This article by me was first published in Retail Banking Review here.

John  Schmidt was appointed CEO of Australian Transaction Reports and Analysis Centre (AUSTRAC) in September 2009 and he has wasted no time in actively enforcing Austrac’s new supervisory strategy. 

AUSTRAC’s supervision strategy for 2009-10 outlines its approach to supervising compliance across the different industry sectors it regulates under Australia’s anti-money laundering and counter-terrorism financing laws as it moves from a start-up stage to “business as usual.”

Enforceable undertakings
In recent months AUSTRAC has commenced a new enforceable undertakings regime and AUSTRAC has issued its first remedial direction for non-compliance with the AML/CTF Act.

So far it has accepted enforceable undertakings from Barclays Bank PLC, Mega International Commercial Bank Co, Ltd and PayPal Australia Pty Ltd.

Mega International Commercial Bank Co, Ltd, headquartered in Taipei, Taiwan, subsequently  gave an enforceable undertaking to APRA in relation to the operation of its Australian branch to complete a substantial program of remedial action to rectify shortcomings in its current operations.

Mega ICBC’s remedial program includes a temporary cessation of account-opening activity until otherwise agreed by APRA, an overhaul of the branch’s risk management and internal control systems, and a review of the suitability of senior management in Australia. Mega ICBC has confirmed that the heads of the bank’s branch offices in Sydney and Brisbane have already been replaced.

 An enforceable undertaking is a written undertaking that is enforceable in a court, given to and accepted by the AUSTRAC CEO. They are generally an alternative to civil or administrative action where there has been a contravention of the AML/CTF Act, the regulations or the AML/CTF Rules.

Austrac’s first acceptance of enforceable undertakings was from Barclays Bank PLC and Mega International Commercial Bank Co,. Ltd , following a number of deficiencies and breaches, including reporting breaches of Australia’s anti-money laundering and counter-terrorism financing (AML/CTF) laws.

Barclay’s breaches were identified following an on-site assessment.

The undertakings from Barclays and Mega ICBC require the companies to:

• review transactions for a period of seven years and provide AUSTRAC any outstanding reports required by law;
• develop and implement proper systems and controls to ensure
• that the company complies in the future with its reporting and AML/CTF program obligations;
• submit to AUSTRAC an independent expert report detailing the company’s compliance with the AML/CTF laws.

The companies will also be required to submit similar reports in 2010 and 2011.

AUSTRAC has also accepted an enforceable undertaking from PayPal Australia Pty Ltd after an assessment of PayPal revealed deficiencies in the systems PayPal had in place to assess and manage its money laundering and terrorism financing risk in relation to its online payments business.

In the undertaking which ends 31 December 2011 PayPal has agreed to:
• strengthen its existing systems and controls to comply with risk assessment requirements;
• submit to AUSTRAC an independent expert report detailing PayPal Australia’s compliance with AML/CTF laws and a plan to remedy identified deficiencies.

AUSTRAC has also recently issued its first remedial direction for non-compliance with the AML/CTF Act.

The direction was issued to Ms Mojgan Zojaji, trading as Little Persia, a remittance service provider, for failure to adopt and maintain an AML/CTF program.

Austrac’s supervisory strategy
AUSTRAC has changed its approach because the staggered implementation of the AML/CTF Act is now complete and all its obligations are now in effect and the Minister’s Policy (Civil Penalty Orders) Principles 2006, which placed conditions on the circumstances in which AUSTRAC would take enforcement action, no longer apply to many obligations.

AUSTRAC describes its new approach to supervision as a spectrum:

At a lower end are activities such as mailouts, e-newsletters and articles in industry magazines. These activities can achieve a high level of coverage across a large number of reporting entities, but are not tailored to individual entities. They are designed to improve entities’ general understanding of their obligations but are less effective at improving levels of compliance than more intensive forms of supervision.

In the middle of the spectrum are themed reviews and monitoring of transaction and compliance reports. These activities are more resource intensive but still apply to a broad range of reporting entities.

On-site assessments are the highest level of supervisory intervention. These activities are tailored to individual reporting entities and consequently have a more direct impact on improving compliance. Where these activities do not result in improved compliance, they are likely to result in direct enforcement action.

The strategy outlines the different approaches AUSTRAC will take to banks and other lenders, non-banking financial services, gambling and bullion and money service businesses.

Compliance Reports
Austrac has announced that compliance reports for 2009 business activities must be lodged between 1 January and 31 March 2010. These reports will reflect business activities from 1 January to 31 December 2009 and should be lodged through AUSTRAC’s internet-based system, AUSTRAC Online.

The 2009 AML/CTF compliance report asks reporting entities to answer questions relating to four broad topics:
• AML/CTF programs – Part A (the identification, management and reduction of the risk of money laundering and terrorism financing faced by a reporting entity)
• AML/CTF programs – Part B (customer identification procedures)
• ongoing customer due diligence and reporting requirements
• correspondent banking relationships and electronic funds transfer instructions.

Banks and other lenders, non-banking financial service providers, and gambling, bullion and money service businesses covered by the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 are required to submit these reports.