li1 1:J l\\','iii moving money for better 28 February 2014 Issues Paper- AML/CTF Review Legislative Review and Mutual Evaluation Criminal law and Law Enforcement Branch Attorney General's Department 4 National Circuit BARTON ACT 2600 By post and email: amlrev/ew@ag.gov.au Dear Sir/Madam, Review of the AML/CTF Regime -Issues Paper: Western Union Submission Western Union Financial Services (Australia) Pty Limited (Western Union) welcomes the opportunity to make this submission in response to the statutory review of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth)(AML/CTF Act). We have pleasure in presenting our formal submission to the AML/CTF Act review at Appendix 1. We set out below an Executive Summary of the key points in our submission. INTRODUCTION Guiding Principles for the Review We understand the critical role that the AML/CTF Act plays In combating money laundering and terrorism financing (ML/TF) risks in Australia. As a global leader in cross-border money transfer and payment services and a remittance network provider (RNP) that Is registered on the Remittance Sector Register maintained by AUSTRAC, Western Union appreciates that Australia needs a robust and effective AML/CTF regime to address and combat these risks. In doing so, it provides a legal framework which is 'designed to make the Australian financial system hostile to these money laundering, terrorism financing and other criminal threats'. 1 We support the 'Guiding Principles' that the Attorney-General's Department (AGs) and the Australian Transaction Reports and Analysis Centre (AUSTRAC) has set to guide the review. Specifically, we agree that the review should be guided by the need to create a financial environment that is hostile to Ml/TF risks and to serious and organised crime and tax evasion, ensures that Australia fulfils its international obligations, supports the better regulation agenda to simplify the regulatory burden on reporting entities, and works in 1 Review of the AMt/CTF Regime -Issues Paper (2013), page 8.
partnership with industry, the states and territories to promote a national effort to maintain an effective AML/CTF regime. As an RNP that operates a remittance network which makes available designated remittance services to customers in Australia, we recognise that we play an important role in combatting Ml/TF risks. We take our responsibilities and obligations under the AMi./CTF Act seriously and we have the same expectations of the affiliates that we appoint to offer Western Union-branded remittance services under our remittance network. Fostering Financial Inclusion The offering of formal remittance services through remittance networks (such as those operated by Western Union) plays an important role in enhancing and facilitating financial Inclusion for under-served and underprivileged consumers who have a real need to send or receive money to or from family members and other loved ones. The legal framework of the AML/CTF Act should strike the balance between combatting ML/TF threats and supporting greater financial inclusion for consumers and businesses (especially VSEs and SMEs). An effective AML/CTF regime would be enhanced if these financial products/services are provided by financial institutions (Fis) or regulated entities that are subject to regulation and regulatory oversight in line with the FATF Recommendations. Remittances are essential to address poverty and generate economic development in many countries around the world. As a global industry, remittances are strongly associated with migrant populations sending money to family members and other loved ones in their home countries. With a_n estimated 232 million migrants living outside their home countries, remittance providers are essential for migrants to remain connected with their families as they work to improve their economic conditions. Globally, the world's 232 million international migrants are estimated to remit earnings worth $550 billion In 2013 and over $700 billion by 2016, including approximately $8.7 billion from Australia. 2 The developing world is expected to receive $414 billion of this total amount. Formal remittance channels provide senders with a reliable, affordable and convenient way to send much-needed funds to their family and loved ones. In this context, the statutory review of the AML/CTF Act provides a unique forum and opportunity to ensure that the rules and regulations included in the AML/CTF Act achieve the dual objectives of combatting ML/TF risks and facilitating financial inclusion and that it remains appropriate, proportionate and commensurate with the potential threats faced. EXECUTIVE SUMMARY 1. Financial inclusion to be included as express object of AML/CTF Act: The AML/CTF Act does not currently include financial inclusion as an express object of the Act. The Financial Action Task Force (FATF), in its official Guidance on Anti-Money Laundering and Terrorist Financing Measures and Flnanc/altncluslon, argues that financial inclusion should be central to any effective and comprehensive AML/CTF regime. Western Union agrees with this assessment. An AML/CTF regime that allows for the adoption of a risk-based approach (RBA) - e.g. through simplified customer due diligence (COD) and 'know your customer' (KVC) requirements for lower risk products/services and customers- provides an appropriate framework within which can be achieved the dual purposes of financial inclusion and an effective and robust AML/CTF regime. 2 World Bonk's Migration imd Development8rief(2013). page2
Measures designed to increase financial inclusion by allowing more financial products/services to be provided through the formal financial system can serve to enhance transparency over those products/services and increase the regulators' visibility of them. Any ML/TF risks arising from greater financial inclusion can be addressed, and solutions found, through ongoing dialogue and cooperation between national regulators, financial service providers, law enforcement agencies and AML/CTF inter-governmental groups. We view financial inclusion as being integral to the enhancement of the security and integrity of the formal financial system and should be included as an express object of the AML/CTF Act. 2. RBA assists object of financial inclusion: Adopting the RBA for its AML/CTF regime assists Australia to build a more inclusive financial system by allowing FSPs to apply certain simplified AML/CTF measures to those who present a low or lower ML/TF risk. It avoids excessive, disproportionate and unnecessary requirements, particularly insofar as they operate to prevent or limit access to formal financial services for underserved consumers and businesses. Under the RBA, a reporting entity must take enhanced measures to manage and mitigate those risks where the identified risks are higher. Similarly, where the risks are lower, simplified measures may be adopted. Under the RBA, the intensity and comprehensiveness of the measures depend on the level and nature of the risks identified. Increasing financial inclusion through a measured and proportionate approach to AML/CTF safeguards can reduce the number of transactions conducted through the informal financial system. Those transactions are not visible and transparent to regulators and so not subject to regulatory oversight and supervision. We recommend that regulators provide greater guidance to those reporting entities that currently overestimate the ML/TF risks or adopt overly cautious or conservative control measures in response to those risks (see also Point 3 below). 3. Bank account closures- unintended consequence of over cautious AML/CTF control measures: Banking community in some countries (e.g. New Zealand/Pacific Islands) has elected to close or not open bank accounts for MTOs. Risk management appears to be the key reason behind the difficulties that non-bank MTOs are experiencing in trying to maintain/open bank accounts and other banking services. Many of them perceive non-bank MTOs as 'high risk' businesses. Because revenues derived from non-bank MTOs is relatively small, banks often simply choose not to offer services to them rather than make an appropriate risk-based assessment of the MTO's operations. An important consideration is often ignored: MTOs,being reporting entities, are subject to regulatory oversight under the AML/CFT Act and are required to comply with the same stringent obligations under the AML/CFT Act and Rules as do the banks themselves. Given the recent spotlight on ML/TF threats and increased regulatory scrutiny, it Is understandable that banks are adopting a more conservative approach to ensure compliance with AML/CFT requirements. But such approach should not make it difficult for non-bank MTOs to continue their ordinary remittance businesses and operate bank accounts, provided they meet appropriate standards in terms of financial probity and compliance with applicable regulations, including AML/CFT legislation. We recommend that regulators provide clearer guidance to reporting entities to design appropriate risk-based AML/CTF control measures so as to foster greater financial inclusion through acceptance of business from non-bank MTOs. i'f. :r.... page 3
4. Minimising regulatory burden on reporting entities Upholding the effectiveness of AML/CTF control measures, while looking for opportunities to minimise the regulatory burden on reporting entities, should be a key focus of any proportionate AML/CTF regime. Provided that FSPs have conducted a proper risk assessment of its operations to understand,identify and assess ML/TF risks relevant to its activities, they should have flexibility to design appropriate measures/controls to address and mitigate those risks in a manner which is commensurate with the risks Identified and assessed. An effective RBA system can help to reduce the regulatory burden on reporting entities by allowing it to place greater focus and emphasis on higher risk customers, customer segments,products, channels and geographies. FATF has publicly stated that there should be scope for relaxed obligations for transactions under $1,000. We agree with this proposal. Reporting entities should be allowed to apply simplified CDD/KYC processes to select groups of 'lower risk' customers or customer segments based on a proper evaluation of the relevant risks. * * * * Western Union welcomes further dialogue on any of the comments or matters that we have raised in this submission. At the appropriate time, we would be happy to meet with the Attorney-General's Department and AUSTRAC in person to further share our thoughts. Please do not hesitate to contact Lynne Walker on the below contact details: Lynne Walker Regional Director, AML Compliance, Oceania Global Compliance Lynne.Walker@westernunian.com Direct:+ 612 9226 9185 Yours sincerely Lynne Wall<er Regional Director, AML Compliance, Oceania & Designated Compliance Officer of WUFSA Western Union Financial Services (Australia) Pty Ltd Danh Nguyent Senior Counse and Vice President,Asia Pac1f The Western Union Company Encl: Appendix 1 - Western Union Comments & Recommendations page4
Appendix 1: Review of the AML/CTF Regime Issues Paper Western Union Comments and Recommendations Part 3 Issues for Consideration Guiding Questions 1. Objects of the AML/CTF Act Western Union Comments Additional Object - Financial Inclusion Western Union Recommendations Financial Inclusion as Additional Object To what extent are the objects of the AML/CTF Act, as expressed in section 3, appropriate and relevant? Are there any other objects that should be reflected in the AML/CTF Act? We support the current objects of the AML/CTF Act, namely to deter, detect and combat serious and organised crime, money laundering and terrorism financing. We also support the other policy objectives of the AML/CTF regime which sets up a regulatory framework that supports domestic and international efforts to combat ML/TF and serious crime, but which does not impose unnecessary regulatory burdens on Australian businesses, among others. We also support the proposed new objects outlined in Part 3 of the Issues Paper. We note that the AML/CTF Act does not currently have financial inclusion as an express object of the Act. The Financial Action Task Force (FATF), in its official Guidance on Anti-Money Laundering and Terrorist Financing Measures and Financial Inclusion, argues that financial inclusion should be central to any effective and comprehensive AML/CTF regime. We agree with this assessment. Financial inclusion, as it is most commonly understood, involves providing access to an adequate range of safe, convenient and affordable financial services to underserved consumers and businesses, including low income, rural sector and undocumented groups in developing and developed countries, and who have been In addition to the objects outlined in the AML/CTF Act and the new objects proposed to be included in Part 3 of the Issues Paper, we recommend that the objects of the AML/CTF Act, as expressed in Section 3, should include the following additional object: To promote and foster financial inclusion by facilitating better access to formal financial products and services for financially excluded and underserved consumers and businesses, without compromising the existing measures in this Act for the purpose of combatting money laundering and terrorism financing risks. We recommend the object of financial inclusion be expressly recognised as a key component of any effective AML/CTF regime. 12 2
excluded from the formal financial sector. It also involves making a wider range of financial products and services available to individuals who currently only have access to very basic financial products. Finally, financial inclusion should also be seen as ensuring access to appropriate financial products and services at an affordable cost in a fair and transparent manner. An effective AML/CTF regime would be enhanced if these financial products/services are provided by financial institutions (FIs) or regulated entities that are subject to regulation and regulatory oversight in line with the FATF Recommendations. An AML/CTF regime that allows for the adoption of a risk-based approach (RBA) for example, through simplified customer due diligence (CDD) and know your customer (KYC) requirements for lower risk products/services and customers, etc. provides an appropriate framework within which can be achieved the dual purposes of financial inclusion and an effective and robust AML/CTF regime. Importantly, we are not advocating that CDD requirements be dispensed with; simply, that appropriate risk-based CDD/KYC processes apply depending on the level of risk identified and assessed to facilitate greater financial inclusion. Ultimately, Western Union sees financial inclusion as being integral to the enhancement of the security and integrity of the formal financial system. As such, it ought to form a key component of the Australian AML/CTF regime. We agree with FATF that these should be complementary national policy objectives. The flexibility afforded by an AML/CTF Act regime through adoption of the RBA helps a reporting entity to create AML/CTF programs and procedures that include appropriate systems and controls to combat ML/TF risks, while at the same time allowing 12 3
2. The risk-based approach and better regulation Is the scope of the AML/CTF regime and the obligations appropriately riskbased? Are the requirements for an AML/CTF program adequate to assist reporting entities to mitigate and manage ML/TF risks? for the expansion of formal financial products and services and facilitating greater access to those products and services by underserved consumers and businesses. In their joint Financial Access Report in 2009, the World Bank and the Consultative Group to Assist the Poor argued for greater financial inclusion which it considers extend beyond access to traditional banking services to also include other transactional financial or payment services, such as domestic or cross-border remittance services. It also argues that, to be effective, financial inclusion policies should be comprehensive, addressing the main barriers to financial inclusion that consumers face. Measures designed to increase financial inclusion by allowing more financial services and products to be provided through the formal financial system can only serve to enhance transparency over those products and services and increase the regulators visibility of them. Any ML/TF risks arising from greater financial inclusion can be addressed, and solutions found, through ongoing dialogue and cooperation between national regulators, financial service providers, law enforcement agencies and AML/CTF inter-governmental groups, and ensuring that compliance with FATF Recommendations remains a priority. RBA Assists Object of Financial Inclusion Challenges can and do arise in relation to finding the right balance between risk-based and rules-based approaches to AML/CTF regulation. In the main, we support the RBA adopted by, and that underpins, the AML/CTF Act. Flexibility of measures adopted based on proper risk assessments conducted is preferred over onerous and prescriptive rules that make it difficult to accommodate differences and changes - in customers, products, channels, technologies, risks, etc - over time. AUSTRAC to Develop Guidance We recommend that AUSTRAC issue formal guidance to provide greater clarity around how the AML/CTF Rules ought to be applied and setting out clear guidelines for use by reporting entities when designing their AML/CTF control measures, including those that impact MTOs and their banking service requirements. Such 12 4
Are there barriers to the implementation of the risk-based approach and if so, what are they? Does the AML/CTF regime promote both an effective and proportionate response and approach to combating ML/TF risks? Do stakeholders support the rulebased (prescriptive regulation) approach compared with the riskbased approach? Are there particular obligations under the AML/CTF regime which stakeholders would benefit from increased prescription? Adopting the RBA for its AML/CTF regime assists Australia to build a more inclusive financial system by allowing financial service providers to apply certain simplified AML/CTF measures to those who present a low or lower ML/TF risk. It avoids having excessive, disproportionate and unnecessary requirements, particularly insofar as they operate to prevent or limit access to formal financial services for underserved consumers and businesses. The general principle underpinning the RBA is that where there are higher risks, a reporting entity must take enhanced measures to manage and mitigate those risks. Similarly, where the risks are lower (and there is no suspicion of ML/TF risks), simplified measures may be adopted. Under the RBA, the intensity and comprehensiveness of the measures depend on the level and nature of the risks identified. It requires reporting entities to take a more enhanced and focused approach in areas where there are higher risks, and allows them to take a more simplified approach in areas where the identified risks are lower. The key to an effective RBA is that a reporting entity understands, identifies, assesses and documents the ML/TF risks that are relevant to its activities. Further, increasing financial inclusion through a measured and proportionate approach to AML/CTF safeguards can reduce the overall number of transactions conducted through the informal financial system. Those transactions are not visible and transparent to regulators and so not subject to regulatory oversight and supervision. guidance will provide comfort to reporting entities and support financial inclusion. An overly prescriptive and non-risk based approach can lead to this unintended consequence. In this regard, we believe that regulators and supervisors have an important role to play in providing greater 12 5
guidance to those reporting entities that currently overestimate the ML/TF risks or adopt overly cautious or conservative control measures in response to those risks. In exercising its supervisory functions and as part of any audits it performs on reporting entities that are money transfer operators (MTOs), AUSTRAC should be able to ensure that the MTOs have in place robust and effective AML/CTF programs which meet the minimum regulatory requirements. If an MTO falls short of the requirements, then AUSTRAC will be able to exercise its enforcement powers. We believe that regulatory authorities can play a crucial role in ensuring that the policy objective of maintaining a robust and internationally compliant AML/CFT regime is not undermined by the inconsistent application of CDD standards across industry sectors. We believe AUSTRAC can provide greater clarity around how the AML/CTF Rules ought to be applied by issuing formal Guidance and setting out clear guidelines for use by reporting entities when designing their AML/CTF control measures, including those that impact MTOs and their banking service requirements. Bank Account Closures Unintended Consequence of Over Cautious Control Measures The banking community in some countries (e.g. New Zealand) has elected to close or not open bank accounts for MTOs. And this, despite our offer to have an open dialogue with them to create the appropriate standards in servicing the money services businesses. Our impression is that risk management appears to be the key reason behind the difficulties that non-bank MTOs are experiencing in trying to maintain or open bank accounts and other banking services. While banks do not formally report that non-bank MTOs 12 6
present a uniform or unacceptably high risk of ML/TF or sanction violations, it appears that many of them perceive non-bank MTOs as high risk businesses. Because the revenue that non-bank MTOs bring to banks is relatively small, especially in the case of the smaller MTO players, banks often simply choose not to offer services to MTOs rather than make an appropriate risk-based assessment of the MTO s operations. An important consideration is often ignored in this context: MTOs, being reporting entities, are subject to regulatory oversight under the AML/CFT Act and are required to comply with the same stringent obligations under the AML/CFT Act and Rules as do the banks themselves. This problem has become particularly acute in recent times, particularly as a result of the fall-out of the financial crisis where a number of large, well-respected FIs have suffered negative press due to financial mismanagement, money laundering and fraud investigations. Given the recent spotlight on ML/TF threats and increased regulatory scrutiny, we understand that it is prudent for banks to adopt a more conservative approach to ensure compliance with AML/CFT requirements. However, such an approach should not make it difficult (if not impossible) for legitimate non-bank MTOs to continue their ordinary remittance businesses and operate bank accounts so long as they meet appropriate standards in terms of financial probity and compliance with applicable regulations, including AML/CFT legislation. 12 7
3. Modifications and exemptions We do not have any specific comments in relation to this section. Are there areas where exemptions or modifications have been granted that could be incorporated into the AML/CTF Act or AML/CTF Rules? To what extent have exemptions or modifications that have been granted by the AUSTRAC CEO reduced the compliance burden? (Information that measures, quantifies or demonstrates the benefit in some form would be particularly useful in helping the Review to assess the efficiency and effectiveness of this part of the AML/CTF framework.) 4. Minimising regulatory burden on reporting entities What other options may be considered to minimise or reduce regulatory burden on reporting entities in meeting their obligations under the AML/CTF Act? What are the potential benefits and limitations of the proposed measures? In what circumstances would the inclusion of greater flexibility in the current AML/CTF regime s provisions for reliance assist reporting entities to undertake CDD measures in a cost effective way? To what extent do reporting entities currently use simplified due diligence measures? What options may be Minimising the Regulatory Burden through the RBA Upholding the effectiveness of AML/CTF control measures, while looking for opportunities to minimise the regulatory burden on reporting entities, should be a key focus of any proportionate AML/CTF regime. Provided that a financial service provider has conducted a proper risk assessment of its operations to understand, identify and assess ML/TF risks or threats relevant to its activities, it should be allowed the flexibility to design appropriate measures and controls to address and mitigate those risks in a manner which is commensurate with the risks identified and assessed. An effective RBA system can help to reduce the regulatory burden on reporting entities by allowing it to place greater focus and emphasis on higher risk customers, customer segments, products, channels, Simplified CDD and Reliance Concept to be Extended Beyond DBGs We recommend that reporting entities be allowed to apply simplified CDD/KYC processes to select groups of lower risk customers or customer segments based on a proper evaluation of the relevant risks. We also recommend that the concept of reliance, which is currently only available to reporting entities as part of a DBG, be expanded to apply more generally. So long as the CDD/KYC process has been properly conducted by reporting entity A in accordance with the AML/CTF Act and AML/CTF Rules, then reporting entity B should be able to rely on the CDD/KYC process already conducted 12 8
considered to extend the use of simplified due diligence measures? geographies, and so on. For example, we note that FATF has publicly stated that there should be scope for relaxed obligations for transactions under $1,000. The current need to identify and verify customers for one-off, insignificant transactions is onerous. Related to this, we note that this would also support the overall goal of greater financial inclusion for underserved consumers. by reporting entity A for money transfer transactions of less than $1000. Reliance Concept to be Extended Reporting entities should be given the scope to rely on the CDD/KYC process already completed by another reporting entity for lower value transactions, such as a one-off money transfer transaction of under $1,000. In this case, the customer could simply be asked to produce a transaction card issued by their bank/fi. This could be accommodated and justified on the basis that the Bank/FI would already have performed CDD/KYC on the customer before issuing the transaction card to him or her. Transaction monitoring triggers could then be used to ensure that if the same customer hits total transfer value of $1,000, the full identification and verification procedure will be conducted. Under the current regime, the concept of reliance is only available to reporting entities if they form a designated business group (DBG) under Section 38 of the AML/CTF Act and Part 7.3.2 of the AML/CTF Rules. 12 9
5. Regime scope Does the AML/CTF regime provide a framework to respond to new and emerging services and risks, such as offshore service providers? If not, how could the framework be enhanced? Is the current range of designated services appropriate and is there scope for revision or enhancement? How should DNFBPs be regulated under the AML/CTF Regime? Consistent Application of Minimum Standards Industry level controls are only as strong as their weakest link. To that end, relying on the adequacy of a foreign AML/CTF regime, alone, without further parameters and minimum standards creates control gaps that will (if they do not already) attract those customers looking for lesser levels of transparency and regulatory scrutiny. So while there remain valid and reasonable grounds for maintaining and promoting off-shore online service providers to ensure accessibility and consumer choice as well as encourage greater competition, we believe some level of standardisation of minimum standards should be applied, both in terms of: Ensure Minimum Standards Applied to Offshore Online Service Providers In relation to online service providers who make available online remittance/financial services to consumers based in Australia, we recommend that there should be some standardisation of minimum standards in the areas of: (a) the controls to apply to these online service providers providing services to Australian consumers from offshore; and (b) the foreign AML/CTF regimes under which they may be able to operate. (a) the controls to apply to these online service providers providing services to Australian consumers from offshore; and (b) the foreign AML/CTF regimes under which they may be able to operate. 12 10
6. Harnessing technology to improve regulatory effectiveness How might the development of online identity verification systems be harnessed to streamline and strengthen compliance with customer due diligence obligations under the AML/CTF Act? What are the advantages and disadvantages of online identity verification, and how might the disadvantages and risks of this approach be addressed? In what other ways can technology be used to support the objectives of the AML/CTF regime or reduce the compliance burden on business? Advancements in Technology Rapid advancements in technology and online services provide additional innovative opportunities to expand the ease and comfort with which financials services may be provided by service providers and acquired by consumers. At the same time, these same advancements are creating new types of services and servicing constructs that are challenging the effectiveness and relevance of the existing controls and standards. It is important for the regulatory environment to be focused on the layering risks associated with online products, and not be distracted by obsolete or no longer relevant controls that are mainly targeted for integration and placement type activities. To that end, an enhanced value should be placed on the verification that reputable and registered FIs may have already completed, and allow other FIs to leverage such verification for transactions of under $1,000. New technology advancements in the acceptance of payment forms online, such as 3D Secure tools, provide a very high level of confidence that the identity of the payer is that of the person verified by the FI that initially issued the payment form. Greater Access to EV Tools To facilitate reporting entities with better access to EV tools, we recommend that the Government expedite its planned initiatives to make more readily available and reliable EV tools (based on government-held data) to the regulated population so that they can make full use of these tools and to ensure more efficient identification and verification of customers. Electronic Verification (EV) Tools 12 For many years, the financial industry has evolved and strengthened its processes and tools and developed a sound capability to validate the identity of transacting customers over the phone. Online verification tools have the opportunity to build upon these processes and tools by enabling the sharing of experiences and data sources in an easier and more conducive manner. While identity theft and account takeover risks will continue to increase, technology should also continue to evolve and provide the tools to mitigate these risks. A supportive regulatory environment that actively participates in enabling these tools and providing clear guidance and common standards will be a critical succes1 s 1 element.
7. Industry monitoring and supervision Does the supervisory framework support an effective, risk-based AML/CTF regime and compliance with the AML/CTF framework? Is AUSTRAC s monitoring of compliance targeted, proportionate and riskbased? How effectively does AUSTRAC communicate with reporting entities and industry associations to ensure they have a sound understanding of their legal obligations under the AML/CTF regime? To what extent does the current DBG approach work to help reporting entities to engage with AUSTRAC and comply in an efficient way that reduces the compliance burden? Are changes required to promote better regulation at the corporate group level? Are there other approaches AUSTRAC can employ to assist reporting entities to improve compliance? Consultative Approach to Monitoring and Supervision We support the current supervisory framework adopted by AUSTRAC, and using the RBA to apply to its supervisory functions. We applaud AUSTRAC for its collaborative and consultative approach to date in the performance of its supervisory functions. Open and consistent engagement and dialogue between AUSTRAC and the reporting entities it supervises help to ensure that AUSTRAC remains in touch with and attuned to the particular circumstances and issues facing a reporting entity and/or the industry sector to which it belongs. We encourage AUSTRAC to continue with this as the guiding principle in its engagement with reporting entities and businesses. This consultative approach also gives reporting entities and industry sectors the opportunity to inform and keep AUSTRAC abreast of the material developments on the key relevant issues impacting that reporting entity or industry sector. This way, it helps to ensure that AUSTRAC, in the exercise of its rule-making and exemption powers, will make informed rules and decisions that are relevant, appropriate and proportionate. Dedicated Relationship Manager for Major Reporters In the context of this consultative approach, we think there is significant value in there being a dedicated relationship manager to manage the relationship between AUSTRAC and the reporting entity that belongs to the major reporters category of supervised entities. This will ensure a single point of contact for the reporting entities and provide for better cooperation and information sharing between them. Dedicated Relationship Manager for Major Reporter We recommend that AUSTRAC appoints a dedicated relationship manager to manage the relationship between AUSTRAC and each reporting entity that is a major reporter. 12 12
Designated Business Groups (DBGs) The DBG concept was introduced to allow eligible entities to form a DBG so as to work more efficiently through centralised compliance resource implementing a unified compliance programme(although this is optional to the extent that a member may opt to have its own programme). The regulations also provide a safe harbour for information sharing among members of a DBG. These benefits of a DBG would be welcomed by especially the less sophisticated reporting entities which typically have less resource to manage compliance related matters. However, the formation of a DBG is not easy because of the strict eligibility factor that a member must be related to another member (as defined in section 50 of the Corporations Act) or, is a reporting entity or, that each member is a party to a joint venture. Further, it is not easy to implement a unified compliance program for a DBG that comprises of members with uneven compliance knowledge and capabilities. To allow the DBG concept to have maximum impact, more AML/CTF related education should be introduced. We believe that AUSTRAC plays a pivotal role in this regard. 12 13
Rating Scale System Rating Scale System AUSTRAC s operations should include a means for communicating with reporting entities on the results of their monitoring and supervision to assist those reporting entities to develop appropriate risk-based approach for the evaluation of other reporting and registered entities. For example, AUSTRAC could consider establishing a rating scale on the basis of their assessments and make those available upon request. If a registered entity seeks to apply for a bank account with a bank or a financial institution, and needed to prove to the bank/fi that their account should remain open, they could request that AUSTRAC provide a rating they could then share with that Bank. The bank/fi should then be allowed to rely on that advice from AUSTRAC as part of their risk based assessment of the applicant. Education and Training To ensure that reporting entities adequately understand and comply with their obligations under the AML/CTF Act, we think there is scope for AUSTRAC to conduct further education and/or training initiatives to impart this information to reporting entities and provide clear guidance on what it considers ought to be included in an effective and robust AML program. We recommend that AUSTRAC establishes a rating scale of reporting entities on the basis of its monitoring/supervision and assessment, and make these available to reporting entities on request. Education and Training We recommend that AUSTRAC conducts periodic education and/or training initiatives for reporting entities on the key requirements under the AML/CTF regime and provide clear guidance on what it considers ought to be included in an effective and robust AML program. 8. Enforcement Proportionate Enforcement Regime Consistent Enforcement Action How effective and proportionate is the enforcement regime, particularly in promoting compliance? What additional or alternative powers would encourage compliance and /or We agree with the supportive and proportionate approach that AUSTRAC has adopted in the performance of its enforcement powers to date. An enforcement regime that gives first-time offending reporting We recommend that AUSTRAC should ensure that it uses its enforcement powers in a consistent manner by ensuring that the same standards and requirements are satisfied by all 12 14
facilitate enforcement? By way of example, is there scope to increase the use and application of infringement notices? How effectively does AUSTRAC use its enforcement powers? entities a reasonable opportunity to remedy any non-compliance issues identified by AUSTRAC creates the right regulatory environment to foster overall compliance by reporting entities. We do not believe that increasing the scope and application of infringement notices would have a positive effect on enhancing compliance, and may potentially have the obverse effect. That said, AUSTRAC should ensure that in the performance of its enforcement function, it exercises those enforcement powers in a consistent manner by ensuring that the same standards and requirements are satisfied by all players in the industry, regardless of their size. This will ensure a level playing field for all industry participants. players in the industry, regardless of their size. 12 15
9. Reporting obligations ABMT Service and IFTI Reports To what extent are the existing transaction reporting obligations appropriate in achieving the objectives of the AML/CTF regime? How can the reporting regime be strengthened or enhanced? What are the issues, constraints and limitations of the transaction reporting obligations? Is there scope to vary or impose further thresholds and, if so, what is the evidence to support variation? Are the cross-border movement reporting obligations appropriate and how can they be strengthened or enhanced? Do reporting entities receive appropriate feedback from AUSTRAC and its partner agencies on the benefits, value and purpose of transaction reporting? How could feedback be improved? Does this feedback and other information assist reporting entities to detect high risks and assist in meeting their AML/CTF obligations? Western Union has been in dialogue with AUSTRAC in relation to an account-based money transfer service (ABMT) provided to accountholders of certain Australian deposit-taking institutions (ADIs). In Australia, the money transfer service is traditionally available to consumers through Western Union s global network and offered through independent contractors, such as Australia Post branches and newsagents. Some ADIs also accept instructions to transfer funds using Western Union s global network. These traditional forms of money transfers generally involve the customer providing payment over the counter in cash and, for that reason, they are not considered to involve the ABMT service. Under the ABMT service, an ADI in Australia would give its own account-holders the ability to draw on an existing account to fund a money transfer using Western Union s global network. As with traditional inter-bank telegraphic transfers, the ADI may offer this facility through various channels, including through its internet banking site, over the counter, telephone banking or other banking channel provided by the ADI. In most cases, the funds are received by the nominated payee over the counter at the premises of a Western Union network participant in another country. In some cases, the recipient may receive funds into a nominated bank account, mobile wallet or via any other pay out method provided by Western Union. 12 16
Characterisation of the ABMT Service under the AML/CTF Act The ABMT service is a designated remittance arrangement as defined in Section 10 of the AML/CTF Act. As amended, this definition is now satisfied where the business collecting the payment from the sender, or the business making the payment available to the payee, is an ADI. Where this is the case, for a designated remittance arrangement to arise, one of these two parties needs to be a non-financier (i.e., not an ADI). The non-financier will be providing a designated service of the kind described in items 31 or 32 depending upon whether it is accepting instructions from a transferor entity, or making money available to the ultimate transferee entity. The ADI already provides a designated service of various kinds in relation to the account and its signatories, including by allowing a transaction to be conducted under item 3 of Table 1 in Section 6 of the AML/CTF Act. However, from the ADI s perspective, the transaction would not constitute an electronic funds transfer instruction because that would require the ordering institution and the beneficiary institution to be an ADI, bank, building society or credit union. Western Union s role in the transaction is as operator of the network of persons that provide a designated service under items 31 and 32. We note, however, that while the non-financier provides designated services under items 31 and 32, the ADI does not. Western Union views that the ADI is part of the network which Western Union operates, but, for the purposes of item 32A, it is only the non-financiers that provide services referred to in items 31 or 32 that are relevant for identifying the network. 12 17
ABMT Service - Regulatory Gap Chapter 16 of the AML/CTF Rules outlines the reportable details for IFTIs under items 1 and 2 of section 46 and Chapter 17 outlines the reportable details for IFTIs under items 3 and 4 of section 46. From the ADI s perspective, the transaction would not be of the kinds described in items 3 or 4 of the table in section 46 of the AML/CTF Act because: 1. In the case of outbound international funds transfers, item 3 is only satisfied if the instruction is accepted at or through a permanent establishment of a non-financier in Australia; and 2. In the case of inbound international funds transfers, item 4 is only satisfied if the money is made available to the ultimate transferee entity at or through a permanent establishment of a non-financier in Australia. As a consequence, the ADI would not be subject to an obligation to file an IFTI report for ABMT transactions under Section 46 of the AML/CTF Act. This obligation would not apply to any other participant in the transaction and so no IFTI would be reported. Regulatory Change ABMT Service IFTI Obligation to Apply to ADIs Western Union recommends regulatory change in order to create an IFTI obligation for ADIs who provide the ABMT service or other equivalent services. Specifically, we recommend that: (a) Part 1 and Part 5 of the AML/CTF Act be amended to simplify the IFTI reporting obligation to allow any designated entity who is a party to the funds transfer to make the report; and (b) Such parties can agree among themselves on the arrangements for reporting and support the supply of information required to populate the report. Western Union considers that regulatory change is required in order to create an IFTI obligation for ADIs who provide the ABMT service or other equivalent services. Western Union would then expect to fulfil this obligation for the ADI using the same IFTI DRA approach that is used for other IFTIs and, in particular, would like to ensure that the IFTI reporting obligation is compatible with the current reporting obligations applicable to ADIs in relation to electronic funds transfer instructions (ie the identification documentation relied upon should not need to be reported, but rather the account number of the customer should be sufficient). 12 18
Other Reporting TTR and SMR Reports Additional Feedback from AUSTRAC We believe that the current process for the submission of threshold transaction reports (TTRs) and suspicious matter reports (SMRs) is working effectively. With regards to SMRs, our only comment is that there is scope for further feedback and information sharing from AUSTRAC in relation to the quality and usefulness of the SMRs that are submitted to it by reporting entities. If this intelligence is shared with reporting entities, we believe this will enhance the reporting entities ability to better detect the ML/TF risks and then design appropriate countermeasures to mitigate the identified risks. We recommend that AUSTRAC considers providing additional feedback and information in relation to the quality and usefulness of the SMRs that are submitted to it by reporting entities. 12 19
10. Secrecy and access We do not have any specific comments in relation to this section. Do the current secrecy and access arrangements strike the right balance between protecting sensitive AUSTRAC information and allowing the use of AUSTRAC information to achieve AML/CTF and other government objectives? Has the tipping off offence worked as intended? If not, what improvements can be made? 12 20
11. Privacy and record keeping Does the current AML/CTF framework provide adequate provisions for safeguarding personal information? Can technological solutions assist with the collection, verification and storing of personal information and what are the privacy implications? Are the record-keeping obligations sufficient and proportionate for AML/CTF purposes? Record Retention Period Part 10 of the AML/CTF Act specifies that records must be kept for a period of seven years. We support having a defined retention period which sets the expectation for an entity as to how long they should retain records containing personal information to mitigate the potential risk of unauthorised or accidental loss or disclosure of data. Reducing the retention period from 7 to 5 years would bring the retention period into line with other jurisdictions such as the UK and New Zealand, whilst still complementing the principles under the Privacy Act 1988 (Cth). There are privacy-enhancing technological solutions that can assist in the collection and verification of personal information, and the potential for electronic verification in a face-to-face environment could provide added privacy protections if managed appropriately. As with any technological solution, there are associated privacy risks and potential for misuse. Proper privacy impact assessments should be conducted before the introduction of any new technological solution designed to protect and individual s privacy. Record Retention Period Reduced from 7 Years to 5 Years We recommend that the records retention period be reduced from 7 to 5 years to bring this into line with other comparable jurisdictions. 12. International cooperation Do Australia s arrangements under the AML/CTF regime provide an adequate framework to enhance international cooperation? Are there areas where the framework could be enhanced or expanded to strengthen international cooperation on AML/CTF? MOUs between AUSTRAC and International Entities We support and believe that the current arrangements under the AML/CTF Act provide an adequate framework for enhancing international cooperation with the only reservation being the need to consider the following: The Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth) introduces key obligations on an entity who discloses personal information to an overseas recipient, including that they must take reasonable steps to ensure that overseas recipient does not breach the Australian Privacy Principles in relation to the information. This should be kept in mind even with regards to the cross-border sharing of information between regulators. Steps should therefore be taken MOUs between AUSTRAC and International Entities We recommend that steps should be taken to verify that any country to which personal information is being transferred has equivalent privacy and security standards, and that this is addressed appropriately contractually or in any Memorandum of Understanding between the entities. 12 21
to verify that any country to which personal information is being transferred has equivalent privacy and security standards, and that this is addressed appropriately contractually or in any Memorandum of Understanding between AUSTRAC and the appropriate entities. 12 22