Dear Sir/Madam, REVIEW OF THE AML/CTF REGIME - ISSUES PAPER We refer to the Issues Paper for the Review of the AML/CTF Regime dated December 2013.

Transcription

1 Australian Finance Conference Level 8, 39 Martin Place, Sydney, GPO Box 1595, Sydney 2001 ABN Telephone: (02) Facsimile: (02) April 2014 Issues Paper - AML/CTF Act Review Legislative Review and Mutual Evaluation Criminal Law and Law Enforcement Branch Attorney-General's Department 4 National Circuit BARTON ACT 2600 By to: amlreview@ag.gov.au Dear Sir/Madam, REVIEW OF THE AML/CTF REGIME - ISSUES PAPER We refer to the Issues Paper for the Review of the AML/CTF Regime dated December Background 1.1 This submission is made on behalf of the Australian Finance Conference (AFC) and its affiliated bodies the Australian Equipment Lessors Association (AELA), the Australia Fleet Lessors Association (AFLA) and the Debtor and Invoice Finance Association of Australia and New Zealand (DIFA). The AFC is a finance industry body comprising 60 plus member companies. AELA has around 80 members; and AFLA has 16 members. Members include finance companies, specialist equipment financiers and general financiers providing consumer, commercial (including small business) and wholesale credit facilities to clients, as well as banks, building societies and credit bureaux. DIFA represents 19 major providers of factoring and discounting services, also known as receivables finance. Membership lists for each of these bodies are attached. 1.2 The AFC and its affiliated bodies were heavily involved in the development of the current Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) and the AML/CTF Rules during Since then, we have had on-going liaison with AUSTRAC about AML/CTF issues relevant to the financial services industry and the development of AML/CTF Rules to facilitate the efficient operation of the regime. Overall, our Members believe that the current regime strikes a reasonable balance between, on the one hand, the need to combat money laundering and terrorism financing and to comply with Australia s international obligations and, on the other hand, the need for workable regulation that does not hinder the efficient conduct of business. However there are some areas where the regime could be enhanced to the benefit of financiers and their customers and to reduce regulatory burden on all users of financial services, without compromising the integrity of the AML/CTF regime. 2. Executive Summary Our response to the Issues Paper can be summarised as follows: 2.1 The AML/CTF regime should remain risk-based and the risk-based approach should be enshrined in the AML/CTF Act. 2.2 The modification and exemption provisions should remain in the AML/ACT Act and current exemptions should remain in place.

2 2.3 There should be targetted exemptions for secured equipment finance facilities on the basis that they present a very low money laundering and terrorism financing risk. 2.4 The requirements for collection and verification of customer identification should be made more flexible, in particular in relation to the sources from which information may be collected and verified. 2.5 The record keeping and record retention provisions should be modified. 2.7 The Government should support the availability of various sources of reliable and independent electronic data and trusted digital identities for customer identification purposes. 2.6 AUSTRAC should continue and enhance its current communication strategies. 2.7 Amendments could be made to the AML/CTF Act and other relevant legislation to achieve the appropriate balance between data security/privacy and the AML/CTF Act requirements. If you have any questions or would like further information in relation to the matters raised above, please contact Catherine Shand on (02) or by to catherine@afc.asn.au. Kind Regards, Yours truly, Ron Hardaker Executive Director 2

3 AFC MEMBER COMPANIES Alleasing AlliedCredit American Express ANZ t/as Esanda Automotive Financial Services Bank of Melbourne Bank of Queensland BMW Australia Finance Branded Financial Services Capital Finance Australia Caterpillar Financial Australia CNH Capital Commonwealth Bank of Australia Credit Corp Group CSI Leasing Australia De Lage Landen Dun & Bradstreet Experian Asia Pacific FlexFleet FlexiGroup GE Capital Genworth HP Financial Services HSBC Bank Indigenous Business Australia International Acceptance John Deere Financial Kubota Australia Finance Komatsu Corporate Finance Leasewise Australia Liberty Financial Lombard Finance Macquarie Equipment Rentals Macquarie Leasing Max Recovery Australia ME Bank Mercedes-Benz Financial Services MetroFinance Mr Rental Australia Nissan Financial Services Once Australia t/as My Buy PACCAR Financial Pepper Australia Pty Ltd Pioneer Credit Profinance RABO Equipment Finance RAC Finance RACV Finance Ricoh Finance Service Finance Corporation Sharp Finance SME Commercial Finance St. George Bank Suncorp SunPower Suttons Motors Finance Technology Leasing The Leasing Centre Thorn/Radio Rentals Toyota Financial Services Veda Volkswagen Financial Services Volvo Finance Westlawn Finance Westpac Wingate Consumer Finance Wide Bay Australia Yamaha Finance Professional Associate Members: CHP Consulting Clayton Utz Dibbs Barker Henry Davis York White Clarke 3/14 V1.0

4 AUSTRALIAN EQUIPMENT LESSORS ASSOCIATION Incorporated ABN GPO Box 1595 Sydney 2001 Level 8, 39 Martin Place Sydney 2000 Telephone (02) Facsimile (02) Website AELA MEMBER COMPANIES Alleasing Group ANZ Asset Finance Ashurst Australia Australian Structured Finance Bendigo Bank Leasing Division BMW Australia BOQ Finance (Aust) Bynx Australia CAFG Australease Camnet Canon Finance Australia Capital Finance Australia Caterpillar Financial Australia Catch-e CHP Consulting Cisco Systems Capital (Australia) Clayton Utz CNH Capital Australia Colin Biggers & Paisley Commercial Asset Finance Brokers Assoc. Commonwealth Bank of Australia CSI Leasing De Lage Landen DibbsBarker FlexiGroup Fuji Xerox (Finance) Australia GE Capital Henry Davis York Herbert Smith Freehills Holman Webb Lawyers HP Financial Services IBM Global Financing Insyston International Decision Systems Investec Bank (Australia) John Deere Financial Kemp Strang King & Wood Mallesons Komatsu Corporate Finance KPMG Lanier Australia Macpherson + Kelley Lawyers Macquarie Leasing Marubeni Finance (Oceania) Members Equity Bank Mercedes-Benz Financial Services Morris Finance National Australia Bank NetSol Technologies nlc Norton Rose Fulbright Australia PACCAR Financial Pepper Australia Pigott Stinson Lawyers Realtime Computing Ricoh Finance Service Finance SG Equipment Finance Sharp Finance Sofico Services Australia Spectra Financial Services St. George Bank Suncorp SunGard Asia Pacific The Leasing Centre (Australia) Thorn/RR Australia Toyota Finance Australia Traction Group Upstream Print Solutions Volvo Finance Westlawn Finance Westpac White Clarke Asia Pacific Xeberg Yamaha Motor Finance April 2014

5 DIFA MEMBERS 180 Group Bank of Queensland Bendigo Debtor Finance Bibby Financial Services Cash Resources Australia Cashflow Finance Australia GE Capital HSBC Bank Australia Key Factors National Australia Bank Scottish Pacific Debtor Finance St. George Bank Suncorp Working Capital Solutions Westpac Banking Corporation Associate Members Cashflow Funding Limited Lock Finance NZ Pacific Invoice Finance NZ Scottish Pacific Debtor Finance NZ Affiliate Members DLA Piper Australia FTI Consulting GlobalX Information Hall Chadwick Hermes Data Systems HPD Software Asia Pacific Ingenuity Systems Lowe Lippmann Piper Alderman Polczynski Lawyers Trace Personnel Gregory Clayton, Barrister & Solicitor April 2014

6 Australian Fleet Lessors Association Incorporated - ABN AFLA MEMBER COMPANIES Alphabet Fleet Management Custom Fleet Fleetcare FleetPartners FleetPlus LeasePlan Australia McMillan Shakespeare NLC ORIX Australia QFleet Selectus Sgfleet smartleasing StateFleet Summit Auto Lease Australia Toyota Fleet Management April 2014 Level 8, 39 Martin Place, Sydney, NSW, 2000 GPO Box 1595, Sydney, NSW, 2001 Telephone: (02) Facsimile: (02) Website:

7 Australian Fleet Lessors Association 7 April 2014 AML/CTF ACT REVIEW - RESPONSE TO AUSTRAC/ATTORNEY GENERAL S DEPARTMENT ISSUES PAPER DATED DECEMBER 2013 Responses to the Guiding Questions in the Issues Paper 1. OBJECTS OF THE ACT 1.1 To what extent are the objects of the AML/CTF Act, as expressed in section 3, appropriate and relevant? The objects of the AML/CTF Act are appropriate in the light of Australia s international obligations, including as a member of the Financial Action Task Force (FATF) and as a signatory to United Nations Security Council Resolutions, the United Nations Convention against Corruption and the United Nations Convention on Transnational Organised Crime. The objects could be expanded to include objectives that could be measured for achievement and reported back to reporting entities, other stakeholders and the public. 1.2 Are there any other objects that should be reflected in the AML/CTF Act? Given the importance of the risk-based approach to achieving a balance between regulation and the efficient conduct of business, we submit that the objects of the Act should include the risk-based approach to AML/CTF compliance. 2. THE RISK-BASED APPROACH AND BETTER REGULATION Risk-based and rules-based approaches 2.1 Is the scope of the AML/CTF regime and the obligations appropriately riskbased? The extent to which Australian laws can adopt a risk-based approach has been limited by the changes to the FATF Recommendations that came into effect in February This has been reflected in proposed changes to the AML/CTF Rules for Customer Due Diligence. The risk-based approach should be maintained to the maximum extent possible and no prescriptive creep should be allowed. The risk-based approach gives flexibility to reporting entities to address their particular industry risks and encourages consideration of these risks within their risk management framework. This in return enables them to address innovation in products and technology, and to be better able to manage their resources for AML/CTF purposes. 2.2 Are the requirements for an AML/CTF program adequate to assist reporting entities to mitigate and manage ML/TF risks? Generally yes. Part A of an AML/CTF compliance program is the overarching risk-based framework while Part B contains the more prescriptive KYC requirements that need to be implemented operationally. The mandatory requirement for the split in the content of a 1

8 compliance program between Part A and Part B may be unnecessary for all reporting entities. For those reading an AML/CTF compliance program, the splitting-out of customer identification (Part B) from the substantive text (Part A) can be confusing. We suggest that there be some consolidation of the general KYC requirements in Chapter 4 and the Ongoing Customer Due Diligence requirements in Chapter 15 in the requirements for Part B of an AML/CTF Program and in the Rules. 2.3 Are there barriers to the implementation of the risk-based approach and if so, what are they? The FATF Recommendations refer to a risk-based approach being taken by countries to identify, assess, and understand the money laundering and terrorist financing risks for the country; and by financial institutions when implementing AML/CTF policies and procedures. They also refer to reasonable measures, appropriate risk management systems and appropriate measures. These expressions have been reflected in the AML/CTF Act and Rules, but there is some uncertainty as to their meaning, particularly as only the term reasonable measures is defined in the Recommendations (and is proposed to be defined in the AML/CTF Rules as part of the upcoming new CDD Rules). This uncertainty can create a barrier to implementation of the risk-based approach where a financial institution is advised to take a conservative interpretation when implementing its AML/CTF obligations. We submit that AUSTRAC and the Attorney-General s Department in their role as Australia s representative bodies on FATF should advocate for the risk-based approach to continue to be accommodated in the FATF Recommendations and for potentially uncertain terminology such as appropriate to be avoided or clarified to the extent practicable. 2.4 Does the AML/CTF regime promote both an effective and proportionate response and approach to combating ML/TF risks? Overall, yes; but as noted above, the risk-based approach should be enshrined in the AML/CTF Act. 2.5 Do stakeholders support the rule-based (prescriptive regulation) approach compared with the risk-based approach? Our Members support the risk-based approach. 2.6 Are there particular obligations under the AML/CTF regime which stakeholders would benefit from increased prescription? No. The flexibility of the risk-based approach is preferred. Modifications and exemptions 2.7 Are there areas where exemptions or modifications have been granted that could be incorporated into the AML/CTF Act or AML/CTF Rules? It is submitted that all existing exemptions and modifications should remain in place, as should Sections 229, 247 and 248 of the Act which provide for general exemptions by way of Rules and for the AUSTRAC CEO to make specific exemptions and modifications. These provisions give flexibility to react to current internal and external influences on Australia and industries covered by the AML/CTF Act. The exemption in Chapter 39 from applicable customer identification procedures for premium funding loans for general insurance policies should remain. 2.8 To what extent have exemptions or modifications that have been granted by the AUSTRAC CEO reduced the compliance burden? (Information that measures, 2

9 quantifies or demonstrates the benefit in some form would be particularly useful in helping the Review assess the efficiency and effectiveness of this part of the AML/CTF framework.) Information about this is not readily available, but we are endeavouring to see what can be provided. Minimising regulatory burden on reporting entities 2.9 What other options may be considered to minimise or reduce regulatory burden on reporting entities in meeting their obligations under the AML/CTF Act? What are the potential benefits and limitations of the proposed measures? (a) Targeted exemptions We submit that there should be an exemption from the AML/CTF regime for all forms of equipment finance on the basis that it presents a very low ML/TF risk. We are not aware of any such facilities being used as part of ML/TF activities. Such an exemption could apply to secured personal loans and to secured equipment and motor vehicle facilities which do not allow cash drawdowns, do not accept cash payments, do not allow re-draws and which must be repaid by direct debit from an Australian ADI account. If a full exemption is not seen as appropriate, such products could be exempt from up-front customer due diligence requirements, but remain subject to all other requirements including the ongoing customer due diligence and suspicious matter reporting requirements. This would be consistent with the exemption in Chapter 39 from customer identification procedures for premium funding loans for general insurance policies. In the alternative, all secured personal loans and secured equipment and motor vehicle facilities (not just consumer finance leases and hire-purchase) of the type described above could be exempt if they are provided to a consumer as defined in the ASIC Act; or if they are below a threshold amount, such as $100,000. Exemptions of the kind outlined above would substantially reduce the regulatory burden on both our Members and their personal and business customers without, we submit, eroding the effectiveness of the Australia s AML/CTF laws. (b) Collection and verification of customer identification information We support amendments to the Rules to make the requirements for collection and verification of customer identification information more flexible, thereby reducing the regulatory burden on our Members. Any changes should not require reporting entities to change any procedures that are compliant with the Rules as they now stand. The Rules require customer identification information to be collected from the customer. This is not a requirement under the FATF Recommendations and does not reflect the fact that for many customers (particularly non-individuals) an appropriate source of some information may be an adviser (eg lawyer or accountant) or a search of government records such as the ASIC companies or business names registers. We submit that the reference to collecting information from the customer in Rule (and in the equivalent Rules for other customer types) should be removed. We submit that there should be greater flexibility around the practice of collecting customer identification information from sources such as the ASIC database. We also submit that there should be greater clarity about how information collected in this way can be verified, for example by sighting or obtaining a copy of an entity s constituent documents (such as its 3

10 memorandum and articles of association, constitution, rules or trust deed), its annual ASIC statement, minutes of directors or shareholder meetings, or a confirmation by one of the officers of the entity or its professional advisers. Any changes should not impose prescriptive requirements to use particular verification methods or documents. The risk-based approach should still apply in determining whether information in addition to the minimum information is to be collected and verified, as is currently the case under Rules and and equivalent Rules for other customer types. It is also suggested that the Rules and be expanded to apply to all medium or lower ML/TF risk customer types. This would give reporting entities more flexibility in their riskbased approach to the collection and verification of KYC information. (c) Record keeping We submit that there should be greater flexibility about how records can be kept. If there is uncertainty about whether a copy of a customer identification document must be kept, it would be beneficial for this to be clarified either in the Rules or in the Act. The regulatory burden of record keeping would be reduced if it was provided that even if a copy of a document is made (for example for ease of reference by customer service staff when verifying its contents) it should not be necessary for the copy to be kept, provided there is an adequate record of the procedure that was followed and of all relevant information that is collected and verified. (d) Record retention We support the reduction of the record retention period from seven to five years; however reporting entities should retain the ability to retain records for longer if required under other laws or for their own commercial purposes. The requirement in Section 113 of the Act to retain records for seven years after the reporting entity no longer provides any designated services to the customer is burdensome to many reporting entities that offer products that continue for many years (for example home loans, deposit products, credit cards and business overdrafts) or who provide a number of services to a customer over time and who may re-identify the customer during the course of the relationship. We submit that reporting entities should be required to retain customer identification information for a minimum of five years after it is collected In what circumstances would the inclusion of greater flexibility in the current AML/CTF regime s provisions for reliance assist reporting entities to undertake CDD measures in a cost effective way? Section 38 of the Act allows a reporting entity to rely on another reporting entity s customer identification procedures if certain requirements are met. These provisions are currently only available for licensed financial advisers and members of Designated Business Groups. We suggest that these provisions be expanded to allow related entities to be able to rely on each others CDD procedures even if not in a Designated Business Group To what extent do reporting entities currently use simplified due diligence measures? What options may be considered to extend the use of simplified due diligence measures? We understand that simplified measures are not widely used by Members. There is also uncertainty about what the words licensed [or for a trust registered ] and subject to the regulatory oversight of a Commonwealth, State or Territory statutory regulator in relation to its activities mean, which may have reduced Members ability to rely on these provisions. Simplified due diligence measures are only available for a narrow range of companies and trusts. We submit that these provisions should be expanded to a wider range of companies and trusts and the meanings of licensed companies and registered and trusts should be 4

11 clarified. Expansion and clarification of these provisions would simplify and assist in deregulating some aspects of the AML/CTF regime 3. REGIME SCOPE 3.1 Does the AML/CTF regime provide a framework to respond to new and emerging services and risks, such as offshore service providers? If not, how could the framework be enhanced? 3.2 Is the current range of designated services appropriate and is there scope for revision or enhancement? Tranche 2 of the AML/CTF legislation was intended to cover professional service firms and advisers, trust and company service providers, jewellers and those in the real estate industry. If the scope of the regime is expanded to cover these entities as a result of the statutory review, then financiers should be permitted to rely on customer due diligence carried out by them. In relation to Bitcoin, it has been suggested this type of service should be included as a designated service. 3.3 How should designated non-financial businesses and professions (DNFBPs) be regulated under the AML/CTF Regime? We have no comment on this question. 4. HARNESSING TECHNOLOGY TO IMPROVE REGULATORY EFFECTIVENESS 4.1 How might the development of online identity verification systems be harnessed to streamline and strengthen compliance with customer due diligence obligations under the AML/CTF Act? 4.2 What are the advantages and disadvantages of online identity verification, and how might the disadvantages and risks of this approach be addressed? 4.3 In what other ways can technology be used to support the objectives of the AML/CTF regime or reduce the compliance burden on business? (a) Background We support technology neutral AML/CTF legislation that facilitates the use of online identity verification, including by the use of electronic-based tools. We also support the maintenance and further development by the Attorney-General s Department of the Document Verification Service for use by private sector entities for AML/CTF verification of names, dates of birth and document numbers for government issued documents such as passports, citizenship certificates, visas, Medicare cards and driver licences. The Guiding Questions raise considerations at a range of levels. First, the use by reporting entities of online or electronic facilities directly or via identity-tool service providers, to verify KYC data (in particular for individual customers (name, residential address, date of birth)) collected either via paper-based means or electronic inputs at the outset of a transaction; and the use of these e-verification facilities through the life of a designated service to meet ongoing CDD obligations. Secondly, the move to create trusted digital identities for a person (whether an individual or a corporate entity) as the means by which a reporting entity (or Government agency) transacts with that person as an alternate to dealing with a person whose identity has been verified including via electronic means based on evidence of identity credentials outlined above. 5

12 The ability of our Members to verify customer identity utilising electronic means, either at the outset of the provision of a designated service or at various points in its life, is essential. Many of our Members operations are remote from their customer, so facilities that allow electronic verification of identity are not only essential to combat ML/TF and crimes including fraud perpetrated through a person assuming a false, stolen or fictitious identity, but for the conduct of their business more generally. Pressure from customer requirements has meant that the finance sector has had to develop an application processing system that is highly effective but streamlined to enable a quick turnaround of processing and decisioning while capturing all the information needed to manage a credit portfolio. The system needs to receive, validate and manage the flow of data and applications in a consistent, timely and cost-effective way. E- verification of customer identity information potentially provides financiers with a way to adopt streamlined processes that build on current commercial activities. Our Members have, from the outset of the development of the AML/CTF regime in , encouraged and supported inclusion of compliance processes which enable electronic means. The inclusion of the electronic-based safe harbour procedure for individual-customers of designated services categorised as medium or low risk has been particularly important. (b) Reliable and independent electronic data To support and give value to this process, we worked with the Government and commend the decisions were made to facilitate continuing access by reporting entities (either directly or via identity verification tool providers) to reliable and independent data sources in electronic form. This includes access to primary sources of the Commonwealth electoral roll and the IPND version of the telephone directory. It also includes a verification assessment process enabled by amendments to the laws which allows comparison of KYC identity information collected by the reporting entity against identify information held by a credit reporting bureau. More recently, it has resulted in the extension of the availability of the Government s Document Verification Service (DVS) to private sector reporting entities (again either directly or via gateway/identity verification tool providers) to support these electronic verification processes. In relation to the DVS, the $5,000 application fee may prevent wide uptake of the service. Currently identify verification tool providers can confirm a range of Government issued documents via their public web interface by screen scraping / web transacting. With the introduction of the DVS, authorities are moving to prevent this practice (access to NSW driver licences ends in May and Medicare will soon follow). This means entities who verify online will have to pay $5,000 (plus GST) to use the DVS. Another barrier is the cost per verification per data source. There is a demand for the cost structure to be a single cost incorporating a single verification request against multiple Government data sources. We suggest that the states and territories be encourage to adopt a cheaper and simpler approach to use of the DVS. Access and use of each of the personal information data sources for the purpose of assisting compliance with AML/CTF laws, a secondary purpose to the primary purpose of collection, has highlighted the policy tension that exists for Government and industry between data security or privacy laws in relation to personal information handling and other laws with a broader public interest policy objective (including AML/CTF). An individual s right to privacy needs to be balanced against other important public interests, including Australia s responsibility to protect its citizens from the perpetration of serious and organised crime including money laundering and terrorism financing. This is reflected in Australia s privacy laws through the inclusion of permissions that enable personal information to be handled by a reporting entity to meet an obligation or requirement contained in Australian law or for law enforcement purposes, without fear of an allegation of breach by the individual. The review of AML/CTF laws should not put at risk the continued availability and use for CDD compliance requirements of reliable and independent personal information identity data sources in electronic form (including those created and held by the Government). In our view, the obligations imposed on a collecting entity around use, disclosure and security as part of 6

13 enabling access by private sector entities to these datasets appropriately address privacy concerns. To enhance the value of the electoral roll to the e-verification process, in line with earlier submissions (including to the ALRC as part of its review of the privacy laws), we recommend that the Government use this review to facilitate access to date of birth as a data set included in the version of the electoral roll disclosed to authorised users for AML/CTF compliance purposes. At present, the data sets are restricted to name and residential address. To meet the safe harbour requirements, date of birth or transaction information also has to be verified from one reliable and independent source. By including date of birth in the permitted datasets for the electoral roll disclosure, it becomes a source that can be utilised to meet both components of the safe harbour process. It also has a privacy protective element by minimising the need for a regulated entity to have to explore a further data source (eg birth certificate information) to be able to verify DOB information provided by a customer. (c) Trusted Digital Identities We understand that there are moves at both a global and Australian level towards developing a framework to facilitate use of trusted digital identities. The aim is to reduce online fraud and identity theft by increasing the level of trust associated with identities in cyberspace. Our Members and others involved in electronic transactions (e.g. online banking, accessing electronic health records, accessing social security benefits) need to have a high degree of trust that the entity that they are interacting with is a known entity. A digital identity brings additional security in that it includes an authentication / encryption component to provide an element of uniqueness in the interface between the entity with the other party (including a reporting entity) and has the benefit of facilitating a trusted/unique identifier that may be used by the entity on an enterprise-wide basis minimising the requirement for a siloed approach requiring identification at each entry level which brings with it greater risk. In our view and based on material developed overseas 1, there are a range of benefits associated with trusted digital identifiers and a framework to support them, including enhanced privacy and increased security of identity through the through the use of encryption, improved access controls, and automation of provisioning processes. Improved customer service is also a basis for support. We acknowledge that, like traditional means of identity verification, fundamental to the trusted digital identifier is the veracity of the identification process that underpins the system. In short, the basis for placing trust hinges on the veracity of the process that has resulted in production of the digital identifier. While accepting this, we understand that the highly sophisticated checks and balances underpinning the process arguably minimise the opportunity for an individual or an entity to create a false identity. Therefore, we support in theory the process of facilitating the use or acceptance of trusted digital identifiers as part of the AML/CTF regime. 5. INDUSTRY MONITORING AND SUPERVISION 5.1 Does the supervisory framework support an effective, risk-based AML/CTF regime and compliance with the AML/CTF framework? We have no comment on this question. 1 State Identity Credential & Access Management Guidance Map published by the National Association of State Chief Information Officers) (NASCIO) and available at: 7

14 5.2 Is AUSTRAC s monitoring of compliance targeted, proportionate and riskbased? Comment has been made by one of our larger Members that the supervisory approach has deteriorated over the last 3-5 years due to budget and funding cuts affecting AUSTRAC; such that AUSTRAC staff may not have sufficient capability and capacity to appropriately evaluate a reporting entity s business and ML/TF risk profile. The focus by AUSTRAC is still on what compliance should look like by their interpretation and how effective it is in practice, the riskbased approach requires the regulator to have capability and capacity to evaluate a reporting entity on its interpretation of compliance for its sector and services. 5.3 How effectively does AUSTRAC communicate with reporting entities and industry associations to ensure they have a sound understanding of their legal obligations under the AML/CTF regime? AUSTRAC publications such as Guidance Notes, the Regulatory Guide, Typologies and Case Studies Reports, Strategies, Information Booklets (including the Summary of Identification and Verification Requirements for Low Risk Customers ) provide useful reference material for reporting entities. We suggest this material could be rationalised somewhat as it be difficult to locate a particular publication when searching the AUSTRAC website. The AUSTRAC e-news s are also useful. We support the continuation of the half-yearly Financial Consultative Forum meetings chaired by the AUSTRAC CEO and attended by industry and government representatives as well as senior AUSTRAC staff. It has been suggested that AUSTRAC provide information about the emerging ML/TF risk of Bitcoin, beyond just classifying it in the 2012 Typologies and Case Studies Report as a potential vulnerability (via digital currencies and virtual worlds). Financial institutions may be put in a vulnerable position when offering designated services to this industry and it may be appropriate for such products to be included as designated services in the AML/CTF Act. It is also suggested that information on emerging risks be provided more frequently than once a year via the Typologies and Case Studies Reports. 5.4 To what extent does the current Designated Business Group (DBG) approach work to help reporting entities to engage with AUSTRAC and comply in an efficient way that reduces the compliance burden? We understand that the DBG approach is working for those of our Members that are part of DBGs. 5.5 Are changes required to promote better regulation at the corporate group level? 5.6 Are there other approaches AUSTRAC can employ to assist reporting entities to improve compliance? We have no comment on these two questions. 6. ENFORCEMENT 6.1 How effective and proportionate is the enforcement regime, particularly in promoting compliance? 6.2 What additional or alternative powers would encourage compliance and /or facilitate enforcement? By way of example, is there scope to increase the use and application of infringement notices? 8

15 6.3 How effectively does AUSTRAC use its enforcement powers? We have no comment on these three questions. 7. REPORTING OBLIGATIONS 7.1 To what extent are the existing transaction reporting obligations appropriate in achieving the objectives of the AML/CTF regime? We submit that the current monetary threshold of not less than $10,000 for threshold transaction reports should be provided for in Regulations or the Rules to allow flexibility to increase it in the future if appropriate. 7.2 How can the reporting regime be strengthened or enhanced? 7.3 What are the issues, constraints and limitations of the transaction reporting obligations? 7.4 Is there scope to vary or impose further thresholds and, if so, what is the evidence to support variation? 7.5 Are the cross-border movement reporting obligations appropriate and how can they be strengthened or enhanced? We have no comment on these four questions. 7.6 Do reporting entities receive appropriate feedback from AUSTRAC and its partner agencies on the benefits, value and purpose of transaction reporting? How could feedback be improved? More timely and detailed feedback on the benefits and value of reporting to AUSTRAC would be useful, for example when it has led to successful prosecutions for money laundering or tax evasion. We understand that this may not be possible due to operational considerations and because reports from one reporting entity may only be one part of a picture that is built-up of transactions carried out over time by a customer. However we submit that more detailed information and specific feedback should be made available by AUSTRAC to reporting entities. 7.7 Does this feedback and other information assist reporting entities to detect high risks and assist in meeting their AML/CTF obligations? Information in the Typologies and Case Studies Reports is of a fairly general nature. More detailed information would be of assistance to reporting entities in tailoring their AML/CTF compliance programs and training material to assist in detecting high risk situations. 8. SECRECY AND ACCESS 8.1 Do the current secrecy and access arrangements strike the right balance between protecting sensitive AUSTRAC information and allowing the use of AUSTRAC information to achieve AML/CTF and other government objectives? We have no comment on this question. 8.2 Has the tipping-off offence worked as intended? If not, what improvements can be made? The tipping-off provision in its current form may unduly restrict the sharing of information within a corporate group. An expansion of the circumstances when this information could be shared 9

16 without breaching privacy laws or jeopardising an ongoing investigation would make it more practical for corporate groups. 9. PRIVACY AND RECORD KEEPING 9.1 Does the current AML/CTF framework provide adequate provisions for safeguarding personal information? 9.2 Can technological solutions assist with the collection, verification and storing of personal information and what are the privacy implications? 9.3 Are the record-keeping obligations sufficient and proportionate for AML/CTF purposes? We support initiatives that ensure consistency of record keeping obligations with equivalent regulatory provisions to ensure a workable approach to documentation and record retention. There is a policy tension for Government and industry between data security or privacy laws in relation to personal information and other laws with a broader public interest policy objective (including the AML/CTF laws). An individual s right to privacy must be balanced against other equally important public interests, including Australia s responsibility to protect citizens from the perpetration of serious and organised crimes. This is reflected in Australia s privacy laws through the inclusion of permissions that enable personal information to be handled by a regulated entity to meet an obligation or requirement contained in Australian law or for law enforcement purposes without fear of an allegation of breach by the individual. It is also stated in the objects provision (s. 2) included in the amendments to the Privacy Act (effective from 12 March 2014). We noted above that technological solutions (including electronic verification and trusted digital identifiers) can facilitate the deterrence of money laundering and terrorism financing in a manner that protects the security of an individual s personal information better than compliance based around more manual and paper-based information management. The combination of the requirements of the AML/CTF laws coupled with our Members overriding obligations under the Privacy Act, either in relation to the general information handling principles (APPs) or the more prescriptive credit reporting provisions, provide an appropriate level of protection. The enhanced risk of sanction following breach and stronger enforcement powers given to the Information Commissioner as regulator of the Privacy Act are important developments when considering the appropriateness of current legislative protections. On a more specific level, we note the comments made by FATF which saw revision to some of the 2003 Recommendations in the current FATF Recommendations. In short: Data protection and privacy rules can in some cases limit the implementation of AML/CFT requirements, and a number of different FATF Recommendations may be affected. The FATF is aware that the interplay between AML/CFT and data protection requirements is of particular concern for international financial services groups seeking to transfer information across borders for consolidated AML/CFT risk management, and has considered how to ensure that such cross-border flows of information are permitted, subject to appropriate safeguards. It was also noted in the course of work on this issue that there is considerable scope to reduce any potential conflicts between AML/CFT objectives and data protection rules in many countries through better coordination. While supportive of the FATF s position, there is a challenge for financiers that are part of international financial services groups with the enhanced compliance obligations that apply 10

17 under Privacy Principle APP 8 for disclosures off-shore. This results from the inclusion of the qualification of the permission for a disclosure required or authorised by law with the term Australian law. If a financier based in Australia looks to disclose information about an individual in response to a request from an off-shore entity to support that entity s compliance with the AML/CTF laws applicable in its jurisdiction, the question for the disclosing entity is whether this is required or authorised by Australian law. If it is not, then the Australian-based disclosing entity will have to be able to satisfy itself that another permission within APP 8 supports its disclosure to minimise allegations of interference with the individual s privacy. In relation to the potential application of APP 2 Anonymity & Pseudonymity and in the interests of compliance certainty, we also note that, in line with the FATF Recommendation 10, it may be useful for the Government to include a provision in Australian law that financial service providers are prohibited from keeping anonymous accounts or accounts in obviously fictitious names. While our Members would argue that that the mandatory requirement to give individuals the option to deal with them anonymously contained in APP 2 does not apply (under APP 2.2(b)) as it is impracticable for financiers to deal with individuals who have not identified themselves or have used a pseudonym, an allegation of breach may come down to legal arguments around what is impracticable. In the interests of compliance certainty and in line with FATF s expectations, we recommend the inclusion of a prohibition from transacting anonymously or via a pseudonym/fictitious name to facilitate our Members being able to defend an allegation of breach by relying on APP 2.2(a). 10. INTERNATIONAL COOPERATION 10.1 Do Australia s arrangements under the AML/CTF regime provide an adequate framework to enhance international cooperation? We have no comment on this question Are there areas where the framework could be enhanced or expanded to strengthen international cooperation on AML/CTF? Reporting entities could be more informed by AUSTRAC about offshore intelligence covering emerging ML/TF risks so that they can be more responsive in implementing measures to mitigate these risks and potentially suspicious customer behaviours. *********************************************** 11

18 GLOSSARY AML/CTF Act AML/CTF Rules ASIC Act CDD Anti-Money Laundering and Counter-Terrorism Financing Act 2006 Anti-Money Laundering and Counter-Terrorism Financing Rules Australian Securities and Investments Commission Act 2001 Customer due diligence FATF Recommendations Financial Action Task Force Recommendations on Combating Money Laundering and the Financing of Terrorism and Proliferation, 2012 KYC ML/TF Know your customer Money laundering and terrorism financing 12