AML & FCC – Developments in 2024

Here is a quick round up of some of the key events in the Australian AML and FCC landscape during 2024. The events are discussed in no particular order.

A.       AML/CTF - Developments

Updated AML/CTF law | December 2024 | The year 2024 started - or atleast it felt like it did - on a disappointing note, as the stakeholders had been waiting for months for the second AML/CTF reforms consultation paper. Things finally began moving in May 2024, and since then there has been no holding back.

After another round of consultation, a draft bill put through the Parliament, and plenty of last-minute suspense and action in Canberra, the AML/CTF Amendment Bill was finally passed, subsequently assented – all before the sun sets on 2024. This is definitely a huge milestone achieved to reform, modernise, and expand the Australian AML/CTF regime.

You can find more information in our note here on the AML/CTF Amendment Bill and its subsequent updates upto becoming an Act.

Draft AML/CTF Rules | December 2024 | In a perfect tandem, AUSTRAC quickly released consultation on the draft of new AML/CTF rules that will complement the new regime. Do note that some parts of the rules are yet to be drafted. Comments are due by 14 February 2025.

AUSTRAC has promised another round of consultation in early 2025, factoring in the submissions and suggestions, before issuing the final Rules.

2024 AUSTRAC Regulatory Priorities | The regulatory priorities for 2024 document (published here), shows some of the AUSTRAC's actions in 2024 clearly dovetail with the Priorities document. On one hand, it had reiterated its support for the businesses through collaboration, education, and guidance to help them identify risks, understand obligations, and improve their AML/CTF compliance. On the other hand, it also emphasised assessing compliance as part of its supervisory role and taking enforcement action where appropriate.

Enduring priorities outlined included ML/TF risks, effective AML programs, timely and quality reporting to AUSTRAC, and focus on certain high risk sectors including banking, gambling and remittance. Increased regulatory activities were outlined for digital currency, bullion, payment platforms, and non-bank lenders and financiers.  

Some of these reflect in the actions taken by AUSTRAC during the year, either collaborative and supportive, or regulatory enforcements.

Outsourcing AML/CTF Functions - New Guidance | October 2024 | A new guidance on the subject was released helping to identify and manage risks in AML/CTF outsourcing. The guidance recommends appropriate due diligence, understanding restrictions in sharing information, monitoring outsourcing arrangements, and appropriate documentation and record-keeping.

ML/TF National Risk Assessments | June 2024 | Another major event in the AML / CTF landscape was the release of the National Money Laundering (ML) and Terrorist Financing (TF) risk assessments (NRAs). Taken together with the maiden 2022 National Proliferation Financing risk assessment, they complete the trinity of the national risk assessments, and also getting Australia a step closer in its readiness for the upcoming FATF mutual evaluation.

The ML NRA detailed the risk profiles of many illicit money-generating crimes (illicit drugs, tax and revenue crimes, and government-funded programs which top the chart on risk perspective). It also underscored the use of cash, luxury goods, real estate, domestic banks, casinos and remitters in laundering funds. Increased ML is manifested in the use of digital currency, digital currency exchanges, unregistered remitters and bullion dealers.

On a slightly positive note, the Terrorist Financing NRA indicated that the Australia’s TF environment is small scale and low value, and domestic threat has receded in recent years. Though, this is not to mean to dismantle or water down controls, mitigants and monitoring on the TF front.

AUSTRAC conducted a series of awareness webinars on the new NRAs for stakeholders. In case you missed these sessions, you can watch the recordings here.

The key action for the reporting entities is to integrate the risks and insights from the NRAs into their own risk assessments. Failure to do so is unlikely to be looked upon kindly.

You can have more information on the topic in our detailed note here.

New/Updated Suspicious Activity Indicators (SAI) | October 2024 | AUSTRAC released several sector-specific SAIs to help industries identify suspicious activities. These indicators are tailored to sector-specific risks and cover money laundering, tax crimes, fraud, scams, identity theft, welfare fraud, and terrorism financing. If you have not yet looked under the hood, this should be on your 2025 to-do list to to enhance your controls and transaction monitoring rules.

You can also refer to our brief update note here.

Draft Guidance - Alternative Identification Procedures | September 2024 | AUSTRAC released consultation on the draft updated guidance, aimed at a range of impacted customers like aboriginal people, those living in remote communities, people experiencing homelessness, people affected by family and domestic violence etc. While the consultation closed in October 2024, the final guidance is not yet out.

B.       AML – Regulatory Actions

Enforcement Actions | There have been significant actions this year too on the enforcement front:

-            SkyCity Adelaide was fined $67 mn for failures that included program deficiencies, inadequate ongoing CDD, allowing high risk customers to move their funds in ways that made source and ownership of funds unclear, and governance issues.

-            SportsBet agreed to an Enforceable Undertaking to uplift its AML/CTF compliance program.

-            In addition to the sixteen Infringement Notices (INs) issued to the reporting entities for 2023 compliance report related failures (discussed below), eight reporting entities were handed INs for reporting failures related to the 2022 compliance report.

-            In the latest action, Entain group is facing charges of serious non-compliances including governance, risk assessment and customer due diligence.  Potential civil penalty is on way in the proceedings launched in the Federal Court.

AUSTRAC also highlighted learnings from Crown’s enforcement action and penalty – lack of ML/TF risk assessment; program not aligned to ML/TF risks the business faced; and issues around systems and controls, and governance and oversight. We now know these issues so commonly keep coming up in almost all the enforcement actions.

2023 Annual Compliance Report, and Infringement Notices | November 2024 | The year started with, as it always does, the obligation of lodging annual compliance report coming alive. Generally, this is a straightforward task. But for some it did not end well. Sixteen reporting entities were issued infringement notices for failing to submit their 2023 compliance report, and receiving penalties.

This reflects AUSTRAC’s seriousness to enforce compliance on a range of matters. So, remember to set those reminders for completing 2024 compliance report and lodging by 31 March 2025. AUSTRAC has already rung the bell on this one (refer their communication here). Hence, this is one deadline you don’t want to miss. Snooze at your peril! 

Read our note of the time on the 2023 compliance report. The principles are relevant for the upcoming 2024 compliance report too.

Crypto ATM Providers under scrutiny | December 2024 | AUSTRAC is rounding-off the year with cracking down on Crypto ATM providers not playing by the rule book. These actions align with the understanding under the ML/TF National Risk Assessment showing increasing risk of money laundering through crypto, and AUSTRAC’s 2024 Priorities for increased regulatory oversight on the digital currency exchanges.

AUSTRAC said it will tighten monitoring and take action against the errant operators.

C.      AB&C, and Sanctions

Foreign Bribery law updated | In March 2024, changes were made to the foreign bribery law, introducing a new offence of failing to prevent foreign bribery and related defence of an entity having ‘adequate procedures’. These provisions became effective in September 2024.

The Attorney General’s guidance on ‘adequate procedures’ to prevent foreign bribery recommends a range of measures to including a risk-based approach, foreign bribery risk assessment, pro-compliance conduct, staff training and ongoing monitoring and review.

It is important to appreciate the wide coverage of the new provisions. Entities can be held liable for wrongful conduct by employees or third-party service providers acting on their behalf.

More details can be read from our note on the subject here.

Sanctions Law Review | October 2024 | The Government published a report on the review of Sanctions laws. The report factors in various submissions received on the review exercise. The submissions made by the stakeholders included:

o   streamlining the legal framework for autonomous sanctions

o   generally supporting need for clarification of the meaning of key autonomous sanctions terms, such as ‘asset’, ‘indirectly’, ‘for the benefit of’ and ‘owned or controlled’.

o   introducing civil penalties for sanctions offences

o   a more streamlined review mechanism for sanctions designations and declarations, that included proposal to replace the automatic expiry of autonomous sanctions listing every three years with a more streamlined review mechanism.

Next steps include government’s consideration of the proposed reforms, releasing a draft of the Bill for legislative and regulatory amendments, public consultation, and passing of the law.

Sanctions Listing | Further sanctions listings were added during the year in regards to Russia / Ukraine and Iran sanctions.

Thematic sanctions in relation to the abuse of human rights and significant cyber incidents were also imposed.  You can read more on the concept of thematic sanctions in our note here.

D.      And Finally

2024 Trends | December 2024 | In its recent note, AUSTRAC highlighted some key trends for its 2024 regulatory activities. The note mentions AUSTRAC engaging with entities across a spectrum of sectors - banking, financial services, fintech, casinos, pubs, clubs and crypto - both large and small. 

It observed many businesses improving their financial crime compliance and maturity; and investments in new systems and technology upgrades driving improved ability to detect and report financial crime. However, it also flagged the need to improve board level engagement, regular risk assessments, tailored transaction monitoring rules and adequate and periodic reviews of transactions or unusual activities, and robust independent review. Needless to say, the bar on compliance expected is going up, and entities' compliance must scale up with that. Likely, some of these items are going to find a place in the 2025 Priorities document.

All in all, the AML/FCC needle moved quite a few notches in 2024 for all the stakeholders.

Concluding on that note, we send our best wishes for the festive season, and for a happy, prosperous and compliant 2025!

19 December 2024

Compliense Advisors is an AML/CTF and FinCrime compliance and risk management advisory firm.

Our experience includes implementing legislative changes; undertaking ML/TF risk assessment; setting up, implementing, uplifting AML/CTF program; advising on AML/CTF matters; and a range of AML and FinCrime compliance and risk matters.

The article above is for general awareness and informational purposes only. Please carefully evaluate your circumstances, and seek professional advice for your specific needs. You are responsible for your compliance obligations, and for any action taken or omitted. We are not a law firm, and do not provide legal advice.

Write to us on compliense@compliense.com.au. Visit our website for more such knowledge resources. You can also sign up for new articles and updates.