As outlined in chapter 1, the Anti-Money Laundering and Counter-Terrorism Financing and Other Legislation Amendment Bill 2019 (the bill) would amend the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act), the Australian Federal Police Act 1979 (AFP Act), the Criminal Code Act 1995 (Criminal Code), the Inspector-General of Intelligence and Security Act 1986, the Proceeds of Crime Act 2002, and the Surveillance Devices Act 2004.
This chapter presents an overview of the general support for the bill as well as key issues raised by submitters. Several submissions confined their comments to specific provisions in the bill, with particular reference to customer identification and verification processes, tipping off offences, and access to and sharing of AUSTRAC information. A number of schedules in the bill were not discussed in any of the submissions received by the committee. The chapter concludes with the committee's view and recommendation.
Overview of support for the bill
Some submissions to the inquiry highlighted general support for the bill as a whole, including the Synod of Victoria and Tasmania, Uniting Church in Australia who encouraged the committee to recommend the Senate pass the bill. With reference to a number of measures proposed in the bill, the Synod of Victoria and Tasmania emphasised that the bill would strengthen customer identification procedures, increase protections on correspondent banking, and provide more robust safeguards against money laundering.
The Australian Security Intelligence Organisation (ASIO) observed that the bill 'is intended to tighten regulation around cross-border movement of counter-terrorism financing and to clarify the existing communication framework in relation to AUSTRAC information'. ASIO welcomed and supported the bill.
The Australian Criminal Intelligence Commission (ACIC) observed:
Overall, the Bill will strengthen ACIC's disclosure process, enabling greater sharing of information with our international partners to have a significant domestic impact.
Customer identification and verification processes
Section 32 of the AML/CTF Act provides that a reporting entity must generally not provide a designated service to a customer if the reporting entity is unable to carry out the applicable customer identification procedure. The bill proposes new section 32 which seeks to make the prohibition on providing a designated service to a customer unless the reporting entity has carried out the application customer identification procedure explicit. The new section includes a note that links section 32 to section 41 (the obligation to submit a Suspicious Matter Report) if the identification procedures cannot be performed. These measures are in response to recommendations from the FATF's Mutual Evaluation Report.
When discussing section 32, the Australian Financial Markets Association and the Financial Services Council submitted that the term 'opening an account' needs to be specifically defined in the AML/CTF Act to ensure consistency of approach across reporting entities.
The bill would insert sections 37A and 37B and replace section 38 of the AML/CTF Act to expand the circumstances in which reporting entities may rely on the applicable customer identification procedures undertaken by a third party. This would include the exchange of personal information including transactional information. The EM explains that these measures address a recommendation from the Statutory Review Report to ensure that Australia is consistent with the FATF Standards.
Furthermore, the EM states:
Expanding the circumstances for reliance will facilitate more efficient information sharing between reporting entities and other bodies to ensure the proper identification of customers. This supports cooperation and collaboration to detect, deter and disrupt money laundering, terrorism financing, and other serious crimes.
Chartered Accountants Australia and New Zealand stated that allowing reporting entities to rely on third party customer identification and verification processes would 'reduce the burden for consumers having [to] identify themselves multiple times and facilitate more efficient information sharing between reporting entities. The Institute of Public Accountants also supported third party verification processes but suggested consideration be given to 'whether there are similar processes in place with other agencies so as to avoid compliance duplication and associated costs'.
The Financial Services Council argued that the 'reliance' provisions under existing section 38 should be retained:
Under existing section 38, there are 'deeming' provisions which provide the relying entity with a safe harbour and enable circumstances where an ACIP carried out by a licensed financial advisor is considered to meet the AML/CTF Program requirements of the relying entity, even if the ACIP is not entirely in line with the requirements of the relying entity's AML/CTF Program.
The Australian Financial Markets Association supported proposed sections 37A, 37B and 38 in the bill and recommended further amendments to the bill or EM 'for the purpose of providing reporting entities with sufficient clarity':
Proposed Section 37A allows for a reporting entity to enter into a written agreement with 'another person' but does not appear to stipulate that this person is either a reporting entity or otherwise subject to appropriate AML/CTF regulation and supervision. This stipulation exists only in the Explanatory Memorandum and we submit should ideally be reflected in the legislation.
Proposed Section 37A allows for two entities to enter into a CDD Arrangement that allows for a second entity to rely on the customer identification procedure undertaken by the first entity. Proposed Subsection 37A(2)(d) requires that the second entity obtain information from the first entity regarding the identity of the customer but does not impose any requirements or restrictions as to the currency of that information. If the intention is to impose such a restriction, such as a timeframe for how old that information can be, we submit that this should be reflected in the legislation.
Tipping off offence
Submissions supported the expansion of exceptions to the tipping off offence. Chartered Accountants Australia and New Zealand observed that allowing reporting entities to provide SMRs and related information to auditors for the purpose of an audit or review of an entity's AML/CTF program would enable auditors to verify that the entity's AML/CTF program are working effectively to meet its AML/CTF reporting obligations in relation to SMRs. Similarly, the Institute of Public Accountants submitted its support for the 'expand exceptions to the prohibition on tipping off to permit reporting entities to share suspicious matter reports (SMRs) and related information with external auditors, and foreign members of corporate and designated business groups'.
The Australian Remittances and Currency Providers Association (ARCPA) supported the 'general context and prevailing importance of tipping off as an offence', but expressed concern about how tipping off provisions work in practice:
[I]n practice entities holding influence in the hierarchy usually abuse this provision in turning down any chances of providing clarification that could assist the involved entities in remediating or mending risky practices or any risk assessed as possible before occurrence. These influential entities [quite] often mute any correspondence under the disguise of this provision. Very particularly in instances of de-banking, banks take shelter under this provision for not having to provide any reason or not having to communicate at all while exiting relationships.
To remedy its concern, the ARCPA suggested that the provision of further explanation or guidelines would be beneficial to 'make good use of this provision by only applying this provision while a reportable matter exist[s]'.
While supporting proposed changes to section 123 of the AML/CTF Act, the Australian Financial Markets Association and Financial Services Council suggested further amendments.
Accessing and sharing AUSTRAC information
Part 4 of the bill includes provisions relating to the definition of, access to and disclosure of AUSTRAC information.
The Synod of Victoria and Tasmania, Uniting Church in Australia supported the proposed amendments to section 127, which would allow AUSTRAC information to be more easily shared with foreign law enforcement and revenue agencies, and section 125, which would allow the AUSTRAC CEO to authorise specified government officials to access specified AUSTRAC information. It was emphasised that '[p]reventing and deterring money laundering and financing of terrorism often requires international cooperation' and 'the ability for greater sharing of AUSTRAC intelligence will make law enforcement agencies more effective, with more resources at their disposal'.
The Office of the Australian Information Commissioner (OAIC) raised some privacy concerns in relation to the individuals and organisations who have access to and share AUSTRAC information. The bill would repeal the current list of 'designated agencies' who may access, use and disclose AUSTRAC information and replace it with a broader definition of 'Commonwealth, State and Territory agency', which specifies categories of agencies rather than individual agencies. The OAIC observed that while some of those organisations are currently required to comply with the Commonwealth Privacy Act, others, including individuals engaged to conduct an audit or review, members of a taskforce, and state and territory agencies, are not.
To ensure there are consistent privacy protections in relation to AUSTRAC information handled within Australia, the OAIC recommended that all individuals and entities who are permitted to access, use or disclose AUSTRAC information are covered by the Commonwealth Privacy Act to the extent that they deal with that information'.
The Department of Home Affairs and AUSTRAC advised:
[I]n accordance with proposed subsection 125(2), Commonwealth, State or Territory agencies may only access AUSTRAC information if the agency head provides a written undertaking to the AUSTRAC CEO that their officials will comply with the Australian Privacy Principles (APPs) in the Privacy Act 1988 in dealing with AUSTRAC information. In effect, this obliges all individuals and entities that are permitted to access, use and disclose AUSTRAC information to do so in accordance with the APPs.
Furthermore, there are additional privacy safeguards that can be built into the AUSTRAC CEO's instrument of authorisation made under new section 125. For instance, the instrument of authorisation can limit the type of AUSTRAC information that can be accessed by the agency and its officials. This will ensure that specified officials only have access to AUSTRAC information that is necessary for them to perform their functions and duties.
The OAIC also raised concerns about the provisions in the bill that make it discretionary, rather than mandatory, for the AUSTRAC CEO to seek an undertaking from an overseas government prior to disclosing AUSTRAC information overseas:
Given the potentially sensitive nature of AUSTRAC information and the privacy risks which may arise when this information is disclosed to a foreign government, the OAIC recommends that the requirement for the AUSTRAC CEO to obtain an undertaking prior to disclosure be retained in the legislation. This would assist in mitigating privacy risks, noting that the requirements in APP 8 that generally apply to APP entities disclosing personal information overseas, are displaced where the disclosure is authorised by another law.
The Department of Home Affairs and AUSTRAC advised:
New section 127 of the Bill deals with the disclosure of AUSTRAC information to foreign countries or foreign agencies by the AUSTRAC CEO or a prescribed Commonwealth, State or Territory agency. The disclosure of personal information to a foreign counterpart would still be subject to the Australian Privacy Principles (APPs) in the Privacy Act 1988. APP 8 outlines the steps an APP entity must take to protect personal information before it is disclosed overseas. For example, before disclosing personal information about an individual to a foreign counterpart, the APP entity must take reasonable steps to ensure that the recipient does not breach the APPs in relation to that information. Where AUSTRAC information is disclosed to a foreign counterpart, the APP entity will be accountable for an act or practice of the foreign counterpart that would breach the APPs.
New subsection 127(1) of the Bill proposes to modify the effect of section 132, by making it discretionary, rather than mandatory, for the AUSTRAC CEO to seek an undertaking from an overseas government agency prior to disclosing AUSTRAC information. Despite the relaxing of this requirement, as mentioned above, disclosure of the AUSTRAC information to foreign counterparts will be subject to the protections of APP 8.
In addition to this, AUSTRAC is in the process of developing robust policies around the CEO’s discretion to disclose information overseas. These will be based on the requirement in new paragraph 127(1)(b) that any disclosure by the CEO must still be considered appropriate, in all the circumstances, to do so.
Submissions from the Nordic Model Coalition (NorMAC), Collective Shout and the Australian Christian Lobby advocated for further amendments to the AML/CTF Act to include the sex industry. Collective Shout observed that prostitution 'is commonly implicated in money laundering, both as a method for laundering money and as a criminal enterprise giving rise to funds that will be laundered'. There is some force in this argument, and while the sex industry was not the target of phase two of the government's reforms, it is a proposal that warrants serious policy consideration.
NorMAC argued that reporting requirements under the existing legislation are narrow in scope, focusing primarily on banks, corporations and insurance agencies, and should be expanded to include agencies such as local governments and their employees.
The importance of industry support and the provision of information and guidance for reporting entities to meet the obligations under the bill was raised in some submissions. For example, the Financial Services Council suggested that additional information be included in the explanatory material to assist its members. On a related issue, the Institute of Public Accountants asked that 'compliance costs are considered in terms of the impact on small entities'.
The Department of Home Affairs and AUSTRAC informed the committee how industry organisations and other stakeholders will be supported to implement measures proposed in the bill:
During the development of these legislative reforms, the Department of Home Affairs and the Australian Transaction Reports and Analysis Centre (AUSTRAC) consulted extensively and worked closely with relevant industry associations.
The Bill provides for staggered commencement (6 months for Schedule 1, Parts 1 to 4 and 18 months for Schedule 1, Part 5) providing sufficient time and opportunity for industry to implement the measures proposed in the Bill. During this time, AUSTRAC will conduct outreach in the form of guidance and industry engagement to support industry and other stakeholders to implement the measures proposed in the Bill. AUSTRAC will also consult with reporting entities on exposure draft AML/CTF Rules required to implement provisions in the Bill.
The bill is the second phase of the government's reforms to the anti-money laundering and counter-terrorism financing regime. Building on the actions taken in the first phase, the bill aims to address a number of recommendations from the Report on the Statutory Review of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 and associated rules and regulations. The bill also includes reforms relevant to recommendations made by the Financial Action Task Force.
While submitters were generally positive about the proposed reforms, as demonstrated by evidence received either supporting the bill as a whole or specific provisions, the committee did receive some evidence suggesting the bill could be enhanced by some further amendments and additional clarification on some provisions.
The committee is aware that the Department of Home Affairs and AUSTRAC consulted with industry associations when developing the legislation and that AUSTRAC intends to conduct outreach activities to support industry and other stakeholders to implement the bill. Furthermore, AUSTRAC has also advised that it will consult with reporting entities on exposure draft AML/CTF Rules required to implement provisions in the bill. These ongoing consultation processes provide a valuable opportunity for the Department of Home Affairs and AUSTRAC to further engage with and seek feedback from industry and other stakeholders.
The committee acknowledges the privacy concerns raised by the Office of the Australian Information Commissioner. However, the committee is satisfied that there are privacy safeguards in place to ensure that officials accessing and sharing AUSTRAC information are obliged to comply with the Australian Privacy Principles in the Privacy Act 1988. The committee further notes advice that additional privacy safeguards may be built into the AUSTRAC CEO's instrument of authorisation and other policies.
The committee considers that the bill includes important measures that will strengthen Australia's capabilities to address money laundering and terrorism financing risks.
The committee recommends that the Senate pass the bill.
Senator Amanda Stoker