A question that we get frequently asked is whether a reporting entity is required to report any breaches of the anti-money laundering and counter-terrorism financing (AML/CTF) obligations and/or its own AML/CTF Program to the Australian Transaction Reports and Analysis Centre (AUSTRAC). The short answer is no.
AML/CTF Breach Reporting?
The question on the reportability of AML/CTF breaches most typically comes from Australian Financial Services Licence (AFSL) holders. Financial services licensees are generally well versed in the concept of breach reporting. They were required to report significant or likely significant breaches to the Australian Securities and Investments Commission (ASIC). This requirement has now been replaced by a new reporting regime under which licensees are required to submit reports to ASIC when ‘there are reasonable grounds to believe a reportable situation has arisen’ under s 912DAA of the Corporations Act 2001 (Cth).
While most AFSL holders are regulated by both ASIC and AUSTRAC, it is important to understand the source of a particular reporting obligation in order to understand the scope of it and when the obligation arises. The question here is whether AML/CTF breaches are reportable. A reporting entity therefore must look to the AML/CTF regulatory framework for answers.
We invite you to visit the AFSL compliance section of our website for more information on how we could potentially assist you with your AFSL compliance requirements.
Reporting Obligations under the AML/CTF Regulatory Framework
A reporting entity’s AML/CTF reporting obligations are set out in Parts 3, 3A and 4 of the Anti-Money Launder and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act).
The reporting obligations provided for in Part 3 of the AML/CTF Act include suspicious matters reports (SMRs), threshold transactions reports (TTRs), International Funds Transfers Reports (IFTIs), and AML/CTF compliance reports. Part 3A sets out a reporting entity’s obligations to inform AUSTRAC in the event of any changes to their enrolment and/or registration details.
Part 4 of the AML/CTF Act requires the reporting of cross-border movements of monetary instruments into or out of Australia that totals $10,000 or more. ‘Monetary instruments’ including physical currency, bearer negotiable instruments and other things proscribed in the AML/CTF Rules. This is a new reporting obligation that came into effect in June 2022. Notably, these reports do not necessarily have to be made to the AUSTRAC CEO but may be made to a customs officer or a police officer instead under section 53(7) of the AML/CTF Act.
Dealing with an AML/CTF Breach
As can be seen above, the AML/CTF reporting obligations do not include the reporting of AML/CTF breaches to AUSTRAC. So what should you do when you have identified a breach of your AML/CTF obligations and/or your AML/CTF Program? Below are a number of courses of action that you may wish to consider.
(a) Review the breach, design and implement the appropriate remedial actions. The first course of action is to review the breach in question as soon as practicable in order to clearly identify the nature, extent, severity and cause(s) of the breach, whether this is a one-off breach or repeated breaches are likely to have taken place. The reporting entity can then design and implement the remedial actions accordingly.
(b) Consider an independent review of your AML/CTF Program. Depending on the findings from step (a), a reporting entity may wish to consider having an independent review of its AML/CTF Program conducted. Reporting entities (except those providing item 54 services only) are required to have Part A of their AML/CTF Program independently reviewed on a regular basis under Part 8.6 or Part 9.6 of the Anti-Money Launder and Counter-Terrorism Financing Rules Instrument 2007 (Cth) (AML/CTF Rules). There are no explicit independent review requirements with respect to the Part B Program. However, an independent review of the AML/CTF Program can be a valuable process to help a reporting entity to get a ‘health check’ of this AML/CTF compliance framework, identify gaps and close them. Please see the independent review of the AML/CTF program page for more information on the topic of independent AML review.
(c) Consider Self-reporting to AUSTRAC. While a reporting entity is not obligated to self-report AML/CTF breaches, it may choose to do so. AUSTRAC generally encourages self-reporting. It may seek further information, take further actions or issue a no-action letter depending on the circumstances of a particular matter.
In summary, a reporting entity is not obligated to report any breaches of its AML/CTF obligations and/or its AML/CTF Program to AUSTRAC, although it may choose to do so. Regardless of whether reports are made, it would be prudent for the reporting entity to promptly deal with the identified breach and ensure to take adequate remedial actions. An independent review of the AML/CTF Program may also be helpful.
To find out more about how we could potentially collaborate, simply click here to book an obligation-free virtual coffee with our founder and director Xiaoshu Liu.
Note: Xiaoshu is not a legal practitioner and cannot provide legal advice. Her views and opinions are based on her training and experience as a financial services and AML/CTF compliance professional only. This article has been provided for general information purposes only and cannot be construed as legal advice.