AML/CTF changes in 2018

In this article we take an in-depth look at the latest amendments to the AML/CTF legislation and rules.


In December 2013 the Government began a statutory review of Australia’s anti-money laundering legislation, the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (the AML/CTF Act). The report of the review was published in April 2016 and recommended a number of changes to the AML/CTF Act and the rules made under the Act, the Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No. 1) (Cth) (the AML/CTF Rules).

The review found that the AML/CTF Act and AML/CTF Rules are too complex. It recommended simplifying the AML/CTF Act and making it more principles based, and re-drafting the AML/CTF Rules in plain language.

The review also recommended that the legislation should capture high ML/TF risk services such as digital currencies, and ease the regulatory burden of customer due diligence obligations.

The 2017 Amendment Act

The first round of amendments to the AML/CTF Act coming out of the statutory review has been made with the passage of the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2017 (Cth) (the Amendment Act). The legislation was introduced in August 2017 and received assent on 13 December 2017. The changes to the AML/CTF Act made by the Amendment Act will commence on 14 June 2018 unless an earlier date is proclaimed.

Set out below is a summary of the main changes that may affect the day-to-day operations of AML/CTF reporting entities.

Corporate groups

The Amendment Act will allow for related companies to share information about suspicious matter reports without breaching the ‘tipping off’ provisions.

A new definition of ‘corporate group’ will be inserted in the AML/CTF Act, defined as a group of two or more bodies that are related to each other under section 50 of the Corporations Act 2001 (Cth). Currently the AML/CTF Act includes the concept of a ‘designated business group’ (DBG). A DBG is a group of two or more associated businesses or persons who are reporting entities and who join together to share certain obligations under the AML/CTF Act. Reporting entities in a DBG are allowed to share information about suspicious matter reports with other members of their DBG to manage their ML and TF risks without breaching the tipping off provisions in the AML/CTF Act. These protections will be extended to corporate groups, so that members of a corporate group will also be allowed to share information within the group, as well as within a DBG, to manage ML and TF risks associated with common customers, without breaching the tipping off provisions. If companies in a corporate group are already part of a DBG, the change won’t have any effect; but not every business uses a DBG for all reporting entities in its corporate group.

New definition of account signatory

The definition of ‘account signatory’ has been amended by the Amendment Act. The table below sets out the current and new definitions.

Current definition New definition
signatory, in relation to an account with an account provider, means the person, or one of the persons, on whose instructions (whether required to be in writing or not and whether required to be signed or not) the account provider conducts transactions in relation to the account. signatory, in relation to an account with an account provider, means the account holder or a person authorised by the account holder to manage or exercise effective control of the account, whether alone or jointly with one or more other persons.

The new definition was introduced because of concerns that the current definition is too broad and could include persons such as a store employee who conducts an EFTPOS transaction through a cash register. The new definition requires that the signatory be the account holder or an authorised person able to exercise effective control of the account. By narrowing the definition in this way, the amendment should clarify the extent to which persons who operate on accounts need to be identified as signatories.

New definition of stored value card

The Amendment Act introduces a revised definition of ‘stored value card’ which is meant to be technology neutral. The current and new definitions are set out in the table below.

Current definition New definition
stored value card does not include a debit card or credit card but includes a portable device (other than a debit card or credit card) that
(a)  is capable of:
(i) storing monetary value in a form other than physical currency; or
(ii) being used to gain access to monetary value stored in such a form; and
(b) is of a kind prescribed by the regulations.
stored value card means a thing (whether real or virtual):
(a)  that stores monetary value in a form other than physical currency; or
(b)  that gives access to monetary value stored in a form other than physical currency; or
(c)  that is declared to be a stored value card by the AML/CTF Rules;
but does not include:
(d)  a debit card or a credit card (whether real or virtual) linked to an account provided by a financial institution; or
(e)  unless declared under paragraph (c):
(i) a thing that is intended to give access to monetary value in a debit card or credit card account provided by a financial institution; or
(ii) a gaming chip or token, or a betting instrument; or
(iii) a thing that stores, or gives access to, digital currency; or
(f)  a thing that, under the AML/CTF Rules, is taken not to be a stored value card.

Unlike the current definition, the new definition does not require that a stored value card include a portable device. It continues the current exclusion of credit cards and debit cards, but also excludes virtual credit or debit cards which are linked to an account provided by a financial institution. Prepaid travel cards which use credit card networks, but are not linked to an account provided by a financial institution, will not come within this exclusion.

Correspondent banking

Many banks have accounts with other banks. These arrangements are known as correspondent banking. The AML/CTF Act in Part 8 regulates correspondent banking by requiring a financial institution to carry out a due diligence assessment on the other financial institution. It also bans correspondent banking with ‘shell’ banks.

In the current AML/CTF Act, a correspondent banking relationship is defined in terms of a relationship between financial institutions, but the AML/CTF Act defines ‘financial institution’ in a way that may exclude some foreign entities. If a foreign entity is not a financial institution, the bank dealing with that foreign entity must comply with the more onerous customer due diligence obligations in Part 4 of the AML/CTF Act.

The Amendment Act will allow for the AML/CTF Rules to define ‘financial institution’ differently for different sections of the AML/CTF Act, so that the AML/CTF Rules can introduce a broader definition of financial institution for Part 8 of the AML/CTF Act.

In a correspondent banking relationship, a ‘nostro’ account is an account that a bank holds in another bank and a ‘vostro’ account is an account that other banks have with the bank. It is intended that the due diligence requirements for correspondent banking under Part 8 of the AML/CTF Act only apply to vostro accounts. The Amendment Act makes this clear by amending the AML/CTF Act to expressly refer to vostro accounts.

Digital currency exchanges

The Amendment Act will apply AML/CTF regulation to digital currency exchange businesses.

‘Digital currency’ is defined in the Amendment Act as a digital representation of value that:

  • functions as a medium of exchange, a store of economic value, or a unit of account;
  • is not issued by or under the authority of a government body;
  • is interchangeable with money (including through the crediting of an account) and may be used as consideration for the supply of goods or services; and
  • is generally available to members of the public without any restriction on its use as consideration.

The definition also allows the AML/CTF Rules to include or exclude items from the definition of digital currency.

The explanatory statement for the Amendment Act says that the last two criteria in the above definition of digital currency excludes “such things as loyalty programs (e.g. frequent flyer programs) where points may not be redeemed as money, and game money or credits issued by the operators of massively-multiplayer online role-playing games where its use is limited to a specific community.”

Reporting entities should consider whether any of their existing products or services could qualify as digital currency.

The Amendment Act creates a new designated service under the AML/CTF Act of “exchanging digital currency for money (whether Australian or not) or exchanging money (whether Australian or not) for digital currency, where the exchange is provided in the course of carrying on a digital currency exchange.” This means that digital currency exchange businesses will be subject to the general provisions of the AML/CTF Act which apply to providers of designated services, including customer identification and due diligence (KYC), suspect and threshold transaction reporting, and record-keeping, among other things.

In addition, the Amendment Act creates a separate new registration requirement for digital currency exchange providers. They will have to enrol and register on the Digital Currency Exchange Register maintained by AUSTRAC and provide prescribed registration details.

‘Carrying on a business’ clarified for bullion and gambling services

The AML/CTF Act defines some designated services by referring to the service being provided “in the course of carrying on a business”. Industry concerns were raised about the use of this term in connection with the designated services in Tables 2 and 3 of section 6 of the AML/CTF Act. These include bullion businesses and gambling services. The concern was that the phrase “in the course of carrying on a business” could capture businesses that provide such services incidental to their core function, or only on an occasional basis.

The Amendment Act amends the relevant descriptions of the designated services so that bullion business services are only designated services when they are provided in the course of carrying on a bullion-dealing business, and gambling services are only designated services when they are provided in the course of carrying on a gambling business.

Insurance intermediaries and general insurance providers will be deregulated

The Financial Transaction Reports Act 1988 (Cth) (the FTR Act) imposes obligations on ‘cash dealers’, including reporting to AUSTRAC (suspect transactions, cash transactions of A$10,000 or more or the foreign currency equivalent, and international funds transfer instructions). Cash dealers are defined in the FTR Act to include insurance intermediaries and general insurance providers, among others. The FTR Act does not apply to a transaction to which the AML/CTF Act applies. Because the services of these businesses are not subject to the AML/CTF Act, they continue to be regulated as cash dealers under the FTR Act.

The statutory review recommended that insurance intermediaries and general insurance providers, other than motor vehicle dealers, should be deregulated. For insurance products,  the Financial Action Task Force (FATF) international standards only require life insurance and investment-related insurance products to be subject to AML/CTF regulation.

The Amendment Act therefore amends the definition of ‘cash dealer’ in the FTR Act to remove insurance intermediaries and general insurance providers, and to include motor vehicle dealers acting as insurance intermediaries or insurers.

Cash in transit activities will be deregulated

Because they are considered to be a low ML/TF risk, cash in transit activities are being removed from the list of designated services covered by the AML/CTF Act. This includes collecting physical currency, holding physical currency collected from or on behalf of a person, and delivering physical currency.

Betting instruments

A new definition of ‘betting instrument’ is included in the AML/CTF Act by the Amendment Act. It is intended to be technology neutral and to capture all things designed or used for the purpose of making or placing a bet and paying out winnings, even if they are also used for other uses. Gaming chips or tokens are excluded.

Remittance activities

The Amendment Act will give the AUSTRAC CEO the power to cancel registration of a person who is registered on the Remittance Sector Register where the AUSTRAC CEO has reasonable grounds to believe that the registered person no longer carries on a service that has to be registered. It will also give the AUSTRAC CEO the power to renew registrations of a remitter on conditions.

Enforcement powers

The AUSTRAC CEO will be given additional powers by the Amendment Act, including the power to issue infringement notices for a wider range of regulatory offences, and to issue a remedial direction to a reporting entity to retrospectively comply with an obligation that has been breached.

Police and customs officers will also be given powers to search and seize physical currency and bearer negotiable instruments, and there will be civil penalties for failure to comply with questioning and search powers.

Rules amendments

The Anti-Money Laundering and Counter-Terrorism Financing Rules Amendment Instrument 2017 (No. 4) (2017/4) and Anti-Money Laundering and Counter-Terrorism Financing Rules Amendment Instrument 2018 (No. 1) (2018/1) have been registered.

2017/4 adds a new Chapter 75 to the AML/CTF Rules. Chapter 75 specifies that the AUSTRAC CEO may exempt reporting entities from particular sections of the AML/CTF Act where a requesting officer of an eligible agency (for example, the Australian Federal Police) reasonably believes that providing a designated service to a customer would assist in the investigation of a serious offence. This amendment commenced on 21 December 2017.

2018/1 amends the following Chapters of the AML/CTF Rules: Chapters 1 (Definitions), 4 (Customer Due Diligence), 8 and 9 (AML/CTF Programs), 30 (Disclosure Certificates), and 36 (Corporate Structures). 2018/1 implements a number of recommendations of the AML/CTF statutory review which do not require any changes to be made to the AML/CTF Act. They also address some deficiencies in Australian AML/CTF law which were identified by FATF. The changes commenced on 12 January 2018 and are detailed below.

Amendments to definitions of identification documents

The definitions of ‘primary photographic identification document’, ‘primary non-photographic identification document’, and ‘secondary identification document’ have been amended.  Originals of these kinds of documents are all forms of ‘reliable and independent documentation’ for the purposes of customer identification under the AML/CTF Rules. The amendments make clear that the list of documents under each definition is not a complete list – there may be other types of documents which could qualify as reliable and independent documentation.

The definition of ‘primary photographic identification document’ has also been amended so that instead of a signature, the document may include any unique identifier of the person in whose name the document is issued (e.g. biometric information).

Amendment to the definition of certified copy

The amendments add to the list of persons who can provide certified copies of documents (in the definition of ‘certified copy’) to include a person in a foreign country who is authorised by law in that jurisdiction to administer oaths or affirmations or to authenticate documents.

Amendments to customer due diligence rules

There are exemptions in the AML/CTF Rules for identification of beneficial ownership. These have been expanded to include majority-owned subsidiaries of foreign publicly-listed companies which are already subject to disclosure requirements (by stock exchange rules or through law or enforceable means).

In addition, the amendments delete the requirement for reporting entities to ensure that the foreign disclosure requirements are the same or comparable to Australian requirements.

In some cases, reporting entities find it difficult to verify a customer’s identity because of a lack of documentation. A new Part 4.15 has been added to the AML/CTF Rules with procedures for where a customer is unable to provide satisfactory evidence of their identity. The provisions are based on the National Identity Proofing Guidelines prepared by the Attorney-General’s Department.

Amendments to AML/CTF program requirements

Amendments have been made by 2018/1 to Parts 8.1 and 9.1 of the AML/CTF Rules. These amendments state that the ‘identification, mitigation, and management’ of ML/TF risk must be a general requirement for new designated services, new methods of delivering designated services, new technologies, and changes arising in the nature of the business relationship, control structure, and beneficial ownership of customers.

2018/1 also amends Parts 8.6 and 9.6 of the AML/CTF Rules in order to ensure the independence of the reviewer of AML/CTF programs. The amended rules provide that while the review may be carried out by either an internal or external party, the person appointed to conduct the review must not have been involved in undertaking any of the functions or measures being reviewed, including the design, implementation, or maintenance of Part A of the reporting entity’s AML/CTF program, or the development of the reporting entity’s risk assessment or related internal controls. Further, the reporting entity must be able to demonstrate the independence of the reviewer.

2018/1 also amends the AML/CTF Rules provisions relating to feedback from AUSTRAC. The rules now provide that in developing and updating Part A of an AML/CTF program, a reporting entity must take into account any applicable guidance material disseminated or published by AUSTRAC, and any feedback provided by AUSTRAC in respect of the reporting entity or the industry it operates in, where that guidance or feedback is relevant to the identification, mitigation, and management of its ML/TF risk.

Amendments to disclosure certificate provisions

Amendments to Chapter 30 of the AML/CTF Rules will allow a reporting entity to accept disclosure certificates that are certified by an appropriate officer of the customer, using a risk-based approach. The amendments provide that a reporting entity must not rely on a disclosure certificate if it knows or has reason to believe that the information provided in the certificate is incorrect or otherwise unreliable.

Amendments to exemption of certain designated services within a corporate structure

Chapter 36 of the AML/CTF Rules includes an exemption for when a reporting entity is related to its customer. 2018/1 amends Chapter 36 to extend the exemption to partnerships, where justified by the ML/TF risk. The amendments exclude limited partnerships, however.

Draft rule amendments – further changes coming

Draft amendments to the AML/CTF Rules were released in January by AUSTRAC to implement changes resulting from the Amendment Act. The draft rules propose to add a new Chapter 76 (Digital Currency Register). They will also delete Chapters 44 and 53 and make amendments to Chapters 3, 4, 10, 12, 18, 19, 37, 45, 57, 70 and 74.

AML/CTF program changes

Reporting entities should consider whether they need to change their AML/CTF programs to reflect the amendments covered in this article. We can assist you to review and update your AML/CTF program.

Kathleen Harris and Patrick Dwyer
Legal Directors

Click here to subscribe to our email list for news, comment and analysis