4 tips for “working with the regulator”.

AfterPay has become the latest big name to declare in that they are “in dialogue” with the regulator, AUSTRAC. Other major players to use similar wording in the Annual Reports or other formal communications include National Australia Bank, Bank of Queensland and of course the Commonwealth Bank of Australia.

At the recent Australian Regulatory Summit, AUSTRAC Deputy CEO Regulatory Strategy, Peter Soros was clear with his message “You will see enforcement action from AUSTRAC in the year ahead.”

So, what do you do if you find yourself in the sights of the regulator who has now tasted blood?

1. Know your ‘current state’

Australia is over 12 years into this regulatory environment and organisations of all shapes and sizes should have a well developed AML/CTF Program which is implemented effectively throughout. Make no mistake, that is the expectation.

The purpose of a regular independent review is to help you understand the strengths and weaknesses of your systems so that improvements can be made. So, after 12 years there should be a reasonable expectation that your organisation has had maybe 5 or 6 independent reviews by now.  Large and complex organisations should be doing an annual review. These reviews should help you understand the current state of the levels of compliance throughout the organisation.

If you have had less than 5 independent reviews or haven’t had a review in the past 2 years, then it will be difficult to answer questions from the regulator about your “current state” and will leave you at risk of regulatory non-compliance.

2. Have a well informed Board

AUSTRAC will expect that your Board is well informed on the current state of your AML/CTF regime.

The AML Compliance Officer should have a clear communication line to the Board and be able to demonstrate to the regulator the different topics that have been discussed. If the Board isn’t well informed about any shortcomings identified during independent reviews, or any self-identified problems then they can’t be expected to allocate budget to initiate remedial action.

Understandably this may be easier said than done, as it’s not uncommon for a Board to be primarily interested in the ‘good news’ stories rather than the compliance concerns. Nonetheless a good AMLCO should have the strength of character, and indeed the Board-provided freedom, to say what needs to be said.

Wilful blindness of the Board is not an acceptable excuse.

3. Have a clear plan

Mistakes happen – we all know and accept that. The important thing is what happens next as this is what AUSTRAC will be truly interested in. Peter Soros mentioned that many organisations had “looked under the hood and identified failings and shortcomings in their systems.” The smart ones have self-declared these to the regulator, along with a clearly articulated remediation plan.

The development of a clear remediation plan is particularly important where an organisation has identified a serious non-compliance. In recent years, AUSTRAC have examined the KYC implementation of organisations and have found many to be wanting. Customer databases are obviously the linchpin of any organisation and often very large in size – even a small to medium sized remittance company can have thousands of customers. If your KYC process hasn’t been properly implemented for the past 12 years then there could be a sizeable piece of remediation work to address.

AUSTRAC will expect to see that you have developed a Remedial Action Plan and taken positive action towards the successful completion, not just a plan for a plan.  Your plan should have a single point of responsibility (often the AMLCO), clear milestones nominated and a sufficient budget for the human and technology resources required. Make no mistake, remediation is expensive and the budget should be appropriate.

A common cliché to consider at this stage is – “while there is a cost for compliance, the cost for non-compliance is significantly more.”

4. Have a good attitude

Ok, so you’re neck high in the doggie doo-doo (not a technical term) and now you have to be nice about it. Why – you ask?  In my spare time I coach my son’s rugby union team and a key lesson for kids is to understand that the referee must be respected, because if you upset the referee he/she can make the rest of the game very difficult for you. It’s a good idea to remember that lesson when dealing with the regulator.

It would be a wise decision to go ‘cap in hand’ and seek forgiveness and assistance rather than take a combative stance. Again, we can look at the messages from AUSTRAC who have repeatedly stated that they are more interested in attacking the criminals rather than the reporting entities.

So, take an attitude of genuine commitment to remediating any and all non-compliance issues in a diligent and timely manner. If your remediation plan falls behind schedule, be prepared to provide a good story which shows any genuine issues which have impacted on the execution of the plan and how you have taken action to get back on track with the plan.

These tips will not guarantee that you will escape punishment, but they should put you in a good position to ensure a collaborative approach to non-compliance resolution with the regulator. Remember, you want the referee to be on your side so that you don’t lose the penalty count.

*Note: this does not constitute legal advice and you should seek professional legal advice if engaged with the regulator.

Afterpay interview with Ross Greenwood on 2GB

AUSTRAC today announced that Afterpay would be required to engage an external auditor to examine:

1. Governance and oversight of decisions related to its AML/CTF framework
2. Identification and verification of customers
3. Suspicious matter reporting obligations
4. AML/CTF program, including the development of its money laundering and terrorism financing risk assessment

That is a substantial list and AUSTRAC have reached into their armoury for a different weapon with their use of the external auditor provisions.

Ross Greenwood sought a follow up interview to last week on his Money News program on 2GB/4BC. The link to the audio is below.

click here for audio

Tranche 2 hard for lawyers & real estate agents?

Amendments to the AML/CTF Act to include lawyers, accountants, real estate agents and motor vehicle dealers has occurred in New Zealand and domestic and international pressure is mounting on the Australian Government to do the same. Industry bodies are now in agreement and prepared to “do their bit”.

The below news clip shows that Australia has a $9 billion drug problem and real estate is a favoured money laundering method and the Australian Government is asleep at the wheel.  Twelve (12) years after inception, the AML/CTF Act has remained silent on the professional facilitators and money launderers are benefiting.  The necessary amendments, expanding the application of the Act, is commonly known as Tranche 2, and is now somewhat of a punch-line to jokes for AML/CTF professionals.  Australia will face the examiners from the Financial Action Task Force later this year and the report card will, once again, be damning if Tranche 2 is not enacted by then.  As the old ad from the 90s used to say “it won’t happen overnight but it will happen”.

Please share this article with those in your network who are real estate agents, car dealers, accountants and lawyers so they are informed and can make preparations. Thanks!

click here for the news link

Australian Regulatory Summit, 2019

For those who couldn’t attend, we thought to share with you some key messages from the AUSTRAC presentation at the Refinitiv Regulatory Summit.


1. There has been a 70% increase in SMRs submitted.
2. A new improved website will be released soon.
3. They are keen to provide more feedback to industry on criminal trends.
4. They have increased connectivity with law enforcement agencies.
5. They understand the need to keep pace with technology (AUSTRAC and industry alike).
6. They now have about 100 MOUs with foreign governments to share information.

1. Cash payments of $10k or more to become illegal (this has been flagged for some time now)
2. There is a strong need to develop a Trusted Digital Identity Framework.
3. There will be a streamlining of the AML/CTF Act (as a result of the 2016 legislative review).
4. AUSTRAC will have an increased focus on using their power to require independent audits.
5. AUSTRAC is aware that there has been an “under investment” in human and technology resources (13 years after enactment of the legislation).
6. There will be an increased focus on enforcement (balanced somewhat by their message that the key target is criminal actors).


Interestingly, when the audience were asked their opinion on the level of AML/CTF supervision, 56% indicated that AUSTRAC was not doing enough…