Your obligations under the Anti-Money Laundering Act

This is the third and final article in this series, which focuses on the implications of the new anti-money laundering regime for financial planners.

The first article, (MM, May 18, 2006) described the stages of placement, layering and integration by which money laundering typically takes place and provided an overview of the new regime.

The second article (MM, July 5, 2007) described in more detail some of the techniques and tools, such as shell companies and off-shore banking, that are used by money launderers so the reader could see the purpose of the steps that are required by the new legislation.

This article is a more practical guide in relation to procedural matters. All articles in the series can be accessed at www.holleynethercote.com.au.

Staged implementation

The Anti-Money Laundering and Counter Terrorism Financing Act (AML/CTF Act) received royal assent on December 12, 2006. It is being implemented in stages. Of immediate concern to financial services licensees are those obligations that commence on December 12, 2007. These are the requirements to have:

n an AML/CTF program; and

n identification (or know your client (KYC)) procedures in place.

By March 31, 2008, you will also need to lodge a report with AUSTRAC on compliance with the legislation for your activities for the period December 13, 2007, and December 31, 2007.

Previous articles have explained that the new law catches ‘reporting entities’ and defines these as entities that provide ‘designated services’.

Depending on the type of designated services you provide, you will have to have an AML/CTF program that contains either both part A and B, or just part B.

Part A is a program to identify, manage and reduce AML/CTF risk that is faced by the entity. Part B relates solely to KYC.

The good news for most financial planners is that they are merely arranging for their clients to receive a designated service.

Whilst this is in itself a designated service, it means that their program only needs to contain part B. It is referred to in the AML/CTF rules as a “Special Program”.

You may ask, ‘How do I prepare part B of my AML program by December 12, 2007?’.

Don’t panic. The rules are, perhaps surprisingly, both accessible and helpful.

You can access chapter four of the rules, which sets out the requirements for a part B program, by following the links from the AUSTRAC website, www.austrac.gov.au.

The regime is risk-based, and your procedures must be appropriate to the nature, size and complexity of your business and the type of AML risk you may face.

The KYC procedures you put in place will therefore depend on the risk assessment you make of the client.

The rules say that in assessing this risk you must take into account:

n your customer type (for example, an individual, a company, a charitable trust);

n the type of designated services you provide — financial planners will usually be simply arranging;

n the methods by which you deliver your services; and

n the foreign jurisdictions with which you deal.

A starting point might therefore be to see what you already have in place as an Australian Financial Services Licence (AFSL) holder.

Fish out your risk management procedures from the shelf behind the third filing cabinet on the left, blow the dust off it and re-familiarise yourself with the process.

You will see that the process provides a way to identify and then to rate risk.

The rating takes place by separately scoring a risk event by likelihood and impact to get an overall risk score. The higher the combined score, the more significant the risk.

You then put in place a treatment plan that is appropriate, having regard to the significance of the risk.

You are now going to apply this type of thinking to your customer identification procedures.

The rules have identified the minimum risk events for us, so your task becomes a lot easier.

You might start by inserting some new rows into your existing risk management procedures.

Name the first row: ‘AML/CTF special program — customer identification risk’.

Next, insert some sub-headings:

n ‘Customer type’;

n ‘Type of designated services provided’;

n ‘How we deliver the service’; and

n ‘Jurisdiction, or connections with other countries’.

You need to assess the AML/CTF risk to your business by reference to the above. The following commentary may help you to do this. Examples are provided of high risk and low risk instances under each heading.

Of course, there is a range of customer types, service or product types, delivery methods and jurisdictions that will vary in degree, but you will get the idea.

Customer/client type

Given the objective of money launderers to stay invisible, the less complex a customer is, the less risk there is that they could be involved in money laundering.

For example, a client who enters into a transaction as an individual is less of a money laundering risk than a company that is the trustee of a trust which has beneficiaries that are themselves trustee companies of other trusts.

It follows that the information you will need to obtain from the latter is more extensive, and that the verification of that information will be more rigorous.

Type of service/product

An objective of money launderers is to move money quickly into and out of the legitimate economy.

The type of service, or product, will therefore have an impact on the risk.

Products that provide for an easy movement of money, such as cheque or call accounts will be high risk; products like life policies and superannuation, which tie money up for long periods of time, will generally be low risk.

An important note for planners is that if you are only providing product advice, you are not providing a designated service, and the KYC obligations don’t kick in. It is when you are ‘dealing’ that the obligations will affect you.

Of course, most planners will be doing both, and it will be convenient to collect the relevant information at the outset of the relationship.

How you deliver the service

Do you actually see the client face to face, or are things done remotely? Do you collect information yourselves, or do you collect it through agents? Do you deal or transact through the Internet?

The less personal your service is, the greater the AML/ CTF risk. This might mean that you put in place additional steps to verify the information obtained.

Foreign jurisdictions

An objective of money launders is to hide money, and this is more easily done in some countries than others.

An objective of terrorist organisations is to move money to organisations that then provide it to the terrorist group.

Connections with foreign jurisdictions are therefore an obvious risk factor.

The AUSTRAC website provides a useful indication of the risks of various jurisdictions. Non co-operating countries or territories are the highest risks, however, there were none of these currently listed.

High-risk countries include Nigeria, Nauru, Cayman Islands and Columbia. Low risk countries include Australia, Austria, Denmark and so on.

The industry

Another factor not listed in the rules that will be relevant to assessment of AML/CTF risk is the industry that the client is in, or that the transaction relates to. You might consider adding this as a heading in your part B program.

The gaming industry, foreign exchange providers, the diamond industry and cash businesses are high-risk industries, relative to businesses such as financial services, legal and accounting businesses.

The rules have done some of the risk assessment and treatment work for you.

They set out what is effectively a mandatory risk treatment plan for customer identification procedures. They list what information must be collected for different types of clients and how this information is to be verified.

These requirements are set out for individuals in part 4.2 of the rules, in part 4.3 for companies, in part 4.4 for clients who act in the capacity of a trustee of a trust, in part 4.5 for clients who act in the capacity of a member of a partnership, in part 4.6 for incorporated or unincorporated associations, in part 4.7 for registered co-operatives and in part 4.8 for Government bodies.

A very good start would therefore be to document these procedures in your existing risk treatment plan.

So what should I do now?

You will need to:

n appoint a person to run with this if you haven’t already done so — this is an important project and time is ticking;

n read AUSTRAC’s guidance note on risk management and AML/CTF programs;

n read chapter four of the rules (if you are only required to have a part B program);

n once you have prepared your program, document your procedures and make them accessible to your authorised representatives or your staff, as the case may be; and

n provide awareness training about AML/CTF and your new procedures.

On October 25, 2007, AUSTRAC released the format for the compliance report that reporting entities must lodge with AUSTRAC by March 31, 2008, reporting on activities between December 13, 2007, and December 31, 2007. This can be downloaded from the AUSTRAC website and will provide you with a benchmark to assess your current state of preparedness against.

‘Enforcement holiday’

It is important to note that the 15-month ‘enforcement holiday’ only applies:

n if the reporting entity is taking reasonable steps to comply with the legislation; and

n in relation to the civil penalty provisions for non-compliance and not to the criminal provisions.

If you’re not doing anything yet, you’d better get your skates on.

You could put an AML/CTF program on your Christmas list, but I doubt Santa has read the Act, and any gift would come two weeks too late. Good luck!

Grant Holley is partner at Holley Nethercote Commercial Lawyers.