Australia's AML Reforms: A New Era for Financial Crime Compliance

The journey to implementing Tranche 2 is well underway. Here's a look at the anticipated timeline for these crucial reforms:

• March 31, 2025: Changes to the Tipping Off Offences take effect.
• May 19, 2025 – June 2025: The second round of Rules Consultation is scheduled.
• July 2025 – August 2025: Expect Public Consultation on the reforms.
• August 2025: The AML/CTF Rules are set to be finalised.
• October 2025:Core Guidance for the new framework will be released.
• December 2025:Tranche 2 Guidance and Starter Kits will become available.
• January 2026:Finalisation of Tranche 2 Sector-specific guidance.
• March 31, 2026:Amended obligations for Tranche 1 entities commence, and enrolment for Tranche 2 entities begins.
• July 1, 2026: The obligations for Tranche 2 entities commence.

One of the most significant changes is the move away from prescriptive, rules-based compliance. The new framework empowers reporting entities to tailor their AML/CTF programs to the actual risks they face. This means:

• Proportionality and Flexibility: Your obligations must be proportionate to the nature, size, and complexity of your business and its specific risks. The rigid Part A and Part B AML/CTF program formats are out, allowing for programs that best suit your operational context while still meeting the Act's requirements.
• Governance and Accountability: Senior management and boards now explicitly bear responsibility for overseeing AML/CTF compliance. They'll need to ensure that risk assessments and controls are effective.
• Internal Controls: There's a clear obligation to implement robust internal practices and procedures to ensure compliance with AML/CTF obligations.

The reforms are designed to be more effective in preventing actual harm from financial crime. This includes:

• Tipping Off Offence Reform: The focus is now on whether a disclosure would reasonably be expected to prejudice an investigation, moving away from a blanket prohibition. This allows for more nuanced, harm-preventative decision-making.
• Reducing Unintended Consequences: The reforms aim to lessen administrative burdens and prevent over-compliance that could obscure real risks. This lets entities concentrate on preventing actual harm.
• Outcomes, Not Process: By removing overly prescriptive steps, the AML/CTF Act encourages entities to focus on achieving meaningful outcomes, such as detecting and disrupting criminal activity, rather than just ticking boxes.

The very nature of an AML/CTF Program is changing, demanding a fresh approach to its development and documentation.

• Components: The program now requires a comprehensive ML/TF Risk Assessment that identifies and assesses money laundering, terrorism financing, and proliferation financing risks. This assessment must be based on a clear, robust, and defensible methodology.
• AML/CTF Policies: What were formerly known as Part A and Part B AML/CTF Programmes are now AML/CTF Policies. The focus shifts predominantly to the AML/CTF Act requirements rather than just the Rules. The structure is fundamentally different, with increased inclusion of (or reference to) supporting procedures.
• Documentation: Your ML/TF risk assessment must be comprehensively documented, clearly outlining inherent risks to be mitigated and residual risks to be managed.

The reforms clearly define the roles of the governing body, responsible officer, and AML/CTF Compliance Officer (AMLCO) to bolster governance and accountability in managing ML/TF risks.

• Governing Body: This body sets the tone for AML/CTF compliance and culture, approves and oversees the AML/CTF program, ensures comprehensive risk assessments are conducted, and provides effective oversight.
• Responsible Officer: This individual oversees the development and implementation of the AML/CTF program, conducts and updates risk assessments, monitors compliance, and acts as a key liaison.
• AML/CTF Compliance Officer (AMLCO): A senior manager responsible for the day-to-day implementation of the AML/CTF program, ensuring internal controls are effective, managing reporting to AUSTRAC (including Suspicious Matter Reports), and continuously reviewing and improving the program.

The Draft Rules introduce a specific sanctions compliance section within the AML/CTF Policy. This section must outline how the reporting entity will ensure it doesn't:

• Make Money etc. Available: Prevent making any money, property, or virtual assets available to, or for the benefit of, a person designated for targeted financial sanctions.
• Deal with Assets: Prevent using or dealing with, or allowing or facilitating the use of or dealing with, any money, property, or virtual assets owned or controlled (directly or indirectly) by a designated person.

The Draft Rules expand the information required for enrolment with AUSTRAC. This includes:

• Designated Services Information: Detailed descriptions of designated services, commencement dates, where they'll be provided, and the relevant industry.
• Applicant Information: Basic information similar to legal entity customers, beneficial owners, employee numbers, industry association memberships, financial information, and ultimate holding company details. Importantly, names, dates of birth, and DINs for each director, and names, residential addresses, dates and places of birth, and unique identifiers for each partner will also be required.
• Changes to Information: Changes to designated service applicant enrolment information must be notified within 14 days, as covered by Section 51F of the AML/CTF Act. Specific requirements for de-enrolment are also detailed.

The due diligence required to determine if an AMLCO is fit and proper has been further clarified, focusing on:

• Capability: Whether the individual possesses the necessary competence, character, skills, knowledge, diligence, honesty, integrity, expertise, and soundness of judgment for the role, considering the reporting entity's nature, size, and complexity.
• Honesty and Integrity: Whether the individual exhibits good character, honesty, and integrity, including checks for serious offence convictions or adverse regulatory findings.
• Financial Status and Conflicts: Checks for undischarged bankruptcy, personal insolvency agreements, and any conflicts of interest that could materially hinder proper performance of duties.

The Draft Rules provide additional clarity on customer due diligence while remaining silent on some other aspects:

• Individuals: The mandated collection and verification of date of birth and place of birth is removed for individuals receiving financial services designated services (accounts, deposits, VTS). However, place of birth is still mandated for Payer Information for VTS (Travel Rule), SMR, and TTR information.
• Non-individuals: The requirement to collect and verify is replaced with establishing on reasonable grounds names (including business names), unique identifiers, and addresses. Entities must understand the legal form, ownership, and control structure of the customer, and the full names of individuals with primary responsibility for governance and executive decisions.
• Other Issues: Simplified Due Diligence policies will require a clear basis and nature of simplified measures. The definition of a Domestic Politically Exposed Person (PEP) is expanded to include heads of anti-corruption and integrity bodies. Importantly, PEP and Sanction screening can be delayed until after the commencement of designated services, as long as all other identity information specified by the AML/CTF Act has been collected. Delayed identity verification for certain types of Designated Services is also permitted.

The Draft Rules specify the circumstances where ECDD is required:

• AML/CTF Act Triggers: When risk-based systems and controls determine a high ML/TF risk, when the customer or beneficial owner is a foreign PEP, when activity is suspicious (leading to an SMR), or when a transaction involves a person or entity in a prescribed foreign country.
• Other High-Risk Indicators: Your AML/CTF Policy may define additional high-risk scenarios for ECDD based on customer type, designated services, delivery channels, and jurisdictions involved.
• AML/CTF Rules Mandates: ECDD must be applied to customers seeking designated services that have no apparent economic or legal purpose, involve unusually complex or large transactions, or involve an unusual pattern of transactions.

The Draft Rules offer further clarity on Value Transfer Services:

• Ordering Institution: Defined as a person who accepts to transfer value for a payer, with specific criteria for who "may" be considered an Ordering Institution.
• Beneficiary Institution: A person "may" be a Beneficiary Institution if they make the transferred value directly available to the payee or someone acting on their behalf, deposit it into an account, or arrange for its availability under an offsetting arrangement.
• Other Considerations: Payment Information Monitoring requirements for domestic transfers via third-party bill payment systems are removed, but monitoring for BECS, BPAY, and DEFT is clarified. Certain VTS transfers (securities, derivatives, salary/wages) are excluded. Importantly, payer information must now include the payer's Place of Birth if the payer is an individual.

The Draft Rules provide additional clarity regarding Reporting Groups:

• Lead Entity: Clarification on the status, independence, and governance structure required to be a lead entity. Default rules apply if members don't agree, such as the entity owning/controlling the largest number of members providing designated services.
• Membership: Each member must agree to the lead entity's capacity if not owned and controlled by another member, and the lead entity's consent is needed to join a group. Members leaving must notify the lead entity, who then notifies other members.
• Operation: A reporting group cannot operate for more than 28 days without a lead entity. During this period, members must continue to comply with the AML/CTF policies of the most recent lead entity.

These reforms represent a substantial overhaul of Australia's AML/CTF landscape. Staying informed and preparing proactively will be crucial for all reporting entities.