How AML Software Simplifies Compliance Automation for DNFBPs in Australia

Anti-Money Laundering and Counter-Terrorism Financing Amendment Bill 2024, once passed, will extend the AML regime to ‘tranche 2’ service provider entities, including accountants, lawyers, corporate service providers, real estate agents, precious commodities traders, etc. These ‘tranche 2’ entities are also known as Designated Non-Financial Businesses and Professions (DNFBPs).

The Anti-Money Laundering (AML), Counter-Terrorism Financing (CTF), and Counter-Proliferation Financing (CPF) regulatory framework will make it necessary for reporting entities, including Designated Non-Financial Businesses and Professionals (DNFBPs) that engage in designated services, to implement effective and efficient AML/CTF programs. These programs must include core compliance measures to ensure adherence to AML/CTF laws.

This blog intends to provide insights into the core AML/CTF compliance requirements for DNFBPs in Australia and explores how the use of technology and AML software have shifted the burden imposed by manual processes for DNFBPs. The blog covers areas such as the definition of DNFBPs, key AML/CTF/CPF regulations and regulatory authorities and highlights how the transition from manual AML compliance processes to automated AML software simplifies and streamlines the AML compliance obligations for DNFBPs in Australia.

AML Compliance Requirements and DNFBPS in Australia

Australia’s AML/CTF regulations mandate reporting entities to comply with AML requirements. These reporting entities include both the financial sector and other businesses providing designated services, which include DNFBPs. Designated services are those services that require reporting entities to adhere to AML/CTF regulations in Australia.

While the AML/CTF regulatory framework in Australia does not define the term DNFBPs, the term with respect to Australia was coined by the Financial Action Task Force in the country’s evaluation report. Currently, the AML/CTF regulatory framework in Australia only includes three DNFBPS sectors, the Casinos, Solicitors, and Bullion sectors, with all other DNFBPs exempted from AML/CTF obligations.

However, with the evolving nature of money laundering (ML), terrorist financing (TF), and proliferation financing (PF), it was the need of the hour to make high-risk businesses subject to the AML/CTF/CPF regulations. In response, the Government of Australia has proposed an amendment to the Anti-Money Laundering and Counter-Terrorism Financing Act, 2006, through the introduction of the Anti-Money Laundering and Counter-Terrorism Financing Amendment Bill, 2024. This bill seeks to expand the scope of designated services to include additional professionals and businesses, thereby requiring them to comply with AML/CTF laws. The proposed entities include:

• Real Estate
• Professional Services (Lawyers, Trust and Corporate Service Providers, Accountants )
• Bullion, Precious Metals, Stones, and Products

The Regulatory Framework for DNFBPs in Australia

The AML regulatory framework for DNFBPs in Australia includes AML/CTF regulations and regulatory authorities.

Primary AML/CTF/CPF Legislations

• Criminal Code Act, 1995
  • Includes provisions related to money laundering offences and serious financial crimes.
  • Outlines penalties for money laundering.
• Anti-Money Laundering and Counter-Terrorism Financing Act, 2006
  • Cornerstone of the AML/CTF regulatory framework in Australia.
  • Establishes the legal obligations for reporting entities, including customer due diligence, transaction reporting, and maintaining risk-based compliance programs.
• Anti-Money Laundering and Counter-Terrorism Financing Rules, 2007
  • Provide detailed requirements and guidance for entities under the AML/CTF Act.
  • Cover various aspects, including the implementation of risk assessments, compliance measures, and reporting obligations.
• Autonomous Sanctions Act, 2011
  • It lays the foundation for the implementation of autonomous sanctions and a consolidated list for the purpose of screening customers against sanctions lists.
• Anti-Money Laundering and Counter-Terrorism Financing Amendment Act, 2017
  • This amendment act increased the powers and functions of the AUSTRAC and also made digital currency providers subject to Australia’s AML/CTF regulations.
• Anti-Terrorism Act (No. 2), 2005
  • The act is specifically related to counter-terrorism. It lays down provisions for preventing, detecting, and penalising activities of any potential terrorists in the country.
• Chemical Weapons (Prohibition) Act, 1994
  • It bans activities connected to the development, production and use of chemical weapons, including assisting anyone else engaged in these activities, whether intentionally or not.
• National Anti‑Corruption Commission Act, 2022
  • It lays down the framework for investigating and reporting on serious or systemic corruption.
  • Establishes the procedure for the appointment of the National Anti‑Corruption Commissioner and the National Anti‑Corruption Commission.
• AUSTRAC Guidance
  • AUSTRAC, Australia’s financial intelligence agency, issues guidance and updates that help entities comply with their obligations under the AML/CTF legislation.

The government of Australia has proposed an amendment to the AML CTF Act, 2006, which aims to widen the meaning of designated services and professions under the AML CTF Act, 2006, for the purpose of compliance with AML/CTF laws in Australia.

• AML CTF Amendment Bill, 2024
  • Propose to increase the list of designated services and professions subject to the AML/CTF laws in Australia.
  • Simplifying the compliance procedure by proposing to replace the identification and verification process with customer due diligence.

AML Regulatory Bodies and Authorities in Australia

• Australian Transaction Reports and Analysis Centre (AUSTRAC)
  • Australia Financial Intelligence Unit, responsible for overseeing compliance, collecting financial transaction reports, and analysing data to combat money laundering and terrorism financing.
• Australian Federal Police (AFP)
  • Investigates serious crimes, including ML, FT, and PF. The AFP collaborates with AUSTRAC and other agencies on enforcement actions.
• Australian Criminal Intelligence Commission (ACIC)
  • ACIC is responsible for reducing the impact of serious and organised crime. It works closely with other agencies, including AUSTRAC, to gather intelligence and share information.
• Australian Prudential Regulation Authority (APRA)
  • Oversees banks, credit unions, and insurance companies, ensuring they maintain appropriate risk management frameworks related to AML and CTF.
• Department of Foreign Affairs and Trade (DFAT)
  • DFTA provides comprehensive information regarding sanctions regulations.
• Australian Securities and Investments Commission (ASIC)
  • Oversees corporates, financial markets, and intermediaries.

Streamlining AML Compliance Requirements Through AML Software

The AML/CTF regulatory framework in Australia requires reporting entities to implement an AML/CTF program to detect and deter money laundering and terrorism financing. As part of the program, they are required to comply with various requirements. The following are compliance requirements and how, with the shift from manual processes to AML software, DNFBPs can achieve more efficiency in implementing their AML/CTF program.

ML/TF Risk Assessment

• • Identifying and assessing the level of ML/TF risk to the business or organisation is an important part of your AML/CTF program. It is the first thing DNFBPs must do because it determines what measures you need to include in your program.
  • The ML/TF risk assessment must be conducted based on key elements, such as:
    • customers,
    • products and services,
    • business practices/delivery methods,
    • and the countries of operations.
  • AML Software for risk assessment offers built-in risk assessment parameters that can be customised to address the specific ML/TF risks faced by DNFBPs. AML software configures risk profiling questions, enabling businesses to tailor their assessments. Additionally, these tools facilitate the assignment of risk-weighting based on established business risk assessment criteria, define risk scores and categories relevant to ML/TF risks, and develop comprehensive customer risk profiles through a calibrated risk-weighting mechanism. This enhances efficiency and accuracy in risk management processes.

Customer Identification and Verification

• Processes under customer identification and verification
  • Know Your Customer (KYC)
    • KYC involves collecting and verifying customer identities to prevent financial crime risks, including ML and FT risks associated with customers. In Australia, for identification and verification purposes, DNFBPs need to collect:
      • Original primary photographic identification documents, such as a driving license, government proof of age card issued in Australia, etc.;
      • Original primary non-photographic identification documents, such as an Australian birth certificate, birth extract or citizenship certificate a foreign birth certificate, etc.; and
      • Original secondary identification documents, such as a notice from the Australian Taxation Office, utility bills, etc.

• • • Traditionally, KYC relied on manual processes, requiring physical examination of documents and in-person meetings, which can be time-consuming and resource-intensive. These methods often lead to human error and limited accessibility, creating barriers for customers.
    • AML software offers a transformative solution by automating and streamlining the KYC process. Key features of automating the KYC process include:
      • Collecting documents remotely, allowing customers to upload identification digitally, which also helps in functionality that enhances user experience.
      • Customisable document upload checklists ensure that businesses gather all necessary information efficiently, including integration with public registries and databases, allowing businesses to collect and validate ownership information efficiently.
    • By adopting AML software, DNFBPs can significantly increase efficiency, enhance accuracy, and improve customer satisfaction. The automated processes expedite onboarding and help maintain compliance with regulatory standards, mitigating risks associated with manual KYC methods.
  • Screening
    • Pep Screening
      • DNFBPs in Australia are mandated to undertake adequate measures to check whether the customer is a politically enforced person.
      • Manual methods to check the sheer volume of PEP data from various jurisdictions can be overwhelming, complicating effective risk management.
      • Automated screening tools can alleviate these concerns by cross-referencing databases with up-to-date PEP lists and continuously monitoring changes in PEP status, allowing for proactive risk management through integrated risk-scoring models.
    • Sanction Screening
      • DNFBPs in Australia are required to screen the customer against the sanctions/consolidated list. DNFBPs are required to check customers against the consolidated list released under:
        • United Nations Security Council (UNSC) sanctions
        • Australian autonomous sanctions
      • Manual or traditional way of checking the sanction screening is prone to errors and may lead to false positives or false negatives.
      • AML software uses systems and application programming interfaces, which provide real-time screening capabilities against updated sanctions and risk assessments, enabling businesses to customise their risk parameters according to their specific needs.
      • Enhanced geolocation tools further improve the screening process by identifying potential exposure to high-risk environments.

Ongoing Due Diligence

• DNFBPs in Australia are required to regularly review and update customer data and information to mitigate risks associated with money laundering and terrorist financing due to changes in customers’ profiles or risk exposure.
• Relying on manual and traditional processes for due diligence can be time-consuming, prone to human error, and less effective in identifying risks. These methods often struggle to keep pace with the rapid changes in customer information and emerging threats.
• AML Software uses advanced algorithms that can evaluate customer profiles in real-time, flagging any suspicious activities or changes in risk levels and ensuring that records are current and accurate.
• Automating processes reduces the manual workload on staff, allowing them to focus on higher-value tasks. AML software provides comprehensive automatic gathering and updated customer information from reliable sources and helps in reporting and audit trails.

Transaction Monitoring

• Within the AML/CTF program, DNFBPs are required to continuously monitor transactions by applying risk-based approaches and controls.
• Traditional transaction monitoring methods, often reliant on manual review and simplistic checks, can be insufficient in today’s fast-paced environment. These approaches may miss subtle red flags or trends, leading to compliance gaps and potential regulatory penalties.
• AML Software utilises machine learning and AI systems that can identify complex patterns and anomalies that may indicate illicit activities. Additionally, this software can analyse transactions in real-time, allowing for the immediate detection of suspicious activities.

Regulatory Reporting

• The AML/CTF regulatory framework requires DNFBP to navigate various reporting obligations and file different types of reports, including:
  • Suspicious Matter Reports (SMRs)
    • DNFBPs must submit an SMR when there is a suspicion that a customer or transaction is related to criminal activity. Such reports are required to be filed within 24 hours if the suspicion pertains to terrorism financing or within three business days for other matters.
  • Threshold Transaction Reports (TTR)
    • Filing a TTR is mandatory for transfers of A$10,000 or more in cash (or the foreign currency equivalent). These reports must be submitted within ten business days following the date of the transaction.
  • International Funds Transfer Instruction Reports (IFTIS)
    • DNFBPs are mandated to file IFTIs for transfers of funds of any value into or out of Australia, whether made electronically or under a designated remittance arrangement. IFTIs are due within ten business days after the transfer instruction is sent or received.
  • AML/CTF Compliance Report
    • Compliance Reports must be submitted to AUSTRAC as required. These reports detail the organisation’s adherence to the AML/CTF Act, Regulations, and AML/CTF Rules.
  • Cross-Border Movement (CBM) Report
    • CBM Reports must be filed for the physical movement of currency of A$10,000 (or the foreign currency equivalent) or more when carrying, mailing, or shipping money into or out of Australia. Such reports must be submitted prior to the departure or arrival of cash. Additionally, if cash is received from overseas, it must be reported within five business days.
• AML software for regulatory reporting
  • AML software automates data collection and reporting, reducing manual effort and minimising errors. This ensures timely submission of SMRs, IFTIs, and other required reports.
  • AML Software relies on patterns and learning through experience and data, which are more capable of adapting and learning.
  • With real-time assessing and reporting, AML software can help eliminate time delays or lags in completing reports.

Record-Keeping

• AML/CTF compliance requirement in Australia requires DNFBPs to maintain the following records:
  • Transaction Records
    • DNFBPs are required to maintain detailed logs of all transactions for seven years to facilitate audits and investigations.
  • International Funds Transfer Instructions Records
    • Documentation of cross-border transactions to be maintained to ensure traceability for seven years.
  • Customer Identification Procedure Records
    • DNFBPs need to maintain records of customer identification procedures, including what procedure was adopted in order to identify the customer and the identifying information they presented. Such documents are to be maintained for the entire duration of the transaction/business relationship and after seven years of completion of the transaction/business relationship.
  • Records of the AML/CTF Program
    • Records related to the AML/CTF program must be retained, including the adoption date (e.g., board minutes), approval details, the program itself, and any modifications. These records must be kept for seven years after the program ends or is no longer used.
• Manual data entry is time-consuming and prone to human error. Also, as transaction volumes increase, manual systems struggle to keep pace, risking non-compliance.
• AML Software provides a secure, centralised repository for all compliance-related records, simplifying audits and regulatory inspections.

Conclusion

DNFBPs in Australia must comply with AML regulations. With the advancement of technology, DNFBPs are opting for technology integration. The transition from manual processes to AML software enhances compliance with AML regulatory requirements and significantly reduces operational risks. By leveraging technology, organisations can ensure they meet their AML/CTF obligations effectively and efficiently, reducing the risk of exposure to ML/TF risks.