Chapter 3 - Key concerns for industry
3.1
Business and industry bodies who participated in the
committee's inquiry expressed in-principle support for the need for an
effective and efficient framework to prevent money laundering and terrorist
financing activity in Australia.
However, a range of concerns emerged in submissions and oral evidence in relation
to specific aspects of the proposed AML/CTF regime. These included timing
issues with respect to consultation and implementation of the new regime.
3.2
This chapter considers the key issues and concerns for
industry raised in the course of the committee's inquiry.
Consultation process
3.3
On 16
December 2005, the
Minister released the Exposure Bill for public comment for a period of four
months, with the aim of introducing the legislation into Parliament in June 2006.[16] As noted in Chapter 1, submissions to that
process close on 13 April 2006.
However, the committee understands that extensive consultations in relation to
the AML/CTF regime have been progressing on an ongoing basis with the financial
sector since January 2004.
3.4
Key features of the consultation process aside from the
release of the Exposure Bill have included:
-
commencing in July 2005, a series of four Ministerial
meetings between the Minister, officials from the Department and AUSTRAC, and
representatives of the financial sector; and
-
the later establishment of a formal consultative
framework comprising of:
-
an overarching ministerial advisory group (that
is, the Minister and representatives of the peak industry bodies); and
-
a number of joint industry/AUSTRAC technical
working groups and sub-working groups.[17]
3.5
The committee understands that there are currently four
working groups reporting to the ministerial advisory group, each of which is
co-chaired by industry representatives and government. In three cases, the
government co-chair is AUSTRAC and in the other case, the co-chair is the
Department. These working groups are examining the following areas:
-
AML/CTF programs;
-
international issues;
-
risk principles; and
-
identity verification.[18]
Timeframe for consultation
3.6
During the course of the inquiry, the committee learned
that most industry groups have been largely satisfied with the extent and
nature of their ongoing engagement with the Minister and/or the Department in terms
of preliminary discussions and a consultation process.
3.7
However, despite this, all industry groups expressed
concern that the four-month consultation period for the Exposure Bill itself, and
the associated Rules and Guidelines, is not adequate to thoroughly assess the
full impact of the regime.
3.8
The Investment & Financial Services Association
(IFSA) argued that this is amplified by the fact that key areas of the regime
are yet to be finalised. At the time of IFSA's submission:
... around half of the consultation period ha[d] passed and much
of the detail around critical elements of the package such as an acceptable
method for Electronic Verification; acceptable methods for determining
P[olitically] E[xposed] P[erson]s; Risk Triggers for re-identification;
Continuity of Relationship and Low Risk Designated Services are still
outstanding.[19]
3.9
IFSA also pointed out, despite the best efforts and
intentions of all parties, adequate consultation on a finalised package in the
remaining timeframe is not possible:
... the range of services covered in the Bill are very broad and
in order to effectively regulate those services, the relevant products
themselves and the way they operate and are distributed needs to be clearly
understood. For this reason, industry believes that effective consultation on
the AML/CTF package needs to be iterative (i.e. submissions made by industry,
considered by AUSTRAC, AUSTRAC then providing feedback or seeking further
clarification from industry or both, and industry responding, etc).[20]
3.10
Mr John
Anning from the Financial Planning
Association of Australia (FPA) agreed with this assessment:
Given the scale of the
task to create an effective AML CTF regime, it is not an indictment of the
effort put in by all parties that much remains to be done before industry can
comment definitively on the proposed regime. FPA strongly believes therefore
that the government should extend the consultation period beyond the current
deadline of 13 April in order for comprehensive analysis to be undertaken as to
how the components of the regime will work together. The effective
implementation of this legislation is too critical to Australia’s welfare to be jeopardised by strict
adherence to initial time lines.[21]
Staggered release of Rules
3.11
Many submissions and witnesses argued that the
timeframe for consultation was particularly inadequate given that the majority
of the Rules were not released as part of the consultation process, and particularly
since much of the detail forming the basis of the new regime is to be included
in the Rules and the Guidelines.
3.12
Many submissions expressed concern that, without the
full package of draft legislative instruments, affected bodies are unable to
analyse to a sufficient extent the true impact of key areas of the regime, the
practicalities of implementation, and whether or not the regime will achieve
the desired objective of countering money laundering and terrorist financing.[22]
3.13
As IFSA explained:
... the staggered release of the draft Rules, which form a
fundamental part of the regime, makes it extremely difficult to undertake
comprehensive analysis and provide carefully considered comments to Government.[23]
3.14
The ABA
argued that the banking industry holds serious doubts that the April
deadline can be met at the present pace:
The consultative framework
set up by the Minister is workable but the issues are very complex, there are
many uncertainties in the existing drafts, and progress is slower than
expected.
...
The industry concern is
that if the AML legislative package is pulled together in a rush to meet the
current mid-April deadline, issues will not be properly resolved, or will be
overlooked, resulting in implementation difficulties and ongoing operational
problems.[24]
3.15
The ABA
submitted further that at least five or six weeks would be required from the
date of delivery of the complete AML/CTF package in order to conduct a complete
analysis and to prepare detailed submissions to the Department's consultation
process.[25]
3.16
In
their joint submission, CPA Australia and The Institute of Chartered Accountants
in Australia noted that a four month timeframe for comment would normally be
adequate but, since 'the majority of the related rules and guidelines, which
provide the detail on compliance processes and obligations, have not yet been
released' there is simply not enough remaining time.[26]
3.17
Mr John
Anning from the FPA made a similar argument:
At the moment it is
impossible to take a definitive position on the draft package, given that so
much of it is unknown. Currently, you cannot make sense of the draft bill until
you see the subsidiary pieces. If the draft bill contained all the relevant
principles—the key one which is missing for us at the moment is appropriate
recognition of the risk based approach to implementation—it would be possible
to comment properly on the bill itself rather than wait for the rules and
guidelines.[27]
3.18
Ms Michelle Mancy from American Express supported this view:
In view of the fact
that the law is not yet complete, the April deadline for completion of the consultation
processes is too short. Even if all the missing rules are released in the next
two to three weeks, it would not be enough time for organisations to absorb
impact and effectiveness before responding in a meaningful way. I will give you
an example of how the job has only been half done to date. As you are well
aware by now, identification comes in two parts: collection and verification.
We have draft rules for collection but nothing for how it is to be verified.
This area is one of great financial burden to institutions, and we are 50 per
cent incomplete on the information relevant to assess whether we can do it at
all and how much it will cost.[28]
3.19
Insurance
Australia Group (IAG) submitted that it would be prudent for the consultation
period to be reassessed based on industry having access to the complete suite
of initiatives contained in the reform package.[29]
3.20
In its
submission, The Treasury supported the availability of the complete package of
reform proposals:
Treasury's experience
in implementing broad-ranging financial sector reform, such as the Financial Services Reform Act 2001 (FSR Act), has demonstrated that the
availability of a full package of reform proposals is desirable to allow
industry to understand the range of requirements under which they are placed
and thereby ascertain their compliance costs and necessary system and personnel
changes. Given this, it would be desirable for industry to have the opportunity
to comment on the full package of AML/CTF measures. To date we note that
significant obligations are yet to be specified in rules and provided to
industry for their consideration.[30]
Department response
3.21
At the
hearing, the Department responded to concerns raised with respect to the
consultation process. A representative from the Department told the committee
that the consultation period is 'genuine' and, from its perspective, 'a very
positive exercise'. He stressed that the Department has taken, and will take,
comments and criticisms 'on board'. In particular, he noted that:
People obviously have
to speak about the exposure draft which is out there, but I can guarantee that
the final bill, even if nothing else happened from here on, would be different
in a whole lot of respects from what we have here. That, of course, is part of
the process and makes it a bit difficult for people to comment on, and we have
the difficulty in, firstly, making announcements about changes that will be
made, because it will be a government decision—it is not up to us as officers
to make that call—and, secondly, because the consultation period is not over.
It is possible that things will change; people will come up with good ideas
that we will be more than happy to take on board. Some of the evidence given
this morning was that comments have been made, they have sat on the table and
not been reacted to. From our perspective, that is not the way the process is
working.[31]
3.22
In
relation to concerns about the large number of Rules yet to be released for
comment during the consultation process, the representative assured the
committee that 'the key rules, the vital rules, the rules needed to make it
work'[32] would be released prior to the
end of the consultation period. He told the committee that this amounts to 'five
sets' of Rules, that is:
-
AML/CTF
Programs Rules ;
-
Identity
Verification Rules;
-
Suspect
Transaction Reports Rules;
-
Correspondent
Banking Rules; and
-
Threshold
Reporting Rules.[33]
3.23
He
noted that, 'the position is [not] quite as bleak as some of the evidence has
suggested', and that, of those sets of Rules:
AML programs are at a
very advanced stage, suspect transaction rules are at a very advanced stage,
and I think threshold reporting is too. The real work that has to be done is in
ID verification rules and the correspondent banking rules ... The current approach
being taken in relation to both of those rules is to create a further version
of them based on the risk based approach, and that will be presented to
industry over the next short period. We hope that we will be able to produce
draft ID verification rules in time for the next meeting of the ministerial
advisory group on Thursday. I think correspondent banking rules will take a
little longer because we are still getting information. They are going to be
drafted in consultation with industry.[34]
3.24
AUSTRAC's
legal representative advised that there are 'essentially three broad categories
of outstanding rules', namely in relation to identification, reporting
obligations and 'a miscellaneous category of definitions and the like'. She
told the committee that the process with respect to release of these Rules to
the working groups is about two weeks behind schedule.[35]
3.25
In
relation to the possibility of opportunities for an extended period of
consultation or further consultation prior to finalisation of the Exposure Bill
and its introduction into Parliament, the departmental representative noted
that:
It is really the
minister's call as to whether there is that further period of consultation or
further opportunities for industry to examine the bill, so I cannot make any
commitment in relation to that. At this stage the minister is still keen to
introduce legislation as soon as it can be done. Bearing in mind the length of
time that this process has taken, we are very keen to push on. We have now been
evaluated by FATF and 12 months after the evaluation we are going to be called
upon to explain progress, so there are time pressures which people should not
lose track of.[36]
Timeframe for implementation
3.26
Many industry and business entities raised the issue of
a timeframe for implementation of the new regime. There was widespread
uncertainty about the Federal Government's plans for implementation of the
Exposure Bill, particularly given the Exposure Bill's scope and complexity.
Many submissions and witnesses noted the extensive obligations imposed by the
Exposure Bill and the anticipated costs of administration and compliance,
including implementation of appropriate information system changes, which would
be particularly burdensome for small- and medium-sized enterprises.[37]
3.27
The majority of industry
groups were of the view that a period of two to three years would be necessary for
implementation. However, the committee notes that the Minister has indicated
that a period of 12 months to comply with the legislation is more likely.[38]
3.28
Mr
Tony Burke
from the Australian Bankers' Association (ABA) told the committee:
Once the legislation is
ready, we believe that a time of two to three years will be necessary to
implement this very complex piece of legislation which has very significant
ramifications across our institutions. At this stage we do not have a firm
position from government as to what they see the transition period as being,
but it is our firm view that regardless of where the drafting ends up, a time
of two to three years will be necessary.[39]
3.29
Mr Raj
Venga from the Australian Association of
Permanent Building Societies agreed:
Our initial view is
that we will need two to three years to properly implement the proposed
legislation, given the systems modifications, staff training and processes that
need to be undertaken. We note that the FSR provided a transition period of two
years, which I thought was a reasonable indication of the time required,
because the AML is no less difficult to implement than the FSR.
3.30
IFSA
submitted that the AML/CTF regime is 'one of the most significant reforms to
the financial services industry in the last twenty years'.[40] It also drew comparisons with the
consultation and transition periods relating to the FSR regime, noting that they
amounted to a combined total period of six years:
March 1999: CLERP 6 Consultation Paper
released
February 2000: Draft FSR Bill released
September 2001: Bill receives the Royal Assent
March 2002: Legislation commences with 2 year
transition period
March 2004: End
of transition period[41]
3.31
Further,
and importantly, IFSA pointed out that:
... despite the extensive
consultation ... industry and Government are still attempting to overcome a
number of practical difficulties with the FSR regime. Indeed, while many of the
ongoing difficulties were largely unintentional, IFSA nevertheless believes
that the industry's and the Regulator's experience would have been far worse
had there not been extensive consultation from the outset.[42]
3.32
Suncorp Metway noted that the FSR legislative package allowed for a two-year
transition period 'stated well in advance of the final package reaching
Parliament'. It argued that implementation of the FSR should serve as a useful
precedent for implementation of the AML/CTF regime.[43]
3.33
The Treasury
also supported sufficient lead time for implementation of the AML/CTF regime requirements:
This is particularly
necessary where the measures necessitate substantial changes to information
systems and processes, and require training for staff so that they can
discharge their obligations under the legislative regime. In supporting this
approach we are mindful of the experience in implementing the FSR Act which
demonstrated that industry requires a sufficient implementation period to allow
it time to understand its new obligations and their implications at a practical
level. In addition, industry will often call for guidance as to how it can meet
its new obligations and in this regard it is important for policy advisers to
remain engaged to ensure that implementation of the measures proceeds in a way
that is consistent with the policy intention.[44]
3.34
The
Australian Friendly Societies Association submitted that the new regime will
require significant changes to systems and processes which cannot be
underestimated:
The AML/CTF package
will involve major changes to systems and procedures, potentially requiring new
systems, as well as workforce training requirements, which will create
significant demands and resourcing issues from both a costs and personnel
perspective. Therefore, serious consideration must be given to ensuring that a
transition period of as long as possible a duration is provided – we would be
suggesting at minimum a 2 year transition period from the date of Royal Assent
of the AML/CTF package.[45]
3.35
The ABA pointed
out that, since the Exposure Bill extends to a range of financial
service providers not currently covered by the FTR Act, the level of change
required for these entities will be particularly significant: 'culturally,
technologically and procedurally'.[46]
Purported risk-based approach
3.36
The majority of industry bodies who made submissions to
the committee's inquiry argued that, despite the purported risk-based approach, the Exposure Bill is overly
prescriptive, expansive and unbalanced. Many noted that there are areas of the
Exposure Bill where prescriptive and mandatory requirements have replaced a
risk-based approach, with very little scope left for industry guidelines.[47] This is undesirable since it imposes a
disproportionate burden on business and is inconsistent with good regulatory
practice.[48]
3.37
They argued that, further, since the regime captures a
wide range of reporting entities and transactions, a 'one-size-fits-all'
framework of prescriptive obligations is undesirable as, arguably, this would
have serious flow-on effects on business and the general public in terms of
inconvenience and compliance costs. Moreover, it may not provide the optimum
means of combating money laundering and terrorist financing in Australia.[49]
3.38
In evidence, Mr Brett
Knight from American Express told the
committee that initially the Exposure Bill had taken on a risk-based approach
and that many of the Rules, as they began to form in some of the consultative
working groups, had taken an overarching risk-based approach. However, in his
view, the proposed regime has begun to take on a more prescriptive approach as
the Exposure Bill and the Rules have undergone development:
What has happened is
that the AUSTRAC working groups have 40 people from 40 different industries putting
up examples of how their operations work and this and that. AUSTRAC is trying
to take all of this and, instead of creating overarching risk principles, they
have started to prescribe in very strict detail what institutions should do. As
you can appreciate, a global company like American Express has complied with
the USA Patriot Act for years and the last thing we would like to see is
legislation come in that is prescriptive and contrary to our requirements in
other jurisdictions. It makes us invest millions of dollars where we do not
think that is effective.[50]
3.39
Many argued also that the measures in the Exposure Bill
go far beyond the FATF Recommendations, further than comparable overseas AML
legislation, and beyond the AML and CTF objectives stated by the Federal
Government as the rationale for the Exposure Bill.
3.40
The following section of the committee's report examines
these issues in more detail.
FATF Recommendations
3.41
The Introduction to the FATF Recommendations states
that:
... FATF recognises that countries have diverse legal and
financial systems and so all cannot take identical measures to achieve the
common objective, especially over matters of detail. The Recommendations
therefore set minimum standards for action for countries to implement the
detail according to their particular circumstances and constitutional
frameworks.[51]
3.42
A number of submissions and witnesses argued that the proposed
AML/CTF regime, despite being touted as a measure to bring Australia
into line with the FATF Recommendations, in fact departs from those
recommendations in a number of key respects.
3.43
Liberty Victoria
argued that the Exposure Bill extends beyond the FATF Recommendations and the
existing regime of the FTR Act 'without apparent justification'.[52] Liberty
Victoria pointed to some differences:
... while the FATF 40
Recommendations and the FTRA focus on financial institutions, the Bill focuses on the provision of certain
services. While the FATF 40 Recommendations stipulate a threshold transaction
of over A$20,000, the Bill
proposes one of A$10,000. The Bill's
suspicious reporting requirements go far beyond the FATF 40 Recommendations and
even substantially extend the already extensive obligations in the FTRA. The Bill contains novel requirements concerning
funds transfers and registration of remittance service providers which are
found nowhere in the FATF 40 Recommendations or the FTRA.[53]
3.44
The
Australian Privacy Foundation (APF) made a similar argument, noting that:
The Objects clause
(Section 3) focuses almost entirely on the need to meet 'international
obligations' in the areas of money-laundering and terrorist financing –
specifically the Financial Action Task Force (FATF) Recommendations. Apart from
being seriously misleading by omission...this focus is not supported by any
rigorous analysis of what is actually required to meet those Recommendations.[54]
3.45
The APF
also submitted that international comparisons show that 'there is considerable
flexibility for signatories to interpret the Recommendations, and not all
jurisdictions are putting in place such a comprehensive identification,
reporting and monitoring regime'.[55]
Therefore, in the APF's view:
... the Australian
Government is being highly selective in using the FATF Recommendations to
support its wider policy objectives where it suits, and at the same time being
deliberately vague about those aspects of the existing FTR Act, and draft Bill, which go beyond the FATF requirements.[56]
3.46
Mr Tony Burke from the ABA emphasised the point that the FATF recommendations recognise a
risk-based approach which is not reflected in the proposed regime:
As recognised in the
FATF recommendations concerning the measures to be taken by financial
institutions and agreed by government and industry, the entire approach should
reflect a risk based approach in order to ensure that appropriate resources are
matched to high-risk activities and functions. The proposed regime is not risk
based either at global or structural level, nor in relation to specific
obligations. Generally a risk based approach should match the obligations
imposed on an entity with the risks faced by that entity in a proportional and
balanced way. More demanding obligations should be imposed to manage more
serious risks.[57]
3.47
Mr Burke
told the committee that the proposed regime's approach 'is inconsistent with what w[as] agreed with the minister and the
Department last year at the roundtable meetings, inconsistent with FATF
recommendations, and inconsistent with best practice internationally.[58]
Elements of a true risk-based approach
3.48
Many submissions and witnesses to the committee's
inquiry maintained that the industry preference is not for prescription but
rather for guidance and information from AUSTRAC about AML/CTF risks, and AUSTRAC's
expectations about industry's response to those risks. Essentially, they argued
that the obligations of reporting entities should be commensurate with self-assessed
risk.
3.49
As The Association of Superannuation Funds of Australia
(ASFA) submitted:
A genuinely risk-based approach should set down high-level
principles in line with the FATF requirements. Reporting entities would then be
able to introduce their own policies and procedures that are appropriate given
the risks presented by their products and customers as well as the entity's
size and capacity.[59]
3.50
The FPA argued that one of the main benefits of
principles-based legislation is that it is capable of being applied confidently
by businesses in a flexible way to suit their particular needs and clients:
By being overly prescriptive, whether in standards or
legislation, businesses irrespective of size, structure or business model, are
unable to determine appropriate ways of incorporating the requirements into
their businesses. It should be possible to innovate within the broad bounds of
Government policy without having to seek explicit approval from the regulator.[60]
3.51
Mr Tony
Burke from the ABA
also provided the committee with an industry view of the requirements of a true
risk-based approach:
-
first, legal
obligations should be framed so that the scope of the legal obligations are
clear and the entity subject to the obligations is be able to determine what
needs to be done to comply;
-
second,
compliance with the legal obligations should be feasible and practical and the entity
subject to the legal obligations should be able to do what is needed to comply;
and
-
third, appropriate
enforcement mechanisms should be in place whereby the entity subject to legal
obligation is subject to reasonable and proportionate sanctions in cases of non-compliance.[61]
3.52
With respect
to appropriate enforcement mechanisms, Mr Burke submitted that these are most
effectively achieved by an overriding object in the interpretation part of the
relevant legislation that makes clear that, both qualitatively and
quantitatively, each obligation is to be interpreted consistently with a risk-based
approach relevant, for example, to the nature, scale, complexity and risk
profile of a reporting entity’s business. As part of this overriding part, a
global defence for reasonable steps and due diligence should be included.[62]
3.53
Insurance Australia Group (IAG) emphasised that a
risk-based approach should start from the assumption that most customers are
not money launderers, and that businesses should be able to identify where
financial crime risks lie in their own business:
This approach allows firms to focus their efforts where they are
most needed and where they will have the most impact. Factors to be considered
can include issues such as jurisdiction, customer type, class of business and
distribution channel. Taking a proportionate, risk based approach to anti-money
laundering can have significant benefits to businesses, being cost effective
(identifying where limited resources need to be deployed) enabling firms to
identify and focus on high risk areas.[63]
3.54
Mr Luke Lawler from the Credit Union Industry Association (CUIA) also stressed the
need for any AML/CTF measures to be reasonable and proportionate, particularly
in the context of community expectations and community understanding:
... everyone opposes
money laundering and everyone opposes terrorism financing. There is no argument
there. It is a question of what is realistic and proportionate and what are
reasonable expectations in the community about information—what is suspicious;
what is unusual; and what people consider to be a reasonable approach to
tackling these money-laundering problems and terrorism financing problems. The
point I am making is: potentially, it could be quite a monster. It depends on
everyone taking a reasonable approach and, to some extent, the very first audit
that AUSTRAC does of an institution will determine the shape of the regime.[64]
3.55
In their joint submission, CPA Australia and The
Institute of Chartered of Accountants in Australia
argued that the proposed regime 'is not adequately factoring in commercial
realities and the practicalities of undertaking business in Australia'
since, in their view, it will 'deliver complex, over-burdensome regulation'.[65] Further:
It is a concern that despite the government's stated commitment
to improving the regulatory process, there is an ongoing failure of agencies to
reconcile their regulatory objectives with the commercial environment. A more
focused risk based approach will result in a more robust partnership between
industry and government to better monitor money-laundering and terrorism
financing.[66]
3.56
The FPA again drew comparisons with the FSR regime
which, while also purporting to be principles-based, has in its view been too
prescriptive in nature. In relation to the AML/CTF regime, the FPA submitted
that in order for it to be truly principles-based, 'it should explicitly
recognise the role of risk in determining the extent of obligations'.[67] Further:
Due to the shortcomings of the Exposure Draft in recognising the
role of risk, it is only natural that industry has sought to see the whole of
the draft regime – the Exposure Draft and subsidiary draft rules and guidelines
– before committing themselves to definitive comments on the proposed
legislative package.[68]
3.57
Mr Mark
Mullington from ING Direct emphasised the
need for the regime to focus on outcomes,
as opposed to compliance:
We believe that, with
legislation that is too prescriptive and coupled with relatively severe civil
and criminal penalties or sanctions, we run the risk of the whole emphasis of
the industry being on compliance. In other words, it will become a tick-the-box
exercise. That is a little bit similar to where we have ended up with FSRA. It
is fundamentally about compliance; it is fundamentally about ticking the boxes.
The alternative is a
risk based approach which really pushes institutions down the track of
outcomes, in that an institution needs to build an anti-money laundering and
CTF program to achieve certain outcomes. The regulator has the ability to
review those programs and opine on whether they are adequate to achieve those
outcomes or not, but it does not push the organisation down the track of
compliance. We believe that the way the rules—the three that we have got—have
developed to date are quite explicit, quite prescriptive and not risk based.
3.58
The Treasury also expressed its support for a
risk-based approach:
The financial sector
comprises a broad range of institutions and service providers offering a
diverse suite of products with varying features and risk profiles. The
application of the AML/CTF obligations should take that diversity into account
and ensure that the intensity of obligations is commensurate with the risks
posed by particular products, the profile of the customer and the delivery method
of the financial service.[69]
Comparable overseas legislation
3.59
The committee received some evidence pointing to the AML/CTF
experiences in the United Kingdom (UK) and the United States (US), and the
lessons that Australia
might learn from those experiences.
3.60
For example, the ABA
submitted that:
The United Kingdom (UK)
and the United States of America (USA) have had considerable experience with
the implementation of AML/CTF regimes and have led international efforts in
this area. Both countries have sought to implement regimes that are risk-based,
consistent with international requirements, best practice and their domestic
legal environment. Further, both countries have had significant enforcement
experience.[70]
3.61
However, Mr Tony
Burke from the ABA
informed the committee that the UK
experience was not without its problems as the UK
'initially went down a much more strongly prescriptive path than is currently
the case and found enormous difficulty in doing so'.[71] In particular, Mr
Burke noted that:
There is head
legislation; then the body of the detail was in guidance notes produced by ... the
Joint Money Laundering Steering Group. There were significant obligations, for
example, in the verification of existing customers, not risk based. They found
great difficulty implementing those obligations and significant customer
push-back, and they have withdrawn from that approach to a more risk based
approach. The UK is probably the model which we point to. There was a bad experience in
doing it that way but now the new approach seems to be working far more
effectively.[72]
3.62
IFSA also highlighted the UK
experience as one which Australia
could learn from, noting that it 'would be a costly and wasteful exercise that
neither the industry nor the Regulator...would want to go through'[73] if Australia
were to get its regime wrong in the first place.
3.63
Mr Brett
Knight from American Express emphasised the
importance of Australia
utilising the experiences of other jurisdictions:
There is a lot of
international experience. The US implemented this type of legislation four
or five years ago, and so has the UK. In my opinion and from what I have seen,
the regulators have not really taken a lot of this global experience and
applied it. In the AML-CTF advisory group meetings last week, there was a whole
discussion on creating risk matrixes, which have been compiled very
comprehensively in other jurisdictions for years. So I think they have not used
the opportunity to look at other global jurisdictions that have this type of
legislation to get best practices effectively.[74]
3.64
SunCorp Metway suggested that 'the final version of the
Exposure Draft be rigorously compared' by the Department and/or AUSTRAC 'to
assess parity with existing UK and US AML legislative models' to ensure that
Australian requirements do not exceed those in other similar jurisdictions.[75]
Department response
3.65
In response to industry concerns with respect to the
overly prescriptive approach taken in the Exposure Bill, a representative from
the Department maintained that the Exposure Bill is principles-based with a
risk base beneath it. The representative stated that there is no explicit
definition of 'risk-based' but that 'the concept is clear'. That is:
The principles are in
the legislation and then there is flexibility for the industry to determine,
using a risk based assessment, what their regime shall be. Then that will be
embodied in an AML-CTF program, which will be subject to audit.[76]
3.66
The
representative also pointed out that the concerns of industry in relation to
this issue have 'been taken on board' and that 'the documents that finally
emerge from this process – the vital rules that need to be drafted – will reflect
that discussion'.[77]
3.67
A
representative from AUSTRAC confirmed that, specifically in relation to the
AML/CTF Program Rules, 'we are feeling fairly comfortable that we have achieved
a risk based approach – a set of rules that set out a framework in which entities
can judge their own risk and deal with that in an appropriate way'.[78] She also noted that the Customer Identification
Rules would be progressing on a similar basis.[79]
3.68
With respect to reference by some submissions and
witnesses to the situation in the UK, a representative from the Department told
the committee that 'some of the suggestions about learning from the UK
experience might in fact be extrapolating from that, as opposed to considering
whether [for example] the detail in their identification requirements is
actually less or more than our suggestion'.[80]
3.69
Another departmental representative explained that it
should be recognised that there are differences between the UK
and US experiences on the one hand, and the Australian situation on the other:
Yes, we have heard it
said that we should be learning from the overseas experience. We accept that
entirely and we have looked at the overseas experience, especially the UK and the US. But there are differences with the
Australian system. I do not think we can pick up and apply overseas provisions
slavishly. We have to modify them for the Australian environment. I make the
point that although we can look at the UK experience there are limits to how far we
can take that.[81]
Practical impact of the proposed regime
3.70
The committee received evidence from a variety of financial
services industry sectors indicating that there are a number of common residual
concerns regarding the practical impact of specific aspects of the proposed
AML/CTF regime. The major concerns raised with the committee will be considered
below.
Scope and coverage of the Exposure Bill
– 'designated services'
3.71
Some submissions and witnesses commented on the wide
scope of the Exposure Bill. For example, CPA Australia and The Institute of
Chartered Accountants in Australia argued that, despite the Federal
Government's claim that the first tranche of reforms will only impact on the
financial services sector and businesses in competition with that sector, 'the
definitions of designated services are so broad that they currently cover all
businesses which provide trade credit' so that:
... all consumer credit transactions will ... be caught, so
individuals buying a new television or fridge on credit will now be subject to
full Customer identification procedures and will have to produce a birth
certificate and/or other primary and secondary documents.[82]
3.72
In this respect, '(t)he descriptions of certain
designated services in clause 6 of the Bill go
far beyond the FATF Recommendations'.[83]
3.73
IAG agreed that the Exposure Bill's definition of
'business' is unqualified and, therefore, inconsistent with the FATF
Recommendations. In IAG's view, the FATF Recommendations are:
... expressed to impose obligations on 'financial institutions'
(and in certain circumstances on 'non-financial businesses and professions'). 'Financial
institution' under the FATF recommendations is defined as 'any person or entity
who conducts as a business one or more' of the prescribed activities. The Draft
Exposure Bill ignores this important qualification.[84]
3.74
IAG also made the point that the definition of
'business' in the Exposure Bill, by extending to one-off and occasional
activity, goes beyond the FATF Recommendations. It argued that 'there is some
scope for the ambit of the definition of "business" to be reduced
without making it inconsistent with the FATF Recommendations'.[85]
3.75
The ABA noted that the list of designated services does
not draw any distinctions on the basis of monetary limits (except a $1000 limit
for stored value cards); nor does it take into account whether activity is
carried out on an occasional or a regular basis; nor does it recognise to whom
the service is provided (for example, a related company).[86]
3.76
In relation to the threshold issue, Ms Michelle Mancy
from American Express argued that to support a risk-based approach, 'meaningful
thresholds should be set' since 'there is no appreciable risk of money
laundering below certain minimal levels of transactional activity' and '(t)he
absence of thresholds means it is simply overburdensome to require this kind of
identification'.[87]
3.77
Ms Mancy
elaborated:
There are no thresholds
for any designated service except stored value cards and we would like to see a
threshold for consumer credit arrangements. American Express card members spend
more than customers of other institutions. Even so, the average spend on the
American Express card in Australia is not more than $10,000 each year.
The reporting threshold
should be increased as the current $10,000 figure dates back to the early days
of the FTRA over 10 years ago and is no longer reasonable. It should be adjusted
to account for inflation. The current $10,000 figure is also set substantially
below the FATF recommendations. Lowering the threshold leads to significant
increased compliance costs and there is no evidence that Australia presents higher risks than other countries
with similar income levels.[88]
3.78
Others agreed that the threshold should be increased. The
Deputy Privacy Commissioner told the committee that:
Our view is that the
Financial Transaction Reports Act has been in place for quite some years now,
and the original threshold was set back in the early nineties. It may be useful
to have that reviewed to see whether it is still an appropriate amount, so the
basis of our comment there is generally on the length of time for which that
amount has been set.[89]
3.79
Ms Johnston
from the APF submitted that a threshold of approximately $US15,000 might be
more appropriate:
We believe there should
be a threshold for all three categories: international transactions, domestic
transactions and suspicious transactions—if you keep the third category. As Mr Pilgrim has mentioned, we believe the $10,000 threshold that was set some time
ago is now too low, through the effects of inflation. If you want to pull a
figure out of a hat, I would say something like $US15,000—so whatever that is in
Australian dollars; it might be $A18,000 or $A20,000—might be more appropriate.[90]
Department response
3.80
In response to suggestions that the transaction
threshold of $10,000 should be reviewed, a representative from AUSTRAC informed
the committee that there are currently no plans to do so:
Certainly we do not
believe that there is any reason to review that level at the moment. Reporting
at that level is of use to AUSTRAC and its partner agencies in their work.
People from the privacy groups in particular have raised this in AUSTRAC’s
privacy consultative committee. While we are always open to reviewing that if
necessary, at this stage we believe that the $10,000 threshold is still a
reasonable threshold to have.[91]
3.81
In an
answer to a question on notice, AUSTRAC expressed its view that $10,000 remains
the appropriate level for the threshold:
While the number of transactions at this level has increased,
this amount remains significant. The Bill does
provide for the threshold to be raised, as well as lowered, by regulation, not
by AUSTRAC. The amount will be kept under continuing review and if it appears
that it should be raised, recommendations will be made to the Minister for
Justice and Customs about the need for regulations.[92]
Identification procedures (Part 2)
3.82
Most of the detail in relation to customer identification
requirements will be contained in (as yet unreleased) Rules. This has created
uncertainty for a number of groups who participated in the committee's inquiry.
Not risk-based and overly
complicated
3.83
Some submissions and evidence argued that the customer
identification requirements in Part 2 of the Exposure Bill are not risk-based. For
example, Mr Tony
Burke from the ABA
told the committee that:
... there is a failure to
distinguish between high- and low-risk products through the definitions, which
results in obligations that are not proportionate to risk. Rules relating to
'know your customer' are too complex and excessive for low-risk services. Key
aspects of the operation of this part are contained in the rules. Without
knowing the content of the rules, it is not possible to determine whether the
scope of the obligation is sufficiently clear and whether regulated
institutions will be capable of complying.[93]
3.84
CPA Australia and The Institute of Chartered
Accountants in Australia
agreed, particularly in relation to the customer due diligence requirements in
Part 2:
The requirements to perform Customer Due Diligence set out in
Part 2 of the Bill are not risk based. They only
provide for the exemption of certain services which must be specified in the
AML/CTF Rules. The requirements of Part 2 and the AML/CTF Rules on Applicable
Customer Identification Procedures apply to all other designated services, regardless
of the level of risk posed by the customer, type of service or method of
delivery or the jurisdictions in question (eg where the customer resides or
where the product or service is to be delivered). This is an unnecessarily
inflexible framework for the identification of customers.[94]
3.85
CPA Australia and The Institute of Chartered
Accountants in Australia
argued further that, despite proposed section 35 allowing for the exemption of
designated services which are considered to be low risk:
There is no consideration to be given to the risks associated
with the customer or any other aspect of the transaction. In general terms, the
designated service of processing transactions through an accountant's trust
account may have some potential for risk and may not generally meet the AUSTRAC
criteria as a low risk service for exemption. However, the customer, source and
destination of the trust account transaction may all be of a low risk in
relation to money laundering and/or terrorist financing. Despite this, they are
unlikely to be services excluded from the application of Part 2 of the Bill
or to which a lower level of Customer Due Diligence is applicable.[95]
3.86
Platinum Asset Management (Platinum), an Australia
domiciled investment manager specialising in international equities, queried
the burdensome nature of the obligations in Part 2:
Given that all investment money comes to Platinum via the
Australian banking system (which is subject to rigorous regulation) what
benefit will be gained from requiring us to further scrutinise the identity of
our clients?[96]
3.87
The ABA argued that the requirements in the draft
Rules relating to 'Know Your Customer' and customer due diligence are too
complicated:
Industry proposed, in
November 2005, that customer due diligence and enhanced customer due diligence
be simplified into a unified approach but this has not appeared in the E[xposure]
D[raft Bill]. The lack of further release of the suite
of identification rules is making it almost impossible for industry to assess
the scope of these due diligence requirements and their impact on businesses
(and their customers).[97]
3.88
The ABA also highlighted the intrusiveness of the
identification requirements for clients and customers:
The proposed Customer
Due Diligence will require customers to spend longer conducting transactions
and a significant proportion may feel the information required under the
proposed regime is invasive, particularly in relation to provision of
information on country of birth, residence and citizenship. International experience
indicates that this information is of little value in AML/CTF control and there
is concern that an obligation to ask for a place of birth may raise complaints
of 'racial profiling' from many customers.[98]
Electronic verification
3.89
A number of submissions and witnesses raised concerns
that, while the Exposure Bill and the Rules are technologically neutral, electronic
verification (EV) processes with respect to customer identification have not
been expressly provided for. These groups argued that express recognition of EV
should be set out in the Rules and should encompass current EV methods used by
industry.[99] The committee understands
that many businesses currently use EV to check customer information by carrying
out (or engaging third party commercial service providers to carry out)
searches of electronic databases that store information about people.
3.90
IFSA noted that this issue is critical to the financial
services sector because it predominantly interacts with existing customers and
potential customers on a non face-to-face basis.[100] By way of example of the
significance of the EV process, Ms Lisa
Claes from ING Direct informed the committee
that eighty per cent of that company's new customers are verified using EV.
American Express argued that EV 'is equally if not more robust than human
inspection of documents ... which may be forged or manipulated' and is, in fact,
'a powerful tool to thwart illicit activity'.[101]
3.91
American Express asserted that it is imperative that
the proposed regime 'does not prescribe a narrow, traditional identification
process based on physical or face-to-face presentation or inspection of
identity documents, especially as more efficient alternatives are available'.[102] In this context, the concept of
competitive neutrality is particularly relevant, since businesses such as
American Express do not have physical branch networks through which to conduct
face-to-face inquiries with clients:
If the law does not allow ample flexibility and adaptability for
financial institutions to adopt customer identification methodologies that are
feasible within their business models, the legislation may have extremely
negative impacts on competitiveness, business growth and expansion, without
assisting the task of identifying and preventing unlawful activity. This will
create unnecessary burden on financial institutions and businesses that operate
in a non face-to-face environment and will curb business growth and expansion
into non traditional channels – such as internet banking, global payments
solutions and many other products & services that are provided in a non
face-to-face environment.[103]
3.92
The ABA noted that the Department recently made it
clear at a recent working group meeting that 'the intention (not reflected in
the drafting) was to permit reporting entities to decide whether to adopt the
face-to-face procedures or the non-face-to-face procedures, based on which is
best suited to their business processes'.[104]
3.93
At the committee's hearing a representative from the
Department explained that EV has not been expressly included in the Rules for
the following reasons:
It will not necessarily
be expressly provided for because, under a risk based system, you do not have
to express things because that would become prescriptive but certainly the
intention is there. This is the problem that you run into. People want risk
based flexibility. At the same time they want clear guidance on what they are
required to do. I think that is fair enough, because different industry sectors
want different things and we have to have a process which allows each of them
to be given what they need.[105]
3.94
The
representative continued:
The message has been
heard loud and clear. The minister in roundtable conferences has basically said
that there has to be an electronic verification system ... The idea of this is
not to stop legitimate industry which is operating in a certain way from
operating in that way, unless the risks of money laundering are so high that
they should not be operating in that way. You cannot take an industry which
operates entirely in an electronic environment and say, 'Next week you have to
have branches because of these provisions.' That has been the challenge: to
come up with electronic verification procedures which are as robust as
paper—leaving aside, for the moment, how robust paper identification and
verification are.[106]
3.95
Further:
The risk based approach
will say that you as an entity have to have robust verification procedures and
if you are satisfied that electronic verification is sufficiently robust and is
appropriate then an entity can develop that. That is a risk based approach.
Then, the onus will move on to our good friends at AUSTRAC with their audit
function. We think that the Attorney-General’s Department is likely to be
involved in further debate and discussion about what the electronic
verification involves. I do not think that issue is going to go to bed for
quite some time but we are talking about an implementation period for this
legislation; we are not talking about everything being in place on day one.[107]
Third party verification
3.96
Some argued that the procedures relating to third party
verification of customer identification may not be practicable.
3.97
For example, Mr
Mark Mullington
from ING Direct noted that ING Direct is one of the largest providers of home
loans through the mortgage broker channel. He acknowledged that the proposed
regime contemplates third parties such as mortgage brokers undertaking the
identification process on behalf of lending institutions, however he pointed
out that 'the exact mechanism for this at this stage is unclear'.[108] Further:
... the way the draft
bill operates, it will create complexity and bureaucratic burden for the
mortgage broker channel. It also creates serious concerns regarding our
reliance on mortgage brokers undertaking that identification. We believe the
legislation needs to contemplate an accreditation and registration process—that
is, individuals and organisations become accredited to undertake the customer identification
and verification process and, subject to certain controls, financial
institutions be permitted to rely in good faith on that identification. At this
stage, we are continuing to work with AUSTRAC on developing a viable solution.[109]
3.98
CPA and
The Institute of Chartered Accountants in Australia argued that the third party
verification requirements are not workable in relation to the services provided
by accountants and would lead to unnecessary duplication of resources of both
accountants and customers:
Clause 34 of the Bill allows a reporting entity to authorize
another person in writing to conduct the applicable customer identification
procedures required in Part 2. This presumes that the services are being
provided concurrently. However, an accountant who is a reporting entity will be
providing services to a client who is likely to have previously had services
provided by another reporting entity which has already conducted customer
identification procedures. The Bill
does not allow the accountant to rely on that previously conducted customer
identification. Coming at the end of the 'chain' of reporting entities the
accountant cannot provide written authorization for another reporting entity to
carry out the applicable customer identification procedures.[110]
3.99
Mr John
Anning from the FPA also raised third party
identification as a issue for financial planners:
Third party
identification is a key issue, because often financial planners are seen as the
first link in a chain of financial services transactions. So it is vital for us
to understand how financial planners will be impacted by the regime, and to do
that we need the draft rules and guidelines for third party identification. It
raises practical issues. A financial planner may be undertaking identification
on behalf of a number of financial institutions, and if they each have their
individual risk assessment processes they may rate products and customers at
different risk levels—therefore requiring identification to be done at various
levels. So this has the outcome that the financial planner conducts an initial
identification of the client, covering the maximum information required, just
to cover all possibilities.[111]
3.100 The Securities & Derivatives Industry
Association (SDIA) argued that certain arrangements involving third parties
should be exempt from the due diligence requirements:
Where an AFSL licence
holder is a reporting entity and proposes an arrangement with another AFS
licensee such an arrangement should be exempt from the due diligence
requirements. These entities have already been through an in depth screening
process in their licence applications and, if there is no adverse finding against
them by the Australian Securities & Investments Commission (ASIC) after the
receipt of the licence, the reporting entity must be able to do business with
them in the normal course. The expectation should be that they also comply with
AML/CTF legislation and that they have completed the customer identification
process for their clients. Both licensees should not be required to obtain
customer identification – only the primary contact. Similarly, it should not be
a requirement that reliance on another licensee requires that a stockbroker
review and approve the process for customer identification employed by that
other licensee. Examples of these types of arrangements are stockbrokers having
arrangements with financial planners and other intermediaries, margin lenders
and managed fund providers.[112]
3.101 Allens
Arthur Robinson
(Allens) pointed out that, while proposed section 34
authorises third parties to carry out customer identification procedures,
proposed section 12 prohibits them from providing information obtained by that
procedure to anyone other than the reporting entity. Allens
argued that:
In order to facilitate
the sharing of information between related entities in a group structure (and
thereby reducing costs) ... external agents should be able to provide customer
identification information to related entities of the reporting entity if so
authorised by the reporting entity.[113]
Technical issues
3.102
Allens also drew the committee's
attention to the interaction between the customer identification procedures
required by the Exposure Bill and the 'Know Your Customer' and risk
classification requirements of the AML/CTF Program Rules. Mr
Peter Jones
from Allens summarised the crux of the issue as follows:
... the exposure draft
appears not to require reporting entities to take any action in relation to
what we would call dormant customers—people who, at the time of commencement of
the act, as it would be then, would not be having designated services provided
to them. But when we look to the rules that have been released, the one that
deals with AML compliance programs, for example, seems to suggest that all
customers need to be risk classified and that reporting entities need to
consider whether they need to get further K[now] Y[our] C[ustomer] information
in relation to all customers and whether they need to update the KYC
information they do hold in respect of all customers. To us, that gives rise to
the question of whether that is the intention and, if it is, whether AUSTRAC
does actually have the power to make rules which do not appear to have any
legislative basis.[114]
3.103
Allens' submission noted
that this is relevant for two reasons:
In the first instance the extension of the AML/CTF program rules
to customers who may no longer have an ongoing relationship with the reporting
entity and no KYC obligations under the Act has practical and resource
implications.
More importantly if the Rules can regulate beyond the Act it is
imperative that AUSTRAC's Rule making power is subject to, (at the least)
industry consultation and some form of parliamentary scrutiny. At present it is
not.[115]
3.104
In evidence, Mr Jones
submitted that the proposed regime's inclusion of both past and present
customer identification, poses the following questions:
... how far back do you
go? Where do you draw the line? That is the practical issue. Who is a dormant
customer? Who is beyond the reach of needing to be risk classified? If they
have not done anything with you for five years and then walk in the door
tomorrow, are they a new or an existing customer? Part of this will be dealt
with when we get the rules about continuity of relationships and what
disqualifies a relationship from being a continuous one. I do not want to jump
the gun on that score, but I do think you need to address the practical issue
about dormancy.[116]
3.105 In response to a question on notice from the
committee in relation to some of the technical issues raised by Allens, the Department advised that:
The Attorney-General’s Department is currently considering a
range of issues raised in submissions to the Senate Legal and Constitutional
Committee’s Inquiry. The submission from
Allens Arthur
Robinson raises seven sets of issues, all of
which will be addressed as part of the Department’s consideration of suggested
amendments to the exposure draft AML/CTF Bill.[117]
3.106
With specific reference to concerns about AUSTRAC's
rule-making power, a representative from the Department indicated that consultation
by AUSTRAC with industry and law enforcement groups when making the Rules might
also be properly supplemented by consultation with privacy groups.[118]
Reporting obligations (Part 3)
3.107
Some submissions and witnesses commented on the
reporting of suspicious matters requirements in Part 3 of the Exposure Bill.
3.108
For example, Mr Tony
Burke from the ABA
told the committee that:
The industry has
concerns that the suspicious matter reporting rules may be too prescriptive, as
it appears that as many as 24 matters—many of which are difficult to
assess—must be taken into account in determining whether there are reasonable
grounds for forming a suspicion that would require a suspicious matter report,
and as many as 19 details must be included in such a report.[119]
3.109
Mr Peter
Jones of Allens pointed out
that there is an apparent inconsistency between the scope of the obligation
contained in proposed subsection 39(1) of the Exposure Bill and the reporting obligation
in proposed subsection 39(2):
That is an issue that
we see in the FTRA as well but, given the detailed process—the exhaustive process—we
are going through now and the extension of the suspicious reporting regime
beyond financial institutions or cash dealers to a much wider audience, we
thought it was worth raising this particular point. That point is the apparent
mismatch between an objective test as to when one has reasonable grounds to
have a suspicion, which might give rise, you would think, to an obligation to
report, and the actual obligation to report, which only arises once a suspicion
has arisen. It is a technical drafting issue but it is one that we thought was
important, given that context.[120]
3.110
Liberty Victoria
argued that proposed section 39 goes well beyond the requirements of the FATF
Recommendations and also represents a significant extension of the current
suspicious reporting regime under section 16 of the FTR Act:
To portray cl 39 as an
implementation of the FATF 40 Recommendations is nonsense. To portray it as a
modification of the existing regime to conform with the FATF 40 Recommendations
is equally untrue. It is, in truth, a wholesale revision of the suspicious
reporting regime, which bears little or no resemblance to the FATF 40
Recommendations and extends the regime well beyond the current law. The
Government should be asked to explain why this is necessary.[121]
3.111
Similarly, Allens asserted that
elements of proposed section 40 are unworkable in practice and extend beyond
the requirements of relevant FATF Recommendations.[122] Both Allens and Liberty
Victoria pointed out that proposed section
40's extension of the suspicious reporting obligation to cases where it is
suspected that there has been a breach of foreign law is onerous and
unrealistic.[123]
3.112
Platinum again emphasised the overly burdensome obligations
in the Exposure Bill, the costs of which would ultimately be borne by its small
client base:
Given that all monetary transactions with our clients are
executed through an Australian bank, building society or credit union, what
benefit will be gained from requiring us (a non-cash intermediary) to replicate
the reporting of threshold transactions and international funds transfer
instructions that will be carried out (and also reported) by the bank, building
society or credit union concerned?[124]
Department response
3.113
In response to some of the issues raised in relation to
reporting of suspicious matters, including concerns that reporting entities
would be required to consider and have knowledge of offences in foreign
jurisdictions, a representative of the committee informed the committee that:
The intention of those
provisions of the legislation is not to require people to become experts in foreign
law, Australian law or anything else. What they are intended to do is to ensure
that, if people have suspicions about the source of the money or the activities
that people are engaged in when they present to them, they then put in a
report. I would submit it is a fairly simple concept: if you do not have a
suspicion because there is no basis for you having grounds for suspicion then
there is no suspicion and there is no report.[125]
3.114 However, despite this contention, the
representative expressly acknowledged the comments made by submissions and
witnesses to the committee's inquiry in relation to suspicious matters
reporting, and indicated that this is an area of the Exposure Bill that would
be revisited by the Department.[126]
AML/CTF Programs (Part 7)
3.115
Some specific issues relating to AML/CTF Programs under
Part 7 of the Exposure Bill arose in the course of the committee's inquiry,
namely:
-
the costs involved in implementation of an AML/CTF
Program;
-
the merging of the separate activities of AML
and CTF in AML/CTF Programs; and
-
the possible legal implications of a reporting
entity rejecting a potential customer on the basis of its AML/CTF Program.
3.116
For example, Mr Luke
Lawler from the Credit Union Industry
Association highlighted the costs of setting up the AML/CTF Programs:
There will be a
significant cost in setting up the AML CTF program, which is kind of the core of
the compliance obligation in this proposed legislation. In the lead-up to the
passage of legislation and in the transition period, we will get a better
understanding of what the regulators' expectations are about the risks and the
response to the risks but it is potentially quite incredibly invasive and
intrusive of people's privacy ...[127]
3.117
Some argued that money laundering and counter-terrorist
financing issues are inappropriately conflated in the Exposure Bill, including
the AML/CTF Programs, when they are quite distinct activities. As the ABA
submitted, '(t)here must be separate and different obligations applying to each
threat, with which it is possible in practice to comply'.[128]
3.118
The Australian Friendly Societies Association noted
concerns in relation to the possible legal implications of rejecting potential
customers on the basis of a reporting entity's AML/CTF Program:
Concerns have been
raised about the legal implications of an organisation rejecting a potential
customer on the basis of their AML/CTF program and customer due diligence,
particularly where there could be allegations of discrimination on the grounds
of race, given the collection of information about country of birth and
citizenship. We would query whether consideration has been given to what
protections there might be for financial institutions that reject a potential
customer and are later subject to legal suit?[129]
3.119 This is particularly significant given that a
reporting entity would be unable to reveal to the customer the reasons for
rejection (under the 'tipping off' offence in proposed section 95 of the
Exposure Bill).[130]
Obligation to 'materially mitigate' risk
3.120
Several witnesses and submissions raised as problematic
proposed section 74's requirement that an AML/CTF Program 'materially mitigate'
the risk of money laundering and terrorist financing. For instance, Mr
Tony Burke
from the ABA told the committee
that:
While we have spent
quite a deal of time discussing 'materially mitigate' with the department and
AUSTRAC, we have not yet come to an agreed position on that. Our concern is
that it is too prescriptive. Our concern also is that it will not do the job.
An organisation could be said to have materially mitigated risk in that no
money laundering had been discovered, so the outcome was positive but the
processes were very shoddy indeed. The converse may apply—an organisation may
have fantastic processes but, unfortunately, has been the victim of money
laundering and hence could be said not to have materially mitigated risk.[131]
3.121 The ABA's submission drew comparisons with the UK and US AML/CTF regimes in relation to this
issue:
Neither of these two
countries imposes an obligation to materially mitigate AML/CTF risk as part of
the obligation to implement AML/CTF programs.
For example, in the UK,
under the Money Laundering Regulations 2003 (ML Regulations), relevant businesses
are required to establish internal control and communication procedures which
are 'appropriate for forestalling and preventing' money laundering. A defence to prosecution is provided where
an entity 'took reasonable steps and exercised all due diligence' to implement
such a program. In deciding whether an offence has been committed a court must
take into account whether the person followed relevant industry guidance.[132]
3.122 The ABA's submission continued:
The AUSTRAC response to
industry's concerns about "materially mitigate" is that the UK obligation to 'prevent' is a higher
standard than mitigation. This response ignores the legislative elements that
make the UK approach fundamentally different from the proposed regime. It ignores
the qualifier 'appropriate' and critically, ignores the overall defences. The US obligation contains no reference to 'materially
mitigate' or to any particular outcome. It requires the establishment of
programs (defined solely in accordance with FATF minimum recommendations) with
the objective of guarding against money laundering.[133]
3.123
American Express argued that the 'materially mitigate'
risk requirement is 'unrealistic and unattainable' since 'it is not possible to
quantify levels of money laundering and terrorist activity with any level of
precision, nor to predict future directions and developments of such activity'.
It suggested that:
The requirement should be changed to require providers to
implement programs which 'effectively mitigate such risks as are reasonably
apparent' of the provider's products and services being misused.[134]
3.124
SDIA also argued that clearer guidance is needed on the
meaning of 'materially mitigates'.[135]
Secrecy and access (Part 11)
3.125
Some submissions and witnesses raised concerns in
relation to Part 11 of the Exposure Bill. Under proposed section 95, reporting
entities must not disclose that they have formed an applicable suspicion or
have reported information to AUSTRAC under the suspicious matter reporting
requirements, or that they have given further information to a law enforcement
agency in response to a request.
Corporate groups
3.126
Such concerns related primarily to the Exposure Bill's
failure to recognise the existence of corporate groups, where customers have
multiple products and services, and where the group potentially needs to
monitor multiple activities of that class of customers to satisfy the AML/CTF
requirements. Conglomerate operations raise a number of complex issues,
including the issue of information-sharing between group entities.[136]
3.127
Similarly to the point raised in paragraph 3.101, Allens
made the following suggestion in relation to this issue:
Where the reporting entity is part of a corporate group we
suggest that the reporting entity should be able to make the same disclosure to
another member of the group, so long as that disclosure is not likely to
prejudice an investigation which might be conducted following the report [of a
suspicious matter].
As a matter of sound business practice and risk management, if
one member of a corporate group has information relevant to an offence or
attempted offence it should be able to advise other members of the group of
that suspicion, for example, to minimise the likelihood of offences being
perpetrated across the group or another member of the group unwittingly facilitating
a money laundering or terrorist financing offence.[137]
3.128
American Express also argued that the Exposure Bill
should be amended to take reasonable account of corporate group structures and
to allow them to share information.[138]
3.129
The SDIA went further, suggesting that:
... it is important for
its members to be able to share information (under notice to AUSTRAC for
AML/CTF purposes) regarding certain activities of certain people. This would
help prohibit more than one of our members becoming involved with an individual
or entity, if the member who first suspected an instance where money laundering
or terrorist financing was the reason behind a transaction, could inform other
members. To be successful there must be immunity from prosecution for sharing
such information. We recognise that tipping off could be a problem arising from
such sharing of information as it would be difficult to identify the source
however not sharing the information could have a significant impact on the industry.[139]
Lack of available defences
3.130
The committee also received evidence expressing concern
about the lack of defences in the Exposure Bill in relation to the secrecy
provisions. Many groups were fearful that legitimate actions by their employees
pursuant to obligations under the regime may result in inadvertent breach of
proposed section 95.
3.131
Mr
Chris Downy
of the Australian Casino Association, explained how employees of reporting
entities may be caught by the tipping off provisions:
The concern our members have is this whole question of alerting
a high-risk customer to the fact that they are under suspicion. Asking them to
provide identification basically alerts them to the fact that they may be under
investigation.[140]
3.132
Some suggestions with respect to the tipping off
provision included:
-
a defence for employees of reporting entities
who act in compliance with the Rules and Guidelines;[141] and
-
a 'safe haven' provision, where employees of a
reporting entity could make a disclosure to a customer as long as that
disclosure does not prejudice an investigation.[142]
3.133
A representative of the Department assured the
committee that defences to the tipping off offence in the Exposure Bill are
available in the Criminal Code:
We have had this discussion and it has been raised at the outset
with industry. There is nothing in here for the moment. What they want is to
see a provision in here saying, 'Whatever happens, if you have taken reasonable
steps and exercised due diligence, you have a defence against criminal
prosecution.' The reason we have not put it in there is because it is odd in
these days of having the Criminal Code to have a provision like that in
specific legislation. We think it is covered by the Criminal Code.[143]
AUSTRAC resources
3.134
The committee received evidence suggesting that, at the
present time, AUSTRAC is not adequately resourced to produce draft Rules in the
required timeframe;[144] nor is it
resourced to effectively undertake its other obligations under the proposed
regime. For example, IFSA suggested that the Federal Government 'consider
whether AUSTRAC is adequately resourced to effectively carry out its
obligations in relation to its Rule making function'.[145]
3.135
In response to questioning by the committee, a
representative from AUSTRAC stated that, in her view, the slow release of the
Rules is not a resource issue:
One of the issues
around resources is that having more people will not get the rules out any
faster. The rules are so interrelated that the people working on them need to
be across all the issues. So we have a group of three particular people who are
directly involved in drafting the rules together and who have that
across-the-board knowledge to be able to put them together.[146]
3.136
Nevertheless,
the committee considers it essential that AUSTRAC be given adequate resources
to effectively carry out its obligations under the regime, including its
Rule-making function. Such resources should include provision of adequate
numbers of staff with appropriate expertise and experience, as well as implementation
of strategic planning capabilities within the organisation.
Interaction between the Exposure Bill
and other legislative regimes
3.137
Some submissions and witnesses pointed out that the
interaction between the Exposure Bill and other legislation must be taken into
account when considering the impact of the new regime. Any inconsistencies or
overlap must be addressed in order to create certainty for business. For
example, Ms Michelle
Mancy of American Express argued that:
The government needs to prioritise laws relating to
money-laundering prevention, privacy and discrimination, thereby ensuring that
compliance with one will not affect a breach of another, rather than leaving it
to business to tip-toe through a minefield of compliance regimes that seem to
be at odds with each other.[147]
3.138
The ABA
also highlighted the potential inconsistency between the Exposure Bill and
other legislation with which financial service providers must comply. It argued
that the interrelationship between the Exposure Bill and other laws, including
privacy, discrimination, proceeds of crime, corporations and electronic
transactions legislation, needs consideration.[148]
Specific issues arising for particular industry sectors
3.139
The committee also received evidence indicating the
existence of specific concerns relating to the following industry sectors:
-
superannuation;
-
casinos/clubs;
-
financial planning; and
-
insurance.
3.140
Some of these concerns are discussed below.
Superannuation
3.141
Superannuation fund trustees will be considered
reporting entities for the purposes of AML/CTF obligations because they provide
a designated service. Evidence provided
to the committee highlighted that superannuation raises a number of unique
issues. Further, the risk profiles for AML/CTF will differ significantly between
the various types of superannuation funds.
Regulated superannuation funds
3.142
Some submissions argued that the particular characteristics
of regulated superannuation funds mean that they should be considered differently
to many other services for the purposes of the AML/CTF regime; that is, they
should not be subject to the same stringent requirements as those services that
are considered to be high-risk.
3.143
Insurance Australia Group (IAG) suggested that:
Given [superannuation contributions] are statutory contributions
that cannot be withdrawn prior to retirement there is an extremely low risk of
money laundering.[149]
3.144
IFSA supported the position that superannuation should
be considered low-risk. It argued that:
These products contain a number of important features that
ensure they are neither suitable nor likely to be used by individuals seeking
to launder money or finance terrorism.[150]
3.145
ISFA also noted that '[s]uperannuation is specifically
mentioned in paragraph 12 of the Interpretive Notes to FATF Recommendation 5 as
an example of a low risk product for which simplified or reduced customer due
diligence measures may be appropriate.'[151]
3.146
In addition, The Association of Superannuation Funds of
Australia (ASFA) argued that:
It is when the benefit is actually paid out of the
superannuation system or when the member asserts control over their interest,
rather than when contributions are received by the fund, that particulate risks
arise and customer identification is required.[152]
Self-managed superannuation funds
(SMSFs)
3.147
A self-managed superannuation fund has less than five
members and the trustee and members are generally the same people. Self-managed
super funds are regulated by the ATO rather than the Australian Prudential
Regulation Authority (APRA), which are responsible for regulated superannuation
funds.
3.148
Advice to the committee was that self-managed super
funds present a higher risk profile in terms of AML/CTF than other regulated
superannuation funds. Nevertheless, the application of the proposed regime to
SMSFs would not be without its challenges.
3.149
IFSA stated that:
Given the greater control and flexibility allowed to members of
SMSFs, these schemes lack a number of the features which make regulated
superannuation products low risk.[153]
3.150
The submission provided by CPA Australia and The
Institute of Chartered Accountants in Australia highlighted the practical
issues created by the Exposure Bill for self-managed super funds. They submitted
that:
In practical terms the Bill would
require a trustee to perform Customer Due Diligence on themselves, implement an
AML/CTF Program and possibly report on suspicious matters arising out of their
own actions.[154]
3.151
AFSA also pointed out that:
The large number of difficult-to-supervise entities and the
potential for collusion between the trustee and member (who are usually the
same person) may represent a risk for money laundering and terrorist financing,
but, if that is the case, the provision in the Bill
requiring customer information and AML/CTF Programs do not work for this group.
Although self-managed funds represent a particular challenge to any AML/CTF
system, in the interest of competitive neutrality they should not be exempted
from the AML/CTF regime.[155]
Threshold transaction reporting
3.152
ASFA argued that the threshold transaction reporting
requirement would significantly impact on superannuation funds. It argued that
the proposed reporting threshold could require superannuation administrators to
report every transfer, rollover or benefit payment over $10,000 and this 'would
be inappropriate for superannuation funds'.[156]
3.153
ASFA noted that:
The tax-free threshold (which represents a modest benefit) for
superannuation is $129,751. $10,000 is a very low amount for superannuation
benefits – which are often taken as a lump sum.[157]
3.154
ASFA went on to suggest that:
The proposed $10,000 threshold for reporting a transaction is
too low for superannuation contributions, rollovers, transfers and benefit
payments, if all such payments are captured. It may also be too low for
reporting of contributions in some funds and in some situations. The need to
report a transaction could be risk-based and ways that funds might put this
into operations should be explored.[158]
AML/CTF Programs
3.155
ASFA advised that '[b]y 1 July 2006, all superannuation fund trustees other than
self-managed superannuation funds (SMSFs) will be licensed under new APRA
licensing requirements'.[159]
Therefore:
[I]n this context, AML/CTF Program requirement appear too
prescriptive and fail to recognise how APRA-regulated superannuation fund
trustees already manage risk.[160]
3.156
ASFA suggested that regulated superannuation funds
should be able to integrate the AML/CTF Program requirements into the existing
regulatory requirements.
Casinos/clubs
3.157
The Exposure Bill lists the provision of 'a gambling
service, where the service is provided in the course of carrying on a business'[161] as a designated service. Therefore, AML/CTF obligations are imposed on
businesses operating in the gaming industry.
3.158
The committee heard that there are key differences
between the gaming industry and the financial services industry. As a
consequence, some of the AML/CTF obligations may not necessary and, if imposed,
may negatively impact on the effective procedures that are currently in place
or result in higher operational costs.
3.159
The committee received evidence from Clubs Australia,
representing registered and licensed clubs, and the Australian Casino
Association (ACA) which represents the casino operators of Australia.
Casinos – customer due diligence
3.160
Mr Chris
Downy from the ACA argued that '[f]rom both
a consumer's perspective and a business perspective, gambling is fundamentally
different from the services provided by financial institutions'.[162] The ACA highlighted the proposed
customer due diligence regime as an area where there is substantial difference
between the two industries.
3.161
Mr Downy
argued further that:
The vast majority of casino customers are small recreational
gamblers, typically occasional customers, who are no different from customers
of restaurants or other entertainment services. To attempt to identify their
transactions, record them, data match them or otherwise track them makes no
sense because it is almost inconceivable that they are associated with money
laundering or terrorism financing.[163]
3.162
Mr Anthony
Seyfort, also for the ACA, continued:
... at the moment we simply do not know the vast majority of
people who come in once in a blue moon and spend a tiny amount of money, and
there are thousands and thousands of those people ... [W]e have a problem with
the whole part 2 of the bill – simply this concept in the bill at the moment
that you have to know every customer, full stop, whether they are suspicious,
large or whatever.[164]
3.163
Mr Downy
raised an additional issue with respect to the obligation in the Exposure Bill
that casinos must obtain detailed information about high-risk customers. Current
legislation already requires that casinos report the activities of high-risk
customers to AUSTRAC. Casinos may also be required to provide ongoing
assistance to any review of these activities.[165]
3.164
The ACA suggested to the committee that the system that
is currently in place works well and should be incorporated into the Exposure Bill.
Casinos – safe harbours
3.165
Mr Downy
also advised the committee that members of the ACA fear the consequences, under
statute and civil law, if despite their best efforts, they fail to comply with
'a complex and unwieldy set of requirements'.[166]
He also submitted that:
It is also very unclear how a broadly cast program required by a
federal law would reconcile with the obligations of the specific state statutes
such as the Casino Control Act if there were some inconsistency.[167]
3.166
Mr Downy
suggested that 'the draft exposure bill could be amended to ensure that nothing
casinos do in lawful compliance with their respective state based obligations
would constitute non-compliance with the draft exposure bill'.[168]
Registered/licensed clubs
3.167
The Exposure Bill acknowledges that not all industries
will pose the same level of risk in terms of money laundering or terrorism
financing. Proposed section 28 provides identification procedures for certain
low-risk services.
3.168
Clubs Australia
argued that clubs already have player verification procedures in place and that
the highly regulated gambling environment means that 'the imposition of any
additional identification requirements to address risk cannot, in our view, be
justified'.[169]
3.169
Clubs Australia
also highlighted that electronic gaming machines are required to be connected
to a centralised monitoring system. The submission went on:
State Governments already have full access to EGM performance
data which in our view is capable of identifying suspicious EGM activity if
appropriate data analysis techniques are applied. Clubs Australia
again notes that the cost of collecting this data is already borne by the clubs
and the imposition of additional costs as a result of the proposed legislation
is not in our view warranted.[170]
3.170
In conclusion, Clubs Australia argued that:
It is our view that the gambling environment in clubs already
poses a very low risk in the context of money laundering and terrorist
financing and that ... clubs should be excluded from the AML/CTF legislation.[171]
Financial planners
3.171
Currently, proposed section 6 lists personal advice
given by a licensed financial planner in relation to securities and
derivatives, life policy or sinking fund policy, superannuation funds or
retirement savings accounts as a designated service.
3.172
The issue of whether the provision of financial advice
should be listed as a designated service for the purpose of the AML/CTF regime
was raised with the committee.
3.173
The FPA argued that:
There does not seem to be any convincing reasons why the
provision of financial advice in itself should trigger the AML/CTF obligations.
The obligation for financial planners should instead rest on actions taken to
implement their client's strategy.[172]
3.174
The FPA highlighted that the practical affect of the regime
would result in customers having to identify themselves each time they consult
with a financial planner. This may not sit comfortably with general advice from
authorities such as ASIC that consumers consult with a number of planners
before finalising their decision.[173]
3.175
Mr John
Anning of the FPA acknowledged that:
It may be the practices of financial planners would be better
served if they did the identification up-front, at the initial contact with the
client. But we believe that is a flexible point, and that they should be able
to decide for themselves.[174]
3.176
The FPA suggested that 'it is highly unlikely that
identification at the advice stage would result in greater benefits in terms of
AML/CTF intelligence than identification at the implementation stage'[175] and, as such, favoured the position
that the provision of financial advice should not be a designated service.
Sole practitioners
3.177
The APF highlighted that:
There are many thousands of financial advisers and planners, as
well as solicitors and accountants acting in a financial advisory
capacity. These advisers – often sole
practitioners – will acquire obligations under the law with customer
identification, reporting and monitoring requirements which will be extremely
onerous both for the service provider and for the customer or client.[176]
3.178
The APF went on to argue the likelihood that:
The burden and inevitable cost of compliance by small financial
advisers and planners [would] have significant implications for the
availability and affordability of financial advice at a time when governments
are expecting individuals to take increasing responsibility for their financial
security. [177]
3.179
The FPA supported this view:
... it would be clearly impractical for financial planners to bear
all of these obligations individually. FPA considers that effective fulfilment
of the AML/CTF obligations will require recognition in the legislation of the
pivotal role played by the A[ustralian] F[inancial] S[ervices] Licensee in the
provision of financial services.[178]
Department response
3.180
In relation to some of the issues raised in relation to
financial planning (and accountants), a representative from the Department told
the committee that:
The financial planners
are picked up in table 1 if they provide specific product advice, but they are
not if they provide general advice. The concept was that they are gatekeepers,
so let us bring in the regulations and the rest of it at an early point. They
have raised the question of whether, one, it is appropriate and whether, two,
it is feasible, and the problems that it poses to their members to suddenly
take off one hat and put on another and then require a person to provide
identification material. Again, we have heard that. The accountants for the most
part will be caught up in the second tranche of this legislation, because that
is where we will have to grapple with how we regulate a lot of industry sectors
that have not formerly been regulated. One of the issues that will be looked at
in the wash-out after the consultation period is whether those provisions
remain in table 1.[179]
Insurance
3.181
General insurance is not listed in the Exposure Bill as
a designated service. Many organisations
supported the exemption of general insurance from the AML/CTF regime.
3.182
The Insurance Council of Australia (ICA) stated that:
ICA supports the
exclusion of general insurance from the proposed legislation ... [I]t is our
recommendation that the proposed exemption of general insurance is maintained.[180]
3.183
Insurance Australia Group (IAG) expressed a similar
view:
IAG agrees with the assessment of the Australian Attorney
General's Department that general insurance should not be a designated service,
due to its extremely low risk nature, an assessment that is consistent with the
FATF recommendations.[181]
3.184
However, IAG noted an unintended consequence of the
Exposure Bill with respect to insurance:
As an A[ustralian] F[inancial] S[ervices License] holder, a
general insurer could be authorised to provide financial product advice in
relation to life products, limited life risk insurance products and any
products issued by a registered life insurance company relating to C[onsumer] C[redit]
I[nsurance] products. Based on the AFSL authorisations, the general insurer
would be deemed to be providing a designated service if it provides personal
financial product advice. IAG submits that this is an unintended consequence of
the Draft Exposure Bill.[182]
Life Products
3.185
Life products can be divided into two broad categories:
-
life risk products; and
-
investment life products.
3.186
Commonly both products are referred to as life
insurance but 'the two classes of product must be carefully distinguished as
they can present very different AML/CTF profiles'.[183]
3.187
IFSA highlighted that life risk insurance products
share most of the characteristics of general insurance and therefore suggested
that 'most life risk insurance products present a minimal to low money
laundering risk'.[184]
3.188
In contrast, investment life products are or can be
used for investment purposes. IFSA stated that:
Such products have a surrender value, are transferable, can be
used as collateral of a loan and can have high, lump sum premiums and
payouts. As a result, and subject to
some exceptions ... these products can be considered to be medium risk and
require a greater level of due diligence than life risk products.[185]
3.189
IFSA submitted that life risk insurance; life products
acquired by superannuation funds; and life products having an annual premium of
no more than A$1,500 or a single premium of no more than A$4,000 generally
present a low to minimal risk of money laundering and should be classified by
the Rules as low risk designated services for the purposes of proposed section
28 of the Bill.[186]
3.190
IFSA also suggested that a similar level of customer due
diligence as applies to other investment products may be appropriate for
investment life products not identified as low risk.[187]
Committee view
3.191
The committee applauds the extent and nature of the
ongoing consultations between the Minister, the Department and AUSTRAC, and business
and industry groups in relation to the proposed AML/CTF regime. However, the
committee shares concerns that, without the full package of draft legislative
instruments, affected industry bodies are unable to analyse sufficiently the
full impact of the regime on their business operations. Since much of the
detail of the regime is contained in the Rules, the committee believes it is imperative that the complete set of Rules
be released for comment prior to the final version of the bill being introduced
into Parliament.
3.192
In stating this, the committee is aware that
development of the Exposure Bill and its associated documentation is an
evolving process, and that the bill to be introduced into Parliament can be
expected to differ from the publicly-released version which has been the
subject of this inquiry. The committee is encouraged by assurances from the
Department that it will continue to work closely with stakeholders to ensure
that outstanding contentious issues and concerns will be resolved prior to the
bill's introduction into Parliament.
3.193
Accordingly, and cognisant of the fluid nature of the
process, the committee has used its inquiry as a vehicle for concerns to be
aired and debated. The committee does not consider it appropriate, and is not
inclined, to make recommendations in relation to technical aspects of the
Exposure Bill as it currently stands. Rather, the committee strongly encourages the Minister, the Department and
AUSTRAC to utilise the expertise and knowledge of industry bodies to ensure the
measures in the final AML/CTF package are truly risk-based, in order to reflect
and promote business efficacy. This is particularly important given that there
appears to be a significant divergence between the Department and AUSTRAC, on
the one hand, and industry, on the other, about what the term 'risk-based'
actually means and whether the Exposure Bill encompasses a risk-based approach.
The committee encourages the Department and AUSTRAC to work more closely with
industry in order to achieve greater consensus in relation to the meaning and
application of a risk-based approach.
3.194
The committee also
encourages the adoption of a realistic and workable timeframe for
implementation of the new regime to allow business to undertake appropriate
system changes. The committee acknowledges the concerns expressed by many
submissions and witnesses with respect to timing issues, particularly given the
staggered and late release of the Rules. Accordingly, the committee also encourages an extension of the consultation period
to accommodate those concerns and to ensure effective consultation on any
residual matters. The committee notes that, at the time of writing (11 April 2006), the outstanding Rules
are yet to be released publicly. This is of particular concern given that a period
of at least five or six weeks from the
date of delivery of the Rules was nominated by many groups as a minimum
timeframe for analysis and completion of detailed submissions to the
Department's consultation process.
Navigation: Previous Page | Contents | Next Page