By Donna Cotleanu-Vassallo | HR, Safety and Compliance Advisor
Sorry to be the bearer of bad news, but with March comes the deadline for your AUSTRAC report around your AML/CTF Program. While there is no one size fits all, by implementing a risk-based AML/CTF program, you will not only be compliant, but you will gain a better understanding of your organisation and your customers.
What is a risk-based approach to developing an AML/CTF program?
The risk-based approach recognises that the reporting entity is best placed to identify and assess the risks its business faces according to the types of customers it serves, and the products and services it provides to customers.
It also acknowledges that entities are best placed to develop controls, procedures and allocate resources that are proportionate to those risks.
For example, a reporting entity may allocate additional effort to those areas of the business it assesses as having a higher ML/TF risk. The risk-based approach provides a reporting entity with a degree of flexibility to determine how its obligations can be implemented and enables a reporting entity to tailor its AML/CTF program to meet the specific features, risks and characteristics of the business.
What does a risk-based AML/CTF Program look like?
Part A – General
- Conducting a ML/TF Risk Assessment: This requires the development of a framework to identify, prioritise, treat, control and monitor risk exposures.
- Employee Due Diligence: This refers to the documented procedures for screening staff members to minimise any exposure to risk and must set out appropriate risk-based systems and controls for the reporting entity to determine whether to undertake the appropriate activities, and how to undertake them.
- Employee Training: The AML/CTF risk awareness training should ensure that employees are aware of the ML/TF risks faced by the business and their role in mitigating this risk by contributing to the reporting entity’s overall compliance with its AML/CTF obligations.
- Board & Senior Management Oversight: Ongoing reporting to the board and senior management on the performance and effectiveness of the AML/CTF procedures.
- AML/CTF Compliance Officer: A reporting entity must appoint a person as the ‘AML/CTF compliance officer’. A reporting entity’s AML/CTF compliance officer must be at management level, and may undertake other duties within the reporting entity.
- Ongoing Customer Due Diligence: An employee due diligence program refers to the documented procedures for screening staff members to minimise any exposure to risk.
- Independent Review: The AML/CTF program must be independently reviewed at regular intervals and the reporting entity must ensure the independence of the reviewer.
- AUSTRAC Feedback: The program must include appropriate procedures for the reporting entity to apply AUSTRAC feedback on the reporting entity’s performance in managing ML/TF risk.
- Reporting Obligations: This element of Part A helps reporting entities ensure that procedures are in place to submit all compulsory reports to AUSTRAC in an accurate and timely manner.
Part B: Customer Due Diligence:
- Identify Customers: The primary purpose of Part B is to ensure the reporting entity knows its customers and understands their customers’ financial activities. By knowing its customers, a reporting entity should be better able to identify and mitigate ML/TF risks in the conduct of their financial transactions, particularly where the activity or transactions are unusual or uncharacteristic.
- Gather Know Your Customer (KYC) Information: A reporting entity is required to have risk-based CDD procedures. To develop these procedures, reporting entities should consider the risk posed by each of the following factors:
- customer types, including beneficial owners of customers and PEPs
- customers’ sources of funds and wealth (for example, by enquiring into the expected source and origin of the funds to be used in the provision of the designated service)
- nature and purpose of the business relationship (for example, the customer’s business or employment)
- control structure of non-individual customers (for example, complex corporate structures and the underlying beneficial owners)
- types of designated services the reporting entity provides
- how the reporting entity provides its designated services (for example, over-the-counter or online)
- foreign jurisdictions in which the reporting entity deals (for example, customers that live or are incorporated in a foreign country).
Under the Anti-Money Laundering and Counter Terrorism Financing (AML/CTF) Rules it is a legislative requirement to submit an AML/CTF compliance report to the Australian Transaction Reports and Analysis Centre (AUSTRAC). Fines can, and will, be imposed if you do not complete your venue’s report by 31 March 2017.
If you are unsure of your venue’s compliance, or just need support in developing and finalising your 2017 compliance report, don’t leave it any longer, get in touch with DWS Hospitality Specialists on firstname.lastname@example.org for a confidential discussion today.