Key improvements for reporting entities regarding their Anti-Money Laundering and Counter-Terrorism Financing obligations

Key Points
  • Report released by AUSTRAC on 8 March 2017 identifies four areas for improvement by compliance reporting as required by the Anti-Money Laundering and Counter-Terrorism Financing Act 2006.
  • The four key areas for improvement being in relation to risk assessments, adoption of a risk-based approach to the AML/CTF, outsourced and automated processes, and governance issues.

Under section 47 of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Act), reporting entities are required to give the Australian Transaction Reports and Analysis Centre a report regarding their compliance with the Act. Reports are due annually by 31 March each year.

On 8 March 2017, AUSTRAC released a report setting out its conclusions from reports lodged by reporting entities under the Act. The report detailed some improvement considerations in four key areas:

  1. Money-Laundering/Terrorism Financing (ML/TF) risk assessments;
  2. Applying a risk-based approach to Anti-Money Laundering/Counter-Terrorism Finance (AML/CTF);
  3. Outsourced and automated processes; and
  4. Governance issues
ML/TF risk assessments

Many reporting entities engaged AML/CTF service providers to help them complete their risk assessments. In some cases, this resulted in generic risk assessments that could apply equally to any entity in that industry sector. Such an assessment is not tailored to protect that specific business.

Many reporting entities limited their reporting to risks faced by their business at a single point in time. Risk assessment should be an ongoing process, particularly as customers, products, delivery channels and technologies change over time. Reporting entities should have systems in place to ensure their risk assessments and methodologies evolve as needed.

Some reporting entities’ risk assessments focused almost exclusively on money laundering risks and failed to consider terrorism financing.

Applying a risk-based approach to AML/CTF

Some of the AML/CTF programs included large sections copied from the AML/CTF Rules or the AUSTRAC compliance guide. Those programs did not set out the actual systems and controls that a reporting entity had in place.

Many AML/CTF programs are templates obtained from external AML/CTF service providers that have not been tailored to suit the reporting entity’s business.

Use of vague or noncommittal language in programs significantly weakens their effectiveness. Clear, straightforward language helps employees understand what they need to do, the circumstances that trigger action and the nature of risk, such as the types of transactions that the reporting entity has identified as posing ML/TF risks.

Outsourced and automated processes

Some reporting entities assumed that the processes they, or their service providers, have implemented are working correctly and are compliant. In these cases, discovery of non-compliance only occurs after a substantial breach or adverse assessment from AUSTRAC.

Some entities assumed their automated processes are functioning in a compliant manner when this was not always the case.

Governance issues

A reporting entity may have engaged the same consultancy firm to design, and then later review its AML/CTF program. While this does not necessarily mean the review is not independent, reporting entities must satisfy themselves that the reviewer:

  • is truly undertaking an independent review of the program, and
  • does not have a vested interest review outcome.

Part A of an AML/CTF program must be subject to ongoing oversight by a reporting entity’s Board of Directors or equivalent. Best practice for a reporting entity is to document procedures to ensure Board oversight. Where programs did not include procedures to ensure Board oversight, further investigation often found that the Board had not overseen the functioning of the reporting entity’s AML/CTF program as required.

A copy of the AUSTRAC report can be downloaded at

Posted by Jack Guthrie and John Kell

Most Popular Articles


When can the unqualified be qualified? Non-lawyers engaging in legal practice - when is it OK and when is the law broken

Only lawyers can provide legal advice, but anyone can provide legal information. When thinking of the difference, you might ask your friend or colleague to provide information about a serious illness; however you would seek out a qualified medical professional in relation to its treatment.

Service of Notices by Registered Post

Where service of a notice is authorised or required by post, unless the contrary intention appears, service will be deemed to be effected at the time when the notice would be delivered in the ordinary course of post: see the various Acts Interpretation acts of the States and Commonwealth.

Thanks, but no thanks – I don’t want to inherit

It seems odd that anybody would reject an inheritance, but for some beneficiaries, there are valid reasons they do not wish to receive their inheritance.

Subscribe to Our Blog

Keeping you connected, Hicksons regularly publishes articles to keep you up to date on the latest developments. To receive these updates via email, please subscribe below and indicate which areas of law you would like to receive information on.