting entity’s business evolves, so the AML/CTF Program must evolve with it. What might be suitable for a start-up may become inadequate later on in the life cycle of the reporting entity.
Part A of a standard or a joint AML/CTF Program must be independently reviewed on a regular basis, and it is up to a reporting entity to determine when that suitable frequency is. An independent reviewer can add value by providing a detailed report to assist the Board and senior manage to make their informed decisions with respect to the findings and the associated recommendations. It may be worthwhile to include Part B when conducting an independent review. Reporting entities also need to take care to review and update their AML/CTF Program to ensure it complies with the regulatory requirements and remains appropriate given the ‘nature, size and complexity’ of its business and the ML/TF risks it faces in the course of providing its designated services.
Thank you for taking the time to read this article. Please get in touch if you have any questions, comments or if you need assistance. Please also see AML/CTF Compliance for details on how we can assist you with your AFSL compliance requirements.
Note: Xiaoshu is not a legal practitioner. This article has been provided for general information purposes only and cannot be construed as legal advice.