AUSTRAC compliance guide · Anti-Money Laundering and Counter-Terrorism Financing Act 2006 ... The...

AUSTRAC compliance guideThe AUSTRAC compliance guide consolidates a range of AUSTRAC guidance material and replacesthe AUSTRAC regulatory guide.

Please use the links below to access individual chapters of the AUSTRAC compliance guide.

DisclaimerThe information contained in this document is intended to provide only a summary and general overview onthese matters. It is not intended to be comprehensive. It does not constitute nor should it be treated as legaladvice or opinions. The Commonwealth accepts no liability for any loss suffered as a result of reliance on thispublication. AUSTRAC recommends that independent professional advice be sought.

© Copyright Commonwealth of Australia

Chapter 1 - About the AUSTRAC complianceguideContents

PurposeStructureHow to use this guideUpdating the guideFeedbackAssistance

PurposeThe AUSTRAC compliance guide consolidates a range of AUSTRAC guidance material and replaces theAUSTRAC regulatory guide.

The guide relates to the obligations of reporting entities under the:

Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act)Anti-Money Laundering and Counter-Terrorism Financing Rules (AML/CTF Rules)Anti-Money Laundering and Counter-Terrorism Financing Regulations 2008 (AML/CTF Regulations)Financial Transaction Reports Act 1988 (FTR Act).

The guide:

outlines and explains the obligations under the AML/CTF Act, Rules and regulations and presentsexamples on how they operateassists reporting entities to design, develop and implement systems and controls necessary to mitigatethe risks of money laundering and terrorism financing.

The guide is not a regulatory instrument and reporting entities and other stakeholders must always refer to theAML/CTF Act, Rules and regulations to clarify an obligation.

AUSTRAC compliance guide http://www.austrac.gov.au/book/export/html/462

1 of 147 18/9/17, 2:46 PM

StructureThe guide comprises ten chapters:

Chapter 1 - About the AUSTRAC compliance guide

Outlines how to use the guide.

Chapter 2 - Designated services

Provides an overview of the designated services prescribed in the AML/CTF Act. Entities that provide one ormore designated services are reporting entities under the AML/CTF Act and have AML/CTF compliance andreporting obligations.

Chapter 3 - Designated business group (DBG)

Provides guidance on forming a designated business group. Entities may form a designated business groupunder the AML/CTF Act for the purposes of complying with their AML/CTF obligations.

Chapter 4 - Enrolment requirements

Provides guidance on the requirement for all reporting entities to enrol with AUSTRAC.

Chapter 5 - Remitter registration requirements

Outlines the registration requirements for the AUSTRAC Remittance Sector Register and applies to entitiesproviding a designated remittance service. Entities must not provide remittance services before registering onthe Remittance Sector Register.

Chapter 6 - AML/CTF programs

Provides an overview of the requirements for an effective AML/CTF program.

Chapter 7 - AML/CTF reporting obligations

Details the reporting obligations for reporting entities under the AML/CTF Act, including:

threshold transaction reportsinternational funds transfer instruction reportssuspicious matter reportscross-border movement reportsAML/CTF compliance reports.

Chapter 8 - AML/CTF record keeping obligations

Outlines and explains the AML/CTF record keeping obligations for reporting entities. It explains whatinformation must be retained and the length of time it must be retained.

Chapter 9 - Exemptions from obligations under the AML/CTF Act

Provides an overview of the exemptions that may be granted under the AML/CTF Act, Rules and regulationsand explains how the exemption processes and procedures operate.

Chapter 10 - Financial Transaction Reports Act

Provides an overview of the obligations for entities under the FTR Act. The FTR Act applies only to 'cashdealers'.


2 of 147 18/9/17, 2:46 PM

Note: This guide does not include information on the AUSTRAC Industry Contribution.

How to use this guideThis guide consolidates AUSTRAC guidance on reporting entities' AML/CTF obligations. It is not intended tobe a prescriptive list of AML/CTF controls, policies and procedures. The guide has been developed toencourage reporting entities to manage their money laundering and terrorism financing risks within theAML/CTF legal framework. Each chapter includes links to any additional AUSTRAC guidance and otherresources which may assist reporting entities in meeting and understanding their obligations.

The guide is primarily designed for reporting entities regulated under the AML/CTF Act. Cash dealers withobligations under the FTR Act should refer to Chapter 10 - Financial Transaction Reports Act.

Note: Terms used in this guide have the same meaning as in the AML/CTF Act, Rules and regulations. Theterms 'must', 'shall' and 'are required to' indicate a legal or regulatory requirement. The term 'should' is usedto indicate AUSTRAC's expectations about how a legal obligation should be implemented.

Updating the guideAUSTRAC reviews and revises this guide as required, and publishes a list of updates made to the guide.

FeedbackAUSTRAC encourages reporting entities and stakeholders to provide their feedback on this guide. Email yourfeedback to: [email protected]

AssistanceAUSTRAC officers can provide general information to regulated entities, their staff and the public on theAML/CTF obligations, including the FTR Act. Enquiries can be directed to the AUSTRAC Contact Centrevia:

e-mail: [email protected]: 1300 021 037 (a local call within Australia).

Chapter 2 - Designated servicesContents

IntroductionKey conceptsDefinitions relating to and examples of common designated services

Table 1 - Financial servicesTable 2 - BullionTable 3 - Gambling services

IntroductionThe Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) imposes


3 of 147 18/9/17, 2:46 PM

obligations on entities that provide 'designated services'. Entities that provide one or more designated servicesunder the AML/CTF Act are 'reporting entities'.

This section provides guidance on the key terms and concepts relevant to determining whether the servicesprovided by a business are captured under the AML/CTF Act.

The information contained in the chapter is not exhaustive and is not a substitute for legal advice. Ifbusinesses are uncertain whether their activities meet the definition of a particular designated service,AUSTRAC recommends they obtain independent advice.

Key concepts

Definitions and examples of common designated services

Further information

Public Legal Interpretation No. 2 - Item 54 of table 1 in section 6 of the AML/CTF ActPublic Legal Interpretation No.4 - What constitutes a reporting entity?Guidance note 12/03 - What constitutes a Remittance Network Provider?

Key conceptsWhat is a 'designated service'?Australia's AML/CTF legal framework is activities based; it prescribes those business activities that areregulated under the AML/CTF regime. These activities or 'designated services' are listed in tables 1-4 ofsection 6 of the AML/CTF Act:

Table 1 - Financial servicesTable 2 - Buying and selling bullionTable 3 - Gambling servicesTable 4 - Prescribed services (there are currently no activities prescribed under table 4).

There are currently 77 business activities prescribed as designated services under the AML/CTF Act.

What is a 'reporting entity'?A reporting entity under the AML/CTF Act must be a 'person' and must provide a 'designated service'. For aservice to be considered a 'designated service' under the AML/CTF Act, it must also fulfil a 'geographical link'test. This test is explained below.

Reporting entities include financial institutions, bullion dealers and entities that provide gaming or gamblingactivities.

What is a 'geographical link' and why is it important?The AML/CTF Act regulates only those designated services with a connection with Australia. Specifically, areporting entity only has AML/CTF obligations for designated services that satisfy one of the following'geographical link' tests:

the designated service is provided to the customer at or through a permanent establishment of the personin Australia, orthe person is a resident of Australia and the designated service is provided at or through a permanentestablishment of the person in a foreign country (foreign branch), or


4 of 147 18/9/17, 2:46 PM

the person is a subsidiary of a company that is a resident of Australia and the service is provided at orthrough a permanent establishment of the subsidiary in a foreign country (foreign subsidiary) (seesubsection 6(6) of the AML/CTF Act).

Table A, below, summarises the geographical link requirements.

Table A: Summary of the 'geographical link' tests

Residency of the'person' providing thedesignated service

Location of 'permanentestablishment' of the person wherethe designated service is provided

Geographicallink satisfied?

Relevant provisionin the AML/CTFAct

'Person' is an Australianresident Australia Yes Paragraph 6(6)(a)

'Person' is an Australianresident Foreign country Yes Paragraph 6(6)(b)

'Person' is a subsidiaryof an Australian residentcompany

Foreign country Yes Paragraph 6(6)(c)

'Person' is not anAustralian resident Australia Yes Paragraph 6(6)(a)

'Person' is not anAustralian resident Foreign country No Paragraphs 6(6)(a)

and 6(6)(b)

'Person' is a subsidiaryof a foreign company Foreign country No Paragraphs 6(6)(a)

and 6(6)(b)

Examples

1. An Australian entity providing services at or through a permanent establishment of the person located inAustralia

Acme Bank Limited is a wholly Australian-owned bank listed on the Australian Stock Exchange. Its headoffice is in Sydney, with branch offices in Brisbane, Canberra, Melbourne, Hobart, Adelaide, Perth andDarwin. Acme Bank provides various designated services to customers in each state or territory of Australia.

Acme Bank Limited is a reporting entity under the AML/CTF Act and has compliance and reportingobligations.

2. An Australian resident entity providing services at or through a permanent establishment of the personin a foreign country (foreign branch)

Acme Bank Limited, an Australian company, has physical offices in Auckland (New Zealand) and PortMoresby (Papua New Guinea) and provides services to customers in those countries.


5 of 147 18/9/17, 2:46 PM

Acme Bank Limited is a reporting entity under the AML/CTF Act and has compliance and reportingobligations.

3. A subsidiary of an Australian company providing services at or through a permanent establishment ofthe subsidiary in a foreign country

Acme Bank Limited has two wholly owned subsidiaries that provide the following financial services:

Acme International, a company registered in Hong Kong, provides services to customers in Hong Kong.Acme Vietnam, a company registered in Vietnam with offices located in Hanoi, provides services tocustomers in Vietnam.

Both Acme International and Acme Vietnam are reporting entities under the AML/CTF Act and havecompliance and reporting obligations.

4. An entity that is not an Australian resident, but has a permanent establishment in Australia

Acme Foreign Bank is an overseas bank and its head office is in the United States of America, with offices inSydney and Melbourne. Acme Foreign Bank provides designated services to customers in these Australiancities.

Acme Foreign Bank is a reporting entity under the AML/CTF Act and has compliance and reportingobligations.

What are the exceptions to the geographical link test?There is one exception to the geographical link test. It does not apply where a person provides a designatedservice as a remittance network provider under item 32A of table 1 (section 6 of the AML/CTF Act).

In other words, where a remittance network provider is based in a foreign country, but operates a network ofremittance affiliates within Australia, it is subject to regulation and oversight under the AML/CTF Act(regardless of whether it satisfies the geographical link test).

This exclusion from the geographical link test reflects the global nature of remittance services where manyremittance network providers are based in foreign countries.

Example

The Quick-Send Remittance Company is a registered company located in Qatar. The Quick-Send RemittanceCompany has a network of 25 affiliates or agents located in Melbourne, Sydney and Brisbane. The Quick-Send Remittance Company has commercial and contractual arrangements with the 25 entities to act as itsagents to provide designated remittance services within Australia. The 25 registered remittance affiliatesprovide remittance services using the platform or business systems of The Quick-Send Remittance Company.

The Quick-Send Remittance Company is not registered as a foreign company with the Australian Securitiesand Investments Commission (ASIC) and does not have a wholly owned subsidiary operating in Australia.The Quick-Send Remittance Company does not have an office or physical presence in Australia.

The Quick-Send Remittance Company is providing an item 32A designated service in Australia and thegeographical link test does not apply.

The Quick-Send Remittance Company must register with AUSTRAC as a remittance network provider andcomply with its obligations under the AML/CTF Act.

What does 'carrying on a business' mean for the purposes of theAML/CTF Act?


6 of 147 18/9/17, 2:46 PM

The phrase 'carrying on a business' (or industry or sector specific variants) is included in many of thedescriptions of the designated services. For example, items 6 and 7 (table 1, section 6, AML/CTF Act) definedesignated services made in the course of 'carrying on a loans business'.

The AML/CTF Act uses a broad definition of 'business'. The Act covers business activities whether or notthey are conducted on a regular, repetitive or continuous basis. For example, if an entity offers a designatedservice once, or only occasionally, the entity is still considered to be 'carrying on a business' under theAML/CTF Act.

This differs to the definition used for taxation purposes, for example, where an activity must be 'regular' or'continuous' for it to be classified as a business.

Are not-for-profit activities caught by the AML/CTF Act?Regardless of whether or not a person provides designated services to customers on a profit or not-for profitbasis, they are considered reporting entities for the purposes of the AML/CTF Act.

Does a reporting entity under external administration haveAML/CTF Act obligations?The obligations of the AML/CTF Act continue to apply to a corporate reporting entity placed under externaladministration. An external administrator (appointed to take control of the company from the directors) mustcontinue to carry out the entity's AML/CTF obligations where the entity is continuing to provide designatedservices.

It is AUSTRAC's view that the external administrator must carry out the company's AML/CTF obligationsbecause he or she is the only person with the authority to act in the company's name.

However, an administrator may delegate his or her authority on a limited basis to a company director to act forthe company in appropriate circumstances and with the administrator's written approval. Similarly, aliquidator may delegate his or her authority with the liquidator's written approval or the approval of the court.Employees given the authority to undertake AML/CTF compliance activities by the directors (for example, tolodge transaction reports) may also retain that authority where agreed by the external administrator.

Any AML/CTF guidance issued by AUSTRAC is equally applicable to reporting entities where they havebeen placed under external administration.

Definitions and examples of common designatedservicesThis section provides additional information relating to some of the common designated services. In somecases, the designated services tables include terms which are not specifically defined under the AML/CTFAct. This section provides some guidance in relation to AUSTRAC's view of those terms.

Table 1 - Financial servicesAccount/deposit-taking services (items 1-5)Australian financial services licence holder arranging a designated service (item 54)Cash carrying/payroll services (items 51-53)Currency exchange services (item 50)Factoring a receivable (Item 8)Life insurance services (items 37-39)Loan services (items 6, 7, 48 and 49)Remittance services (items 31-32A)


7 of 147 18/9/17, 2:46 PM

Securities and derivatives market(s)/investment services (items 33 and 35)Table 2 - BullionTable 3 - Gambling services

Betting, gaming and winnings (items 1-10)Gaming machine venues

Table 1 - Financial servicesTable 1 (section 6, AML/CTF Act) prescribes financial services activities that are designated services underthe AML/CTF Act.

Account/deposit-taking services (items 1-5)

Which entities are captured by account and deposit-taking services?

The designated services in items 1-5 are restricted to services provided by:

authorised deposit-taking institutions (ADIs)banksbuilding societiescredit unionsa person specified in the AML/CTF Rules.

Currently, there are no AML/CTF Rules that specify any other persons who can provide account and deposit-taking designated services.

What does 'opening an account' mean?

The AML/CTF Act defines 'opening an account' as 'creating the account'. This is regardless of whether theaccount holder receives an account number or whether they (or any other signatory) can conduct transactionson the account.

Assessing a customer's application for an account usually involves several steps and it may not be clear theexact moment when the account is created. Until the reporting entity identifies the customer in accordancewith the relevant customer identification procedures, the account may be considered 'created' or 'opened' butnot 'operational' (that is, a transaction cannot yet be carried out for the account).

A reporting entity may not allow a transaction to be conducted on an account (as defined by item 3) until theaccount is operational.

What does 'deposit-taking' mean?

The terms 'deposit', 'deposit-taker' and 'deposit-taking' are not defined under the AML/CTF Act or AML/CTFRules.

In general terms, a deposit can be described as a credit that is applied to an account and a deposit-taker is theperson with whom the account is held (that is, the account provider). Deposit-taking is the act of receiving adeposit for an account that is held on a person's behalf.

What does 'allowing transactions on an account' mean?

'Allowing transactions on an account' includes debits or withdrawals, deposits and any transactions that do notrelate to opening an account or becoming a signatory (these services are covered by items 1 and 2). Thesetransactions may be delivered through various channels including electronic and face-to-face transactions.


8 of 147 18/9/17, 2:46 PM

What types of activities are captured by items 4 and 5?

Items 4 and 5 relate to taking deposits for purposes other than accounts, such as:

arranging a bank cheque and paying a fee for a bank chequemaking a payment to send funds electronically to another person's accounttransferring funds internationally.

Back to top

Australian financial services licence holder arranging a designated service (item 54)

When is an item 54 provider making an arrangement for a person to receive a designated service?

A person who provides a customer with an item 54 designated service (for example, a financial planner) must:

hold an Australian financial services licence (AFSL) and be acting in the capacity of a licence holdermake an arrangement for a person to receive a designated service (other than a service covered by item54) that is also a financial service under the Corporations Act 2001.

For a financial planner, for example, this usually happens when the customer accepts and signs the Statementof Advice and the financial planner implements the recommendations contained in the Statement of Advice.

Examples

The following are examples of financial planners providing a customer with an item 54 designated service:

A financial planner implements the advice given to a customer to invest in a share through a broker.A financial planner arranges for a customer to take out a life investment policy with ABC Life Ltd.A financial planner advises their client to obtain an interest in a product through an investor directedportfolio service and the financial planner undertakes transactions to realise this.A financial planner transfers money, with the written and signed consent of the client, from their client'sinvestor directed portfolio service cash account to the client's bank account.

What does 'making arrangements' mean?

The phrase 'making arrangements' has a broader meaning under the AML/CTF Act than the definition of'arranging' under section 766C of the Corporations Act. AUSTRAC considers 'making an arrangement'includes a scheme, plan, proposal, action, course of action or course of conduct to enable a customer toreceive a designated service.General indicators of 'a course of action or conduct' that is likely to amount to 'making arrangements' include,but are not limited to, the following activities:

The person is integral to introducing and completing the provision of the designated service (which is afinancial service under the Corporations Act) to the customer and the provision of that designatedservice may not have occurred without that person's involvement.The person negotiated the terms and conditions between the product issuer and the customer involved inthe transaction.The person assisted the customer to complete a product issuer document, including:

assisting and providing guidance on completing the product issuer's documentationexplaining the meaning of questions and suggesting answers to complete the product issuer'sdocumentationcollecting and transmitting the customer's funds to the product issuer to facilitate completing thedesignated service.

Back to top


9 of 147 18/9/17, 2:46 PM

Cash carrying/payroll services (items 51-53)

What is 'cash carrying' and 'holding'?

Cash carrying involves transporting physical currency and refers to collecting and delivering physicalcurrency, irrespective of the value involved. The person engaged to collect and/or transport the physicalcurrency is not the owner of that currency.

Holding physical currency includes all activities associated with the custody of physical currency, irrespectiveof the value involved. The person holding the physical currency is not the owner of that currency.

Examples

The following are examples of collecting and delivering physical currency covered by designated servicesitems 51 and/or 53:

a cash carrier, security firm, contractor or courier collecting physical currency from, or deliveringphysical currency to, a financial institution branch and transporting it to or from another location onbehalf of that financial institutiona cash carrier, security firm, contractor or courier transporting an ATM cash canister which containsphysical currency to or from an offsite ATM, or to or from another location (for example, a depot of thecash carrier)a cash carrier, security firm, contractor or courier transporting a bag, which the client has advisedcontains physical currency, to or from the client's premises, to or from the client's financial institution,or to or from another location on behalf of the financial institutiona cash carrier, security firm, contractor or courier transporting a bag, which is said to contain physicalcurrency, to or from the client's premises, to or from the client's financial institution, or to or fromanother location on behalf of the clienta cash carrier, security firm, contractor or courier transporting physical currency to or from an air or seaport, for on-forwarding to or from an overseas location on behalf of a clienta cash carrier, security firm, contractor or courier holding physical currency in its depots, where thatcurrency is owned by a financial institution or a commercial client.

What are 'payroll services'?

'Payroll services' includes all activities associated with preparing salary/wages packets that contain, either inwhole or part, physical currency that has been collected, where the provider of the designated service iscarrying on a business of preparing payrolls.

Payrolls are usually prepared from information provided by a client who is an employer, or is an agent of anemployer, to pay salaries and/or wages that contain physical currency.

Does the AML/CTF Act apply to cash carrying activities undertaken on an ad hoc basis or which do notcomprise a person's core business activities?

Cash carrying activities undertaken while 'carrying on a business' of collecting, holding or delivering physicalcurrency are captured by the AML/CTF Act.

An entity which is engaged in the business of collecting or holding physical currency as part of their normalbusiness activities, including those operating cash carrying or cash-in-transit business, are captured by theAct.

This is different to the situation where an entity undertakes cash carrying, holding or delivery activities whichare outside the core activity of the business and/or provided for non-commercial purposes (for example, aretailer or financial institution collecting donations on behalf of a charity). Such activities are not intended tobe captured by the Act.


10 of 147 18/9/17, 2:46 PM

Does an entity involved in collecting, delivering or holding packages of physical currency need to know,or enquire about, the contents of those packages to avoid breaching the AML/CTF Act?

The AML/CTF Act does not require a courier to establish whether items being transported contain physicalcurrency. Where it is obvious that packages being transported do contain physical currency and the servicesare provided in the course of carrying on a business of collecting physical currency, the service will becaptured by the AML/CTF Act.

Back to top

Currency exchange services (item 50)

What is a 'currency exchange service'?

Under the AML/CTF Act, a 'currency exchange service' involves physically exchanging currency, wherecurrency from one country is converted into currency of another country. Most commonly, currency exchangeoccurs at bureaux de changes, banks, hotels and airports within a retail environment.

For a currency exchange activity to be captured as a designated service, it must be conducted in the course ofcarrying on a currency exchange business. A transaction between two individuals in a personal capacity is notconsidered a designated service.

Back to top

Factoring a receivable (Item 8)

What is 'factoring'?

Generally, the term 'factoring' refers to the practice where a person, the 'factor', advances money to anotherperson in exchange for taking on that other person's receivables or debts. Accordingly, the factor purchases thecustomer's debt often at a cost lower than the value of the debt.

By factoring a debt, the customer can promptly address a short-term cash flow problem while no longerhaving to collect or recover the debt. Collection or recovery of the debt then becomes a matter for the factorwho now owns that debt.

What is a 'receivable'?

The AML/CTF Act does not specifically define 'receivable'. Generally, 'receivable' refers to claims heldagainst customers and others for money, goods or services.

Back to top

Life insurance services (items 37-39)

What types of life policies are captured under the AML/CTF Act?

The AML/CTF Act captures life policies (including risk life insurance products) with the followingcharacteristics:

contracts of life insurance of at least one year in duration which:provide for payments on the death of a person or a contingency dependent on the termination (butnot death by accident or death for a specified sickness) or continuance of human life, orare subject to payment of premiums for a term dependent on the termination (but not death by


11 of 147 18/9/17, 2:46 PM

accident or death for a specified sickness) or continuance of human life, orprovide for payment of an annuity for a term dependent on the continuance of human life, and

do not involve:benefits provided from a Fair Work (Registered Organisations) Act 2009 'organisation' ofemployees, to employees or their dependantssuperannuation benefits, pensions or payments to employees or their dependants provided by anemployee and/or employer organisation on retirement, disability or deathfuneral benefitspolicies issued by an employer to an employee, and

are not any of the following types of policies:those with no prescribed minimum surrender value (other than that which may be provided for inthe policy documentation and promotional material);regular premium policies where the total annual premium payable is less than $1,500single premium policies where the single premium is less than $3,000consumer credit insurance contracts.

Are reinsurance contracts relating to life policies captured under the AML/CTF Act?

The AML/CTF Act captures reinsurance contracts that relate to life insurance policies.

A reinsurance contract is where part or all of the risk covered by an insurance contract has been assigned ortransferred to another insurer. The original life policy will normally be between the policy holder and theinsurer. To minimise its risk, the insurer enters into an arrangement with a third party (the reinsurer), whoagrees to indemnify the insurer if a payout under the insurance policy occurs.

Back to top

Loan services (items 6, 7, 48 and 49)

What is a 'loan'?

Generally, a 'loan' is a financial transaction where one party (the lender) agrees to give another party (theborrower) a specific amount of money that must be paid back in full, often with interest, at some future date.

What is a 'loan guarantee'?

The AML/CTF Act does not define 'loan guarantee'. Generally, a loan guarantee is a promise by a third partyto repay the loan to the lender if the borrower fails to do so.

What loans are captured under the AML/CTF Act?

The following are examples of the types of loans captured by the AML/CTF Act:

A personal loan is provided to an individual for personal use. It is usually unsecured and based on theborrower's credit history and perceived ability to pay.A mortgage loan is a loan secured against property (usually real estate). If the customer cannot repaythe loan, the lender can sell the customer's real estate to recover the money loaned.A margin loan allows a person to borrow money to invest in shares and other financial products, usinginvestments, such as shares, as security.A student loan allows an individual to borrow money to cover study-related costs.A premium funding loan is a short-term loan that allows a borrower to spread the cost of an insurancepremium over a specified period of time instead of making a single lump sum payment.

Are mortgage or finance brokers reporting entities under the AML/CTF Act?


12 of 147 18/9/17, 2:46 PM

Whether a mortgage or finance broker is a reporting entity under the AML/CTF Act depends on whether itprovides one or more designated services. A mortgage or finance broker is not a reporting entity for thepurposes of the AML/CTF Act where it has a contractual arrangement to:

act as an agent for lenders; oract as a service provider for lenders.

Back to top

Remittance services (items 31-32A)

What are remittance services?

Generally, remittance services facilitate the transfer of money or property from a customer in one location andpay an equivalent amount in cash or value to a beneficiary customer in another location, often outside theformal financial and banking system. In different communities this form of money transfer may be known ashawala, hundi, chuyen tien, yok song geum or pera padala.

What remittance activities are captured by the AML/CTF Act?

Items 31, 32 and 32A (table 1, section 6, AML/CTF Act) specify the three designated services relating toremittance activities which are captured under the AML/CTF regime. These items focus on reporting entitiesthat provide designated remittance arrangements by:

accepting an instruction to transfer money or property under a designated remittance arrangement(regardless of whether or not they actually accept money and/or property as part of this instruction)making money or property available, or arranging for it to be made available, to an ultimate recipient asa result of a designated remittance arrangementoperating a network which provides a platform or operation system to facilitate transferring money orproperty under a designated remittance arrangement.

Reporting entities that provide one or more of these designated services must be registered on AUSTRAC'sRemittance Sector Register.

Fore information about registration see Chapter 5 - Remitter registration requirements. This includes guidanceclarifying the obligations of reporting entities where they provide remittance services that are incidental totheir core business.

Back to top

Securities and derivatives market(s)/investment services (items 33 and 35)

What are the necessary elements in providing an item 33 designated service?

A provider of an item 33 designated service must be:

acting in his/her capacity as agent of a person (the customer); andacquiring or disposing of securities, derivatives, carbon units, Australian carbon credit units, eligibleinternational emissions units or a foreign exchange contract, on behalf of a customer; andundertaking the acquisition or disposal in the course of carrying on a business of acquiring or disposingof securities, derivatives, carbon units, Australian carbon credit units, eligible international emissionsunits or foreign exchange contracts and the service is not specified in the AML/CTF Rules.

An agency relationship must exist between the reporting entity and the customer. For example, where afinancial planner, who is also a broker, acquires or disposes of shares on behalf of the customer, the financialplanner is providing an item 33 designated service.


13 of 147 18/9/17, 2:46 PM

Item 33 typically applies to AFSL holders who are authorised to carry out broker-type activities as agents foranother person to acquire and dispose of securities and are defined as 'market participants' in the AustralianSecurities Exchange market rules. Market participants are also commonly known as stockbrokers, brokers andtrading participants.

Are managed investment schemes captured by the AML/CTF Act?

Companies which carry on a business of issuing or selling interests in managed investment schemes areproviding a 'designated service' under item 35.

For the purposes of the AML/CTF Act, a 'managed investment scheme' (also known as managed funds,pooled investments) is a scheme that has the following features:

people are brought together to acquire an interest in the schememoney is pooled together with other investors (often many hundreds or thousands of investors) or usedin a common enterprisea 'responsible entity' operates the scheme and investors do not have day-to-day control over theoperation of the scheme, ora timesharing scheme.

What types of investments are not managed investment schemes?

Generally, only investments that are 'collectively owned' or acquired by way of pooled investor funds aremanaged investment schemes. Some examples of investments that are not managed investment schemesinclude:

regulated superannuation fundsapproved deposit fundsdebentures issued by a body corporatebarter schemesfranchisesdirect purchases of shares or other equitiesschemes operated by an Australian bank in the ordinary course of banking business (for example, termdeposits).

What activities are not captured by item 35?

Chapter 21 of the AML/CTF Rules exempts certain activities that would otherwise be included within item35. The exemptions in Chapter 21 mean the following are not regulated under the AML/CTF Act:

a disposal or purchase of a security on a prescribed financial marketcertain off-market issues of an interest in a managed investment scheme.

Back to top

Table 2 - BullionTable 2 (section 6, AML/CTF Act) prescribes bullion-related activities that are designated services under theAML/CTF Act.

What is 'bullion' for the purposes of the AML/CTF Act?

The term 'bullion' is used in a commercial context in the AML/CTF Act. AUSTRAC considers the followingdefinition of 'bullion' is appropriate for the purposes of the AML/CTF Act:

'Bullion' means gold, silver, platinum or palladium authenticated to a specified fineness in the


14 of 147 18/9/17, 2:46 PM

form of:

bars, ingots, plates, wafers or other similar mass form; orcoins

that trade at a price determined by reference to the market value of the constituent metal and the authenticatedfineness of the item.

'Authentication of fineness' (also known in the industry as 'assaying') means a commercially acceptablehallmark, stamping or another means of authenticating the base form of an item.

Which metals and metal variants are not considered to be bullion for the purposes of theAML/CTF Act?

AUSTRAC does not consider platinum group metals (other than platinum and palladium) comprising iridium,rhodium, osmium and ruthenium to be bullion. These metals are used predominantly for industrial purposes,rather than for trade-based investments.

AUSTRAC does not consider 'collector', 'proof' or other coins traded for their numismatic (that is, theirinherent value as a collectible coin), commemorative or rarity value to be bullion.

AUSTRAC also does not consider granules to be 'bullion', because by definition granules cannot bear a meansof authentication of fineness.

Is the sale of 'collector coins' a designated service?

Generally, AUSTRAC does not consider a 'collector' or 'proof coin' to be bullion because its value isdetermined based on qualities such as rarity and condition, rather than its precious metal content.

However, if the price of a collector or proof coin is determined by reference to the value of its precious metalcontent, then it may be a bullion coin (depending on the level of purity of the metal). If such collector or proofcoins (determined by reference to the value of the precious metal content) are purchased or sold in the courseof carrying on a business, this activity will be a designated service and the purchaser or seller of such a bullioncoin will be a reporting entity under the AML/CTF Act.

What are 'bullion coins'?

A 'bullion coin' has a precious metal purity of at least .9166, and is traded at a value principally determined byreference to the market value of the constituent metal.

Does the AML/CTF Act only apply to businesses that trade bullion as their primarybusiness?

Under the AML/CTF Act, buying or selling bullion in the course of 'carrying on a business' is a designatedservice, even where the primary business is not a bullion trading business (for example, mining companies orrefiners who also sell or purchase bullion).

Is a person who facilitates the buying or selling of bullion by introducing a buyer orseller a reporting entity?

A person may facilitate the buying and selling of bullion by introducing a potential buyer to a seller ortransporting the bullion from the seller to the buyer. AUSTRAC does not consider these activities to bedesignated services under items 1 and 2.

However, if ownership of the bullion passes through the person and they make or receive payment in returnfor receiving or giving up ownership, then that person may be buying or selling bullion.

Is purchasing or selling bullion in a personal/private capacity a designated service?


15 of 147 18/9/17, 2:46 PM

A purchase or sale of bullion that is done in a personal capacity is not a designated service.

Back to top

Table 3 - Gambling servicesTable 3 (section 6, AML/CTF Act) prescribes gambling service activities that are designated services underthe AML/CTF Act.

Betting, gaming and winnings (items 1-10)

What is betting?

Generally, a person engages in betting (gambling) when the person stakes or risks something of value (usuallymoney) on the outcome of a contest of chance or a mix of chance and skill or a future contingent event notunder their control or influence. This is done on an agreement or understanding the person, or someone else,will receive something of value if a certain outcome occurs.

Do AML/CTF obligations apply if betting is done by means other than cash (such as by credit, chips ortokens)?

Receiving or accepting bets is a designated service under the AML/CTF Act, regardless of whether the bet isdone by cash, or on credit or by using chips or tokens.

Back to top

Gaming machine venues

What types of gaming machine activities are captured as designated services?

The phrases 'gaming machine' and 'eligible gaming machine venue' are used in the descriptions of thegambling-related designated services in items 5, 6, 9 and 10.

Specifically, these designated services relate to:

a controller of an eligible gaming machine venue allowing a person to play a game on a gamingmachinea controller of an eligible gaming machine venue paying out winnings on games played on a gamingmachineallowing a person to play a game or paying out winnings on certain games which are not played ongaming machines.

A person who provides one or more of these designated services is a reporting entity under the AML/CTFAct. The reporting entity is generally the holder of the licence/authority to operate gaming machines.

Exemptions for persons who operate electronic gaming machines

Chapter 52 of the AML/CTF Rules exempts a person who operates no more than 15 electronic gamingmachines from a range of obligations under the AML/CTF Act including:

customer identification and verificationthreshold transaction reporting, international funds transfer instruction reporting and compliancereporting and providing further information about electronic funds transfer instructionsadopting and maintaining an AML/CTF programcertain record-keeping obligations.


16 of 147 18/9/17, 2:46 PM

Note: A reporting entity that holds an exemption in accordance with Chapter 52 of the AML/CTF Rules is notexempt from suspicious matter reporting obligations.

Back to top

Chapter 3 - Designated business groupsContents

IntroductionWhat is a 'designated business group'?Which AML/CTF Act obligations can be fulfilled by members of a DBG?What are the requirements for a DBG?

A related companyJoint ventureAn accounting practiceA law practiceAn entity that provides a registrable designated remittance service

How is a DBG established or varied?What is a 'nominated contact officer'?How can DBG members notify AUSTRAC of changes to their DBG?

IntroductionA designated business group (DBG) is a group of two or more associated businesses or persons who jointogether to share certain obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act2006 (AML/CTF Act).

This chapter assists reporting entities to understand how DBGs are established and the specific requirementsfor DBGs under the AML/CTF Act and AML/CTF Rules.

Back to top

What is a 'designated business group'?A 'designated business group' enables associated business entities to share the administration of certainobligations under the AML/CTF Act.

The AML/CTF Act allows any member of a DBG to fulfil certain obligations on behalf of other members ofthe group. Alternatively, reporting entities that are members of a DBG may still choose to fulfil their ownAML/CTF obligations.

Importantly, each reporting entity remains responsible for its legal obligations under the AML/CTF Act, evenif it is a member of a DBG.

Back to top

Which AML/CTF Act obligations can be fulfilled by members of aDBG?


17 of 147 18/9/17, 2:46 PM

The AML/CTF Act allows DBG members to adopt a joint AML/CTF program (comprising Part A general andPart B customer identification), rather than individual AML/CTF programs (see section 85 of the AML/CTFAct). Alternatively, an individual DBG member may still choose to adopt their own standard or specialAML/CTF program. See Chapter 6 - AML/CTF programs for more information.

A DBG member may fulfil a range of other AML/CTF Act obligations for another member of the group asfollows:

retaining verification information about verification requests to a credit reporting agency (section 35F ofthe AML/CTF Act)conducting ongoing customer due diligence (section 36 of the AML/CTF Act)lodging AML/CTF compliance reports with the AUSTRAC CEO (section 47)recording designated services (section 106)retaining transaction records and customer provided transaction documents (section 107 and 108)making and retaining records of customer identification procedures (section 112 and 113)providing and retaining copies of customer identification records about procedures deemed to have beencarried out by a reporting entity (section 114)making and retaining records of AML/CTF programs, including any variations (section 116).

Back to top

What are the requirements for a DBG?A DBG must meet the requirements of section 5 of the AML/CTF Act and chapter 2 of the AML/CTF Rules.

A DBG comprises two or more persons where:

each member of the group has elected in writing to be a member of the groupno member of the group is a member of another DBGthe group meets the criteria outlined in chapter 2 of the AML/CTF Rules. These criteria are describedbelow.

Reporting entities may be asked to show they meet the criteria for forming a DBG. For example, they may beasked to provide evidence of a relationship with other members of the group or evidence of a joint ventureagreement.

To form a DBG, each member of the DBG must be one of the following:

1. A related company

Each DBG member must be related to other members within the meaning of section 50 of theCorporations Act 2001. That is, each member must be a holding company, a subsidiary or asubsidiary of a holding company, of another member and be either:

a reporting entity; ora company in a foreign country that would be a reporting entity if it resided in Australia.

2. Joint venture

A joint venture only satisfies the DBG eligibility criteria if:

the relationship between the participants is governed by an agreement that sets out legalcontractual arrangements of the joint venture; andeach DBG member provides designated services under that agreement.

3. An accounting practice


18 of 147 18/9/17, 2:46 PM

Each member of the group must be an accounting practice or an accounting practice related-person that is:

a person, other than an individual, which the accounting practice controls; oran accounting practice that provides a designated service under a joint venture agreement,to which each member of the group is a party; ora person that provides or assists to provide a designated service to the customers of theaccounting practice;

and be either:

a reporting entity; ora foreign entity that would be a reporting entity if it were resident in Australia.

4. A law practice

Each member of the group must be a law practice or a law practice-related person that is:

a person, other than an individual, which the law practice controls; ora law practice that provides a designated service under a joint venture agreement, to whicheach member of the group is a party; ora person that provides or assists to provide a designated service to the customers of the lawpractice;

and be either:

a reporting entity; ora foreign entity which would be a reporting entity if it were resident in Australia.

5. An entity that provides a registrable designated remittance service

Each member of the group must be a reporting entity that provides a registrable designatedremittance service, either as a:

money transfer service provider; ora representative of a money transfer service provider under a representation agreement witha money transfer service provider; ora sub-representative of a money transfer service provider under a sub-representationagreement with the representative of the money transfer service provider.

The DBG must also meet the additional criteria in paragraph 2.1.2A of the AML/CTF Rules.

Back to top

How is a DBG established or varied?A DBG is established when the 'nominated contact officer' provides AUSTRAC with the approved form.

Completed forms to establish or vary a DBG can be submitted to AUSTRAC electronically through areporting entity's AUSTRAC Online account.

Alternatively, hardcopy DBG forms can be submitted using the templates described in chapter 2 of theAML/CTF Rules. There are three templates specified in the Rules:

Form 1: Election to be a member of a designated business groupForm 2: Formation of a designated business groupForm 3: Variations.


19 of 147 18/9/17, 2:46 PM

Back to top

What is a 'nominated contact officer'?A 'nominated contact officer' is a person appointed by the DBG to hold this position. This person must beeither:

an 'officer' of a member of the group as defined in the Corporations Act (section 9 of the CorporationsAct defines an 'officer' of a corporation and an 'officer' of an entity that is neither an individual nor acorporation)the 'AML/CTF compliance officer' (as required under chapter 8 of the AML/CTF Rules) of a member ofthe group.

Back to top

How can DBG members notify AUSTRAC of changes to their DBG?DBG members are required to keep their information up to date. The nominated contact officer must notifyAUSTRAC, using DBG Form 3: Variations, if:

a member withdraws from the DBGa person elects to be a member of the DBGthe DBG is terminatedany other change occurs in the details previously provided to AUSTRAC about the nominated contactofficer or DBG.

AUSTRAC must be notified of these changes within 14 days of the event occurring.

Back to top

Chapter 4 - Enrolment requirementsContents

IntroductionAre all reporting entities required to enrol?Are reporting entities with an exemption under the AML/CTF Act still required to enrol?How does a reporting entity enrol with AUSTRAC?What information must a reporting entity provide for enrolment?Can a reporting entity appoint an agent to enrol on their behalf?How does AUSTRAC use the enrolment details?What are the consequences for failing to enrol with AUSTRAC?What enrolment information must a reporting entity obtain and keep?Does a reporting entity need to advise AUSTRAC of any changes to their enrolment details?How do reporting entities advise AUSTRAC of changes to their details?Can AUSTRAC change a reporting entity's details on the Reporting Entities Roll?How can a reporting entity request to be removed from the Reporting Entities Roll?

IntroductionReporting entities must enrol with AUSTRAC and be entered on the Reporting Entities Roll before theycommence to provide designated services to their customers. This chapter provides an overview of the


20 of 147 18/9/17, 2:46 PM

enrolment requirements.

Reporting entities providing remittance services must also apply for registration on the Remittance SectorRegister before they commence providing remittance services to their customers. Further information aboutregistration on the Remittance Sector Register is available in Chapter 5 - Remitter registration requirements.

Back to top

Are all reporting entities required to enrol?A reporting entity that provides one or more designated services and is not covered by an exemption mustenrol with AUSTRAC.

Back to top

Are reporting entities with an exemption under the AML/CTF Actstill required to enrol?Reporting entities exempt from all requirements of the AML/CTF Act do not have to enrol. However,reporting entities exempt from only certain requirements of the AML/CTF Act must still enrol withAUSTRAC.

A reporting entity must declare, at the time of enrolment if it:

was granted an exemption from the requirement to have an AML/CTF program (Part 7 of theAML/CTF Act)provides gaming machine designated services and is licensed to operate no more than 15 gamingmachines. (Reporting entities licensed to operate no more than 15 gaming machines are exempt fromsome of the obligations under the AML/CTF Act - see Chapter 9 - Exemptions).

Back to top

How does a reporting entity enrol with AUSTRAC?Reporting entities can enrol with AUSTRAC by submitting an AUSTRAC Business Profile Form, eitherelectronically or by paper form:

Reporting entities can submit a form electronically via the AUSTRAC website by clicking on the'Enrol/register your business' button located on the AUSTRAC website home page.Reporting entities without a computer or internet access may enrol using a paper form, available bycontacting the AUSTRAC Contact Centre.

AUSTRAC will notify reporting entities in writing when they are successfully enrolled and provided anAUSTRAC Account Number (AAN).

Back to top

What information must a reporting entity provide for enrolment?Reporting entities must provide details about their business structure, number of employees, annual earningsand the designated services they provide (see chapter 63 of the AML/CTF Rules).

The AUSTRAC Business Profile Form - explanatory guide provides detailed guidance on the types of


21 of 147 18/9/17, 2:46 PM

information a reporting entity must provide when enrolling.

Back to top

Can a reporting entity appoint an agent to enrol on their behalf?A reporting entity can appoint an agent to complete its enrolment.

The reporting entity and agent must have a current written agreement or written authority in place thatauthorises the agent to enrol on the entity's behalf. The reporting entity must obtain and keep an original orcertified copy of the agreement between the agent and the reporting entity for the duration of that agreementor authority.

The agent must declare the enrolment information provided to AUSTRAC is true, accurate and complete.

Back to top

How does AUSTRAC use the enrolment details?Enrolment information helps AUSTRAC understand its regulated population. AUSTRAC uses enrolmentinformation to identify the entities subject to the annual AUSTRAC Industry Contribution and the amount thatapplies to each billable entity.

Back to top

What are the consequences for failing to enrol with AUSTRAC?If a reporting entity fails to enrol with AUSTRAC, the AUSTRAC Chief Executive Officer (CEO) can issuethe reporting entity with an infringement notice or seek a civil penalty order through the Federal Court. Theinfringement penalties are:

60 penalty units for bodies corporate12 penalty units for persons other than bodies corporate.

Back to top

What enrolment information must a reporting entity obtain andkeep?A reporting entity must obtain and keep its annual financial statements for the most recent financial year, aswell as certain information depending on its business structure.

The AUSTRAC Business Profile Form - explanatory guide provides detailed guidance on the types ofinformation a reporting entity must obtain and keep.

Back to top

Does a reporting entity need to advise AUSTRAC of any changes totheir enrolment details?A reporting entity must update its enrolment details within 14 days of any change to those details (chapter 64


22 of 147 18/9/17, 2:46 PM

of the AML/CTF Rules), including updated annual earnings. A reporting entity must also update its enrolmentdetails where two or more reporting entities merge or amalgamate.

A reporting entity may authorise an agent to notify AUSTRAC of any changes if there is a written agreementthat authorises the agent to change the reporting entity's enrolment details on its behalf. The agent mustdeclare the information provided is true, accurate and complete.

If an agent is acting for a deceased estate or for a person who no longer has capacity to manage their affairs,the agent must provide AUSTRAC with evidence they are authorised to act in this capacity.

Back to top

How do reporting entities advise AUSTRAC of changes to theirdetails?Reporting entities can advise AUSTRAC of a change to their details electronically through their AUSTRACOnline account.

Reporting entities without a computer or internet access may advise AUSTRAC of a change to their detailsusing a paper form, obtained by contacting the AUSTRAC Contact Centre.

Back to top

Can AUSTRAC change a reporting entity's details on the ReportingEntities Roll?AUSTRAC can correct or complete a reporting entity's enrolment details if AUSTRAC has reasonablegrounds to consider the reporting entity's enrolment details are incorrect or incomplete.

AUSTRAC may also remove a reporting entity's name and enrolment details from the roll if AUSTRACconsiders the entity no longer provides a designated service under the AML/CTF Act.

In both instances, AUSTRAC must (if possible) notify the entity of the changes to its enrolment details andthe date the changes were made.

Back to top

How can a reporting entity request to be removed from theReporting Entities Roll?If a reporting entity stops providing a designated service, it may ask to be removed from the ReportingEntities Roll. AUSTRAC may consider the following factors when deciding whether to remove a reportingentity from the Reporting Entities Roll:

whether the reporting entity ceased to provide designated servicesthe likelihood of the reporting entity providing designated services in the futureany outstanding reporting obligations.

Requests to be removed from the Reporting Entities Roll must be submitted using the 'Request to removename and details from the reporting entity roll' form. The form is accessible through the reporting entity'sAUSTRAC Online account or by contacting the AUSTRAC Contact Centre.

Back to top


23 of 147 18/9/17, 2:46 PM

Chapter 5 - Remitter registration requirementsContents

IntroductionBackground

Why must remittance service providers register with AUSTRAC?What types of remittance services are required to be registered with AUSTRAC?What is an 'independent remittance dealer'?What is a 'remittance network provider'?What is an 'affiliate' of a remittance network provider?What are the registration requirements for a remittance network provider?Can a remitter apply for registration as an affiliate of a remittance network provider?Can a remitter provide remittance services without being registered with AUSTRAC?Are remitters also required to enrol with AUSTRAC?How often must remitters renew their registration with AUSTRAC?

Applying for registrationHow does a remitter register with AUSTRAC?What information must a remitter provide when applying for registration?What information must a remitter obtain and keep when applying for registration?How does a person obtain a national police certificate or national police history check?How are remitters notified about the outcome of their registration application?How long does it take to process a remitter registration application?Can AUSTRAC request further information about an application for registration?What does AUSTRAC consider when assessing an application for registration?Can AUSTRAC impose conditions on registration?On what grounds can AUSTRAC refuse registration?If AUSTRAC does not register a business as a remittance network provider, can that networkprovider's 'affiliates' register with AUSTRAC as independent remittance dealers?Does AUSTRAC have the power to suspend or cancel registration of a remittance serviceprovider?

Applications for review of a decision to refuse, cancel, suspend or impose a condition on a registrationCan a remitter request a review if a registration application is refused, suspended, cancelled ormade subject to conditions?What are the processes of a review?How does a remitter seek an external review of a decision made by AUSTRAC?

Maintaining registration informationIs a remitter required to advise AUSTRAC of any changes to their details or circumstances?How does a remitter notify AUSTRAC of changes to their registration details?Can AUSTRAC change a remitter's details on the Remittance Sector Register?Can a remitter request to be removed from the Remittance Sector Register?

Renewal of registration on the Remittance Sector RegisterRemittance Network Providers (RNPs) - renewal of affiliatesExemptions from the requirement to be registered on the Remittance Sector Register

IntroductionReporting entities providing a designated remittance service (under items 31, 32 and 32A, table 1, section 6,Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act)) must enrol and registerwith AUSTRAC before providing remittance services to their customers. Remittance service providers thatregister with AUSTRAC are placed on the AUSTRAC Remittance Sector Register.

This chapter provides an overview of the registration requirements. Information on enrolling with AUSTRACis available in Chapter 4 - Enrolment requirements.


24 of 147 18/9/17, 2:46 PM

Back to top

BackgroundWhy must remittance service providers register with AUSTRAC?

The remittance sector is recognised by Australian law enforcement and national security authorities as beingvulnerable to targeting by criminals for money laundering, terrorism financing and the financing of seriousand transnational crime, including people smuggling.

The vulnerabilities in this sector are also acknowledged by international AML/CTF experts. Remitters mustregister with AUSTRAC to prevent 'high risk' individuals from operating in the sector.

Registration with AUSTRAC is not automatic. A person seeking registration on the Remittance SectorRegister must provide AUSTRAC with information which will be used to assess their suitability to beregistered.

Under the AML/CTF Act, AUSTRAC can refuse, suspend or cancel the registration of remittance dealerswhere a remitter poses an unacceptable risk of money laundering, terrorism financing or the financing ofpeople smuggling.

What types of remittance services are required to be registered with AUSTRAC?

Businesses providing remittance services under items 31, 32 or 32A (table 1, section 6, AML/CTF Act) mustapply to register with AUSTRAC. Remittance service providers must register with AUSTRAC as one (ormore) of the following:

remittance network providerremittance affiliateindependent remittance dealer.

A remitter may operate in more than one category and must apply to be registered for each category in whichit operates. AUSTRAC issues a separate registration for each category of remittance service provided by aremitter.

Reporting entities that provide remittance services incidental to their core business

Some reporting entities may provide remittance services to their customers while in the process of providinganother designated service. For example, online gaming providers, stockbrokers, managed investmentschemes, custodians and businesses in the superannuation sector may send funds overseas on behalf of theircustomers, but only as an incidental service to their core business.

It is AUSTRAC’s view that the funds transfers conducted by reporting entities in the circumstances detailedbelow do not constitute a designated remittance arrangement under the AML/CTF Act.

Accordingly, AUSTRAC will not enforce the AML/CTF Act obligations regarding designated remittancearrangements (including the remitter registration and IFTI-DRA reporting obligations) for reporting entities inthe following circumstances:

where a reporting entity provides a designated remittance service and has IFTI-DRA reportingobligations incidentally to providing another designated service (that is not an item 31, 32 or 32Aservice in section 6 of the AML/CTF Act); andall funds transfers undertaken by the reporting entity are conducted through a financial institution.

The above narrows the scope of the application of section 10 (Designated remittance arrangements etc.) of theAML/CTF Act and clarifies what AUSTRAC considers to constitute a designated remittance arrangementunder the Act.


25 of 147 18/9/17, 2:46 PM

Licensed casinos and currency exchange businesses

The above position does not apply to remittance services provided by licensed casinos and currency exchangebusinesses.

Currency exchanges: where a customer seeks to exchange money at a currency exchange business, orconvert foreign currency, and requests the money to be transferred to a foreign country, AUSTRACexpects the exchange business to report an IFTI-DRA because the funds transfer is not incidental to theother designated service.Licensed casinos: obligations for licensed casinos that provide remittance services have been addressedseparately by AUSTRAC within this guide.

What is an 'independent remittance dealer'?

An independent remittance dealer is a business that provides remittance services to customers using its ownsystems and processes. It may have its own branches that it also owns and controls; that is, the independentremittance dealer employs the staff and is responsible for the operating costs of its branches (such as rent,utilities and services costs and council rates).

What is a 'remittance network provider'?

In simple terms, remittance network providers:

operate a network of persons, called 'affiliates', who provide remittance services to customers of thenetworkprovide a shared or common platform or operating system used by their affiliates within the network toprovide remittance servicesprovide an AML/CTF program and report IFTIs and TTRs on behalf of the remittance network.

For further information, see AUSTRAC guidance note 12/03 - What constitutes a Remittance NetworkProvider?

What is an 'affiliate' of a remittance network provider?

An affiliate of a remittance network provider is a business that provides remittance services to customers aspart of a remittance network operated by a remittance network provider.

A remittance affiliate will generally:

have a commercial agreement or contract with a remittance network provider to provide remittanceservices in the name of the remittance network provideruse the platform or business system owned by the remittance network providerreceive a commission from the remittance network provider on transactions conducteduse the AML/CTF program provided by the remittance network provider.

What are the registration requirements for a remittance network provider?

A remittance network provider must be registered with AUSTRAC before it can provide a remittance networkservice. Once registered, a remittance network provider is responsible for applying to register all affiliatesoperating within its network. The remittance network provider must also keep the details of its affiliates up todate with AUSTRAC (see below).

Remittance network providers must also carry out a range of other AML/CTF responsibilities on behalf oftheir affiliates, including:

reporting TTRs and IFTIs (SMRs can be submitted by either the RNP or the affiliate, depending on theirwritten agreement)providing an AML/CTF program.


26 of 147 18/9/17, 2:46 PM

Can a remitter apply for registration as an affiliate of a remittance network provider?

Generally, the remittance network provider applies for registration (and enrolment) with AUSTRAC on behalfof all of its affiliates. However, where a remitter is already registered as an independent remittance dealer, theremitter may apply directly to AUSTRAC to be registered as an affiliate, provided it has the written consent ofits remittance network provider. An affiliate that has registered on its own behalf must maintain its ownregistration information.

Where an affiliate also wishes to provide independent remittance services, the remitter must make a separateapplication to AUSTRAC for registration as an independent remittance dealer.

Can a remitter provide remittance services without being registered with AUSTRAC?

All remittance service providers must be registered with AUSTRAC before offering remittance services tocustomers. It is an offence to provide remittance services without being registered on the Remittance SectorRegister. The penalty is imprisonment, a fine, or both.

Are remitters also required to enrol with AUSTRAC?

All remitters must enrol with AUSTRAC as a 'reporting entity'. Remitters may apply for registration at thesame time as enrolling with AUSTRAC. See Chapter 4 - Enrolment requirements for further information.

How often must remitters renew their registration with AUSTRAC?

Independent remittance dealers and remittance network providers must renew their registration withAUSTRAC every three years. Remittance network providers must also apply to renew the registration of theiraffiliates every three years.

Back to top

Applying for registrationHow does a remitter register with AUSTRAC?

Independent remittance dealers and remittance network providers can apply to register with AUSTRAC bycompleting and submitting the registration section of the AUSTRAC Business Profile Form to AUSTRAC.Additional information and assistance about applying for registration is available on the Enrolment andregistration page.

Remitters must also obtain and keep specific information about their business and key personnel (dependingon the type of remitter registration). Part B, Schedules 1, 2 and/or 3, Chapter 56, AML/CTF Rules specifiesthe required information.

A remitter who is already enrolled with AUSTRAC as a reporting entity can apply for registration bycompleting and submitting the registration section of the AUSTRAC business profile form.

Remitters without a computer or internet access may enrol and register using a paper form, available bycontacting the AUSTRAC Contact Centre.

Remittance network providers must apply for registration on behalf of their affiliates through the My Affiliatesfunction in AUSTRAC Online. A remittance network provider cannot register its affiliates until its ownregistration is approved by AUSTRAC.

What information must a remitter provide when applying for registration?

A remitter applying for registration must provide AUSTRAC with information about their remittance businessand key personnel. Chapter 56 of the AML/CTF Rules specifies the registration requirements. Remitters must


27 of 147 18/9/17, 2:46 PM

also disclose to AUSTRAC details about certain criminal, civil and enforcement action relevant to their keypersonnel.

What information must a remitter obtain and keep when applying for registration?

Business information

Remitters must keep information about their remittance business and business structure, including informationabout their management structure and any other entities in the corporate structure.

The AUSTRAC Business Profile Form - explanatory guide, available on the Enrolment and registration page,contains a full list of information that must be obtained and kept.

National police certificates and national police history checks

Remitters applying to be registered with AUSTRAC must obtain and keep national police certificates (orforeign equivalent) or national police history checks for all key personnel. Remitters must keep the originalcertificate or a certified copy.

Network providers are required to obtain and retain an original or certified copy of a national police certificatefor each of the key personnel of its affiliates. Where the affiliate or other network agent obtains the original orcertified copy of the national police certificate it is sufficient for the remittance network provider to retain anelectronic copy of that certificate.

All national police certificates (or foreign equivalent) or national police history checks must be issued no morethan six months before the remitter applies for registration (or 12 months for affiliates of remittance networkproviders). Remitters must declare that national police certificates or national police history checks have beenobtained for all key personnel when submitting their registration application to AUSTRAC.

If the individual listed as key personnel is resident in a foreign country, a national police certificate issued by apolice force of that country is required.

Remitters must also obtain and retain a national police certificate or a national police history check for anynew key personnel appointed during the period of registration. Remitters must declare to AUSTRAC anychanges to their key personnel during the registration period and whether they have:

obtained a national police certificate or national police history check in relation to the key personnel; ormade an application to obtain a national police certificate or national police history check.

The national police certificate or national police history check is also an aid to the remitter in assessingwhether any of their key personnel may be a money laundering, terrorism financing or people smuggling risk.

How does a person obtain a national police certificate or national police history check?

A national police certificate (or foreign equivalent) is a document issued by an Australian Police Force (orforeign equivalent) that contains a certification that the person to whom it relates has no disclosableconvictions or those disclosable convictions which are detailed in the Certificate.

An Australian national police certificate can be obtained through the Australian Federal Police or state andterritory police services.

A national police history check is an alternative to obtaining a national police certificate. National policehistory checks can be obtained through an agency that has been accredited by CrimTrac, which is theAustralian Government agency that administers the national police checking process and informationdatabase.

A list of accredited agencies through which a national police history check can be obtained is available on theCrimTrac website.


28 of 147 18/9/17, 2:46 PM

How are remitters notified about the outcome of their registration application?

AUSTRAC advises the applicant in writing about the outcome of its registration application.

If AUSTRAC approves the registration application, the remitter is placed on the Remittance Sector Registerand receives a registration number. If AUSTRAC refuses the registration application or approves theapplication subject to conditions, the remitter is notified about its rights to seek an independent review of thedecision.

How long does it take to process a remitter registration application?

Under the AML/CTF Act, AUSTRAC is required to make a decision within 90 days from the day theregistration application is received by AUSTRAC. If AUSTRAC requests further information about theapplication, the decision must be made within 90 days of receiving that information.

AUSTRAC can extend the processing period by 30 days if the application cannot be dealt with properlywithin 90 days. AUSTRAC must notify the applicant in writing of this extension before the 90 days ends.

If AUSTRAC does not make a decision within 90 days, the application is considered to be refused under theAML/CTF Act. The remitter can request an internal review of the application if this occurs.

Can AUSTRAC request further information about an application for registration?

Under the AML/CTF Act, AUSTRAC may, in writing, request further information from any person (includingthe applicant) when making a decision to register a remitter. AUSTRAC is not required to make a decisionuntil the additional information is provided.

What does AUSTRAC consider when assessing an application for registration?

AUSTRAC considers whether allowing the person to operate as a remitter involves a significant risk of moneylaundering, terrorism financing or the financing of people smuggling. Relevant factors include whether theperson has a criminal history, or has repeatedly failed to comply with their AML/CTF obligations, or has beendisciplined by another regulator.

Can AUSTRAC impose conditions on registration?

AUSTRAC may impose conditions on a remitter's registration to address any issues AUSTRAC identifiedwhen assessing the remitter's application. AUSTRAC may also impose conditions at a later time to addressany subsequent issues AUSTRAC identifies with the remitter (see section 75E of the AML/CTF Act).

A remitter may seek an independent review of a decision by AUSTRAC to impose conditions on itsregistration.

On what grounds can AUSTRAC refuse registration?

AUSTRAC can refuse a registration application, based on the risk of money laundering, terrorism financing orthe financing of people smuggling or any other matters specified in Chapter 57 of the AML/CTF Rules.

A remitter may seek an independent review of a decision by AUSTRAC to refuse its registration.

If AUSTRAC does not register a business as a remittance network provider, can thatnetwork provider's 'affiliates' register with AUSTRAC as independent remittancedealers?

If AUSTRAC does not register a business as a remittance network provider, the businesses that havearrangements with that network provider to provide remittance services cannot be registered as 'affiliates'.However, they can apply to be registered as independent remittance dealers.


29 of 147 18/9/17, 2:46 PM

Does AUSTRAC have the power to suspend or cancel registration of a remittanceservice provider?

Cancelling registration

AUSTRAC can cancel the registration of a remittance network provider, an independent remittance dealer, orthe affiliate of a remittance network provider if the remitter poses an unacceptable risk of money laundering,terrorism financing or the financing of people smuggling. Section 75G of the AML/CTF Act and chapter 58 ofthe AML/CTF Rules set out these powers.

AUSTRAC must consider several factors before deciding to cancel a remittance service provider'sregistration. AUSTRAC may suspend or cancel a remitter's registration if the remitter is charged with or foundguilty of a serious criminal offence; has provided incorrect or false information in an application forregistration or renewal of registration or in updating their registration details on the Remittance SectorRegister; or if the remitter does not comply with the AML/CTF Act.

The remittance service provider will be notified in writing if AUSTRAC cancels the remitter's registration.The cancellation takes effect from the date of the notice.

AUSTRAC can publish the names of persons whose registration has been cancelled and the date ofcancellation. This enhances the transparency of the remittance sector and enables consumers to accessinformation about cancellations.

A remitter may seek an independent review of a decision by AUSTRAC to cancel its registration.

Suspension of registration

AUSTRAC can suspend a registration if AUSTRAC is satisfied the registered remittance service providerbreached its obligations or poses an unacceptable risk of money laundering, terrorism financing or thefinancing of people smuggling.

Subsection 75H(1) of the AML/CTF Act and chapter 59 of the AML/CTF Rules outline arrangements forsuspending registration. Subsection 75H(2) provides a non-exhaustive list of matters the Rules may include.Examples include where a remitter is charged, prosecuted and/or found guilty of money laundering, financingterrorism, terrorism, people smuggling, fraud, a serious offence, or an offence under the AML/CTF Act.

Back to top

Applications for review of a decision to refuse, cancel, suspend orimpose a condition on a registrationCan a remitter request a review if a registration application is refused, suspended,cancelled or made subject to conditions?

Under section s233B of the AML/CTF Act, a person may apply for an internal review of a decision that wasmade under sections 75B, 75C, 75E, or 75G of the AML/CTF Act. These include decisions to:

refuse an application for registration on the Remittance Sector Registercancel registrationimpose conditions on registration.

A remitter can also seek an internal review if the application is refused because AUSTRAC did not make adecision within the time frames specified under subsections 75B(6) and 75B(7).

A request for an internal review of a decision must be submitted to AUSTRAC within 14 days of receivingthe notice to refuse, cancel or suspend the registration or to impose conditions on the registration.


30 of 147 18/9/17, 2:46 PM

What are the processes of a review?

The process for reviewing a decision to refuse, cancel or impose conditions on a registration is as follows:

AUSTRAC must (except in cases of urgency) give written notice of a proposed decision and providethe remitter an opportunity to respond. The written notice must contain key information about thedecision, including rights of review.The remitter may seek internal review of the original decision.AUSTRAC CEO can delegate review decisions to an AUSTRAC staff member. AUSTRAC CEO mustensure the decision is independently reviewed by an AUSTRAC officer who is senior to the originaldecision maker and who was not involved in making the original decision. The reviewer may affirm,vary or revoke the original decision.

A notice of a proposed decision to refuse, cancel or impose conditions on a registration is not required to begiven if AUSTRAC is satisfied that it is inappropriate to do so because of the urgency of the circumstances;for example, if a serious crime is about to occur.

How does a remitter seek an external review of a decision made by AUSTRAC?

A remitter not satisfied with the internal review of a decision by AUSTRAC may apply for review by theAdministrative Appeals Tribunal (AAT). Visit the AAT website for information about AAT processes andprocedures.

Back to top

Maintaining registration informationIs a remitter required to advise AUSTRAC of any changes to their details orcircumstances?

A remitter must advise AUSTRAC of any material changes in its circumstances through its AUSTRACOnline account.

Chapter 60 of the AML/CTF Rules details the changes a remitter must report to AUSTRAC. For example:

changes to the remitter's registration detailschanges in the number of the remitter's key personnel and a declaration that a national police certificateor national police history check has been obtained, or an application has been made for a national policecertificate or national police history check for the new key personnel.if the remitter (including its key personnel) has been charged, prosecuted or found guilty of an offenceincluding money laundering, terrorism or terrorism financing, people smuggling, fraud, a seriousoffence, an offence under the AML/CTF Act or under the Financial Transaction Reports Act 1988if the remitter has been the subject of a civil penalty order issued under the AML/CTF Actif the remitter has been the subject of civil or criminal proceedings or enforcement action, in relation tothe management of an entity, or commercial or professional activities, which were determined adverselyto the person or any of its key personnel.

The time frames and processes for notifying AUSTRAC of changes in circumstances differ depending on thetype of remittance dealer and registration:

Independent remittance dealers and remittance network providers must notify AUSTRAC within 14days of any changes in their circumstances.Affiliates whose remittance network providers applied for their registration have 14 days to notify theirnetwork provider. A network provider must then notify AUSTRAC within seven days of receiving theadvice from its affiliate.

How does a remitter notify AUSTRAC of changes to their registration details?


31 of 147 18/9/17, 2:46 PM

A registered remitter can advise AUSTRAC of a change to its details electronically through its AUSTRACOnline account or using the AUSTRAC Business Profile Form.

An affiliate whose remittance network provider applied for their registration must notify their networkprovider of changes to their registration details. The network provider can update the affiliate's registrationdetails through the My Affiliates function in AUSTRAC Online.

Remitters without a computer or internet access can contact the AUSTRAC Contact Centre.

Can AUSTRAC change a remitter's details on the Remittance Sector Register?

AUSTRAC can change a registered remitter's details on the Remittance Sector Register in limitedcircumstances. AUSTRAC may change a remitter's registration details if AUSTRAC considers the detailsincorrect or incomplete.

AUSTRAC must notify the remitter of the changes to its details and the date the changes were made within 14days of making the changes.

Can a remitter request to be removed from the Remittance Sector Register?

A registered remitter can request, in writing, for AUSTRAC to remove it from the Remittance Sector Register.

Where a registered remitter ceases to be registered as a remittance network provider, AUSTRAC is required toremove both the remittance network provider and each of the network provider's affiliates from the register(see subsection 75K(3) of the AML/CTF Act).

AUSTRAC must, as soon as reasonably practicable, notify a remittance network provider, in writing, ifAUSTRAC has removed one of the network provider's affiliates from the register (where the remittancenetwork provider did not request the removal).

AUSTRAC notifies network providers if their affiliates have been removed from the register because it is anoffence (under subsection 74(1) of the AML/CTF Act) for a network provider to provide a remittance networkservice to a person who is not a registered affiliate. Similarly, it is an offence for a person who is part of anetwork to provide a remittance service if they are not a registered remittance affiliate of a remittance networkprovider.

Back to top

Renewal of registration on the Remittance Sector RegisterA remitter's registration with AUSTRAC must be renewed after three years to enable the remitter to continueto provide remittance services.

See Chapter 70 of the AML/CTF Rules in relation to renewal of registration requirements.

Back to top

Remittance Network Providers applying for the renewal of anaffiliate's registrationRead the step-by-step process you need to take to renew your affiliates in the AUSTRAC Online system.

Back to top


32 of 147 18/9/17, 2:46 PM

Exemptions from the requirement to be registered on the RemittanceSector RegisterLicensed casinos

Chapter 69 of the AML/CTF Rules provides an exemption for licensed casinos from registering withAUSTRAC as remittance service providers under certain circumstances.

The exemption provides that reporting entities which:

hold a casino licence; andprovide the designated service listed at item 31, item 32 or item 32A of table 1 in subsection 6(2) of theAML/CTF Act

are exempt from the obligation to register on the Remittance Sector Register where:

the designated services are provided in a casino to which the casino licence relates; andthe designated services are provided in conjunction with a designated service set out in table 3(gambling services) in subsection 6(4) of the AML/CTF Act.

Casino licence holders are still required to report international funds transfer instructions (IFTIs). Chapter 7provides further information about the IFTI reporting obligations and several scenarios of commoninternational funds transfers conducted by casino licence holders.

Back to top

Chapter 6 - AML/CTF programsContents

IntroductionBackgroundDeveloping an AML/CTF program

Part A of an AML/CTF ProgramPart B of an AML/CTF Program (customer due diligence procedures)

IntroductionThe requirement for reporting entities to have an AML/CTF program for their business is a cornerstone ofAustralia's AML/CTF regime. The AML/CTF program establishes the operational framework for a reportingentity to meet its compliance obligations under the AML/CTF Act.

An AML/CTF program should specify how the reporting entity identifies, mitigates and manages the risk ofits products or services being misused to facilitate money laundering or terrorism financing.

Part 7 of the AML/CTF Act contains the requirement that reporting entities must develop and maintain awritten AML/CTF program, while the AML/CTF Rules set out the primary components which must beincluded within an AML/CTF program.

This chapter assists reporting entities to develop, implement and maintain an AML/CTF program which issuitable to their business.

Back to top


33 of 147 18/9/17, 2:46 PM

BackgroundWhat is an AML/CTF program?

An AML/CTF program provides reporting entities with a toolkit for identifying the money laundering andterrorism financing (ML/TF) risks their business faces and establishing and documenting the policies,procedures and controls to mitigate and manage these risks. Reporting entities must develop and maintain awritten AML/CTF program before providing any designated services to a customer.

There are three types of AML/CTF programs:

a standard AML/CTF program, which applies to individual reporting entitiesa joint AML/CTF program, which applies to reporting entities that are members of a designatedbusiness group (DBG) and have elected to operate under a joint AML/CTF programa special AML/CTF program, which applies to individual reporting entities that hold an Australianfinancial services licence (AFSL) and that arrange for a person to receive another designated servicefrom a separate reporting entity. An example is a financial planner who arranges for a client to receive adesignated service (such as acquiring or disposing of a security or derivative) provided by anotherreporting entity.

Standard and joint AML/CTF programs must have two components:

Part A (general)Part B (customer identification).

Special AML/CTF programs are only required to include the Part B component - they are not required toinclude Part A.

Part A of an AML/CTF program covers identifying, managing and reducing the money laundering andterrorism financing risk faced by a reporting entity. It includes:

an ML/TF risk assessment of the business conducted by the entity. This assessment must be reviewedand updated periodicallyapproval and ongoing oversight by boards (where appropriate) and senior managementappointment of an AML/CTF compliance officerregular independent review of Part Aan employee due diligence programan AML/CTF risk awareness training program for employeespolicies and procedures for the reporting entity to respond to and apply AUSTRAC feedbacksystems and controls to ensure the entity complies with its AML/CTF reporting obligationsongoing customer due diligence (OCDD) procedures, which provide for the ongoing monitoring ofexisting customers to identify, mitigate and manage any ML/TF risks. These include a transactionmonitoring program and an enhanced customer due diligence (ECDD) program.

Part B covers a reporting entity's customer due diligence (CDD) procedures. It includes:

establishing a framework for identifying customers and beneficial owners of customers so the reportingentity can be reasonably satisfied a customer is who they claim to becollecting and verifying customer and beneficial owner information.

What are the AML/CTF program requirements for reporting entities which providedesignated services at or through a permanent establishment in a foreign country?

Reporting entities which provide designated services at or through a permanent establishment in a foreigncountry must have certain elements of Part A of an AML/CTF program, including:

approval and ongoing oversight of Part A by boards (where appropriate) and senior managementappointment of an AML/CTF compliance officer


34 of 147 18/9/17, 2:46 PM

regular independent review of Part Aprocedures to respond to and apply AUSTRAC feedback.

Reporting entities which have a permanent establishment in a foreign country at or through which theyprovide designated services, should be aware of the differences between the AML/CTF legal framework inAustralia and the foreign country. Where the foreign country has a comparable AML/CTF regime to Australia,the reporting entity's permanent establishment in a foreign country may need to implement only minimaladditional AML/CTF systems and controls.

AUSTRAC Guidance note 09/02 - Assessment of comparable AML/CTF laws in foreign countries providesassistance to reporting entities on what constitutes a comparable AML/CTF law in a foreign country.

Can a reporting entity adopt a template or model AML/CTF program?

AML/CTF programs are risk based and relate to the size and nature of each business, the designated servicesit offers customers and its ML/TF risk profile. AUSTRAC does not provide an AML/CTF program templatethat each reporting entity must use. Instead, each reporting entity must develop and document an AML/CTFprogram that is tailored to its specific business needs and which is proportionate to the level of ML/TF risk itfaces.

AUSTRAC has developed industry specific guidance on developing an AML/CTF program and these guidesprovide reporting entities with practical guidance on meeting their obligations. Industry guidance is availablefor:

bookmakersindependent remittershotels and clubs

What is a risk-based approach to developing an AML/CTF program?

The risk-based approach recognises that the reporting entity is best placed to identify and assess the risks itsbusiness faces according to the types of customers it serves and the products and services it provides tocustomers. The risk-based approach also acknowledges that entities are best placed to develop controls,procedures and allocate resources that are proportionate to those risks.

For example, a reporting entity may allocate additional effort to those areas of the business it assesses ashaving a higher ML/TF risk. The risk-based approach provides a reporting entity with a degree of flexibility todetermine how its obligations can be implemented and enables a reporting entity to tailor its AML/CTFprogram to meet the specific features, risks and characteristics of the business.

A reporting entity's AML/CTF systems and controls must address the nature, size and complexity of itsbusiness and the types of ML/TF risk it might reasonably face.

Further information

For further information on the risk-based approach, see:

Risk management - a tool for small-to-medium sized businesses.

Back to top

Developing an AML/CTF programAn AML/CTF program must include several elements to satisfy the requirements set out in the AML/CTF Actand AML/CTF Rules.


35 of 147 18/9/17, 2:46 PM

Part A (general)

Part B (customer due diligence procedures)

Part A of an AML/CTF ProgramContents

Conducting a ML/TF risk assessmentApproval and oversight by boards and senior managementAppointing an AML/CTF compliance officerRegular independent review of Part AEmployee due diligence programAML/CTF risk awareness training programAUSTRAC feedbackReporting obligationsOngoing customer due diligence

The primary purpose of Part A of an AML/CTF program is to identify, mitigate and manage the ML/TF riskarising from the provision of a designated service by a reporting entity. Elements of Part A also inform therisk-based approach that is applied in Part B (customer identification).

The following sections outline the requirements for each of the elements of Part A of an AML/CTF program.

Conducting a ML/TF risk assessmentRisk management is the process of identifying risk and developing policies and procedures to minimise andmanage that risk. This requires the development of a framework to identify, prioritise, treat (deal with),control and monitor risk exposures. The risk management process involves assessing risks against thelikelihood (or chance) of them occurring and the severity or amount of loss or damage (or impact) which mayresult if they do occur.

ML/TF risk is the risk that the reporting entity or its products and services may be used to facilitate moneylaundering or terrorism financing. In particular, a reporting entity must consider the risk posed by thefollowing:

customer types, including any customers who are politically exposed persons (PEPs) and theirassociatesthe types of designated services it provideshow the entity provides its designated services (for example, over-the-counter or online)the foreign jurisdictions with which it operates or conducts business.

What must be included in the ML/TF risk assessment?

The ML/TF risk assessment must measure the level of risk (for example high, medium or low risk) associatedwith providing each designated service. This risk level determines the risk-based customer identificationprocedures to be included in Part B of the AML/CTF program.

The reporting entity's risk assessment framework must be flexible because the entity's risk profile may change.The reporting entity must also be able to identify and monitor significant changes in its ML/TF risks andamend its procedures accordingly. This must include assessing the ML/TF risk posed by all:

new designated services, before the entity introduces them to the marketnew methods of delivering a designated service, before the entity adopts them


36 of 147 18/9/17, 2:46 PM

new or developing technologies used to provide designated services, before adopting themchanges in the nature of the business relationship, control structure or beneficial ownership of itscustomers.

A reporting entity's ML/TF risk assessment should be in writing and be updated and reviewed at regularintervals.

Back to top

Approval and oversight by boards and senior managementPart A of the AML/CTF program must be:

approved by the governing board and senior management of the reporting entity, or each reportingentity of a DBG (where appropriate)subject to ongoing oversight by the governing board and senior management.

Oversight by boards and senior management may include:

ongoing reporting to the board and senior management on the performance and effectiveness of theAML/CTF procedures, including the results of an independent review, instances of non-compliancewith the AML/CTF Act and any feedback received after an assessment by AUSTRAC of an AML/CTFprogramperiodic review of the ML/TF risk faced by the reporting entity to ensure the reporting entity's risk-based procedures and controls are appropriate and proportionate to the ML/TF risk it faces.

Back to top

Appointing an AML/CTF compliance officerA reporting entity must appoint a person as the 'AML/CTF compliance officer'.

A reporting entity's AML/CTF compliance officer must be at management level, and may undertake otherduties within the reporting entity. Differences in the nature, size and complexity of businesses means'management' may be interpreted broadly to mean a person who handles, directs and controls AML/CTFcompliance within the reporting entity. This is particularly relevant where the reporting entity is a smallbusiness.

The AML/CTF Rules do not specify whether the compliance officer must be an employee of the reportingentity or an independent contractor engaged by the reporting entity. AUSTRAC considers it preferable for thecompliance officer to have a direct connection to the reporting entity that allows them:

the authority and resources to perform their responsibilities, including access to all relevant areas of thereporting entity's operations and all relevant staff members (at any level)the power to address problems relating to AML/CTF compliance and reporting obligations.

Reporting entities that are members of a designated business group (DBG) and which have elected to adopt ajoint AML/CTF program must appoint a compliance officer, at management level, from one of the members torepresent the entire group. The compliance officer may also act as the nominated contact officer for the DBG.If a DBG elects not to adopt a joint AML/CTF program, each reporting entity within the DBG must developtheir own AML/CTF program and appoint a separate compliance officer.

Duties of an AML/CTF compliance officer

The AML/CTF Rules do not specify the duties of the compliance officer. As a guide, examples of dutiesinclude:


37 of 147 18/9/17, 2:46 PM

ensuring continued compliance with the requirements of the AML/CTF Act and AML/CTF Rules(subject to the ongoing oversight of the reporting entity's board and senior management)day-to-day oversight of the AML/CTF programregular reporting, including reporting of non-compliance, to the board and senior managementaddressing any AUSTRAC feedback about the reporting entity's risk management performance orAML/CTF programacting as the AUSTRAC contact officer for matters such as reporting suspicious matters, internationalfunds transfer instructions and threshold transactions, urgent reporting, compliance audits, or requestsfor information or documentscontributing to designing, implementing and maintaining internal AML/CTF compliance manuals,policies, procedures and systems.

Delegation of responsibilities

The compliance officer may delegate certain duties to other employees of the reporting entity. For example,the compliance officer may delegate certain duties and functions that are specific to a local office or branch toensure compliance procedures are implemented consistently at the particular branch. However, in thesecircumstances, the compliance officer is expected to retain responsibility for implementing and assessing theongoing operation of the AML/CTF program.

Back to top

Regular independent review of Part APart A of the AML/CTF program must be independently reviewed at regular intervals and the reporting entitymust ensure the independence of the reviewer.

A reporting entity must determine how often it will arrange for the conduct of an independent review of PartA. The timing should account for the nature, size and complexity of the business, and the type and level ofML/TF risk it might face.

The review may be conducted by an internal or external person; for example:

an employee of the reporting entity not involved in or subject to the requirements of the AML/CTFprogram (such as the internal audit or legal department)external auditors or other compliance specialists.

The review should be conducted in accordance with the risk-based approach and must assess and test thefollowing four areas:

Part A's effectiveness in addressing the ML/TF risk of the reporting entity or each reporting entity in aDBGwhether Part A complies with the requirements outlined in the AML/CTF Ruleswhether Part A has been effectively implementedwhether the reporting entity, or each reporting entity in a DBG, complied with the procedures outlinedin Part A.

The review should assess actual examples of the entity's day-to-day operations. For example, the review maytest:

the assumptions underlying the entity's ML/TF risk assessmentthe effectiveness of the controls put in place to mitigate the ML/TF riskswhether employees of the reporting entity are complying with the requirements outlined in theAML/CTF program.

The results of an independent review, including any report prepared, must be provided to the seniormanagement of the reporting entity (which may include the board of directors or a sub-committee of the board


38 of 147 18/9/17, 2:46 PM

of directors and relevant senior executives).

Back to top

Employee due diligence programAn employee due diligence program refers to the documented procedures for screening staff members tominimise any exposure to risk. An employee due diligence program must set out appropriate risk-basedsystems and controls for the reporting entity to determine whether to undertake the following activities, andhow to undertake them:

screen a prospective employee who, if employed, may be in a position to facilitate the commission of amoney laundering or financing of terrorism offencerescreen an employee, where the employee is transferred or promoted and may be in a position tofacilitate the commission of a money laundering or financing of terrorism offence.

A reporting entity should establish procedures to identify and verify the identity of prospective or existingemployees, confirm their employment history (for example, through references or referee reports) anddetermine if they are suitable to be employed in a particular position in the business. The procedures shouldtake into account the role of the employee and the nature, size and complexity of the business, and the type ofrisk it might reasonably face.

A reporting entity may determine that certain positions pose a higher risk than others because they may be, forexample, vulnerable to collusion with, or coercion by, third parties. In such cases, the AML/CTF programmay set out more rigorous screening processes for higher risk positions.

Where an employee is engaged in a role that poses a high risk, the reporting entity may consider additionalprocesses such as determining whether the person has:

a criminal record, by requiring the applicant to provide evidence of a National Criminal History Checkundertaken through a state, territory or federal police force or accredited service providerbeen subject to disciplinary action by a regulator or legal action or has any matters to be consideredbefore a court of lawtaken advantage of the laws relating to bankruptcylived in high-risk countries (for example, countries that are subject to sanctions by Australia.

Some reporting entities are also regulated by another Commonwealth, state or territory agency which requiresemployees to hold a licence (for example, people employed in the gambling and betting sectors or those thatare required to hold an AFSL). The reporting entity may consider whether those licensing obligations alsosatisfy the risk-based systems and controls outlined in its employee due diligence program.

An employee due diligence program must also outline a system to manage an employee who fails, withoutreasonable excuse, to comply with any system, control or procedure under the AML/CTF program. Areporting entity may consider establishing policies outlining the consequences of employee non-compliancewith AML/CTF requirements; for example:

disciplinary action ranging from issuing formal warnings through to dismissal, depending on the scaleand seriousness of the breachmandatory refresher training.

Back to top

AML/CTF risk awareness training programPart A of the AML/CTF program must include an AML/CTF risk awareness training program for employees.The reporting entity may also extend such training to include boards of directors, senior managers, agents and


39 of 147 18/9/17, 2:46 PM

consultants who carry out functions connected with providing designated services on behalf of the reportingentity.

A risk awareness training program is central to a reporting entity's effort to protect its business from beingused to facilitate money laundering or terrorism financing. The AML/CTF risk awareness training shouldensure that employees are aware of the ML/TF risks faced by the business and their role in mitigating this riskby contributing to the reporting entity's overall compliance with its AML/CTF obligations.

The AML/CTF risk awareness training program should be documented (similar to a business training plan)and detail how the reporting entity will ensure employees are aware of:

the sources of ML/TF risk to the reporting entitythe reporting entity's commitment to AML/CTF compliancethe reporting entity's AML/CTF policies and proceduresthe reporting entity's obligations under the AML/CTF Act and Rules and the consequences of non-compliancethe nature and consequences of the ML/TF risks they may reasonably face.

The training program may specify:

who needs to be trained (for example, existing employees, new employees, employees transferring todifferent positions, senior managers, new directors and consultants)what the training intends to achievethe duration and frequency of training, including refresher training.

The training program may also describe how the training will be conducted: for example, through:

on-the-job training, especially for training relevant to a specific roleinduction training, incorporating AML/CTF awareness for new employees and employees transferringinto new positionsinstructor-led training, whether through in-house training units or external training providersonline e-learning coursesongoing communication of changes and updates to systems, controls and procedures.

The training program should apply, at a minimum, to all employees who:

are in a position which has been assessed as posing a high ML/TF riskhave contact with customersauthorise and approve customer transactionshandle cash or fundsfacilitate transaction reporting to AUSTRACoversee or implement the AML/CTF program.

A reporting entity's training program should be reviewed and maintained to accommodate changes to theML/TF risk faced by the reporting entity and the operating environment.

Back to top

AUSTRAC feedbackPart A of the AML/CTF program must include appropriate procedures for the reporting entity to applyAUSTRAC feedback on the reporting entity's performance in managing ML/TF risk. This includes proceduresfor addressing recommendations contained in any reports AUSTRAC prepares on the reporting entity'scompliance with the AML/CTF Act and Rules. AUSTRAC may also, from time to time, provide industryspecific compliance feedback and guidance that reporting entities should use to maintain their AML/CTFprogram and keep it up to date.

Back to top


40 of 147 18/9/17, 2:46 PM

Reporting obligationsPart A of the AML/CTF program must include details about:

the reporting entity's AML/CTF reporting obligations; andappropriate systems and controls designed to ensure compliance with the reporting obligations.

A reporting entity's reporting obligations may include:

threshold transaction reports (TTRs)suspicious matter reports (SMRs)international funds transfer instruction (IFTI) reportsAML/CTF compliance reportschanges to the reporting entity's enrolment detailsmaterial changes to the reporting entity's registration details on the Remittance Sector Register (if theyare a remittance dealer).

This element of Part A helps reporting entities ensure that procedures are in place to submit all compulsoryreports to AUSTRAC in an accurate and timely manner.

Reporting entities should notify AUSTRAC as soon as possible of any serious non-compliance with itsreporting obligations.

Back to top

Ongoing customer due diligenceReporting entities are required to have in place appropriate systems and controls to determine whetheradditional customer information (including beneficial owner information) should be collected and/or verifiedon an ongoing basis to ensure that the reporting entity holds up-to-date information about its customers. Thisprocess is known as 'ongoing customer due diligence' (OCDD). The decision to apply the OCDD process to aparticular customer depends on the customer's level of assessed ML/TF risk.

OCDD must be included in Part A of an AML/CTF program. OCDD ensures customers are monitored on anongoing basis to identify, mitigate and manage any ML/TF risk posed by providing designated services.OCDD obligations apply to all ongoing customers receiving designated services.

Ongoing customer due diligence also includes:

implementing a transaction monitoring program; anddeveloping an 'enhanced customer due diligence' program.

Transaction monitoring program

Part A of the AML/CTF program must include a risk-based transaction monitoring program. A transactionmonitoring program:

must include appropriate risk-based systems and controls to monitor the transactions of customersmust identify transactions that are considered to be suspiciousshould be capable of identifying complex, unusually large transactions and unusual patterns oftransactions which have no apparent economic or visible lawful purpose.

A risk-based transaction monitoring program may include the following elements:

risk-based processes for recognising money laundering typologies and transaction patterns indicatingsuspicious behaviour (for example, customers making large, structured cash deposits, and then


41 of 147 18/9/17, 2:46 PM

subsequently transferring the funds electronically to unrelated accounts)processes to establish customer transaction profiles that include the customer's transaction history (forexample, to identify instances where a customer has conducted activity inconsistent with their profile)processes to compare established customer transaction profiles against risk-based typologies andtransaction patternsprocesses to assign alerts to customers identified as high risk or those conducting transactions indicatingsuspicious behaviour.

Depending on the nature, size and complexity of the business, a reporting entity's transaction monitoringprogram may be conducted manually or using an automated transaction monitoring system.

Types of transactions which may be monitored under a transaction monitoring program

What constitutes complex, unusual or large transactions or unusual patterns of transactions differs for eachreporting entity. It depends on the reporting entity's size, types of customers, products and delivery channelsand risk profile.

Generally, complex and unusual transactions might include:

transactions of an unusually large size or volume relative to the customer profile (or usual customerbehaviour)transactions that exceed the reporting entity's internal thresholds or reporting triggerstransactions to or from a high-risk country including a 'prescribed foreign country' (for example, Iran orthe Democratic People's Republic of Korea/North Korea)payments to or from a person on a sanctions listchanges in account balances or levels of financial activity that are inconsistent with the size of pastaccount balancesirregular patterns of account activity that are characteristic of money laundering or terrorism financing.

AUSTRAC typologies reports and indicators of ML/TF activity

AUSTRAC typologies reports contain a variety of case studies detailing various methods criminals use toconceal, launder or move illicit funds and to commit financial or other crimes. The case studies detail thesuspicious financial activities undertaken by the suspects in each case.

AUSTRAC's typologies reports also list 'indicators' (customer behaviour 'red flags') that may assist reportingentities to identify potential money laundering and terrorism financing activity (see appendix A of theAUSTRAC typologies reports).

Enhanced customer due diligence program

Part A of the AML/CTF program must include an enhanced customer due diligence (ECDD) program. ECDDis the process of undertaking additional customer identification and verification measures in certaincircumstances deemed to be high risk.The ECDD program details the procedures the reporting entity must undertake:

if it determines under its risk-based systems and controls (for example, through its transactionmonitoring program) the ML/TF risk associated with dealing with a certain customer is higha designated service is being provided to a customer who is, or has a beneficial owner who is, a foreignPEPwhen an SMR obligation arisesif it is entering into or proposing to enter into a transaction, and one party to the transaction is physicallypresent in, or is a corporation incorporated in, a prescribed foreign country.

See Table 1 below for a detailed description of the enhanced customer due diligence requirements (also seechapter 15 of the AML/CTF Rules).

Enhanced customer due diligence procedures


42 of 147 18/9/17, 2:46 PM

A reporting entity is required to implement a range of ECDD measures outlined below in the followingcircumstances:

Identified high ML/TF riskDesignated service is provided to a customer who is, or who has a beneficial owner who is, a foreignPEP (Note: in addition to any other appropriate measures, reporting entities must undertake measures 4and 6 below)When an SMR obligation arisesActual/proposed transaction with a party who is physically present in, or is a corporation incorporatedin, a prescribed foreign country.

Back to top

Table 1: Enhanced customer due diligence procedures

Measure Procedure

Measure 1: Seek furtherinformation

Seek further information from the customer or from third party sources toundertake one or more of the following:

clarify or update customer informationclarify or update beneficial owner informationobtain any further customer information or beneficial owner information,including, where appropriate, taking reasonable measures to identify thesource of wealth and source of funds for the customer and each beneficialownerclarify the nature of the customer's ongoing business with the reportingentity.

Measure 2: Moredetailed analysis

Undertake more detailed analysis of the customer's information and beneficialowner information, including, where appropriate, taking reasonable measuresto identify the source of wealth and source of funds for the customer and eachbeneficial owner.

Measure 3: Verify or re-verify customerinformation

Verify or re-verify customer information in accordance with the reportingentity's customer identification procedures.

Measure 4: Verify or re-verify beneficial ownerinformation

Verify or re-verify beneficial owner information in accordance with theidentification requirements specified in Chapter 4 of the AML/CTF Rules.

Measure 5: Analysis andmonitoring oftransactions

Undertake more detailed analysis and monitoring of the customer's transactions- both past and future. This may include:

the purpose, reason for, or nature of specific transactionsthe expected nature and level of transaction behaviour, including futuretransactions.

Measure 6: Seniormanagement approval

Seek senior management approval for:

continuing a business relationship with a customerwhether a transaction on an account should be processedwhether the designated service should continue to be provided to thecustomer.


43 of 147 18/9/17, 2:46 PM

Back to top

Part B of an AML/CTF program (customer duediligence procedures)Contents

Collecting and verifying customer identification informationIdentifying customers who do not have conventional forms of identification (including customers ofAboriginal and/or Torres Strait Islander heritage)Identifying and verifying the beneficial owner of a customerResponding to discrepancies that arise while verifying customer and beneficial owner informationDocument Verification Service - individual customer and beneficial owner identificationPolitically exposed personsSpecial circumstance and exemptions that apply for CDD obligations

The primary purpose of Part B is to ensure the reporting entity knows its customers and understands theircustomers' financial activities. The reporting entity must establish a framework and document its customer duediligence (CDD) procedures in detail. All AML/CTF programs (standard, joint and special) must include PartB.

A reporting entity must be reasonably satisfied that:

an individual customer is who they claim to befor a non-individual customer, the customer exists and their beneficial ownership details are known.

By knowing its customers a reporting entity should be better able to identify and mitigate ML/TF risks in theconduct of their financial transactions, particularly where the activity or transactions are unusual oruncharacteristic.

The CDD requirements include:

collecting and verifying customer identification information - for example, documents, data or otherinformation obtained from a reliable and independent sourceidentifying and verifying the beneficial owner(s) of a customeridentifying whether a customer is a PEP (or an associate of a PEP) and taking steps to establish thesource of funds used during the business relationship or transactionobtaining information on the purpose and intended nature of the business relationship.

When does a reporting entity need to undertake CDD?

Most CDD obligations must be completed before the provision of a designated service, regardless of whetherit involves a one-off transaction or an ongoing business relationship (such as an account or a loan).

The reporting entity must comply with its obligations to identify the beneficial owner of a customer anddetermine whether the customer or a beneficial owner is a PEP before it provides the designated service, or assoon as practicable after the service has been provided.

There are exemptions which allow the CDD requirements to be met after the provision of the designatedservice. See 'Special circumstance and exemptions that apply for CDD obligations' below.

Risk-based customer due diligence procedures

A reporting entity is required to have risk-based CDD procedures. To develop these procedures, reportingentities should consider the risk posed by each of the following factors:


44 of 147 18/9/17, 2:46 PM

customer types, including beneficial owners of customers and PEPscustomers' sources of funds and wealth (for example, by enquiring into the expected source and originof the funds to be used in the provision of the designated service)nature and purpose of the business relationship (for example, the customer's business or employment)control structure of non-individual customers (for example, complex corporate structures and theunderlying beneficial owners)types of designated services the reporting entity provideshow the reporting entity provides its designated services (for example, over-the-counter or online)foreign jurisdictions in which the reporting entity deals (for example, customers that live or areincorporated in a foreign country).

Back to top

Collecting and verifying customer identification informationAn AML/CTF program must:

provide for the collection of certain minimum ‘know your customer’ (KYC) information;provide for the collection of certain minimum information about beneficial owners of customersinclude certain requirements in relation to customers who are ‘politically exposed persons’ (PEPs), orwho have beneficial owners that are PEPsinclude appropriate risk-based systems and controls to determine whether further customer informationshould be collectedprovide for the verification of customer information include appropriate risk-based systems and controls to determine whether further customer informationcollected from the customer should be verified provide for the collection of information about the agent of a customer, and include appropriate risk-based systems and controls to determine whether to verify information about the agent.

What are the minimum customer identification and verification requirements?

The 'Ready reckoner' summarises the minimum customer information (including, where applicable, beneficialowner and PEP information) a reporting entity must collect and verify for the following customer types:

individuals (including beneficial owners and PEPs)companiespartnershipstrustsincorporated and unincorporated associationsregistered cooperativesgovernment bodiesagents acting on behalf of a customer.

Verification is the process the reporting entity uses to confirm that the customer information provided by, orabout, a customer is accurate. A reporting entity's AML/CTF program must outline appropriate risk-basedprocedures and controls for the reporting entity to verify the customer information collected using reliable andindependent documentation, reliable and independent electronic data, or both.

Ready reckonerDoes the identification information collected and verified need to be in the Englishlanguage?

If a customer provides identification documents to a reporting entity in a language other than English, it isAUSTRAC’s expectation that the reporting entity obtain a translation of the document into the Englishlanguage by an accredited translator.


45 of 147 18/9/17, 2:46 PM

In circumstances where the identification documents are in another language that personnel of the reportingentity understands, the reporting entity may not need to obtain a translation of the document into the Englishlanguage by an accredited translator. However, AUSTRAC considers that it is good practice for a reportingentity to require that the person conducting the verification translate the documents into the English language,to:

facilitate reference by all employees of the reporting entity, and to be able to demonstrate to AUSTRAC that the reporting entity has conducted the verification.

Safe harbour procedures for individuals with a medium or lower ML/TF risk

Reporting entities may adopt 'safe harbour' procedures to verify customer information for individuals wherethe relationship with the customer is of medium or lower ML/TF risk.

Documentation-based procedures

Reporting entities adopting the documentation-based safe harbour procedures (specified in paragraph 4.2.11 ofthe AML/CTF Rules) must verify customer information using an original or certified copy of a primaryphotographic, or primary non-photographic, or secondary document. For example, a reporting entity couldverify the customer’s name by referring to their driver’s licence that shows the customer’s first name, middleinitial, and family name.

Chapter 1 of the AML/CTF Rules defines 'certified copy', including the list of authorised persons who maycertify a document as a true copy of an original.

Electronic-based procedures

Reporting entities adopting the electronic-based safe harbour procedures (specified in paragraph 4.2.13 of theAML/CTF Rules) must use reliable and independent electronic data from at least one or two separate datasources, depending on the type of information needing to be verified.

The Document Verification Service managed by the Commonwealth Attorney-General’s Department providesaccess to several independent electronic data sources. Reporting entities may verify an individual's identityelectronically by using records held by a credit reporting agency. Further information on using credit reportingagencies to verify customer identification information is available in AUSTRAC Guidance Note 11/02 -Verification of identity (e-verification).

Note: Even where safe harbour procedures are applicable, it is not compulsory for reporting entities to adoptthese procedures for customers with a medium or lower ML/TF risk (see paragraphs 4.2.10 and 4.2.12 of theAML/CTF Rules).

Simplified verification procedures for certain types of companies and trusts

A reporting entity may adopt simplified verification procedures for certain types of companies and trusts.

Simplified company verification procedure

To use the simplified company verification procedure the reporting entity must confirm the company is one ofthe following:

a domestic listed public companya majority owned subsidiary of a domestic listed public companylicensed and subject to the regulatory oversight of a Commonwealth, state or territory statutoryregulator in relation to its activities as a company.

A reporting entity may confirm the above information by undertaking one or more of the following:

a search of the relevant domestic stock exchange


46 of 147 18/9/17, 2:46 PM

obtaining a public document issued by the relevant companya search of the relevant Australian Securities and Investments Commission (ASIC) databasea search of the licence or other records of the relevant regulator.

Simplified trust verification procedure

The reporting entity must verify that the trust is one of the following:

a managed investment scheme registered by ASICa managed investment scheme that is not registered by ASIC that:

only has wholesale clients; anddoes not make small scale offerings (under section 1012E of the Corporations Act 2001)

registered and subject to the regulatory oversight of a Commonwealth statutory regulator in relation toits activities as a trusta government superannuation fund established by legislation.

Back to top

Identifying customers who do not have conventional forms ofidentification (including customers of Aboriginal and/or TorresStrait Islander heritage)Some sections of the Australian community may have, for a diverse range of reasons, practical difficulties inmeeting the identification requirements as specified in Chapter 4 of the AML/CTF Rules – ApplicableCustomer Identification Procedure.

Some customers may not have identification documents that reporting entities most commonly use to establishand verify the identity of their customers, or the information contained in the documents may no longer beaccurate or up to date. As a result, these people may face barriers in accessing financial services. Examples ofpersons who may have difficulties in meeting customer identification and verification requirements in order toaccess financial services include:

customers of Aboriginal and/or Torres Strait Island heritage, andother categories of customers, such as a person who has resettled in Australia as a refugee.

AUSTRAC recommends that, where appropriate, reporting entities consider adopting a flexible approach tothe identification and verification of customers that may fall within these categories and, where appropriate,remain mindful of social and cultural sensitivities. This may include using ‘reliable and independent’ meansof alternative identification for customers that fall within these categories and who have difficulties inproviding commonly used documentation for identification purposes. In applying this flexible approach,reporting entities are expected to apply a risk-based assessment in determining the suitability of thedocumentation submitted for identification and verification purposes.

For more information, recommendations and examples, please visit the Aboriginal and/or Torres StraitIslander people page. The guidance and worked examples, which specifically focus on customers ofAboriginal and/or Torres Strait Islander heritage, can also be applied for other categories of customer whohave difficulties in complying with customer identification requirements.

Identifying and verifying the beneficial owner of a customerA reporting entity must implement procedures to collect and verify identification information about thebeneficial ownership and control of its customers.

What is a beneficial owner?


47 of 147 18/9/17, 2:46 PM

A beneficial owner of a customer is defined as an individual (a natural person or persons) who ultimatelyowns or controls (directly or indirectly) the customer.

Ownership for the purposes of determining a beneficial owner means owning 25 per cent or more of thecustomer.

The definition of 'control' includes whether the control is exerted by means of trusts, agreements,arrangements, understandings or practices and whether or not the individual has control based on legal orequitable rights. It includes where an individual can exercise control through making decisions about financialand operating policies.

What beneficial owner information must be collected and verified?

Once a reporting entity has established who is a beneficial owner or owners of a customer, a reporting entitymust collect at least the following information in relation to each individual beneficial owner:

full name; anddate of birth or full residential address.

The reporting entity must take reasonable measures to verify the information it collects about the beneficialowner. Reasonable measures means it must take some measures to verify the information, and the steps takenmust be appropriate given the level of ML/TF risk.

How does a reporting entity identify the beneficial owner of a customer?

To identify the beneficial owner of a customer, a reporting entity should establish and understand theownership or control structure of the customer. In most cases, the reporting entity can request informationfrom the customer. A reporting entity may also need to enquire further into a complex ownership or controlstructure.

Examples of information that may assist a reporting entity in identifying a beneficial owner of a customerinclude:

a certificate of incorporation of a company with ASIC and/or an annual statement including theamendments submitted to ASICa trust deeda partnership agreementthe constitution and/or certificate of incorporation for an incorporated associationthe constitution of a registered co-operative.

The following are examples of the processes a reporting entity may undertake to identify a beneficial owner ofa company and a trust.

Example: identifying the beneficial owner of a company

ABC Pty Ltd applied to receive a designated service from a reporting entity. To identify the beneficial ownerof ABC Pty Ltd, the reporting entity requests the customer to provide certified copies of its most recent ASICannual statement including any amendments. This statement includes information regarding ABC Pty Ltd'sultimate holding company, office holders, company share structure and members.

The company structure and shareholders listed in the ASIC annual return for ABC Pty Ltd are as follows:


48 of 147 18/9/17, 2:46 PM

Mr Smith owns more than 25 per cent of the issued share capital in ABC Pty Ltd and therefore is a beneficialowner of the entity.

In the event that the company ownership was not concentrated with one person holding 60%, and it could notbe identified that a single person owned (or controlled, such as through voting rights or other means) 25% ormore of the shares, then under the provisions in 4.12.9, Mr Jones may be the beneficial owner by virtue of hiscontrol of the company through making decisions about the financial and operating policies on a day-to-daybasis. In that instance, Mr Jones should be identified as the beneficial owner, according to the customeridentification procedures for individuals. In some cases, it may be appropriate to ascertain both ownership andcontrol (for example with higher risk customers or where there are concerns relating to ownershipinformation).

The reporting entity must identify:

ABC Pty Ltd, in accordance with the customer identification procedures for a company.Mr Smith, according to the customer identification procedures for individuals.

Example: Identifying the beneficial owner of a trust

JJG Pty Ltd applied to receive a designated service from a reporting entity. To identify the beneficial owner ofJJG Pty Ltd (which is the customer), the reporting entity may request that the customer provide certifiedcopies of its most recent ASIC annual statement and any amendments. These documents show that BrianJones and Margaret Jones are the directors and the two equal shareholders of JJG Pty Ltd.

Because JJG Pty Ltd is the corporate trustee on behalf of the Jones Family Trust, the reporting entity mustidentify and verify certain information about JJG Pty Ltd’s trust arrangement with the Jones Family Trust inaccordance with the trustee requirements under Part 4.4. JJG Pty Ltd provides the reporting entity with a


49 of 147 18/9/17, 2:46 PM

certified copy of the trust deed which outlines the arrangements for the trust, as follows:

The beneficiaries of the Jones Family Trust are:Margaret JonesConstance JonesHoratio Jones

The settlor of the trust is Mr William Smith, the accountant for the Jones family.

According to the trust deed, Margaret Jones is the 'appointor' of the Jones Family Trust. In this case, thereporting entity has assessed Margaret Jones as being the beneficial owner of the Jones Family Trust becauseshe can exercise control in her capacity as the appointer. An appointor holds the power to appoint or removethe trustees who exercise the various trust powers.

Reporting entities should note that in the absence of an appointor, another person may be the beneficial ownerif that person owns or controls (directly or indirectly) the customer of the reporting entity, in this case JJG PtyLtd.

The reporting entity must, at a minimum:

collect and verify certain information from JJG Pty Ltd, as the trustee on behalf of the Jones FamilyTrust, in accordance with the reporting entity’s customer identification procedures for a company underPart 4.3collect the full names of all beneficiaries of the Jones Family Trust (that is, Margaret Jones, ConstanceJones and Horatio Jones)identify Margaret Jones, as the beneficial owner of the Jones Family Trust, in accordance with thebeneficial owner customer identification procedures at 4.12.1. collect and verify the full name of Mr William Smith, as the settlor of the trust – unless:

the material asset contribution to the trust by Mr Smith (as the settlor) at the time the trust isestablished is less than $10,000; orat the time of undertaking customer identification procedures Mr Smith is deceased; orthe trust is verified using the simplified trustee verification procedure (see paragraph 4.4.8 of theAML/CTF Rules).

What process should a reporting entity take if it is unable to identify the beneficialowner of a customer?

In some cases, a reporting entity may not be able to determine the beneficial owner of a customer, such aswhere no person owns 25 per cent or more of the customer or where there is not an individual exercisingcontrol of the customer.

In these cases, a reporting entity is required to identify and take reasonable steps to verify an alternativeindividual as described below (also refer to paragraph 4.12.9 of the AML/CTF Rules).

The customer is a company or a partnership:

A reporting entity should attempt to identify an individual in the following order:

an individual who can exercise 25 per cent or more of the voting rights, including the power to veto.The power to exercise voting rights may be direct or indirect, including where the individual isentrusted with, or has significant influence over, the exercise of the voting rights.

If the reporting entity cannot identify the above individual:

any individual who holds the position of senior managing official (or equivalent).

The customer is a trust:

A reporting entity should attempt to identify any individual who holds the power to appoint or remove the


50 of 147 18/9/17, 2:46 PM

trustees of the trust. This role is usually described as the appointor, but may also be called the 'custodian' or'principal', and should be noted in the trust deed.

The customer is an association or a registered co-operative:

A reporting entity should attempt to identify an individual in the following order:1. It should attempt to identify any individual who can exercise 25 per cent or more of the voting rights,including a power to veto.

2.

If the reporting entity cannot identify the above individual, it should attempt to identify any individualwho would be entitled to 25 per cent or more of the property of the association or registered cooperativeif it were dissolved.

3.

If the reporting entity cannot identify an individual described in 1 or 2 above, it should attempt toidentify any individual who holds the position of senior managing official.

4.

What are the exceptions to the beneficial ownership obligations?

A reporting entity is not required to determine the beneficial owner of a customer if the customer is:

a company which has been verified under the simplified company verification procedure underparagraph 4.3.8 of the AML/CTF Rulesa trust which has been verified under the simplified trustee verification procedure under paragraph 4.4.8of the AML/CTF Rulesan Australian Government Entitya foreign-listed public company that is subject to beneficial ownership disclosure requirements that arecomparable to the requirements in Australia.

Where a customer is an individual, the reporting entity is entitled to assume that the customer and thebeneficial owner are the same - that is, there is no other individual that controls the customer, unless thereporting entity has reasonable grounds to consider otherwise. For example, if the reporting entity learns thatthe customer is being influenced or controlled by a third party, the reporting entity will need to identify andverify the identity of the third party (because they are a 'beneficial owner' of the individual).

Note : The exceptions to the beneficial ownership obligations only apply to the customer of the reportingentity.

If the customer is not one of the four customer types listed above, the reporting entity must identify thebeneficial owner of the customer in accordance with the requirements of Part 4.12 of the AML/CTF Rules.

The exceptions to the beneficial ownership obligations do not apply to the beneficial owner(s) of a customer.

What are the safe harbour procedures for verifying the beneficial owner of a customer?

A reporting entity may follow the documentation or electronic based safe harbour procedures to verify thebeneficial owner of a customer assessed as being of medium or lower ML/TF risk.

The safe harbour procedures do not include sufficient verification procedures for high ML/TF risk customers,including foreign PEPs.

The documentation-based safe harbour procedures involve:

verifying the beneficial owner's full name and full residential address or date of birth (or both) usingan original or certified copy of a primary photographic identification document, or

both:

an original or certified copy of a primary non-photographic identification document; andan original or certified copy of a secondary identification document; and

verifying that the documentation has not expired (other than a passport, which may be used if it expiredwithin the preceding two years).


51 of 147 18/9/17, 2:46 PM

Alternatively, a reporting entity may rely on an electronic-based safe harbour procedure where:

a beneficial owner's full name; andtheir full residential address or their date of birth, or both

have been verified from reliable and independent electronic data from at least two separate data sources.Reporting entities may verify an individual's identity electronically by using records held by a credit reportingagency.

Further information on using credit reporting agencies to verify customer identification information isavailable in AUSTRAC guidance note 11/02 - Verification of identity (e-verification).

Using disclosure certificates to identify the beneficial owner of a customer

In addition to the verification procedures set out above, a reporting entity may be able to rely on a 'disclosurecertificate' to verify information about a beneficial owner of a customer where such information is nototherwise available.

A disclosure certificate is provided by the customer and must contain the information set out in chapter 30 ofthe AML/CTF Rules.

Back to top

Responding to discrepancies that arise while verifying customer andbeneficial owner informationReporting entities must have risk-based systems and controls in place to respond to any discrepancies thatmay arise while verifying customer or beneficial ownership information. This may include collectingadditional information from the customer.

For example, a discrepancy may arise where:

the name on a customer's passport does not match the name the customer provides to the reportingentitythe name of a director provided by the company does not match any current director's name appearingon the company search extract.

Back to top

Document Verification Service - individual customer and beneficialowner identificationThe Document Verification Service (DVS) is a secure, national, real-time, on-line, electronic documentverification system managed by the Commonwealth Attorney-General’s Department (AGD).

The DVS provides authorised organisations, such as reporting entities, with a means to electronically matchidentifying information or credentials on certain government-issued identity documents directly with theissuing government organisation (whether Commonwealth, State or Territory). This allows reporting entitiesto check that the identity document presented by an individual is current or valid (for example, the documenthas not expired, been cancelled, is lost or stolen).

For more information please go to the Document Verification Service and individual customer and beneficialowner identification page.


52 of 147 18/9/17, 2:46 PM

Politically exposed personsWho is a politically exposed person?

Politically exposed persons (PEPs) are individuals who occupy a prominent public position or function in agovernment body or international organisation, both within and outside Australia. This definition also extendsto their immediate family members and close associates.

Chapter 1 of the AML/CTF Rules defines three categories of PEPs:

Domestic PEPs are individuals who hold a prominent public position or function in an Australiangovernment bodyForeign PEPs are individuals who hold a prominent public position or function in a government bodyof a foreign country.International organisation PEPs are individuals who hold a prominent public position or function in aninternational organisation.

The AML/CTF Rules definition of PEPs is not intended to be an exhaustive list of the type of PEPs thatshould be subject to identification and verification and risk management by reporting entities. Individuals notlisted in the definition may be considered to be a PEP by reporting entities if they are entrusted with aprominent public position or function in a government body or international organisation.

This guide also includes detailed explanations of many of the key terms used in the AML/CTF Rules inrelation to PEPs – see Key terms used in the AML/CTF Rules definition of PEPs page.

When does a person cease to be considered a PEP?

As described above, a PEP is someone who occupies a prominent public position. Once a person no longerholds that position, they are no longer considered a PEP. However, a reporting entity should continue to applya risk-based approach to determine whether an existing customer who is no longer a PEP should continue tobe treated as a high-risk customer.

Higher risk PEPs are also more likely to continue to pose a ML/TF risk after they cease holding a publicposition. As such, reporting entities may choose to undertake enhanced customer due diligence (ECDD) for alonger period for a former PEP under the ECDD provisions in Chapter 15 of the AML/CTF Rules.

Money laundering and terrorism financing risk associated with PEPs

Due to their position and influence it is recognised that many PEPs are in positions that potentially can beabused for money laundering and related predicate offences, including corruption and bribery, as well asactivity related to terrorism financing. The potential risks associated with PEPs justify the application ofadditional AML/CTF measures to prevent and detect this conduct.

However, it is noted that if a person is a PEP, this does not mean that there is an automatic link to criminalactivities or abuse of the financial system. The additional AML/CTF measures applied in the case of PEPs arepreventative, and should not be interpreted as stigmatising PEPs as being involved in criminal activity; ratherthese measures recognise the increased risk, including opportunity, associated with holding this type of role.

Risks associated with different categories of PEPs

Reporting entities must automatically treat all foreign PEPs as high-risk customers.

Domestic PEPs and 'international organisation' PEPs may also be considered to be high risk depending on thecircumstances. Reporting entities should conduct a risk assessment on domestic and international organisationPEPs before deciding whether to apply their ECDD program to these customers.

Effective due diligence and risk assessment processes enable reporting entities to identify customers who arePEPs. These processes also support the entity's ongoing transaction monitoring. A reporting entity is better


53 of 147 18/9/17, 2:46 PM

able to detect suspicious transactions or behaviour if it is aware that a customer is a PEP and is aware of theincreased AML/CTF risks associated with PEPs. This knowledge will also enable a reporting entity to betterunderstand what is normal, legitimate financial behaviour for a PEP customer and identify unusual orsuspicious activity by that customer.

Not all PEPs present the same AML/CTF risk. If a PEP undertakes transactions of the type that wouldnormally be undertaken by non-PEP customers, and there is no evidence to suggest the funds came from anunusual source, a reporting entity's normal procedures may be sufficient to mitigate the ML/TF risk. Forexample, normal procedure may involve asking the customer general questions about the transaction anddocumenting the responses as normal.

In some circumstances reporting entities should consider obtaining further information from a PEP and seekmore documentary evidence to verify the information provided. For example:

where the jurisdiction that appointed the PEP is a higher risk jurisdictionwhere the funding for the transaction is substantial or from an unusual sourcewhere the type of transaction is a higher risk transaction; for example, a large cash transaction.

What are the requirements for PEPs?

A reporting entity must have procedures to identify whether any individual customer or beneficial owner is aPEP, or an associate of a PEP. The reporting entity must undertake this identification process before itprovides the customer with a designated service, or as soon as practicable afterwards (refer to Part 4.13 of theAML/CTF Rules).

The term 'as soon as practicable' has not been defined in the AML/CTF Rules in order to allow reportingentities to carry out the procedures in a manner which is appropriate to the particular circumstances of eachcustomer.

The AML/CTF Rules have different requirements for:

medium or lower ML/TF risk domestic and international organisation PEPs; andall foreign PEPs, and high ML/TF risk domestic and international organisation PEPs.

Determine whether a customer or beneficial owner is a PEP

A reporting entity must have risk-based procedures to determine whether a customer is a PEP.

These procedures may include:

checking the customer's background through an internet searchconsulting reports and databases released by various organisations that specialise in analysingcorruption risks.

If the reporting entity needs to conduct more thorough checks, or if there is a high likelihood of a reportingentity having customers who are PEPs, the reporting entity may find that subscribing to a specialist PEPdatabase is an appropriate risk mitigation tool.

AUSTRAC notes, however, that over-reliance on such databases may increase the risk that reporting entitieswill wrongly assume that if a customer's name is not in the database, then the customer is not a PEP. Reportingentities should also be aware that commercial databases can have limitations – for example, these databases:

may not be as comprehensive or reliable as is believedmay not align with the PEP definition used in Australia if it is a 'global' databasemay not include certain names or may exclude certain categories of PEPsmay contain inconsistent transliterations and spellings of names which may affect a reporting entity'sability to match names.

If a customer is a medium or lower ML/TF risk domestic or international organisation PEP


54 of 147 18/9/17, 2:46 PM

For domestic PEPs or international organisation PEPs that are beneficial owners of a customer, a reportingentity must carry out the customer identification and verification procedures which apply to individuals.

Generally, domestic or international organisation PEPs may be considered to be of lower ML/TF risk, but thiscannot be assumed – reporting entities must use their risk-based procedures to decide whether a PEP is ofhigher ML/TF risk.

If a customer is a foreign PEP or a high ML/TF risk domestic or international organisation PEP

For foreign PEPs or high ML/TF risk domestic PEPs who are beneficial owners, a reporting entity must carryout the customer identification and verification procedures which apply to individuals.

A reporting entity is also required to:

obtain senior management approval before establishing or continuing a business relationship with thecustomer and before providing, or continuing to provide, a designated service to the customertake reasonable measures to establish the customer's source of wealth and source of fundscomply with enhanced customer due diligence requirements under Chapter 15 of the AML/CTF Rules.

Responding to any discrepancies

Regardless of whether a PEP is a domestic, international organisation or foreign PEP, a reporting entity musthave risk-based systems and controls to respond to any discrepancies they discover while verifying a PEP'sidentity. These systems and controls should enable the reporting entity to be reasonably satisfied that the PEPis the person they claim to be.

Ongoing transaction monitoring

For all foreign PEPs and high risk domestic or international organisation PEPs, reporting entities shouldclosely monitor the transactions conducted by that customer. If a reporting entity suspects that a transactionundertaken by a PEP involves funds that are the proceeds of corruption or other criminal activity, it mustsubmit an SMR to AUSTRAC.

A reporting entity's ongoing customer due diligence (OCDD) procedures should consider whether any of itsexisting customers have become PEPs since they originally became a customer. If an existing customer doesbecome a PEP, the reporting entity is required to update the customer's status, undertake enhanced customerdue diligence and adjust its transaction monitoring processes. A reporting entity may be alerted to acustomer's change in status by changes to the customer's business or occupation.

Effective due diligence and risk assessment procedures put in place by reporting entities not only identifypersons who are PEPs, but will also assist reporting entities to detect any suspicious transactions or customerbehaviour related to money laundering and related predicate offences.

Further guidance on monitoring transactions and customer behaviour is available in the FATF Guidance,Politically Exposed Persons (Recommendations 12 and 22), and in the AUSTRAC strategic analysis brief,PEPs, corruption and foreign bribery.

PEPs and other legislative requirements

In some cases, reporting entities may consider that the AML/CTF Rules requirements relating to PEPs areinconsistent with obligations imposed upon them by other legislation, in particular, the provision of adesignated service.

For example, Part 4.13 of the AML/CTF Rules requires 'senior management approval' where the risk is highfor domestic and international PEPs and for all foreign PEPs, in regard to whether a business relationshipshould commence or continue or whether a designated service should be provided or continue to be provided.

In this instance, the AML/CTF Rules impose an obligation (the involvement of senior management), but the


55 of 147 18/9/17, 2:46 PM

decision to discontinue or not provide a designated service to the PEP is made by the reporting entity.

In situations where a reporting entity is required to perform an action under legislation that, for example,relates to the acceptance or cashing out of superannuation contributions to a high-risk domestic orinternational PEP or a foreign PEP, the reporting entity, after it has obtained management approval to acceptor cash out the superannuation contributions to the PEP, and complied with its other AML/CTF Programobligations, may consider providing a suspicious matter report to AUSTRAC about that customer.

As the AML/CTF Rules do not prevent a reporting entity from providing a designated service AUSTRACconsiders that there is no conflict between the Rules and a Commonwealth law which requires the provision ofa designated service.

Privacy considerations

The definition of 'sensitive information' in the Privacy Act 1988 includes information or an opinion about anindividual's political opinions or membership of a political association (see section 6(1) of that Act). Inidentifying or verifying a customer who is a PEP, a reporting entity may find that it collects this type ofsensitive information about the PEP.

Sensitive information is generally afforded a higher level of privacy protection under the Australian PrivacyPrinciples than other personal information. This recognises that inappropriate handling of sensitiveinformation can have adverse consequences for an individual or those associated with the individual.

Back to top

Special circumstance and exemptions that apply for CDD obligationsSpecial circumstances and exemptions may apply for customer identification procedures for:

pre-commencement customerscustomer identification procedures carried out by another reporting entitylow-risk servicesthe gambling sector.

Pre-commencement customers

Pre-commencement customers are customers who received a designated service before identificationprocedures became mandatory (that is, before 12 December 2007). Reporting entities are not required toidentify and verify these pre-commencement customers for any new or existing designated services theyreceive. However, these customers are subject to OCDD requirements, including transaction monitoring andenhanced customer due diligence.

If a suspicious matter reporting obligation arises for a pre-commencement customer, a reporting entity must,within 14 days, take one or more of the following actions so it can be reasonably satisfied the customer is theperson they claim to be:

carry out the customer identification procedure for the customer, unless the reporting entity previouslycarried out the procedure or a comparable procedure for the customercollect any customer information about the customerverify from a reliable and independent source, customer information obtained about the customer.

Reliance on customer identification procedures carried out by another reporting entity

A reporting entity may rely on a customer identification procedure carried out by another reporting entityabout a common customer. Currently, there are two situations when this can occur:

if a licensed financial adviser, who provided an item 54 designated service to the customer (table 1,


56 of 147 18/9/17, 2:46 PM

section 6 of the AML/CTF Act), arranges for the customer to receive a designated service from asecond reporting entityif a customer of one member of a DBG:

becomes a customer of another member of the DBG; andis required to undergo the applicable customer identification procedure.

In both cases, the second reporting entity can rely on the customer identification procedures conducted by thefirst reporting entity if the second reporting entity:

obtains a copy of the record of the customer identification made by the first reporting entity or hasaccess to the record under an agreement about managing identification records; anddetermines it is appropriate for it to rely on the customer identification procedure conducted by the firstreporting entity, given the ML/TF risk of the designated service it will provide the customer.

Customer identification procedures for low-risk designated services

The AML/CTF Rules can specify a designated service as 'low risk'. In this case, a reporting entity is notrequired to conduct customer identification procedures for a customer receiving that service unless asuspicious matter reporting obligation arises for that customer.

The AML/CTF Rules do not currently specify any such low risk services.

Exemptions for the gambling sector

Exemptions from the normal customer identification requirements for the gambling sector apply to:

casinosoncourse bookmakerstotalisator agency boards (TABs)controllers of gaming machine venuesproviders of accounts for online gambling services.

Under the AML/CTF Rules, certain gambling designated services are exempt from the normal customeridentification procedures. Depending on the services provided, the exemptions include total exemptions fromthe identification procedures, or exemptions that apply to transactions valued below certain thresholdamounts.

Other exemptions in relation to customer procedures

Exemptions from the customer requirements may be:

general exemptions provided under the AML/CTF Act (table 2); orenacted by AML/CTF Rules (table 3).

The tables below summarise these exemptions and refers to the relevant section of the AML/CTF Act orchapter of the AML/CTF Rules.

Table 2: General exemptions from the customer requirements

AML/CTFActprovision

Situation Description of exemption

Subsection39(5)

Foreign permanentestablishment

The customer identification/verification procedures and OCDDrequirements do not apply to a designated service provided by areporting entity at or through a permanent establishment of theentity in a foreign country.


57 of 147 18/9/17, 2:46 PM

Table 3: AML/CTF Rules that provide exemptions from customer identificationrequirements

Chapter of theAML/CTF Rules Title of chapter

Chapter 10 CasinosOncourse bookmakers and TABs

Chapter 14

Thresholds for certain designated services:

issuing a cheque (item 17, table 1, section 6 of the AML/CTF Act)cashing or redeeming a travellers cheque (items 25 or 26, table 1, section 6 ofthe AML/CTF Act)exchanging one currency for another (item 50, table 1 or item 14, table 3,section 6 of the AML/CTF Act)

Chapter 28 Applicable customer identification procedures in certain circumstances - assignment,conveyance, sale or transfer of business

Chapter 33 Applicable customer identification procedure for purchases and sales of bullion valuedat less than $5,000

Chapter 35 Exemption from applicable customer identification procedures for correspondentbanking relationships

Chapter 38 Exemption from applicable customer identification procedures for the sale of sharesfor charitable purposes

Chapter 39 Exemption from applicable customer identification procedures - premium fundingloans for a general insurance policy

Chapter 41 Cashing out of superannuation funds low balance accounts

Chapter 49 International Uniform Give-up Agreements

Chapter 50

Exemption from applicable customer identification procedures in certaincircumstances:

for a member of a DBG where another member of the group treats the samecustomers as pre-commencement customersfor a member of a DBG where the same customers are pre-commencementcustomers of another member of the group


58 of 147 18/9/17, 2:46 PM

Back to top

Aboriginal and/or Torres Strait Islander peopleContents

Flexible approach to reliable and independent documentationAlternative identification documents – statement by a refereePhotographic referenceCompletion of a letterCompletion of a formWitness requirementRefereesExamples

Some sections of the Australian community may have, for a diverse range of reasons, practical difficulty inmeeting the identification requirements specified in Chapter 4 of the AML/CTF Rules – Applicable CustomerIdentification Procedure.

Some customers may not have identification documents that reporting entities most commonly use to establishand verify the identity of their customers, or the information contained in the documents may no longer beaccurate or up to date. As a result, these people may face barriers in accessing financial services. This issuehas been found to affect some customers of Aboriginal and/or Torres Strait Islander heritage.

AUSTRAC recommends that, where appropriate, reporting entities consider adopting a flexible approach tothe identification and verification of persons of Aboriginal and/or Torres Strait Islander heritage, whileremaining mindful of social and cultural sensitivities. This may include using 'reliable and independent' meansof alternative identification for customers of Aboriginal and/or Torres Strait Islander heritage.

The AML/CTF Act and Rules provide reporting entities with a degree of flexibility concerning theidentification and verification of customers in order to accommodate special circumstances. Chapter 1 of theAML/CTF Rules states that reliable and independent documentation includes but is not limited to:

an original primary photographic identification document;an original primary non-photographic identification document; andan original secondary identification document.

Note: This is not an exhaustive definition. A reporting entity may rely upon other documents not listedin paragraphs (1) to (3) above as 'reliable and independent documents', where that is appropriatehaving regard to ML/TF risk.

Back to top

Flexible approach to reliable and independent documentationAUSTRAC recommends that reporting entities consider adopting protocols to assist them to identify andverify customers of Aboriginal and/or Torres Strait Islander heritage, where reporting entities are unable torely on conventional methods of identification and verification.

There may also be circumstances where persons of Aboriginal and/or Torres Strait Islander heritage mayproduce identification documents with conflicting information. For example, a person may have beenallocated arbitrary dates of birth by different government agencies. These circumstances can make it difficultfor a reporting entity to identify a customer and verify identity.

If the forms of documentation prescribed in the definition (refer to Chapter 1 of the AML/CTF Rules) of'reliable and independent documentation' are not available or not of assistance in identifying a person, a


59 of 147 18/9/17, 2:46 PM

reporting entity could accept an alternative document to verify the customer's identity, provided it is satisfiedthat the document is reliable and independent.

The purpose of this guidance is to provide examples of how a reporting entity might be satisfied about aperson's identity in the absence of conventional identification documents. A reporting entity can assess theML/TF risk of identifying a customer by way of a document such as an indigenous community identity card,or a formal reference / statement as to the customer's identity. Reporting entities could also require a customerto produce correspondence from a government authority that shows the customer's name.

Back to top

Alternative identification documents – statement by a refereeA referee statement can take various forms, however commonly include statements addressing matters suchas:

the referee's knowledge of the person's name, and any other names which the person is, or has beenknown by;the referee's knowledge of the person's residential address, and any other addresses at which the personhas resided;the referee's knowledge of the person's birth date (actual or approximate);the referee's knowledge of the person's familial connection to another relevant person;the specification of a minimum time period over which the referee has known the person;the capacity in which the referee knows the person; andthe date on which the reference was given.

The following are some examples of alternative types of referee statement that a reporting entity may considerto be 'reliable and independent documentation'.

Back to top

Photographic referenceSome service providers in remote communities may be able to incorporate a photograph of the customer into astatement as to the identity of the customer, using the letterhead stationery of the organisation. Whereappropriate, reporting entities may consider such a reference a suitable alternative for a formal photographicidentification document.

Back to top

Completion of a letterReporting entities may also consider accepting referee statements in the form of a letter written by the refereein their capacity as an official of a particular organisation, on the letterhead stationery of that organisation.Reporting entities may choose to provide a template for potential referees to complete.

Back to top

Completion of a formReporting entities could use a form developed to meet their specific requirements for a referee statement.

In the case of a referee statement, a single document could include both:


60 of 147 18/9/17, 2:46 PM

the information collected from the customer; and the (reliable and independent) verification of the information by the referee.

Example form (PDF, 132KB)

Back to top

Witness requirementThe referee statement form could include a requirement that the completion of the form be witnessed. Thereporting entity may require this, for example, if it has concerns about whether the customer and the refereeare sufficiently independent, or about the potential for undue influence on the customer.

Where it is considered desirable that a referee statement requires a witness, the statement could specify anyminimum required qualifications of the witness, such as a requirement that the witness be a recognisedcommunity leader. Explaining any witness requirements imposed by one reporting entity may facilitate theacceptance of the reference by other reporting entities.

Reporting entities could also require a customer to produce correspondence from a government authority thatshows the customer's name.

Back to top

RefereesExamples of referees might include:

Chairperson, Secretary or CEO of an Aboriginal/Torres Strait Islander organisation, or a board memberof a local Aboriginal Land CouncilSchool principal or School counsellorA Minister of ReligionHealth Professional or Manager in Aboriginal/Torres Strait Island Medical ServicesPolice officerAnother person before whom a statutory declaration can be madeCommunity leader or recognised Elder (who is not a parent, sibling, or child of the subject)The customer's current employer or manager.

Under the risk-based approach, such as where the customer has requested to access high-value orsophisticated financial services, reporting entities might also require referees to themselves provide agovernment document attesting to their identity.

Back to top

ExamplesThe following scenarios demonstrate how a reporting entity could identify customers who identify as being ofAboriginal and/or Torres Strait Islander heritage, in accordance with the provisions of Chapter 4 of theAML/CTF Rules.

Example 1: Opening an account

Customer E wishes to open an account with the Careful Credit Union. In processing customer E's application,Careful CU found that it was unable to verify his identity. Customer E explained that he lives in a remotecommunity and has recently changed his name.


61 of 147 18/9/17, 2:46 PM

Example 2: Superannuation beneficiary

Customer C has recently died, leaving a daughter customer D. Customer D is the beneficiary of customer C'ssuperannuation policy held with Nestegg Super. However, Customer D's full name is now different to thename that was originally recorded in the beneficiary nomination, as she changed her name following customerC's death. Nestegg wants to be sure that customer D is actually customer C's daughter, and asks customer Dfor some information about her name change.

Customer D identifies as being of Aboriginal and/or Torres Strait Islander heritage, and informs Nestegg thatit is customary to not use the name of a person who has died. Customer D does not have any officialidentification documents that show her new name. Further, while customer D has provided her name andaddress, she does not know her actual date of birth – she can provide information about her year of birth, andher place of birth.


62 of 147 18/9/17, 2:46 PM

Nestegg has been unable to verify either customer D's current name, or her DOB. Nestegg assesses the levelof ML/TF risk to be low, and decides to verify customer D's identity with a reference completed by anacceptable referee. Customer D explains that the medical doctor that treated customer C is also customer D'sdoctor, and is aware of the relationship between customers C and D: the medical doctor could thereforeprovide a reference as to the relationship between customers C and D. Nestegg requests that customer Dobtain a reference from the medical doctor that treated customer C.

Example 3: Conflicting identification documents

Customer F wishes to open an account with the Happy Returns Bank. Customer F provided the bank with arange of identification documents issued by government departments – however, the documents showvariations in customer F's name, and show different dates of birth. Customer F does not know which of therecorded dates of birth is accurate. Happy Returns is not sure which document (if any document) they should


63 of 147 18/9/17, 2:46 PM

use to identify customer F via electronic means.

Happy Returns asks customer F for copies of the various documents, and for a reference from an office-bearerof the local Aboriginal Land Council of which customer F is a member, which states that the person named ineach of the documents provided is customer F. The office-bearer of the Land Council provided a reference onits official stationery that included a photograph of customer F.

Back to top

The Document Verification Service and individualcustomer and beneficial owner identification


64 of 147 18/9/17, 2:46 PM

ContentsWhat is the Document Verification Service?DVS matching processAML/CTF identification and verification requirements for individual customersAML/CTF identification and verification requirements for beneficial ownersUsing the DVS for AML/CTF identification and verification purposesRecord-keeping obligations and the DVSDesignated Business Groups (DBGs)Privacy requirementsFurther information

What is the Document Verification Service?The Document Verification Service (DVS) is a secure, national, real-time, on-line, electronic documentverification system managed by the Commonwealth Attorney-General’s Department (AGD).

The DVS is available for a fee to:

organisations which have a demonstrable legal obligation to identify their customers, are subject to thePrivacy Act 1988 and are approved as DVS business users, approved DVS Gateway Service Providers whoconnect to the DVS and transmit transactions on behalf of DVS Business users.

The DVS provides authorised organisations, such as reporting entities, with a means to electronically matchidentifying information or credentials on certain government-issued identity documents directly with theissuing government organisation (whether Commonwealth, State or Territory). This allows reporting entitiesto check that the identity document presented by an individual is current or valid (for example, the documenthas not expired, been cancelled, is lost or stolen).

The DVS can match key details from the following Australian identity documents:

visaspassportsMedicare cardsdriver licensescitizenship certificates and ImmiCardscertificates of registration of citizenship by descent (where citizenship is obtained on the basis of thecitizenship of the parents of the person).

Government organisations which issue the above documents maintain ownership and control of their data andsystems and are responsible for ensuring that their databases are accurate and up-to-date. AGD is notresponsible for the accuracy of source identity documents verified through the DVS.

The DVS does not:

verify the identity of the individual presenting the document for verificationmake a decision on an individual’s identityverify documents or identity credentials for non-individual entities such as companies trusts,partnerships, incorporated and unincorporated associationsverify the authenticity of physical documents, only the information on those documentsprovide information about why a match failedprovide access to the database of the issuing government organisationretrieve any personal or other information held by the issuing government organisation about theindividual, orretain any personal information provided by the reporting entity in relation to an individual.

The DVS only verifies the details contained on identity documents associated with an individual. Its use by a


65 of 147 18/9/17, 2:46 PM

reporting entity should support and supplement the reporting entity’s decision-making process about whethera customer is the person they claim to be on the basis of the documents they produce. If a reporting entity isnot satisfied that an individual’s identity has been verified through the DVS, it is up to the reporting entity todetermine whether additional information should be collected and verified from the individual, whether indocumentary or electronic form.

Organisations wishing to use the DVS must comply with its terms and conditions in relation to privacy, dataprotection, IT systems requirements and security. They will also be subject to audits by contractedindependent auditors of their compliance with those terms and conditions.

Current DVS fees:

Type of fee Cost (exclusive of GST)

Initial business user application fee $5,000

Technical connection charge (for businesses wanting to be directlyconnected to the DVS structure as Gateway Service Providers (GSPs)– for themselves or other business users)

$50,000

Transaction fees – payable by the GSPsRange from $0.65 to $1.40 perquery (depending on the volume oftransactions)

DVS matching processThe DVS checks whether certain identifying information or credentials on an identity document matchesthose on the database of the government organisation which issued the document.

The ‘checking process’ (as described below) is undertaken by the reporting entity lodging an InformationMatch Request with the DVS and receiving an Information Match Result in relation to the individualcredentials on the document provided:

1. Customer presents an identity document to the reporting entity

A customer may present the identifying document to a reporting entity either in person, online, by phoneregistration or by postal application.

It is important to note that one of the requirements of using the DVS is that the reporting entity must obtaininformed consent from the individual (for example, the individual customer or a beneficial owner of a non-individual customer) prior to the reporting entity disclosing or verifying any personal information through theDVS or with third parties.

2. Reporting entity lodges an Information Match Request with the DVS

The reporting entity enters identifying information from the document (such as the individual’s name, date ofbirth and the credential number) into the DVS Information Match Request.

The Information Match Request is encrypted and sent using a secure communications pathway.

3. The DVS provides an Information Match Result to the reporting entity


66 of 147 18/9/17, 2:46 PM

The DVS carries out an automated check of the data to confirm or deny whether the information provided inthe Information Match Request matches the information held by the relevant government organisation whichhas issued the document. This automatic response is called an Information Match Result.

4. Types of Information Match Results

The reporting entity will receive one of the following Information Match Result response codes:

[Y] – matched[N] – not matched, orError – either:

[S] - for system availability error (problems with the connection between the DVS user and theDVS Hub that cannot be resolved), or[D] - for data range error (where the request relates to a range of data which has not beenelectronically captured by the Document Issuer).

AML/CTF identification and verification requirements for individualcustomersCustomer identification and verification procedures are contained in Chapter 4 of the AML/CTF Rules. Part4.2 of that chapter specifies the minimum Know-Your-Customer (KYC) information which must be collectedand verified in relation to an individual customer. A reporting entity is able to collect and verify additionalKYC information about an individual, if an assessment of money-laundering and terrorism-financing (ML/TF)risk indicates that collection of additional KYC information is warranted.

KYC information collected from an individual must be verified from:

reliable and independent documentation; orreliable and independent electronic data; ora combination of the above.

Verification of KYC information using reliable and independent electronic data

If a reporting entity assesses an individual customer as being of medium or lower ML/TF risk, the reportingentity has the option of using documentation-based or electronic-based ‘safe harbour’ customer identificationand verification procedures. Paragraph 4.2.13 of Chapter 4 sets out one procedure for electronic-based safeharbour identification and verification, which is summarised below:

Summary of electronic-based safe harbour procedure – medium or lower ML/TF risk individualcustomers

Minimum KYC information required Collect Verify Minimum number of separate electronic datasources that must be used

Full name Yes * 2

Residential address Yes Yes 2

Date of birth Yes ** 1


67 of 147 18/9/17, 2:46 PM

Customer has transaction history for atleast the past 3 years No ** 0

* Under the electronic-based safe harbour procedures, only the customer’s name, not the customer’s fullname, needs to be verified.

** Customer 3 year transaction history is only verified if the customer’s date of birth is unable to be verifiedfrom an electronic data source.

AML/CTF identification and verification requirements for beneficialownersFrom 1 June 2014, new identification and verification procedures apply in relation to beneficial owners ofcustomers. Part 4.12 of Chapter 4 specifies the minimum information which must be collected and verified. Areporting entity is able to collect and verify additional information about a beneficial owner, if an assessmentof ML/TF risk indicates that collection of additional information is warranted.

Part 4.12 specifies that for individual customers, reporting entities may assume that the customer and thebeneficial owner are one and the same, unless the reporting entity has reasonable grounds to considerotherwise. In these circumstances, there is no separate beneficial owner to identify and verify as theidentification of the customer will mean that the beneficial owner is also identified. For non-individualcustomers, paragraph 4.12.2 contains modified beneficial owner requirements for certain types of company,trust and Australian Government Entity customers.

As with individual customers, verification of information collected about each beneficial owner of a customermust be based on reliable and independent documentation or reliable and independent electronic data or acombination of both of these sources.

If a reporting entity assesses a customer (individual or non-individual) as being of medium or lower ML/TFrisk, the reporting entity has the option of using documentation-based or electronic-based ‘safe harbour’identification and verification procedures in relation to the beneficial owner. Paragraph 4.12.7 sets out oneprocedure for electronic-based safe harbour identification and verification of beneficial owners, which issummarised below:

Summary of electronic-based safe harbour procedure – beneficial owners of medium orlower ML/TF risk customers

Minimum beneficial ownerinformation required Collect Verify Minimum number of separate electronic data

sources that must be used

Full name Yes Yes 2

Full residential address Yes * 2

Date of birth Yes * 2

* A reporting entity can verify either the residential address or date of birth, or both.


68 of 147 18/9/17, 2:46 PM

Using the DVS for AML/CTF identification and verificationpurposesA reporting entity may use the DVS for electronic-based safe harbour purposes for individual customers andindividual beneficial owners of non-individual customers (such as companies, trusts and partnerships).

The ‘safe harbour requirements’ in Part 4.2 of Chapter 4 require the use of separate ‘electronic data sources’.AUSTRAC considers that the DVS is not a single ‘electronic data source’, but is instead a system whichprovides access to multiple ‘electronic data sources’. The DVS facilitates access to separate databasesmaintained by government, each of which constitute a separate ‘electronic data source’, for example, drivers’licences (one data source) and passports (a second data source).

‘Safe harbour’ procedures cannot be used in relation to customers who are high ML/TF risk. Reportingentities may use electronic data, such as the DVS, for the purposes of verifying high ML/TF risk customers(and their beneficial owners). However, identification of high-risk customers requires more detailed orextensive checks than under the electronic-based safe harbour procedures for medium or lower ML/TF riskcustomers. The number and type of verification procedures used by a reporting entity in high ML/TF riskcircumstances is determined by the reporting entity on the basis of its ML/TF risk assessment of its customersand the designated services it provides.

If a reporting entity uses electronic data for verification, the reporting entity is required under Part 4.10 ofChapter 4 to determine:

whether the electronic data is reliable and independent, taking into account the following factors:the accuracy of the datahow secure the data ishow the data is kept up-to-datehow comprehensive the data is (for example, by reference to the range of persons included in thedata and the period over which the data has been collected)whether the data has been verified from a reliable and independent sourcewhether the data is maintained by a government body or pursuant to legislation, andwhether the electronic data can be additionally authenticated, and

what reliable and independent electronic data the reporting entity will use for the purpose of verificationthe reporting entity‘s pre-defined tolerance levels for matches and errors, andwhether, and how, to confirm KYC information collected from a customer by independently initiatingcontact with the person that the customer claims to be.

AUSTRAC considers that the DVS fulfils all the criteria for ‘reliable and independent electronic data’ and,accordingly, can be relied upon by reporting entities to undertake their customer and beneficial ownerverification obligations as required by the AML/CTF Act and AML/CTF Rules. It is noted that reportingentities may use other electronic data (and, therefore, potentially other services) for the purposes ofverification if they meet the criteria specified in Part 4.10.

Record-keeping obligations and the DVSUnder section 112 (Making of records of identification procedures) of the AML/CTF Act, reporting entitiesare required to keep records of the applicable customer identification procedure (ACIP) they undertake inrespect to each customer, and of the information they obtain in the course of carrying out that procedure.

ACIP records must be kept until the end of the first 7 year period:

commencing after the ACIP is carried outthroughout the whole of which the reporting entity did not provide any designated services to thecustomer.

There is no AML/CTF requirement for reporting entities to copy documents produced by customers. For


69 of 147 18/9/17, 2:46 PM

example, a reporting entity may record details about identification documents produced by a customer, such aspassport or driver licence details, rather than photocopy them. However, if a customer produces a physicaldocument to the reporting entity as part of the ACIP and the reporting entity makes a copy of the document,under section 111 of the AML/CTF Act the reporting entity is taken to have made a record of the informationcontained in that copied document and the 7 year record-retention requirement will apply.

For the purposes of making copies of documents or recording information, a reporting entity has the discretionto, for example, print off screen displays of searches, scan or retain certified copies of the documents it hasused for the ACIP. It is noted that the majority of reporting entities photocopy or scan copies of photographicidentification documents produced to them by customers. Other practices include electronically recording thedetails of the documents or making manual file notes or records of documents sighted.

If a reporting entity uses the DVS as part of the ACIP process, a record of the use of the DVS must be madefor the purposes of the AML/CTF Act. The creation of this record may include either printing, savingelectronically, scanning or by making a file note of the Information Match Result obtained (including the dateof the Result).

A record of the Information Match Result will fulfil the record-keeping requirements of the AML/CTF Act asit will verify customer details obtained under the ACIP, provide a record of that verification and how theverification took place.

It is noted that all business users of the DVS are required to sign contracts with AGD in relation to their use ofthe Service. One of these conditions is that reporting entities are required to record any DVS InformationMatch Results they receive (including errors). This contractual requirement is separate to AML/CTF record-keeping requirements, but may satisfy those AML/CTF requirements if the records made contain sufficientdetails about the customer and the ACIP undertaken for the purposes of section 112 of the AML/CTF Act.

Designated Business Groups (DBGs)Where a reporting entity is a member of a DBG, there is scope for that reporting entity to rely on an ACIPcarried out in relation to a customer by another reporting entity in the same DBG under section 38 (Applicablecustomer identification procedures deemed to be carried out by a reporting entity) of the AML/CTF Act.

If a reporting entity has utilised the DVS as part of carrying out an ACIP in relation to a customer, any otherreporting entity in the DBG may be able to rely on those DVS results in relation to that customer. However,the conditions specified in Part 7.3 of Chapter 7 of the AML/CTF Rules, which relate to DBGs, must be met.

If a reporting entity is a member of a DBG, there is also scope for another member of the DBG to dischargethe ACIP record-keeping obligations of the reporting entity under the AML/CTF Act. This means that onereporting entity in a DBG may undertake all record-keeping functions for all the reporting entities in the DBGand also undertake the ACIP in relation to all common customers of the DBG.

For further information about DBG's please go to Chapter 3 of the AUSTRAC compliance guide.

Privacy requirementsReporting entities should note that they are required to comply with the Privacy Act 1988 (Privacy Act),including the requirement to comply with the Australian Privacy Principles (APPs), in relation to all activitiescarried on for the purposes of, or in connection with, the AML/CTF Act, even if they would otherwise beexempt from the Privacy Act.

AUSTRAC notes that use of the DVS does not alter the obligations of reporting entities in dealing withpersonal information of individuals under the Privacy Act, including the collection, use and storage ofpersonal information, how personal information is kept current and up-to-date and the handling of personalinformation security breaches.


70 of 147 18/9/17, 2:46 PM

Under the Privacy Act, the Australian Privacy Commissioner may conduct an assessment of whether personalinformation held by a reporting entity is being maintained and handled in accordance with the APPs. Thisextends to personal information that a reporting entity is required to collect under the AML/CTF regime.

Further informationFurther information on the DVS can be found at the following links:

Document Verification Service websiteAttorney-General's Department website

Key terms used in the AML/CTF Rules definitionof PEPs

'Prominent public position or function''Government body''International organisation''Government Minister or equivalent senior politician''Senior government official''Judge of a court of equivalent seniority in a foreign country or international organisation''Governor of a central bank or any other position that has comparable influence to the Governor of theReserve Bank of Australia''Senior foreign representative, ambassador or high commissioner''High ranking member of the armed forces''State enterprise''Immediate family member and close associate''Source of wealth' and 'source of funds''Senior management approval'

'Prominent public position or function'This term relates to functions which may exist at the Commonwealth, state and territory levels or their foreignequivalents. The meaning of 'prominent' may be determined through the size of the function in relation to thenumber of affected persons, the budget and its relevant powers and responsibilities.

The 2012 FATF Recommendations provide examples of positions which are covered, such as Heads of Stateor of government, senior politicians, senior government, judicial or military officials, senior executives ofstate-owned corporations, important party officials, or, in relation to international organisations, directors,deputy directors and members of the board or equivalent. The FATF provides further detail in its guidance,Politically Exposed Persons (Recommendations 12 and 22).

Such positions commonly hold specific powers in relation to approving government procurement processes,budgetary spending, development approvals and government subsidies and grants.

PEPs at the local government or municipal level

It is noted that although FATF considers that a prominent public function may extend to the municipal or localgovernment level, it is generally considered that this will only apply to persons who have the substantivepowers (as noted above) relevant to this level of government.

The definition of 'domestic politically exposed person' in the AML/CTF Rules limits such persons to thosewho hold a position in an 'Australian government body', which is defined in the AML/CTF Act as extendingto the Commonwealth, state or territory levels. This definition does not capture the local government or


71 of 147 18/9/17, 2:46 PM

municipal level.

This is not the case with the definition in the AML/CTF Rules of 'foreign politically exposed persons' whohold positions in a 'government body', which is defined more broadly in the AML/CTF Act to include the'government of part of a country'.

Although foreign PEPs are characterised as being of high ML/TF risk under Part 4.13 of the AML/CTF Rules,reporting entities may consider foreign officials at the local or municipal level as being PEPs only if they holdthe substantive powers as noted above.

Accordingly, domestic customers of reporting entities at the local government or municipal level and whowould otherwise be considered PEPs if they were foreign customers, are not required to be treated as PEPsunder Part 4.13 of the AML/CTF Rules. However, the normal obligations relating to customer identification inChapter 4 and ongoing customer due diligence in Chapter 15 will apply to such persons.

The Department of Foreign Affairs and Trade's Heads of Government List provides details on the names andtitles of heads of state, heads of government, foreign ministers, trade ministers and in some case, ministersresponsible for development assistance.

Back to top

'Government body'In summary, the AML/CTF Act defines 'government body' as:

the government of a country; oran agency or authority of the government of a country; orthe government of part of a country;an agency or authority of the government of part of a country.

The AML/CTF Act also defines 'Australian government body' as:

the Commonwealth, a state or a territory; oran agency or authority of the Commonwealth, or a state or a territory.

Such Australian government bodies are created for a public purpose and come under the power ofgovernment, whether at the Commonwealth, state or territory level. This description is also relevant forforeign government bodies, with 'public purpose' being the key indicator in determining whether a body iscategorised as a government body.

The Australian Government's Government Online Directory provides details of government bodies at theCommonwealth, state and territory levels.

Back to top

'International organisation'For the purposes of the PEP definition, 'international organisations' are organisations established by formalpolitical agreement between countries, where the agreement has the status of an international treaty, and theorganisation is recognised in the law of the member countries.

The examples of international organisations provided by FATF include:

the United Nations and affiliates such as the International Maritime Organizationregional international organisations such as the Council of Europe, institutions of the European Union,the Organization for Security and Co-operation in Europe and the Organization of American States


72 of 147 18/9/17, 2:46 PM

international military organisations such as the North Atlantic Treaty Organizationeconomic organisations such as the World Trade Organization.

Back to top

'Government Minister or equivalent senior politician'Government minister

In Australia, a government minister (at the Commonwealth, state or territory level) is an elected person whoholds an executive office in the government and is responsible for administering one or more departments. AParliamentary Secretary may be considered the equivalent of a minister.

For foreign PEPs, there may be situations where the government minister or equivalent is not an electedperson but may be appointed directly by the government (for example, Cabinet Secretaries in the UnitedStates) with relevant or equivalent powers to those held by Australian government of the day through thecasting of their votes.

Equivalent senior politician

The term 'equivalent senior politician' includes 'shadow' ministers in the opposition and will include personssuch as the Leader of the Opposition and the leaders of parties in Parliament.

In situations where the government does not have a clear majority and therefore relies upon members of otherparties to pass legislation implementing its policies, politicians who would not fulfil the requirements of beingministers or have sufficient seniority, may be considered to fall within this category due to the power theyhave to influence the government of the day through the casting of their votes.

The 'ElectionGuide' website provides a worldwide overview of elections, including details of seniorpoliticians.

Back to top

'Senior government official'The criteria noted above in regard to 'prominent public position or function' are also relevant to determiningwhether a person is a 'senior' government official. These include:

the size of the function in relation to the number of affected personsthe budget and relevant powers and responsibilities of the position, including the approval ofgovernment procurement processes, control over regulatory approvals including the awarding oflicenses or concessions, budgetary spending and government subsidies and grants.

Reporting entities may also consider positions at lower levels if those persons are in roles which have powersand responsibilities which are equivalent or similar to those of senior government officials (for example, aChief Financial Officer or Chief Information Officer with significant procurement or other budgetaryresponsibility or oversight).

The roles of senior government officials in foreign countries may vary widely from those in Australia. Thefollowing lists may assist reporting entities in determining whether a person is a foreign senior governmentofficial.

An official is more likely to be considered a senior government official if they have:

substantial authority over or access to state assets and funds, policies and operationscontrol over regulatory approvals


73 of 147 18/9/17, 2:46 PM

control or influence over decisions that would effectively address identified shortcomings in theAML/CTF system of the countryaccess, control or influence over government accounts

or if they are involved in state industries such as:

arms trade and defence industrybanking and financeconstruction and large infrastructuregovernment procurementmining and extractionprovision of public goods and utilities.

Back to top

'Judge of a court of equivalent seniority in a foreign country orinternational organisation'The PEP definition specifies courts of equivalent seniority to the High Court of Australia, the Federal Court ofAustralia or the Supreme Courts of a state or territory:

Supreme Courts are the highest court in the judicial hierarchy of each state or territorythe Federal Court covers almost all civil matters arising under Australian federal law, including somesummary and indictable criminal mattersthe High Court deals with cases which originate in the High Court and is the highest court of appeal inAustralia on all legal matters.

The Attorney-General's Department courts webpage includes details of judges for relevant courts such as theHigh Court and the Federal Court.

Accordingly the relevant principle in respect to foreign country courts is whether the court is one of thesuperior courts within its relevant jurisdiction (such as a state or territory), or whether it is the highest withinthe country.

The PEP definition also refers to judges of 'international organisations'. Not all international organisations willhave judicial or similar functions; however, examples of international organisations that do are theInternational Court of Justice and the European Union Court of Justice.

In these examples, the relevant position may not include the term 'judge' within its title; however, the positionmay be the equivalent of a judge as the position holder is required to determine matters through theapplication of a legal remedy.

Back to top

'Governor of a central bank or any other position that hascomparable influence to the Governor of the Reserve Bank ofAustralia'Central banks oversee the monetary system of a nation and have a wide range of responsibilities, fromoverseeing monetary policy to implementing specific goals such as currency stability, low inflation and fullemployment. They may also issue currency, function as the bank of the government, regulate the creditsystem, oversee commercial banks, manage exchange reserves and act as a lender of last resort.

The Reserve Bank of Australia (RBA) is a 'central bank' and has legislated functions to contribute to thestability of the Australian currency, full employment and the economic prosperity and welfare of the


74 of 147 18/9/17, 2:46 PM

Australian people. The Governor of the RBA manages the bank and its operations.

An internet search can usually identify the central bank of a foreign country and the relevant positionequivalent to the Governor of the RBA. For example, in the United States the central bank is the FederalReserve, with the equivalent position being the Chairman of the Board of Governors. In the United Kingdom,the Bank of England is the central bank with the equivalent position being the Governor and in Indonesia,Bank Indonesia is the central bank and it is led by the Governor.

The Bank for International Settlements website provides a comprehensive overview of world central banks.

Back to top

'Senior foreign representative, ambassador or high commissioner'The foreign postings of the Australian Government include:

Ambassador – Head of an embassy which is the main representative office of one country in the capitalcity of another.High Commissioner – Head of the High Commission, a main representative office of a Commonwealthcountry in the capital city of another Commonwealth country.>

The following Australian Government foreign postings may be characterised as 'senior foreignrepresentatives':

Consul-General – Head of the Consulate or Consulate-General, a lower level representative office,usually located in a city outside the capital city.>Deputy Head of Mission – The deputy to the ambassador.Charge d'affaires – An official placed in charge of diplomatic business during the temporary absenceof the ambassador.Honorary Consul – Head of the Honorary Consulate. This is usually a private businessperson (usuallyan Australian citizen) who agrees to perform limited consular functions, in a city where Australia doesnot have an Australia-based representative.

The Department of Foreign Affairs and Trade's Embassies and consulates web page provides details ofpersons in the above roles. Equivalent terms used by foreign countries include:

Head of MissionChief of MissionMinisterMinister-CounsellorDeputy Chief of MissionNuncioPermanent Representativeminister plenipotentiary.

Other titles regarding diplomatic postings may be considered by reporting entities as being PEPs if the personhas a prominent public position or function.

Back to top

'High ranking member of the armed forces'In Australia the 'armed forces' refer to the Australian Army, the Royal Australian Navy and the RoyalAustralian Air Force. However, foreign armed forces may vary in regard to the services which exist.

In Australia the following may be considered to be 'high ranking' and are listed in descending order of


75 of 147 18/9/17, 2:46 PM

seniority:

Australian Army Royal Australian Navy Royal Australian Air Force

General Admiral Air Chief Marshall

Lieutenant General Vice Admiral Air Marshall

Major General Rear Admiral Air Vice Marshall

The seniority of a rank is generally based upon two elements: what the rank may command in the field (orequivalent) in times of conflict, and the executive role which they may undertake. For example, a MajorGeneral may command a division (approximately 10,000 to 15,000 soldiers) and hold an executiveappointment such as Special Operations Commander – Australia.

The Australian Government Department of Defence's website provides details on senior appointments in theAustralian Defence Force.

Back to top

'State enterprise'In Australia, a 'state enterprise' is usually known as a 'government business enterprise' (GBE) and may exist atthe Commonwealth, state or territory level. A state enterprise is characterised by:

the government controlling the enterprisethe enterprise being principally engaged in commercial activitiesthe enterprise having a legal personality separate to a department of government.

The enterprise may be a body corporate established by legislation for a public purpose (state-owned orstatutory corporations), or a company established under corporations law in which a state or territorygovernment has a controlling interest.

Examples of current Commonwealth GBEs are ASC (formerly known as Australian Submarine Corporation),Australian Postal Corporation, Australian Rail Track, Defence Housing Australia and NBN Co Limited.

The Department of Finance website includes details about current Commonwealth GBEs and a register ofAustralian Government Organisations.

In foreign countries, GBEs may be known as a crown corporation, government-owned corporation, state-owned company, state-owned entity, state enterprise, commercial government agency or public sectorundertaking.

As noted in the PEP definition, in such organisations a PEP may be the board chair, chief executive, chieffinancial officer or any other position which has comparable influence in the organisation.

Back to top

'Immediate family member and close associate'


76 of 147 18/9/17, 2:46 PM

The FATF Recommendations require that family members and close associates of PEPs should be treated asPEPs because of the potential that the relationship could be misused to move the proceeds of crime orfacilitate their placement and disguise, or for terrorism financing. In determining the level of ML/TF riskassociated with a customer or potential customer who is close associate and/or family member of a PEP, thereporting entity should consider the identified links between the PEP and the family member or associate.

The notion of a 'close associate' is not intended to capture every person who has been associated with a PEP,such as a friend or colleague. A close associate is an individual who is known (through information that ispublic or readily available) to have:

joint beneficial ownership of a legal entity (for example, a company) or legal arrangement (for example,a trust) with the PEPsole beneficial ownership of a legal entity or legal arrangement that is known to exist for the benefit ofthe PEP.

The PEP definition within the AML/CTF Rules specifies that an 'immediate family member' includes aspouse, a de facto partner, a child and a child's spouse or de facto partner, and a parent.

The definition of an immediate family member is inclusive and therefore is not limited to the relationshipsspecified. The list indicates what is meant by the term and a decision as to who is an immediate familymember will be informed by what information is public or readily available about the PEP. For example, itmay be known that a particular PEP has a history of business dealings with a sibling, so a reporting entity maytherefore consider that the sibling's relationship with the PEP is sufficiently close for the sibling to beconsidered an immediate family member (even though siblings are not specifically included in the AML/CTFRules definition).

The PEP definition also notes that the term 'de facto partner' is defined in the Acts Interpretation Act 1901 insection 2D (References to de facto partners), section 2E (Registered relationships) and section 2F (De factorelationships)and this definition should be used for the purposes of the AML/CTF Rules. In summary, thatdefinition specifies that a person is a de facto partner of another person (whether of the same or different sex)if:

the person is in a registered relationship with the other person; oris in a de facto relationship with the other person.

A 'registered relationship' means that the relationship is registered under a law of a state or territory as aprescribed kind of relationship. A 'de facto relationship' means that the persons:

are not legally married to each other; andare not related by family; andhave a relationship as a couple living together on a genuine domestic basis.

Back to top

'Source of wealth' and 'source of funds'Although the terms 'source of wealth' and 'source of funds' are not specifically used in the AML/CTF Rulesdefinition of PEPs, they are both relevant considerations when assessing ML/TF risk for PEPs.

FATF states that 'source of wealth' refers to the origin of the PEP's entire body of wealth (the total assets),which in turn will give reporting entities an indication of both the volume of wealth the customer would beexpected to have and how the PEP acquired that wealth.

'Source of funds' refers to the origin of the particular funds or assets which are the subject of the businessrelationship between the PEP and the reporting entity, such as the amounts being invested, deposited ortransferred.

The purpose of ascertaining such information is to ensure that the reason for the business relationship is


77 of 147 18/9/17, 2:46 PM

commensurate with what a reporting entity could reasonably expect of the PEP in the particular circumstancesrelating to that customer.

What constitutes a 'reasonable expectation' may relate to the PEP's current income and sources of wealth andfunds that could be explained from previous positions, business undertakings or family estates. When thesource of wealth and funds do not appear reasonable when the circumstances of the PEP are considered, thenthis would be relevant to the ML/TF risk assessment by the reporting entity of that customer and may be anindicator of corruption.

Collecting information about sources of wealth and sources of funds

Commonwealth, state and territory politicians in Australia are legally required to publicly disclose assets; forexample, through a Register of Member's Interests (or equivalent). Reporting entities may use this informationto inform their assessment of a domestic PEP's wealth and sources of funds.

The Commonwealth 'Statement of Registrable Interests', for example, requires the disclosure of informationrelating to shareholdings in public and private companies, family and business trusts, real estate, directorships,partnerships, liabilities, savings or investment accounts, bonds, debentures, substantial sources of income andany assets valued over $7,500.

If the reporting entity's ML/TF risk assessment of the customer warrants it, the reporting entity can furtherinvestigate the customer's interests through other publicly available resources, such as registers relating tocompanies which could provide information about a PEP's wealth and funds. A reporting entity might alsorequest information from the customer such as evidence of insurance payouts, bequests, gambling wins orasset sales.

The extent of investigation expected of a reporting entity in relation to the source of wealth and source offunds for the PEP is determined by the use of 'reasonable measures', which is defined in Chapter 1 of theAML/CTF Rules as 'appropriate measures which are commensurate with the money laundering or terroristfinancing risks'. The investigation by a reporting entity must be 'reasonable' in the context of thecircumstances under consideration, and this may vary from case to case.

Accordingly a definitive explanation of what is 'reasonable' cannot be given.

If a reporting entity is unable to determine the source of wealth and the source of funds after undertaking ademonstrated investigation, then the reporting entity may consider whether it is appropriate to continue thebusiness relationship, or, if the relationship does continue, whether to submit a suspicious matter report (SMR)for that particular PEP.

The Parliament of Australia 'Parliamentary Remuneration' webpage provides information about assetdisclosure requirements at the Commonwealth, state and territory levels.

Information about international public figures and financial disclosure has been collated in the World Bank'sFinancial Disclosure Law Library.

Back to top

'Senior management approval'Although the term 'senior management approval' is not specifically used in the PEPs definition, such approvalis directly relevant to the development of ML/TF risk management systems for PEPs.

Where a customer is a foreign PEP, or a high ML/TF risk domestic or international organisation PEP, Part 4.13of the AML/CTF Rules requires 'senior management approval' for:

a business relationship with that PEP to commence or continue, orwhether a designated service to be provided or continue to be provided to that PEP.


78 of 147 18/9/17, 2:46 PM

The appropriate time frame for senior management consideration is a matter for the reporting entity.

It would be assumed that in the assessment of such relationships, with their potential for high ML/TF risk,senior management consideration would be provided in a timely manner, as an inordinate delay may haveimpacts both on the potential customer and the business of the reporting entity.

For example, the senior management assessment may be crucial for the provision of a designated servicerelating to a significant loan amount, as without that assessment the reporting entity may be exposed topotential financial risk with that high ML/TF risk customer.

Likewise, in circumstances where this designated service has been provided to a PEP or a businessrelationship has been established, it would also be prudent for senior management approval to be obtained 'assoon as practicable' after the commencement of that relationship for the same reason.

Back to top

Chapter 7 - AML/CTF reporting obligationsContents

IntroductionBackgroundThreshold transaction reports (TTRs)International funds transfer instructions (IFTIs)Suspicious matter reports (SMRs)AML/CTF compliance reportsCross-border movement reports

IntroductionThe Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) imposes ongoingtransaction reporting obligations and compliance reporting obligations on reporting entities. The AML/CTFAct also requires individuals to report cross-border movements of physical currency and bearer negotiableinstruments.

This chapter provides an overview of the AML/CTF Act reporting obligations. Cash dealers and solicitorswith reporting obligations under the Financial Transactions Reports Act 1988 refer to Chapter 10 - FinancialTransaction Reports Act.

BackgroundOngoing reporting obligations

Transaction reports

Under the AML/CTF Act there are three types of transaction reports reporting entities must submit toAUSTRAC:

Threshold transaction reports (TTRs)

International funds transfer instruction reports (IFTIs)


79 of 147 18/9/17, 2:46 PM

Suspicious matter reports (SMRs)Cross-border movements

Individuals and businesses, including reporting entities, must report cross-border movements of physicalcurrency of AUD10,000 or more (or the foreign currency equivalent). If required by an Australian Customsand Border Protection or police officer, persons who are entering or leaving Australia must complete a reportdetailing any bearer negotiable instruments (such as travellers cheques, cheques or money orders) they arecarrying, of any value.

Cross-border movement reportsAML/CTF compliance reporting obligations

Reporting entities must submit AML/CTF compliance reports to AUSTRAC annually (or as prescribed in theAML/CTF Rules). These reports provide AUSTRAC with information about the reporting entity's compliancewith the AML/CTF Act, Regulations and AML/CTF Rules. Some reporting entities are exempt from therequirement to provide an AML/CTF compliance report.

AML/CTF compliance reportsTables 1-3 below, summarise reporting obligations under the AML/CTF Act.

Tables 1-3: Summary of reporting obligations

Transaction reports

Report type Summary of reporting obligation Reporting timeframe References

Thresholdtransactionreports (TTRs)

If a reporting entity provides a designatedservice that involves the transfer ofphysical currency or e-currency ofAUD10,000 or more (or foreign currencyequivalent), the reporting entity mustsubmit a TTR to AUSTRAC.

Within 10 businessdays after the daythe transactionoccurred

Section 43 of theAML/CTF Act;Chapters 19 and 37of the AML/CTFRules.

Internationalfunds transferinstructionreports (IFTIs)

If a reporting entity sends or receives aninstruction to or from a foreign country totransfer money or property - eitherelectronically or under a designatedremittance arrangement (DRA) - thereporting entity must report an IFTI-E(electronic) or IFTI-DRA to AUSTRAC.

Within 10 businessdays after the dayan instruction wassent or received

Sections 45 and 46of the AML/CTFAct; Chapters 16,17 and 51 of theAML/CTF Rules.

Suspiciousmatter reports(SMRs)

If a reporting entity forms a suspicion atany time while dealing with a customer(from enquiry to providing a designatedservice or later) on a matter that may berelated to an offence, tax evasion or

24 hours after thetime the relevantsuspicion is formedif it relates to thefinancing of

Section 41 of theAML/CTF Act;Chapter 18 of theAML/CTF Rules.


80 of 147 18/9/17, 2:46 PM

proceeds of crime, the reporting entity mustsubmit an SMR to AUSTRAC.

Offences include money laundering,terrorism financing, operating under a falseidentity or any other offence under aCommonwealth, state or territory law.

terrorism.Three businessdays after the daythe relevantsuspicion wasformed in all othercases.

Cross-border movements


Cross-bordermovement ofphysical currency(CBM-PC)

Persons entering or departing Australiamust report any currency they arecarrying of AUD10,000 or more (orforeign currency equivalent). Thisincludes mailing or shipping currency ofAUD10,000 or more (or foreign currencyequivalent) into or out of Australia.

Before the physicalcurrency is sent orcarried out ofAustralia, or carriedinto AustraliaWithin five businessdays after receivingphysical currencysent to Australia

Sections 53-58 ofthe AML/CTFAct; Chapters24-26 of theAML/CTF Rules.

Cross-bordermovement ofbearer negotiableinstruments(CBM-BNI)

Persons entering or departing Australiamust report - when requested by anAustralian Customs and BorderProtection or police officer - themovement of bearer negotiableinstruments (such as travellers cheques,cheques, money orders) of any amountinto or out of Australia.

Immediately uponrequest by anAustralian Customsand BorderProtection or policeofficer

Section 59 of theAML/CTF Act;Chapters 24-26 ofthe AML/CTFRules.

AML/CTF compliance report


AML/CTFcompliancereports

Unless an exemption applies, reporting entitiesmust submit an AML/CTF compliance reportto AUSTRAC. The report provides AUSTRACwith information about reporting entities'compliance with the AML/CTF Act,Regulations and Rules.

Annually or asprescribed underChapter 11 of theAML/CTF Rules

Section 47 of theAML/CTF Act;Chapter 11 of theAML/CTF Rules.

Reporting methods

How do reporting entities submit transaction reports and suspicious matter reports to AUSTRAC?


81 of 147 18/9/17, 2:46 PM

The simplest way to submit transaction reports is electronically through AUSTRAC Online. AUSTRACprovides three methods for electronic reporting:

Data entry: TTRs, IFTIs and SMRs can be completed and submitted manually via AUSTRAC Online.This reporting method may be suitable for reporting entities which submit low volumes of reports.Spreadsheet: TTR and IFTI data can be entered into a spreadsheet template provided by AUSTRAC.The spreadsheet can be accessed and submitted to AUSTRAC via AUSTRAC Online.Extraction: This is the best reporting option for larger businesses which capture and store transactiondata electronically. A program extracts the relevant transaction information from the reporting entity'sdatabase and collates it in a single file, which is transmitted to AUSTRAC via AUSTRAC Online.

Note: The XML file format schemas and specifications documents are available via a reporting entity’sAUSTRAC Online account. These documents outline the requirements of the XML format and specificationsfor a reporting entity to write their own XML extraction program. All reporting entities seeking to takeadvantage of the XML extraction method of reporting must undergo an 'XML test file process' in theAUSTRAC Online testing environment. This testing environment is to ensure the reporting entity’s XMLextraction program meets the XML file format schema and specifications. After satisfying this requirement,AUSTRAC will enable a reporting entity’s AUSTRAC Online account to support reporting via the XMLextraction method.

Please contact the AUSTRAC Client Information Services section to request access to the AUSTRAC Onlinetesting environment and for support on all matters related to the XML extraction method of reporting viaemail to [email protected] or telephone 1300 021 037.

Reporting entities which submit less than 50 reports per year, or do not have internet access, may use a paperform, which is available by contacting the AUSTRAC Contact Centre.

How do reporting entities submit AML/CTF compliance reports to AUSTRAC?

AML/CTF compliance reports can be submitted electronically using AUSTRAC Online. Alternatively,reporting entities can request a paper form by contacting the AUSTRAC Contact Centre.

How are cross-border movements of physical currency and cross-border movements of bearernegotiable instruments reported to AUSTRAC?

Cross-border movements of physical currency and bearer negotiable instruments are usually reported at theCustoms examination area of an airport or shipping passenger terminal when a person is entering or leavingAustralia. Cross-border movement - physical currency (CBM-PC) and cross-border movement - bearernegotiable instrument (CBM-BNI) reporting forms are available from Australian Customs and BorderProtection officers at Australian international airports and sea ports.

The mailing or shipping of physical currency of AUD10,000 or more (or foreign currency equivalent) into orout of Australia must be reported to an Australian Customs and Border Protection, a police officer or directlyto AUSTRAC. Reporting forms can be obtained by contacting the AUSTRAC Contact Centre. The reportmust be submitted before sending the currency out of Australia. When receiving currency from outsideAustralia, the report must be submitted by the recipient within five business days of receiving the currency.

Accuracy and timeliness

Why is it important to submit accurate reports within the specified time frames?

Timely and accurate transaction and cross-border movement reports help AUSTRAC and its partners detect,deter and disrupt criminal and terrorism activities. AUSTRAC analyses the reports it receives to uncoverpatterns of criminal activity, including money laundering and terrorism financing. AUSTRAC disseminatesthis financial intelligence to its domestic and overseas partners to assist in their investigations. Theinformation greatly enhances the intelligence held by AUSTRAC and is used by its partner agencies tocombat crime.


82 of 147 18/9/17, 2:46 PM

Additional information

AUSTRAC's AML/CTF Act reporting policy specifies the approved methods for submitting transactionreports and the processes for implementing those methods.

AUSTRAC publishes sample report forms, educational materials, XML schemas and report file formatspecifications for each type of transaction report. These are available by contacting the AUSTRAC ContactCentre at [email protected] or phone 1300 021 037 (a local call within Australia).

See the Enrolment and registration page for further information on opening an AUSTRAC Online account.

Threshold transaction reports (TTRs)Contents

What are the threshold transaction reporting obligations?What details must be reported in a TTR?What information must be reported when the individual conducting the transaction is not the customerof the designated service?What are the reporting obligations when the threshold transaction involves an account with multiplesignatories?What are the reporting obligations when a customer deposits physical currency of AUD10,000 or more(or foreign currency equivalent) directly into the reporting entity's bank account?When should a customer's transactions be combined and reported in a single TTR?What are the TTR obligations for cash carriers?When must a reporting entity provide further information about a TTR?What are the penalties for failing to report a TTR?Are there any exemptions from the obligation to report a TTR?What is structuring?Is a registered affiliate of a remittance network provider required to submit TTRs?Additional information

What are the threshold transaction reporting obligations?Reporting entities must submit a TTR to AUSTRAC within 10 business days after the entity provides acustomer with a designated service involving a 'threshold transaction'. Threshold transactions involve thetransfer of physical currency or e-currency of AUD10,000 or more (or foreign currency equivalent). Forexample, depositing physical currency of AUD10,000 or more into a person's account is a thresholdtransaction.

Back to top

What details must be reported in a TTR?Chapter 19 of the AML/CTF Rules specifies the details which reporting entities must report to AUSTRAC ina TTR. These details include:

the business details of the reporting entitythe customer of the designated servicethe individual conducting the transaction (if different from the customer)the recipient of the proceeds of the transaction (if different from the customer)details of the transaction, including cash and other components.


83 of 147 18/9/17, 2:46 PM

Further information about the details that must be reported in a TTR is available in AUSTRAC's Guide tomaking a Threshold Transaction Report. AUSTRAC has produced four TTR guides, covering money servicesbusinesses, investment and superannuation businesses, gambling services, and financial and bullion services.These guides are available to reporting entities through AUSTRAC Online or by contacting the AUSTRACHelp Desk.

Back to top

What information must be reported when the individual conductingthe transaction is not the customer of the designated service?Reporting entities must include in a TTR the details of the individual conducting a threshold transaction wherethat individual is not the customer of the designated service. This requirement applies in the followingcircumstances:

where the individual is not the customer;where the individual is an employee acting on behalf of the customer; for example, in circumstanceswhere the individual may be depositing takings on behalf of the customer's business; andwhere the individual is conducting the transaction on behalf of a non-individual entity (such as a cashcarrier or courier business) which is not the customer.

A reporting entity must disclose in a TTR:

if an individual conducted the transaction; andif the individual that conducted the transaction is not the customer of the designated service, the detailsof that individual and any business they represent in accordance with Chapter 19 of the AML/CTFRules.

In some situations, the reporting entity is not required to report the details of the individual representing thecustomer. This applies where:

the transaction involves a deposit which was not carried out 'face-to-face' (for example, through the useof an automated teller machine or night or express deposit facility), orthe individual carries out a transaction relevant to the item 51 (collecting physical currency) or item 53(delivering physical currency) designated services; that is, where the individual is acting on behalf of abusiness such as a cash carrier.

Where these circumstances apply, the reporting entity must supply AUSTRAC with a statement stating thatone of the above two situations apply, in addition to the customer details.

If a reporting entity does not know whether the customer or an individual acting on behalf of the customercarried out the transaction, the reporting entity must assume that the transaction was carried out by thecustomer and supply details accordingly.

Determining whether the individual conducting the threshold transaction is thecustomer of a designated service

Determining the customer of a transaction will depend on the facts available to the reporting entity and thetype of designated service provided. AUSTRAC expects reporting entities to carefully examine each thresholdtransaction to determine whether the individual conducting the transaction is the customer of the designatedservice (for example, is the individual conducting the transaction the account holder?).

It is reasonable for a reporting entity to accept that the individual conducting the transaction is the customerand collect the required customer identification information from that individual where the reporting entity hasno reason to believe the individual is not the customer - for example, where:

the individual has not told the reporting entity that they are not the customer; and


84 of 147 18/9/17, 2:46 PM

the reporting entity is not aware, through other information reasonably available to it, that the individualis not the customer.

The following list includes examples of information that a reporting entity may use to decide whether or notthe individual conducting the threshold transaction is the customer of the designated service:

the account is held in the name of a business or companyreporting entity staff notice a difference between the physical appearance of the individual conductingthe transaction and the personal details of the account holder (for example, an obvious difference in ageor gender)the transaction is not consistent with the known financial profile or previous activity of the customerthe transaction is undertaken at a location not normally associated with the customer (for example, adeposit being made interstate).

Collecting 'if known' reportable details about the individual conducting a thresholdtransaction (where the individual is not the customer of the designated service)

Reporting entities must include certain prescribed information in transaction reports, if that information isknown to the reporting entity. 'If known' can mean 'if known or reasonably accessible to a reporting entity'.This is in addition to the mandatory information which must be included in transaction reports.

A reporting entity should endeavour to collect 'if known' reportable details about the individual. Examplesinclude:

telephone numberAustralian Business Number (ABN)Australian Company Number (ACN)Australian Registered Body Number (ARBN).

A reporting entity can rely on information previously collected from an individual conducting a transaction.

Identifying a customer who is not present at the time of the threshold transaction (wherethe individual conducting the transaction is not the customer of the designated service)

In circumstances where it has been determined that the individual conducting the threshold transaction is notthe customer of the designated service, it may be that the customer is not present at the time of the transaction(for example, a person carrying out a transaction on behalf of a family member or a friend that is not present).Further, it may be that the customer is not known to the reporting entity (that is, there is no pre-existingrelationship between the reporting entity and the customer has not been identified previously).

In these circumstances, a reporting entity may consider collecting the required customer identificationinformation from the individual conducting the transaction and verify the information prior to the designatedservice being provided. In circumstances where the required customer information cannot be collected thereporting entity may decide not to provide the designated service.

Where pre-existing customer information is available to the reporting entity, a reporting entity may rely uponthat information to satisfy the identification requirements prior to the designated service being provided.

The individual conducting the threshold transaction is a politically exposed person

If the customer of a designated service is a foreign politically exposed person (PEP), an immediate familymember or a close associate of the foreign PEP, reporting entities must undertake the customer identificationrequirements specified in Chapter 4 of the AML/CTF Rules and the enhanced customer due diligencerequirements in Chapter 15 of the AML/CTF Rules.

These requirements relate to the identification of the customer if the individual has not previously beenidentified (Chapter 4 of the AML/CTF Rules) and, in circumstances where they have previously beenidentified (such as when opening an account), the application of the enhanced customer due diligence


85 of 147 18/9/17, 2:46 PM

measures specified in Chapter 15 of the AML/CTF Rules.

These measures may also be applied to domestic PEPs if the reporting entity assesses them to be of a highML/TF risk.

The enhanced customer due diligence measures include requiring reporting entities to consider whetherparticular transactions should be processed and whether existing customer identification information should beupdated or re-verified.

Back to top

What are the reporting obligations when the threshold transactioninvolves an account with multiple signatories?Reporting entities are only required to report in a TTR the details of the signatory conducting the thresholdtransaction who is not the account holder (that is, the person at the counter). This requirement recognises thatsome accounts (such as corporate accounts) may have many signatories and therefore it is impractical for areporting entity to collect the transaction details of all these individuals.

However, information on any other signatory to the account is reportable if AUSTRAC requests thisinformation from a reporting entity.

Back to top

What are the reporting obligations when a customer depositsphysical currency of AUD10,000 or more (or foreign currencyequivalent) directly into the reporting entity's bank account?A situation may arise where a customer will deposit physical currency of AUD10,000 or more directly intothe reporting entity's bank account, rather than providing physical currency over-the-counter to a reportingentity. These deposits must be reported by the account provider only (that is, the financial institution thataccepts the physical currency), regardless of whether the reporting entity then uses those funds to provide adesignated service in a separate transaction.

Example

A customer deposits AUD20,000 cash directly into a bank account held in the name of a stockbroker. Thestockbroker uses the deposited funds to purchase securities on behalf of the customer. No physical currency ishandled by the stockbroker or its agents.

In this example, there are two designated services provided in two separate transactions:

By accepting the AUD20,000 cash deposit, the stockbroker's bank provides the 'account deposit' service(designated service item 3). This transaction involves the transfer of an amount of physical currencythat must be reported to AUSTRAC; therefore, the bank must submit a TTR to AUSTRAC.By purchasing securities on behalf of the customer, the stockbroker provides the service of 'acquiringsecurities for a person' (designated service item 33). This transaction does not involve transferringphysical currency. Therefore, purchasing the securities is not reportable to AUSTRAC and thestockbroker does not have to submit a TTR. However, if the stockbroker (or its agent) handledAUD10,000 or more of physical currency while providing a designated service (for example, paying forsecurities using physical currency), the stockbroker would have to report the threshold transaction toAUSTRAC in a TTR.

Back to top


86 of 147 18/9/17, 2:46 PM

When should a customer's transactions be combined and reported ina single TTR?A TTR obligation arises when a single transaction involves physical currency of AUD10,000 or more (orforeign currency equivalent). Often, a reporting entity may provide a series of services (for example, cashwithdrawals or account deposits) to a customer which, when combined, amount to AUD10,000 or more (orforeign currency equivalent).

A reporting entity must decide whether providing a series of services constitutes a single transaction or anumber of separate transactions. The decision will largely depend on the circumstances in each case. Ingeneral, a series of services can be considered a single transaction where the services share the samecharacteristics and purpose and are continuous. Some examples are provided below.

Example 1: Reporting more than one cash transaction in a single TTR

Mr K visits ABC Bank and specifically asks to make two cash deposits of AUD7,000 each into the sameaccount. Mr K makes this request because he wants two line items in his bank statement for bookkeepingpurposes.

In this example, ABC Bank provided one designated service (transferring physical currency of AUD14,000)to one customer, and therefore, ABC Bank must report the transaction to AUSTRAC as a single TTR with avalue of AUD14,000.

Example 2: Reporting cash transactions in a separate TTR

Mr V visits his financial institution and hands over AUD25,000 cash. He asks that AUD13,000 be depositedinto his bank account, and AUD12,000 be used to purchase a foreign currency.

In this example, Mr V received two different designated services and, therefore, two transactions occurred(that is, a AUD13,000 cash deposit, and a AUD12,000 purchase of foreign currency). Each transactioninvolved transferring AUD10,000 or more, so the financial institution must report both transactions toAUSTRAC in two separate TTRs.

Back to top

What are the TTR obligations for cash carriers?Where a cash carrier collects physical currency of AUD10,000 or more from a customer, the cash carrier mustsubmit a TTR to AUSTRAC (except in the circumstances detailed below). A reportable threshold transactionis not necessarily a single cash collection - one transaction may involve a series of events occurring over aperiod of time. A TTR must be submitted to AUSTRAC within 10 business days once the threshold isreached. The report should include details of the separate cash collections that comprise the transaction.

Does the series of cash collections relate to a different customer?Does the series of cash collections occur at multiple points within the same site or location (forexample, multiple car parks across the city)?Does the series of cash collections occur over a period of time (for example, on separate days, or atdifferent times on the same day)?

Example

A cash carrier travels to the ABC Shopping Centre car park at 10 am and empties the pay stations from eachfloor of the 10-storey car park. The cash carrier also collects cash from a number of retail shops on each floorin the shopping centre. The cash carrier then travels to the XYZ Shopping Centre and collects cash from thecar park and retail shops. The car park and some of the retail shops at the XYZ Shopping Centre are operatedby the same company as the ABC Shopping Centre. At 5pm, the cash carrier returns to the ABC Shopping


87 of 147 18/9/17, 2:46 PM

Centre to empty the car park pay stations on various floors of the car park.

In this example:

The cash collected from each pay station at the ABC Shopping Centre during the morning collection isa single transaction and should be combined.The cash collected from the retail outlets at the ABC Shopping Centre relates to separate customers andshould not be combined with the cash collected from the pay stations and the cash collected from theretail shops at the XYZ Shopping Centre.The collection of cash from each pay station at the XYZ Shopping Centre is a single transaction andshould not be combined with the cash collected from the pay stations at the ABC Shopping Centrebecause the collections occurred at separate locations.The pay station cash collected at 5 pm from the ABC Shopping Centre should not be combined with thepay station cash collected from the ABC Shopping Centre at 10 am, because the collections occurred atdifferent times.

Information to be supplied by a cash carrier in certain circumstances

If a reporting entity such as a cash carrier provides the item 51 (collecting physical currency) or item 53(delivering physical currency) designated services, they do not need to collect the details of the individualstaff member representing the customer (the actual persons they are delivering physical currency to orcollecting from) if the provision of the collection or delivery service occurs under an agreement whichrequires that the service must be scheduled five business days or more in advance.

This means a cash carrier is not required to collect the details of their customer's staff members every timethey pick up or deliver physical currency of AUD10,000 or more.

In these circumstances, the reporting entity must supply AUSTRAC with a statement to the effect that thetransaction was carried out as specified in Chapter 19 of the AML/CTF Rules. The reporting entity must stillsupply the customer details, but not the details of the customer's individual staff members. If the reportingentity is unable to determine whether the individual who is being provided with the service is the customer oran agent of the customer, the reporting entity can assume that the transaction was provided to the customer.

Back to top

When must a reporting entity provide further information about aTTR?AUSTRAC (and officials from certain AUSTRAC partner agencies in certain circumstances) can issue awritten notice to a reporting entity (or any other person), requiring it to produce further information about aTTR submitted to AUSTRAC. This further information may be information the entity has about the customeror a particular transaction that can assist in an investigation (for example, account information, customerdetails or a statement of transactions).

A reporting entity failing to comply with such a notice may incur a civil penalty.

Back to top

What are the penalties for failing to report a TTR?If a TTR is submitted after the reporting period of 10 business days, or not submitted at all, AUSTRAC canapply to the Federal Court of Australia for a civil penalty order of up to 100,000 penalty units for a bodycorporate, and up to 20,000 penalty units for a person other than a body corporate.

Back to top


88 of 147 18/9/17, 2:46 PM

Are there any exemptions from the obligation to report a TTR?Exemptions from the obligation to report a TTR apply:

where designated services are provided at or through a reporting entity's permanent establishment in aforeign countrywhere a reporting entity holds an Australian financial services licence (AFSL) and only 'arranges for' aperson to receive a designated financial service.

Further, the TTR obligations do not apply when the designated service involving a threshold transaction is:

provided by an authorised deposit-taking institution (ADI) to a customer that is an ADIprovided by the Reserve Bank of Australia to a customer that holds an Exchange Settlement Accountprovided by an Exchange Settlement Account holder to a customer that holds an Exchange SettlementAccountone of the designated services described in item 51 and 53 (table 1, section 6 of the AML/CTF Act,(cash carrying services) and relates wholly to one or more of the following:

a transaction between one ADI and another ADIa transaction between an Australian Government Entity and an ADI with which it holds anaccounta transaction between one Australian Government Entity and anotheran intra-Australian Government Eentity transactionan intra-ADI transaction.

Back to top

What is structuring?'Structuring' is a money laundering technique involving the deliberate splitting of transactions into smalleramounts in order to avoid TTR requirements. It is an offence to conduct transactions designed to avoidingthreshold transaction reporting requirements.

The penalty for structuring is imprisonment for up to five years, or a fine of up to 1,500 penalty units (for acorporation) or 300 penalty units (for an individual).

If it is suspected on reasonable grounds that the customer is structuring or attempting to structure theirtransactions, the reporting entity must submit a suspicious matter report (SMR) to AUSTRAC.

Example

Ms R visits her financial institution and deposits AUD4,000 cash into her account. The next day, she returns tothe financial institution and purchases a bank cheque with AUD6,500 cash and deposits another AUD9,000cash into her account. After reviewing Ms R's previous transactions and her known sources of income (she isunemployed) the financial institution suspects she is structuring her transactions to avoid the TTRrequirements.

The financial institution submits an SMR to AUSTRAC.

Back to top

Is a registered affiliate of a remittance network provider required tosubmit TTRs?No. The remittance network provider is responsible for reporting TTRs on behalf of its affiliates where the


89 of 147 18/9/17, 2:46 PM

reportable transaction uses the network provided by the remittance network provider.

Back to top


More information on completing TTRs is available on AUSTRAC Online or by contacting theAUSTRAC Contact Centre.

1.

See also the AUSTRAC Public Legal Interpretation No. 7 - Significant cash transactions and thresholdtransaction reports.

2.

Back to top

International funds transfer instructions (IFTIs)Contents

What are the IFTI reporting obligations?International electronic funds transfer instruction (IFTI-E)IFTI under a designated remittance arrangement (IFTI-DRA)Is a registered affiliate of a remittance network provider required to report IFTIs?Scenarios of common international funds transfers conducted by casino licence holdersWhen must a reporting entity provide further information about an IFTI?What are the penalties for failing to report an IFTI?Are there any exemptions to the IFTI reporting obligations?

What are the IFTI reporting obligations?The 'sender' of an IFTI transmitted out of Australia, or the 'recipient' of an IFTI transmitted into Australia,must report the instruction to AUSTRAC within 10 business days after the day the instruction was sent orreceived.

There are two categories of IFTIs:

international electronic funds transfer instructions (IFTI-E)instructions given under a designated remittance arrangement (IFTI-DRA)

Back to top

International electronic funds transfer instruction (IFTI-E)What is an electronic funds transfer instruction (EFTI)?

Under the AML/CTF Act, an electronic funds transfer instruction (EFTI) is an electronic instruction sentbetween an 'ordering institution' and a 'beneficiary institution'.

An ordering institution or beneficiary institution can be:

an ADIa bank, building society or a credit unionpersons specified in the AML/CTF Rules.


90 of 147 18/9/17, 2:46 PM

The instruction or the funds must be passed on or transferred in whole or in part by one or more electronicmeans of communication.

An electronic funds transfer instruction can be either a domestic electronic funds transfer instruction or aninternational electronic funds transfer instruction (IFTI-E). There are different reporting requirements fordomestic and international EFTIs.

This section of the chapter describes the reporting obligations for IFTI-Es. See AUSTRAC Public LegalInterpretation No. 11 - Electronic funds transfer instructions and international funds transfer instructionsforinformation about domestic EFTIs.

What is an international electronic funds transfer instruction?

An IFTI-E occurs when:

the ordering institution accepts the instruction at or through a permanent establishment in Australia andthe transferred money is made available to the payee at or through a permanent establishment of thebeneficiary institution in a foreign country, (an outgoing IFTI-E)the ordering institution accepts the instructions at or through a permanent establishment in a foreigncountry and the money is transferred to a permanent establishment of the receiving institution inAustralia (an incoming IFTI-E).

Who are the key parties involved in an IFTI-E?

The key parties of an IFTI-E are:

the 'payer', who requests the 'ordering institution' (institution that accepts the instruction from the payer)to transmit the instructionthe 'sender' (either the ordering institution or another institution), who transmits the instruction to the'beneficiary institution' via any 'interposed institutions' (that is, institutions that take part in theinstruction between the sender and the beneficiary institution)the beneficiary institution, which ultimately makes the funds available to the 'payee' (the person whoreceives the transferred funds) (figure 1).

Figure 1: Parties involved in an international electronic funds transfer instruction

What information must be reported in an IFTI-E?

Chapter 16 of the AML/CTF Rules sets out the reportable details that must be included in IFTI-E reports foreach party involved in the funds transfer.


Additional information on EFTIs and IFTI-Es can be found in:

AUSTRAC Public Legal Interpretation No. 11 - Electronic funds transfer instructions and international


91 of 147 18/9/17, 2:46 PM

funds transfer instructions

Back to top

IFTI under a designated remittance arrangement (IFTI-DRA)What is an IFTI-DRA?

An IFTI-DRA involves:

an instruction accepted at or through a permanent establishment of a 'non-financier' in Australia, wherethe person who receives the instruction is to make, or arranges to make, money or property available tothe ultimate transferee at or through a permanent establishment of a person in a foreign country; or,an instruction accepted at or through a permanent establishment of a person in a foreign country wherea 'non-financier' is to make, or arranges to make, money or property available to the ultimate transfereethrough a permanent establishment of the non-financier in Australia.

Example 1

Customer A wants to send AUD5,000 to his brother (Mr A) who lives in Vietnam. Customer A contacts ABCRemittance Ltd, a registered remittance provider and instructs them to send AUD5,000 to Mr A in Vietnam.

ABC Remittance Ltd arranges to make AUD5,000 available to Mr A by sending an SMS text message to itsagent in Vietnam. The agent arranges to have AUD5,000 delivered to Mr A the next business day.

ABC Remittance Ltd and the agent in Vietnam arrange to reconcile funds between them using a variety ofmethods. One method is to reconcile through a third party, which may occur at a later date.

ABC Remittance Ltd must submit an IFTI-DRA report to AUSTRAC, detailing the international fundstransfer instruction within 10 business days of receiving the instruction.

Example 2

Customer B wants to send AUD2,000 to her family in India. Customer B contacts ABC Remittance Ltd, aregistered remittance provider and instructs them to send AUD2,000 to Mr B in India. Customer B providesABC Remittance Ltd with a cheque for AUD2,000.

ABC Remittance Ltd contacts its agent in India via email. ABC Remittance Ltd deposits the funds in its bankaccount with DEF Bank in Australia and transfers the AUD2,000 from its bank account to the agent's bankaccount with DEF Bank in India. The agent arranges to have the AUD2,000 delivered to Mr B in India.

ABC Remittance Ltd must submit an IFTI-DRA report to AUSTRAC, detailing the international fundstransfer instruction within 10 business days of receiving the instruction.

What information must be reported in an IFTI-DRA?

Chapter 17 of the AML/CTF Rules specifies the reportable details for an IFTI-DRA.

Back to top

Is a registered affiliate of a remittance network provider required toreport IFTIs?No. The remittance network provider is responsible for reporting IFTIs on behalf of its affiliates where thereportable transaction uses the network provided by the remittance network provider.


92 of 147 18/9/17, 2:46 PM

Back to top

Scenarios of common international funds transfers conducted bycasino licence holdersBelow are six examples of the common types of international funds transfers conducted by licensed casinosthat are required to be reported to AUSTRAC. While the examples cover common scenarios faced by casinos,they are not exhaustive.

Some of these scenarios would also require the financial institution facilitating the funds transfer to reportIFTIs in relation to the funds transfer; however, this obligation does not affect the casino’s own obligation tosubmit an IFTI-DRA report. IFTI-DRA reports submitted by casinos have significant intelligence value ascasinos are required to report information about the beneficiary of the transferred funds – this informationwould not necessarily be known or reported by the financial institution(s) facilitating the transfer.

Scenario 1: Incoming IFTI-DRA

An overseas customer (Customer A) negotiates a ‘casino player’ agreement with the Australian casino. Thecasino player agreement is finalised at the casino’s international office in a foreign country. The casino playeragreement contains the date of the visit and the amount to be deposited in the casino’s bank account bycustomer A prior to that visit.

As agreed in the casino player agreement, customer A instructs their local bank in a foreign country to transferAUD150,000 to the Australian casino’s bank account, held with a bank in Australia.

Once the funds are received into the casino’s bank account in Australia, the casino makes the funds availableto customer A by crediting his/her casino gaming account.

Reporting obligation

The Australian casino is the recipient of the IFTI-DRA transmitted into Australia and is required to report anincoming IFTI-DRA as it is within the meaning of item 4 in the table in section 46 of the AML/CTF Act.

Instructions into Australia must contain information in a report regarding the transferor entity (given thatCustomer A is an individual) and ultimate transferee entity as detailed in Chapter 17 of the AML/CTF Rules.Further details are also required to be reported as set out in Chapter 17 of the AML/CTF Rules.

Scenario 2: Outgoing IFTI-DRA

Customer B instructs the Australian casino to transfer AUD150,000 from their casino gaming account to theirpersonal bank account with an overseas bank, or to a third-party bank account outside Australia (for example,another casino’s bank account or an account held by another person).

The Australian casino instructs the Australian bank to transfer the equivalent of AUD150,000 to the customerB’s personal bank account with an overseas bank (or any other overseas bank account specified by thecustomer).


The Australian casino is the sender of the IFTI-DRA transmitted out of Australia and is required to report anoutgoing IFTI-DRA as it is within the meaning of item 3 in the table in section 46 of the AML/CTF Act.

Instructions transmitted outside of Australia must contain details in a report about the transferor entity(includes at a minimum their full name, date of birth, residential address), transmitter and ultimate transfereeentity. Further details are also required to be reported as set out in Chapter 17 of the AML/CTF Rules.


93 of 147 18/9/17, 2:46 PM

Scenario 3: Outgoing IFTI-DRA – inter-company transfer

The Australian casino has a related casino in a foreign country (that is, the two casinos are owned or operatedby the same parent company).

Customer C instructs the Australian casino to transfer AUD150,000 held in their casino gaming account tohis/her casino gaming account held with the related casino in a foreign country.

There is no physical transfer of the funds (that is, no bank transfer is involved) and there is an inter-companyjournal entry to recognise the position so that the funds can be made available to customer C when they arriveat the related casino in a foreign country.

The related casino in a foreign country makes the equivalent of AUD150,000 available to customer C throughtheir gaming account, on the basis of the funds available in customer C’s gaming account with the Australiancasino.


The Australian casino is the sender of the IFTI-DRA transmitted out of Australia and is required to report anoutgoing IFTI-DRA as it is within the meaning of item 3 in the table in section 46 of the AML/CTF Act.

Instructions transmitted out of Australia must contain details in a report about the transferor entity andultimate transferee entity (in this case Customer C is both the transferor entity and ultimate transferee entity)and mandatory information as detailed in Chapter 17 of the AML/CTF Rules.

Scenario 4: Incoming IFTI-DRA – inter-company transfer

The Australian casino has a related casino in a foreign country (that is, the two casinos are owned or operatedby the same parent company).

Customer D instructs a related casino in a foreign country to transfer AUD150,000 held in their casino gamingaccount to his/her casino gaming account held by the related casino in Australia.

There is no physical transfer of the funds (that is, no bank transfer is involved) and there is an inter-companyjournal entry to recognise the position so that the funds can be made available to the customer when theyarrive at the related casino in Australia.

The related casino in Australia makes the equivalent of AUD150,000 available to customer D through theirgaming account, on the basis of the funds available in the customer D’s gaming account with the related


94 of 147 18/9/17, 2:46 PM

casino in a foreign country.



The IFTI-DRA must contain information in a report regarding the transferor entity and ultimate transfereeentity as detailed in Chapter 17 of the AML/CTF Rules. Further details are also required to be reported as setout in Chapter 17 of the AML/CTF Rules.

Scenario 5: Incoming IFTI-DRA – international transfer of funds originating from acheque

Customer E is based outside of Australia and holds a casino gaming account with an Australian casino.Customer E provides a cheque for AUD150,000 to the staff at the Australian casino’s international office (in aforeign country) on the basis that the funds equivalent to the amount of the cheque will be made available bythe Australian casino in customer E’s gaming account.

The staff at the international office deposit the cheque into the Australian casino’s bank account held in anoverseas bank. The proceeds of the cheque remain in the Australian casino’s bank account held at an overseasbank.

The Australian casino is notified of the transaction by staff at the international office. The Australian casinoprepares the funds for the customer for when they arrive in Australia in recognition of the funds held in theAustralian casino’s account with the overseas bank.

Customer E arrives at the Australian casino and AUD150,000 is made available in the customer’s casinogaming account.



The IFTI-DRA must contain information in a report regarding the transferor entity and ultimate transfereeentity as detailed in Chapter 17 of the AML/CTF Rules. Further details are also required to be reported as setout in Chapter 17 of the AML/CTF Rules.


95 of 147 18/9/17, 2:46 PM

Scenario 6: Outgoing IFTI-DRA – international transfer of funds through a bankaccount held by a subsidiary company

The Australian casino has a 100 per cent owned and controlled subsidiary company located in Australia which operates a bank account with anAustralian bank. The state casino regulator has approved and authorised the bank account on the basis that the subsidiary company is a 100 percent owned and controlled entity of the Australian casino (where required by the state casino regulator).

Customer F instructs the Australian casino to transfer AUD150,000 (from the bank account held by the subsidiary company) into their personaloverseas bank account.


The Australian casino is the sender of the IFTI-DRA transmitted out of Australia and is required to report an outgoing IFTI-DRA as it is within themeaning of item 3 in the table in section 46 of the AML/CTF Act.

Instructions transmitted outside of Australia must contain details in a report about the transferor entity (includes at a minimum their full name, dateof birth, residential address), transmitter and ultimate transferee entity. Further details are also required to be reported as set out in Chapter 17 ofthe AML/CTF Rules.

Back to top

Is a registered affiliate of a remittance network provider required toreport IFTIs?No. The remittance network provider is responsible for reporting IFTIs on behalf of its affiliates where thereportable transaction uses the network provided by the remittance network provider.

Back to top


96 of 147 18/9/17, 2:46 PM

When must a reporting entity provide further information about anIFTI?AUSTRAC (and officials from certain AUSTRAC partner agencies in certain circumstances) can issue awritten notice to a reporting entity (or any other person), requiring it to produce further information about anIFTI submitted to AUSTRAC. This further information may be information the entity has about the customeror a particular transaction that can assist in an investigation (for example, account information, customerdetails or a statement of transactions).


Back to top

What are the penalties for failing to report an IFTI?If an IFTI report is submitted after the reporting period of 10 business days or not submitted at all, AUSTRACcan apply to the Federal Court of Australia for a civil penalty order of up to 100,000 penalty units for a bodycorporate, and up to 20,000 penalty units for a person other than a body corporate.

Back to top

Are there any exemptions to the IFTI reporting obligations?The AML/CTF Rules can specify exemptions from the IFTI reporting obligations. To date, no exemptionshave been made from the IFTI reporting obligation.

Back to top

Suspicious matter reports (SMRs)Contents

What are the suspicious matter reporting obligations?What information must be reported in an SMR?What are the reporting periods for an SMR?What are the penalties for failing to submit an SMR to AUSTRAC?Are there any exemptions from the obligation to report an SMR?Is a registered remittance affiliate of a remittance network provider required to submit SMRs?Can a reporting entity continue a business relationship with a customer if the reporting entity hasformed a suspicion about that customer?If a reporting entity has lodged an SMR about a customer and decides to continue the businessrelationship, what are the entity's ongoing SMR obligations?What is 'tipping off'?Are there any exemptions from the tipping off provisions?Can a reporting entity disclose SMRs to an external reviewer?Do the 'tipping off' provisions prevent a reporting entity from reporting a suspicious matter togovernment bodies other than AUSTRAC?When must a reporting entity provide further information about an SMR?Is information reported in an SMR admissible as evidence in court or tribunal proceedings?Additional information


97 of 147 18/9/17, 2:46 PM

What are the suspicious matter reporting obligations?A reporting entity must submit an SMR to AUSTRAC if:

the reporting entity commences to provide, or proposes to provide, a designated service to a person, ora person requests the reporting entity to provide a designated service (of a kind ordinarily provided bythe reporting entity), ora person enquires of the reporting entity whether it would be willing to provide a designated service (ofa kind ordinarily provided by the reporting entity)

and the reporting entity forms a suspicion on reasonable grounds that:

a person (or their agent) is not the person they claim to be, orinformation the reporting entity has may be:

relevant to investigate or prosecute a person foran evasion (or attempted evasion) of a tax law, oran offence against a Commonwealth, state or territory law, or

of assistance in enforcingthe Proceeds of Crime Act 2002 (or regulations under that Act), ora state or territory law that corresponds to that Act or its regulations

providing a designated service may be:preparatory to committing an offence related to money laundering or terrorism financing, orrelevant to the investigation or prosecution of a person for an offence related to money launderingor terrorism financing.

Suspicion on reasonable grounds

A reporting entity must submit an SMR to AUSTRAC when it forms a suspicion on 'reasonable grounds'.

In other words, a reporting entity must report a matter to AUSTRAC if a reasonable person would concludefrom all the circumstances and information available that an SMR must be submitted. Within the SMR, thereporting entity must explain why it has formed a suspicion.

Reporting entity staff (including the entity's AML/CTF compliance officer) who report a transaction oractivity as suspicious are not necessarily expected to know or to establish the exact nature of any criminaloffence the customer may be involved in. Further, reporting entity staff would not be expected to know or toestablish that particular funds or property have been acquired through illicit or criminal means.

Identifying suspicious activity and forming suspicion on reasonable grounds

A reporting entity's AML/CTF program must include risk-based systems and controls to identify, assess andcontrol the risk of its business being used to facilitate money laundering and terrorism financing. In otherwords, the reporting entity's:

ML/TF risk assessmentcustomer identification procedurestransaction monitoring programAML/CTF risk awareness training programsystems and controls to ensure compliance with the AML/CTF reporting obligations

should be designed so suspicious activity and suspicious customer behaviour is identified, investigated and,where required, reported to AUSTRAC.

However, activity that appears unusual is not necessarily suspicious. Many customers will, for example, havean erratic pattern of transactions or account activity. This unusual activity may prompt further enquiry andenhanced customer due diligence procedures, which may in turn require the reporting entity to decide whetherthe activity is suspicious and therefore should be reported to AUSTRAC in an SMR.


98 of 147 18/9/17, 2:46 PM

Further information

AUSTRAC publishes regular typologies and case studies reports to assist reporting entities understand theirAML/CTF obligations. Each report contains numerous case studies detailing the various methods criminalsuse to conceal, launder or move illicit funds, both in Australia and overseas. The reports also list indicatorswhich may assist reporting entities to identify potential money laundering and terrorism financing activity (seeappendix A of each AUSTRAC typology report available on the AUSTRAC website).

Back to top

What information must be reported in an SMR?Reporting entities submitting an SMR must provide details about their business and all details known about:

the suspicious matterthe person/organisation(s) to which the matter relatesany transactions related to the matter.

Chapter 18 of the AML/CTF Rules lists the details that must be reported in an SMR.

Back to top

What are the reporting periods for an SMR?A reporting entity must submit an SMR to AUSTRAC within:

24 hours after forming the relevant suspicion if the suspicion relates to terrorism financing; orthree business days after forming the suspicion in all other cases.

The time period for reporting a suspicious matter starts when the reporting entity forms a 'suspicion onreasonable grounds'. This may occur at any time during the enquiry, request, proposal, or commencementstages of providing a designated service to the customer.

AUSTRAC accepts there may be some time between forming the initial suspicion and submitting an SMR.The reporting entity may require this time to investigate the matter and conduct enhanced customer duediligence measures.

For example, a bank teller may feel a prospective customer is not who they claim to be and then reports theirsuspicion to the line manager. The line manager then alerts the bank's AML/CTF compliance officer. In thisinstance, the SMR reporting period does not commence until the AML/CTF compliance officer concludes aninvestigation into the matter, leading them to 'form a suspicion on reasonable grounds'.

Example 1: Submitting an SMR within three business days

Mr A was an occasional visitor to a casino, and joined the casino's loyalty club on 14 January. Over thefollowing months, casino staff noticed Mr A's playing habits were changing - he was spending longer at thecasino and increasing the size and frequency of his bets.

On 18 March casino staff noticed Mr A associating with people that had previously come to the notice ofcasino staff for suspicious activities and observed Mr A accepting parcels from them.

After examining Mr A's transaction history on 21 March, the casino formed a suspicion Mr A was engaged inmoney laundering or other illicit activity and submitted an SMR to AUSTRAC on 24 March (within the threebusiness day time frame).

Example 2: Submitting an SMR within 24 hours (for matters relating to terrorism


99 of 147 18/9/17, 2:46 PM

financing)

Ms S visited a remitter at 11 am on Tuesday, explaining she wished to send money to 'the brothers' in a foreigncountry. Ms S did not appear to know much about 'the brothers', other than that they were raising funds for aspecial project. The customer service officer considered Ms S might be financing terrorism, and brought thematter to the attention of the reporting entity's compliance officer.

The compliance officer's review found that a number of people recorded at Ms S's address previouslyconducted similar transactions, and the name of the beneficiary of the funds was very similar to an entitynamed on an international watch list.

At 3 pm on Tuesday, the reporting entity submitted an SMR to AUSTRAC (within the 24 hour time frame fora matter related to terrorism financing).

Back to top

What are the penalties for failing to submit an SMR to AUSTRAC?If an SMR is submitted after the relevant reporting period or not submitted at all, AUSTRAC can apply to theFederal Court of Australia for a civil penalty order of up to 100,000 penalty units for a body corporate, and upto 20,000 penalty units for a person other than a body corporate.

Back to top

Are there any exemptions from the obligation to report an SMR?The obligation to report SMRs does not apply to a designated service provided at or through a reportingentity's permanent establishment in a foreign country.

Back to top

Is a registered remittance affiliate of a remittance network providerrequired to submit SMRs?An affiliate of a remittance network provider that forms a suspicion on reasonable grounds must submit anSMR to AUSTRAC. However, if there is a written agreement between the remittance network provider andthe affiliate, the SMR may be submitted by either the affiliate or the remittance network provider (where anyrelevant transaction uses the network provided by the remittance network provider).

Back to top

Can a reporting entity continue a business relationship with acustomer if the reporting entity has formed a suspicion about thatcustomer?The AML/CTF Act does not direct reporting entities to stop providing designated services to, or terminate abusiness relationship with, a customer, even if the reporting entity has formed a suspicion about that particularcustomer. Reporting entities must determine whether to terminate the relationship with the customer based ontheir risk-assessment, procedures and controls.

If the reporting entity does decide to terminate the business relationship with the customer, the reporting entitymust not disclose to the customer that it has formed a suspicion and/or communicated the suspicion to


100 of 147 18/9/17, 2:46 PM

AUSTRAC. This is referred to as 'tipping off' the customer, which is an offence under section 123 of theAML/CTF Act. 'Tipping off' is explained in more detail below.

Back to top

If a reporting entity has lodged an SMR about a customer anddecides to continue the business relationship, what are the entity'songoing SMR obligations?A reporting entity that submits an SMR must continue to comply with the AML/CTF Act in all future dealingswith that customer, which may include submitting additional SMRs. Subsequent transactions or mattersinvolving the customer must only be reported if they meet the SMR reporting criteria.

Back to top

What is 'tipping off'?Unless an exemption is in place, a reporting entity must not disclose to any person (other than AUSTRAC)that it formed a suspicion about a customer or that it submitted an SMR to AUSTRAC. Doing so wouldconstitute 'tipping off', which is an offence prohibited by section 123 of AML/CTF Act.

Reporting entities that submit SMRs also have additional obligations under the AML/CTF Act:

The reporting entity must not disclose any information that might reasonably lead a person to concludethat the reporting entity formed a suspicion about a customer or that the entity communicated thatsuspicion to AUSTRAC.The reporting entity must not disclose any requests from AUSTRAC for further information about anSMR report.

After the employee of a reporting entity forms an initial suspicion about a customer, the employee should usediscretion when making further enquiries about the customer, to minimise the risk of the customer realising anSMR has been submitted about them.

AUSTRAC considers that simply asking a customer for additional information (for example, about theiridentity or the source or destination of their funds) would not constitute an unlawful disclosure of informationor an offence under the tipping off provisions of the Act.

Back to top

Are there any exemptions from the tipping off provisions?In certain circumstances, reporting entities are exempt from the tipping off provisions of the AML/CTF Act.Specifically, a reporting entity may disclose it has formed a suspicion about a customer in the followingcircumstances:

reporting entities who are legal practitioners or qualified accountants who have formed a suspicionabout a client and are seeking to dissuade the client from engaging in illegal activityreporting entities communicating their suspicion to a legal practitioner to obtain legal advicereporting entities disclosing information in relation to the operation of Part 4 of the Charter of theUnited Nations Act 1945, which relates to the consolidated list of entities, persons or assets (the'sanctions list') maintained by the Department of Foreign Affairs and Trade). Reporting entities mayhave an obligation under the Charter of the United Nations Act to freeze the assets of a person orentities included on the sanctions list, for example, and inform a law enforcement body a customer maybe listed on the sanctions list


101 of 147 18/9/17, 2:46 PM

reporting entities that are members of a designated business group (DBG) with a joint AML/CTFprogram disclosing information about a customer to another reporting entity within that DBG to informthe other reporting entity about the risks involved in dealing with the customerreporting entities that are affiliates of a remittance network provider disclosing information about acustomer to the remittance network providerreporting entities that are remittance network providers disclosing information about a customer to itsremittance affiliatesreporting entities that are ADIs disclosing information about a customer to an owner-managed branch ofthe same ADIreporting entities disclosing information in compliance with a Commonwealth, state or territory lawreporting entities disclosing information to an Australian Government law enforcement body; forexample, the Australian Federal Police or the Australian Crime Commission.

Back to top

Can a reporting entity disclose SMRs to an external reviewer?A reporting entity may appoint an external party to undertake an independent review of Part A of itsAML/CTF program or joint program (including SMR obligations). However, a reporting entity cannotdisclose specific SMRs, and related information, to an independent external reviewer.

Back to top

Do the 'tipping off' provisions prevent a reporting entity fromreporting a suspicious matter to government bodies other thanAUSTRAC?Generally, section 123 of the AML/CTF Act prohibits reporting entities from disclosing information aboutSMRs to external bodies other than AUSTRAC. However, reporting entities are exempt from this 'tipping off'provision if they disclose illegal or suspected illegal activity to government bodies other than AUSTRAC(including state or territory agencies or authorities) and:

the disclosure complies with a requirement under a law of the Commonwealth, a state or a territory, orthe disclosure is to an Australian government body responsible for law enforcement; for example, theAustralian Federal Police.

Back to top

When must a reporting entity provide further information about anSMR?AUSTRAC (and officials of certain AUSTRAC partner agencies in certain circumstances) can issue a writtennotice to a reporting entity (or any other person), requiring it to produce further information about an SMRsubmitted to AUSTRAC. This may be information the entity has about the customer or a particular transactionthat can assist in an investigation (for example, account information, customer details or a statement oftransactions).


Back to top

Is information reported in an SMR admissible as evidence in court


102 of 147 18/9/17, 2:46 PM

or tribunal proceedings?In most cases, information about forming a suspicion or reporting an SMR to AUSTRAC is inadmissible asevidence in court or tribunal proceedings. However, an SMR can be used in criminal proceedings for certainAML/CTF Act offences, including tipping off (section 123) and providing false and misleading informationoffences (section 136).

Back to top

Additional informationFor more information, please see:

AUSTRAC Public Legal Interpretation No. 6 - Suspicious matters and suspect transaction reportsAUSTRAC typologies reports.

Back to top

Cross-border movement reportsContents

What are the cross-border movement (CBM) reporting obligations?Reports about physical currencyReports about bearer negotiable instruments (BNIs)What is the time frame for reporting a CBM-PC?What is the time frame for reporting a CBM-BNI?What happens to the completed CBM-PC form or CBM-BNI form?Can a person carry physical currency or a BNI for someone else?Do BNIs sent into or out of Australia through the postal system have to be reported to AUSTRAC?What are the penalties for failing to report a CBM-PC or CBM-BNI?Are there any exemptions from the CBM-PC and CBM-BNI reporting obligations?

What are the cross-border movement (CBM) reporting obligations?Individuals and businesses, including reporting entities, must submit reports about:

cross-border movement of physical currency (CBM-PC) of AUD10,000 or more (or foreign currencyequivalent) and,when asked by an Australian Customs and Border Protection or police officer, reports about cross-border movement of bearer negotiable instruments (CBM-BNI) of any amount (such as travellerscheques, cheques or money orders).

The CBM reporting obligations apply to any person departing or entering Australia and any person who sendsor receives currency by ship or mail into or out of Australia.

Back to top

Reports about physical currencyA CBM-PC covers cross-border movements of physical currency worth AUD10,000 or more (or foreigncurrency equivalent) into or out of Australia.


103 of 147 18/9/17, 2:46 PM

Any person entering or departing Australia must report physical currency they are carrying worth AUD10,000or more (or foreign currency equivalent). Similarly, any person mailing or shipping currency worthAUD10,000 or more (or foreign currency equivalent) into or out of Australia must also report the movementto AUSTRAC.

Back to top

Reports about bearer negotiable instruments (BNIs)A CBM-BNI report covers movements of 'bearer negotiable instruments' (BNIs) into or out of Australia.There is no monetary threshold for a BNI. Even a BNI with no face value (for example, a signed blankcheque) must be reported, if requested by a Customs and Border Protection or police officer.

An Customs and Border Protection or police officer may request a person to complete a CBM-BNI form whenentering or departing Australia. This usually occurs at the Customs examination area or an airport or shippingpassenger terminal. A CBM-BNI form may also have to be completed when a Customs and Border Protectionor police officer conducts an examination or search and finds a BNI a person has with them. The completedCBM-BNI form must be given to AUSTRAC or the Customs and Border Protection or police officer.

Back to top

What is the time frame for reporting a CBM-PC?A CBM-PC report must be made:

before currency is sent or carried out of Australia, or carried into Australiawithin five business days of receiving currency sent into Australia.

Back to top

What is the time frame for reporting a CBM-BNI?A CBM-BNI report must be made immediately upon request by a Customs and Border Protection or policeofficer.

Back to top

What happens to the completed CBM-PC form or CBM-BNI form?If the CBM-PC or CBM-BNI form is completed at an airport or port, the form is usually given to a Customsand Border Protection or police officer, who may check the form to ensure all the required information hasbeen provided. The officer then forwards the form to AUSTRAC.

If the CBM-PC report relates to currency that was mailed or shipped, the person completing the reportingform must send the form directly to AUSTRAC.

Back to top

Can a person carry physical currency or a BNI for someone else?Yes. A person can carry physical currency or a BNI for someone else, but the carrier must still report thephysical currency or BNI when required.


104 of 147 18/9/17, 2:46 PM

The person carrying the currency or BNI must report their own details, as well as information about theperson for whom they are carrying the currency or BNI.

Back to top

Do BNIs sent into or out of Australia through the postal system haveto be reported to AUSTRAC?BNIs sent into or out of Australia through the postal system do not have to be reported to AUSTRAC.

Back to top

What are the penalties for failing to report a CBM-PC or CBM-BNI?CBM-PC

A person commits an offence if they fail to report movements of physical currency as required under theAML/CTF Act. Penalties may include imprisonment and/or a fine imposed by a court.

CBM-BNI

A person commits an offence if they fail to declare the cross-border movement of BNIs when requested by aCustoms and Border Protection or police officer. Penalties may include imprisonment and/or a fine imposedby a court.

Back to top

Are there any exemptions from the CBM-PC and CBM-BNIreporting obligations?The CBM-PC reporting obligations do not apply to a commercial passenger carrier (the airline itself) wherethe physical currency is in the possession of the carrier's passengers.

The CBM-PC reporting obligations also do not apply to a commercial goods carrier carrying physicalcurrency on behalf of another person, and that person did not inform the carrier that the goods includedphysical currency.

There are no exemptions from the CBM-BNI reporting obligations.

Back to top

AML/CTF compliance reportsContents

What is an AML/CTF compliance report?Who must submit an AML/CTF compliance report?What information must be reported in an AML/CTF compliance report?When are AML/CTF compliance reports due?What are the AML/CTF compliance reporting obligations for DBG members?


105 of 147 18/9/17, 2:46 PM

Does a reporting entity that ceased providing designated services during the reporting year need tosubmit an AML/CTF compliance report for that year?What are the penalties for failing to submit an AML/CTF compliance report?Additional information

What is an AML/CTF compliance report?AML/CTF compliance reports provide AUSTRAC with information about a reporting entity's compliancewith the AML/CTF Act, Regulations and Rules. Under Chapter 11 of the AML/CTF Rules, reporting entitiesmust submit regular AML/CTF compliance reports (usually annually).

Back to top

Who must submit an AML/CTF compliance report?All reporting entities must submit AML/CTF compliance reports to AUSTRAC, unless they are covered by anexemption. Exemptions apply to:

reporting entities holding an Australian financial services licence that only provide the designatedservice in item 54 (table 1, section 6 the AML/CTF Act)venues that are licensed to have up to 15 electronic gaming machines.

Exemptions from the AML/CTF compliance reporting obligations may also be provided to classes ofreporting entities for a particular reporting period in the AML/CTF Rules. See Chapter 9 - Exemptions fromobligations under the AML/CTF Act for more information.

Back to top

What information must be reported in an AML/CTF compliancereport?AML/CTF compliance reports collect information about the appropriateness of a reporting entity's ML/TFrisk assessments and the effectiveness of its AML/CTF program. Typically a compliance report includesinformation about an entity's AML/CTF programs, its customer identification procedures and reportingobligations. Unless otherwise specified in the AML/CTF Rules, the AML/CTF compliance report generallycovers the previous calendar year.

Back to top

When are AML/CTF compliance reports due?Generally, compliance reports are due annually as specified in the AML/CTF Rules (Chapter 11). AUSTRACinforms reporting entities about the due date for compliance reporting on the AUSTRAC website and viaemail and AUSTRAC e-news.

Back to top

What are the AML/CTF compliance reporting obligations for DBGmembers?Subsections 47(6) and 47(7) of the AML/CTF Act allow one member of a designated business group (DBG)


106 of 147 18/9/17, 2:46 PM

to lodge an AML/CTF compliance report on behalf of all of the reporting entities within that DBG. For furtherinformation on DBGs (including the definition) see Chapter 3 - Designated business groups.

Back to top

Does a reporting entity that ceased providing designated servicesduring the reporting year need to submit an AML/CTF compliancereport for that year?Yes. If a reporting entity provides a designated service at any time during the year, it must lodge a compliancereport for that year (even if it ceased operation at some point during that year).

Back to top

What are the penalties for failing to submit an AML/CTFcompliance report?If a reporting entity lodges an AML/CTF compliance report after the reporting period or fails to submit areport, they may be targeted by AUSTRAC for closer supervisory attention. AUSTRAC can also apply for acivil penalty order of up to 100,000 penalty units for a body corporate, and up to 20,000 penalty units for aperson other than a body corporate.

Back to top

Additional informationAML/CTF compliance reportsAUSTRAC's reporting policy

Back to top

Chapter 8 - AML/CTF record-keeping obligationsContents


What is record keeping?Who do record-keeping obligations apply to?What types of records must be kept?

Categories of records that must be keptTransaction recordsRecords of identification proceduresAuthorised deposit-taking accountsAML/CTF programsCorrespondent bankingRemittance registration

Retention periods for records under the AML/CTF Act - SummaryWhat record-keeping obligations apply to a reporting entity who is a member of a DBG?General exemptions for record-keeping obligationsModified record-keeping requirements for certain gambling services


107 of 147 18/9/17, 2:46 PM

CasinosOncourse bookmakers and TABsGaming machines

Record-keeping and privacy

IntroductionThis chapter guides reporting entities through their record-keeping obligations under the Anti-MoneyLaundering and Counter-Terrorism Finacing Act 2006 (AML/CTF Act).

Back to top

BackgroundWhat is record keeping?

Record keeping is retaining and securely storing (physically or electronically) certain records a reportingentity creates or obtains while doing business. The purpose for retaining records is to:

enable a reporting entity to meet its legal obligations under the AML/CTF Actenable a reporting entity to manage its risks of being misused for money laundering and terrorismfinancingassist AUSTRAC and its partner agencies in investigating criminal activities. Reporting entity recordsare an essential component of the audit trail required to investigate money laundering, terrorismfinancing and other criminal activities.

Who do record-keeping obligations apply to?

All reporting entities have a range of record-keeping obligations under the AML/CTF Act.

A reporting entity's obligations depend on the type of designated service it provides. For example, differentobligations apply if an entity provides remittance services, is part of a designated business group (DBG), or isinvolved in correspondent banking relationships.

What types of records must be kept?

Part 10 of the AML/CTF Act outlines the types of records reporting entities must retain, which includesrecords of or about:

transaction recordselectronic funds transferscustomer identification proceduresAML/CTF programsdue diligence assessments of correspondent banking relationships.

Remittance service providers are also required to retain certain records about their registration onAUSTRAC's Remittance Sector Register.

Back to top

Categories of records that must be keptTransaction records


108 of 147 18/9/17, 2:46 PM

What transaction records must a reporting entity keep in relation to providing a designated service?

If a reporting entity creates a transaction record that relates to providing a designated service to a customer,the entity must retain the transaction record (or a copy or extract of the record) for seven years after makingthe record (Part 10, Division 2 of the AML/CTF Act).

The same seven-year requirement applies if a customer (or an agent of the customer) provides a reportingentity with a document that relates to the provision or prospective provision of a designated service to thatcustomer.

A 'record' only exists in order to capture the 'information' relating to the provision of the designated service toa customer. The record of this information can be in any form, whether hard copy or electronic and may bestored in any manner by a reporting entity, whether on-site or offsite. The records must be stored in aretrievable and auditable manner.

What type of transaction information does not need to be retained by a reporting entity?

Reporting entities do not need to retain the following information:

customer-specific documents (such as account statements), correspondence and publicly availablestatements, forms and documents that a reporting entity routinely provides to its customers (such asdisclosure statements, financial or investment analysis or summary reports and product or serviceinformation) that replicate information retained as a record by the reporting entitygeneral correspondence with customers, including but not limited to, promotional materials and generalcorrespondence relating to fees, service charges, interest rate changes, terms and conditions, technologychanges or legislative changes that are not specific to a particular customeroverdrawn notices and accompanying correspondenceinformation provided to a customer on the methods for delivering a designated servicecorrespondence or similar documents a reporting entity provides to a customer that relate to, product orservice enquiries or comments from customers (such as customer experience records or requests forinformation on a product)records of interviews or conversations with customers (such as recordings of phone conversationswhere instructions are received from the customer) unless the information contained in such interviewsor conversations relates to a reporting obligation under the AML/CTF Act.

What are the record-keeping obligations relating to electronic funds transfer instructions?

Electronic funds transfer instructions (EFTIs) occur when reporting entities undertake an international fundstransfer that involves two or more institutions.

EFTIs can be either:

a multiple-institution person-to-person electronic funds transfer instruction; ora multiple-institution same-person electronic funds transfer instruction.

This type of international transaction involves a funds transfer chain comprising:

the ordering institutionany person interposed between the ordering institution and the beneficiary institutionthe beneficiary institution.

The interposed person must keep a record or copy of the 'required transfer information' (as defined in section70 of the AML/CTF Act) when:

the transfer instruction is passed on by an interposed person at or through a permanent establishment ofthat person in Australiathe beneficiary institution makes available the transferred money at or through that institution'spermanent establishment in Australia


109 of 147 18/9/17, 2:46 PM

some or all of the required transfer information is passed on to the interposed person by another entityin the funds transfer chainthe transfer instruction is accepted by the ordering institution at or through that institution's permanentestablishment in a foreign countrythe transfer instruction is passed on to the interposed person by a permanent establishment of theordering institution, or of another person, in a foreign country.

Records, or copies of records, must be kept for seven years after the transfer instruction was passed on to theinterposed person.

Back to top

Records of identification procedures

What are the record-keeping requirements for records of customer identification procedures?

Under Part 10, Division 3 of the AML/CTF Act, a reporting entity conducting a customer identificationprocedure must:

make a record of the proceduremake a record of the information obtained in carrying out the procedure.

Records of customer identification procedures must be kept for the life of the customer relationship and forseven years after the reporting entity ceases to provide designated services to the customer.

If a reporting entity provides two designated services to a customer, the seven-year retention period does notbegin until the entity has ceased providing the final of the two designated services.

Is a copy of a customer identification procedure considered a record?

Yes. Making a copy of a document as part of a customer identification procedure is one way a reporting entitycan make a record of the information contained in that document.

Does the retention period for customer identification procedure records change when customerinformation is updated?

The information contained in customer identification procedure records should remain unchanged for the lifeof the business relationship, plus seven years.

If a reporting entity collects new customer information about a customer, for example as part of its enhancedcustomer due diligence procedures, this does not affect the obligation to retain the records of the originalcustomer identification procedure. That is, the original customer information records must be retained for anadditional seven years after the reporting entity ceases to provide the designated service to the customer.

Does a reporting entity need to retain customer information that is updated but is not verified by thereporting entity?

If a reporting entity updates customer information, but does not verify the information using reliable andindependent documentation or electronic data, then such records do not need to be retained.

Confirming new telephone numbers or addresses, or requesting customers confirm their details, withoutverifying that information does not constitute a customer identification procedure and is therefore not subjectto the record-keeping requirements under the AML/CTF Act.

Records relating to customer identification procedures deemed to have been carried out by a reportingentity


110 of 147 18/9/17, 2:46 PM

Part 10, Division 3 of the AML/CTF Act allows for obtaining copies of records of identification proceduresdeemed to have been carried out by a reporting entity, where:

a reporting entity carried out the customer identification procedure regarding a customer to which itprovided, or proposed to provide, a designated servicethe reporting entity made a record of the procedure or information obtained in carrying out theprocedurethe customer becomes a customer of another (second) reporting entitythe second reporting entity requests (in writing) a copy of the record from the first reporting entity, to begiven within five business days of the request (with which the first reporting entity must comply).

The second reporting entity must then retain the copy of the record for seven years after ceasing to provideany designated services to the customer.

Under Chapter 7 of the AML/CTF Rules, these provisions only apply to 'licensed financial advisers' within themeaning of item 54 of table 1 in section 6 of the AML/CTF Act and 'designated business groups'.

Records relating to requests for verification information from a credit reporting agency

Reporting entities are able to request information from credit reporting agencies for the purposes of verifyingcustomer identification information about an individual.

Both the reporting entity and the credit reporting agency are required to retain information about theserequests.

Reporting entities

Reporting entities that make verification requests to credit reporting agencies about an individual must retainthe following information:

the name of the credit reporting agency to which the request was madethe personal information about the individual provided to the credit reporting agencythe assessment (if any) the credit reporting agency provided about the individual.

Records of the customer identification procedure must be kept for the life of the customer relationship and forseven years after the reporting entity ceases to provide designated services to the customer.

Credit reporting agencies

Credit reporting agencies that receive a verification request for an individual must retain the followinginformation for seven years after receiving the request:

the name of the reporting entity that made the requestthe date the request was madethe personal information about the individual provided to the credit reporting agencythe date the credit reporting agency provided an assessment (if any) about the individual.

Privacy

Reporting entities must also comply with their obligations under Part IIIA of the Privacy Act 1988 whenretaining credit reporting records of individuals. The AML/CTF Act requires reporting entities to retainrecords for seven years after ceasing to provide a designated service - this is longer than the maximum periodpermitted under the Privacy Act for retaining these types of records (generally five years). This means thatafter the maximum retention period permitted under the Privacy Act has expired, reporting entities must retainthe records only to fulfil the record-keeping requirements of the AML/CTF Act and for no other purpose.

Further information

AUSTRAC Guidance Note 11/02 - Verification of identity: The use and disclosure of personal information by


111 of 147 18/9/17, 2:46 PM

reporting entities and credit reporting agencies for the purposes of verifying an individual's identity - naturalpersons (e-verification).

For further information about what records a reporting entity or Designated Business Group needs to keep if ituses the Document Verification Service (DVS) as part of its identification procedures please go to the DVSand individual customer and beneficial owner identification page.

Back to top

Authorised deposit-taking accounts

What are the record-keeping requirements for authorised deposit-taking institutions (ADIs)transferring accounts between two ADIs?

Transferring open accounts

Under section 109 of the AML/CTF Act, when a reporting entity that is an authorised deposit-takinginstitution (ADI) transfers an open account to another ADI, the ADI transferring the account must give theADI receiving the account the relevant transaction record documents. This must occur within 120 calendardays, beginning 30 calendar days before transferring the account.

The ADI receiving the transaction record documents must retain the originals or copies of the documents forseven years after receiving the documents, if it receives the documents within 120 calendar days.

Transferring closed accounts

Under section 110 of the AML/CTF Act, when transferring a closed account between two ADIs, the ADItransferring the closed account may give the original and copies of a document ('second document') about theaccount to the ADI receiving the account if:

a document about that account was previously transferred to the same recipient ADI when the accountwas openthe ADI receiving the second document must possess the document to fulfil its own record-keepingobligations under the AML/CTF Actboth ADIs agree in writing that the second document should be given within the 120 calendar daysallowed for in giving the previous document.

Sections 107 and 108 of the AML/CTF Act do not apply to an ADI transferring the original or seconddocument to another ADI, if the ADI transferring the document does so within the 120 day period.

The ADI that receives the original or copy of the second document within 120 days period must retain thesecond document (or a copy) for seven years after receiving it.

These record-keeping requirements ensure that at least one ADI retains copies of the account records, withoutrequiring both to retain the records for seven years.

Back to top

AML/CTF programs

What are the record-keeping requirements for AML/CTF programs?

A reporting entity must retain:

a record, or a copy of a record, of the reporting entity adopting its AML/CTF program (for example, theMinutes of the Board of Directors approving the adoption of the AML/CTF program), andthe program, or a copy of the program, which has been adopted by the reporting entity.


112 of 147 18/9/17, 2:46 PM

A record of adopting the program, which should specify the date reporting entity adopted the program, mustbe kept from the date the record was prepared until seven years after the day AML/CTF program ceases to bein force.

The program itself must be retained from the date the program is adopted until seven years after the day theAML/CTF program ceases to be in force.

When an AML/CTF program is varied, the reporting entity must retain the variation, or a copy of thevariation, from the time the AML/CTF program is varied until seven years after the varied AML/CTFprogram ceases to be in force.

See Chapter 6 - AMLCTF programs for more information about developing an AML/CTF program.

Back to top

Correspondent banking

What are the record-keeping requirements for due diligence assessments of correspondent bankingrelationships?

Financial institutions must retain a record, or a copy of a record, of a due diligence assessment of acorrespondent banking relationship for seven years after the record was created.

Under Part 8 of the AML/CTF Act, financial institutions must undertake due diligence assessmentsconcerning their correspondent banking relationships, where warranted by the institution's risk assessment ofthe relationship's vulnerability to money laundering or terrorism financing.

Back to top

Remittance registration

What are the record-keeping requirements for remittance registration?

Businesses providing remittance services (under items 31, 32 or 32A, table 1, section 6 of the AML/CTF Act)must apply for registration with AUSTRAC by providing the AUSTRAC CEO with information about theirsuitability for registration.

Chapter 56 of the AML/CTF Rules prescribes the information to be included to register as a remittancenetwork provider, a remittance affiliate of the remittance network provider, or an independent remittancedealer.

A registration applicant must obtain and retain a copy (original or certified) of all national police certificates(or foreign equivalent) for key personnel. All certificates (or foreign equivalent) must be issued within sixmonths before the remitter applies for registration (or 12 months for affiliates of remittance networkproviders). Remitters must also keep information about their remittance business and business structure (thatis, the management structure and information on related entities).

A list of the information a remitter must retain is outlined in Part B, Schedules 1, 2 and/or 3, Chapter 56,AML/CTF Rules.

See Chapter 5 - Remitter registration requirements for information about remitter registration.

Back to top

Retention periods for records under the AML/CTF Act - Summary


113 of 147 18/9/17, 2:46 PM

The period a record must be kept depends on the type of record.

Type of record Period of retention

Transaction records Seven years after making the record

Records about EFTIs Seven years after the transfer instruction waspassed on to the person

Records of identification proceduresFor the life of the customer relationship and forseven years after the reporting entity ceases toprovide all designated services to the customer.

Verification information - credit reporting agencies Seven years after the request was received by thecredit reporting agency

Verification information - reporting entitiesFor the life of the customer relationship and forseven years after the reporting entity ceases toprovide all designated services to the customer

Records of customer identification procedures carriedout by a second reporting entity - where the firstreporting entity gives a copy of the record to a secondreporting entity

For the life of the customer relationship and forseven years after the second reporting entityceases to provide all designated services to thecustomer.

Records relating to open accounts transferred betweenADIs

Seven years after the reporting entity receivesthe document/record

Records relating to closed ADI accounts Seven years after the giving of the seconddocument

Records of

the adoption of an AML/CTF program; anda copy of an AML/CTF program

From the date the AML/CTF program wasadopted until seven years after the programceases to be in force.

Records about due diligence assessments ofcorrespondent banking relationships For seven years after making the record

Remittance registration records Until the remitter's registration with AUSTRACceases.

Back to top


114 of 147 18/9/17, 2:46 PM

What record-keeping obligations apply to a reporting entity who is amember of a DBG?When a reporting entity is a member of a designated business group (DBG), any member can perform therecord-keeping obligations on behalf of that reporting entity. This allows entities to make joint arrangementsto fulfil their record-keeping obligations. For example, one entity within a DBG may provide a storage andretrieval service for a number of other entities within that DBG that share a client base. Similarly, an entitywithin a DBG can fulfil the record-keeping requirements for customer identification procedures on behalf ofanother member.

However, the record-keeping obligation remains with the reporting entity for which the record-keepingobligation arose.

Back to top

General exemptions for record-keeping obligationsSubsection 118(5) of the AML/CTF Act exempts reporting entities from record-keeping requirements wherethe designated service is provided at or through a permanent establishment of the reporting entity in a foreigncountry.

This applies to all records except those relevant to:

transferred ADI records or records of closed ADI accountselectronic funds transfersAML/CTF programsdue diligence assessments of correspondent banking relationships.

Back to top

Modified record-keeping requirements for certain gambling servicesChapter 10 of the AML/CTF Rules modifies the record-keeping requirements for certain gambling services.

Casinos

Casinos are exempt from the AML/CTF Act requirements to maintain records of designated services andtransaction information for the following services:

receiving or accepting a bet placed or made by a customerplacing or making a bet on behalf of a customeraccepting a customer into a game of chance or skill for money or other value (except where the game isplayed on a gaming machine at an eligible gaming machine venue)paying out winnings of a bet only with gaming chips or tokens.

Oncourse bookmakers and TABs

Oncourse bookmakers and TABs are exempt from the AML/CTF Act requirements to maintain records ofdesignated services and transaction information for the following services:

receiving or accepting a bet placed or made by a customerplacing or making a bet on behalf of a customeraccepting a customer into a game of chance or skill for money or other value (except where the game isplayed on a gaming machine at an eligible gaming machine venue).


115 of 147 18/9/17, 2:46 PM

Gaming machines

Chapter 52 of the AML/CTF Rules exempts reporting entities which have an entitlement to operate no morethan 15 gaming machines and that provide the following designated services described at table 3, section 6 ofthe AML/CTF Act:

in the capacity of controller of an eligible gaming machine venue, allowing a person to play a game on agaming machine located at the venue (item 5)accepting entry of a person into a game for money or value, or a game of chance and/or skill (item 6)paying out winnings, or awarding a prize, in respect of a game for money or value, or a game of chanceand/or skill (item 9)paying out winnings, or awarding a prize in the capacity of controller of an eligible gaming machinevenue (as agent of the owner or lessee of the gaming machine) in respect of a game played on a gamingmachine located at the venue (item 10).

These entities are exempt from retaining records of or about:

designated servicestransferred and closed ADI accountsidentification procedureselectronic funds transfer instructionsAML/CTF programsdue diligence assessments of correspondent banking relationships.

Back to top

Record keeping and privacyReporting entities must comply with the Privacy Act 1988 when conducting activities to comply with theAML/CTF Act (such as record keeping). Some entities that would otherwise be exempt from the Privacy Acthave obligations under the Privacy Act because they are a reporting entity under the AML/CTF Act. Forexample, most small business operators are exempt from the Privacy Act. However, subsection 6E(1A) of thePrivacy Act requires a small business operator that is also a reporting entity under the AML/CTF Act tocomply with the Privacy Act.

The Office of the Australian Information Commissioner provides guidance material to help organisationsunderstand their obligations under the Privacy Act.

Back to top

Chapter 9 - Exemptions from obligations under theAML/CTF ActContents

IntroductionExisting exemptions under the AML/CTF Act and AML/CTF Rules

Exemptions specified by the AML/CTF ActExemptions made under the AML/CTF RulesHow does a reporting entity apply for an exemption?What types of exemptions can a reporting entity apply for?

Introduction


116 of 147 18/9/17, 2:46 PM

The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) imposes a range ofcompliance and reporting obligations on reporting entities. However, the AML/CTF Act allows forexemptions for some reporting entities from AML/CTF obligations. These exemptions may be brought intoeffect by the AML/CTF Act or the AML/CTF Rules, or prescribed by an exemption instrument ormodification issued by the AUSTRAC CEO. Exemptions may be granted to address an unintended or overlyburdensome impact of the AML/CTF Act, while ensuring that the integrity of the AML/CTF regime ismaintained.

This chapter provides an overview of the exemption framework under the AML/CTF Act. It also provideslinks to AUSTRAC resources for reporting entities that wish to apply for an exemption from or modificationto their AML/CTF Act obligations.

'Cash dealers' with obligations under the Financial Transaction Reports Act 1988 (FTR Act) may apply for anexemption under section 41A of the FTR Act. Exemptions under the FTR Act are discussed in Chapter 10 -Financial Transaction Reports Act.

Existing exemptions under the AML/CTF Act and AML/CTF RulesExemptions specified by the AML/CTF Act

The following table sets out the provisions in the AML/CTF Act which allow for exemptions to certainAML/CTF obligations.

Table 1: Exemptions specified by the AML/CTF Act

AML/CTF obligation AML/CTFAct section Description of exemption

Identification of pre-commencementcustomers

Subsection28(2)

This provision exempts a reporting entity from carrying outcustomer identification procedures for a customer who received adesignated service from the reporting entity before 12 December2007.

Customeridentification andongoing customer duediligence (OCDD)

Subsection36(3)

Ongoing customer due diligence (OCDD) obligations donot apply to reporting entities that only provide the designatedservice covered by item 54 of table 1 in section 6 of theAML/CTF Act.

The 'item 54' designated service involves an Australian financialservices licence (AFSL) holder arranging for a person to receiveanother designated service. This service is most commonlyassociated with financial planners and advisers.

Subsections39(5) and39(7)

An exemption from the obligations to conduct customeridentification/verification and OCDD applies to the followingdesignated services:

services provided by a reporting entity at or through apermanent establishment of the entity in a foreign countryan AFSL holder arranging for a person to receivethe designated services covered by items 40, 42 or 44 oftable 1 in section 6 of the AML/CTF Act.


117 of 147 18/9/17, 2:46 PM

Exemptions made under the AML/CTF Rules

The AUSTRAC CEO can make AML/CTF Rules that exempt certain designated services from some or allobligations of the AML/CTF Act.

AUSTRAC develops AML/CTF Rules in consultation with industry, partner agencies and other areas ofgovernment. AML/CTF Rules are a legislative instrument and must be registered and tabled in Parliament.

See the Exemptions by designated service page for a full list of exemptions under the AML/CTF Rules.

How does a reporting entity apply for an exemption?

A reporting entity seeking an exemption or modification under the AML/CTF Act or Rules must apply inwriting to AUSTRAC. The following documents will assist reporting entities applying for an exemption ormodification:

AUSTRAC Exemptions policy - This policy sets out AUSTRAC's approach to issuing exemptionsunder the AML/CTF Act and the FTR Act. It includes information on the types of exemptions availableand the factors AUSTRAC considers when deciding whether to issue an exemption.AUSTRAC guidance note 14/01 - Application for exemptions and modifications under the AML/CTFAct - This guidance note provides information on:

the types of applications for exemptions available and the information each application mustinclude and the matters to be addressedAUSTRAC's approach to assessing applications for exemptions or modificationsthe requirement for AUSTRAC to consult with reporting entities, or their representatives andother stakeholdersthe requirement for AUSTRAC to publish details of exemptions or modifications grantedchanges to, and revocation of, section 248 exemptions.

What types of exemptions can a reporting entity apply for?

The reporting entity may apply for either an:

exemption by the AML/CTF Rules; orexemption or modification under section 248 of the AML/CTF Act.

Exemption by AML/CTF Rules

Under section 247 of the AML/CTF Act, the AUSTRAC CEO may make AML/CTF Rules which providethat the legislation does not apply to a designated service, or that the specified provisions of the legislation donot apply to a designated service in the circumstances specified in the AML/CTF Rules.

Exemptions and modifications under section 248 of AML/CTF Act

Under section 248 of the AML/CTF Act the AUSTRAC CEO may, by written instrument:

exempt specified person(s) from one or more provisions of the AML/CTF Act generally subject toconditions, ormodify one or more provisions of the AML/CTF Act as they are to apply to a specified person and notsubject to conditions.

AUSTRAC must publish exemptions and modifications on its website. A full list of exemptions andmodifications issued by AUSTRAC can be found on the Exemptions and modifications page of theAUSTRAC website.


118 of 147 18/9/17, 2:46 PM

Chapter 10 - Financial Transaction Reports ActContents


Who has obligations under the FTR Act?Can an entity be both a 'cash dealer' under the FTR Act and a 'reporting entity' under theAML/CTF Act?What are the reporting obligations under the FTR Act?Do international funds transfer instruction (IFTI) reporting obligations apply under the FTR Act?Does an entity have an obligation to report transactions under both the FTR Act and theAML/CTF Act?What are the penalties for failing to report under the FTR Act?How does a cash dealer or solicitor report to AUSTRAC?

Significant cash transaction reportsWhat are the significant cash transaction reporting obligations for cash dealers?What is the definition of currency under the FTR Act?What are the reportable details for a significant cash transaction?What are the reporting periods for a significant cash transaction?

Solicitor significant cash transaction reports (solicitor SCTRs)What are 'solicitor SCTRs'?What are the reportable details for a solicitor SCTR?What are the reporting periods for a solicitor SCTR?

Suspect transaction reportsWhat are the suspect transaction reporting obligations?What are the 'grounds for suspicion'?Is a SUSTR required if no physical cash is involved in the transaction?What are the reporting time frames for SUSTRs?Does the transaction need to be completed?Is a cash dealer immune from any action, suit or proceeding for submitting SUSTRs?Is a cash dealer allowed to disclose information concerning a SUSTR that was submitted toAUSTRAC to any other person?Can a cash dealer be required to provide further information about a SUSTR?Can a cash dealer continue a business relationship with a customer if the reporting entity hasformed a suspicion about that customer?

Record-keeping obligationsExemptions

Exemption from the account-blocking obligations under section 18 of the FTR Act

IntroductionThe Financial Transaction Reports Act 1988 (FTR Act) operates alongside the Anti-Money Laundering andCounter-Terrorism Financing Act 2006 (AML/CTF Act). The FTR Act was introduced in 1988 to assist inadministering and enforcing taxation laws as well as other Commonwealth, state and territory legislation.

When the AML/CTF Act was introduced in 2006, certain parts of the FTR Act were repealed and othersbecame inoperative.

However, the FTR Act still requires the reporting of certain transactions and imposes obligations in relation tocertain services provided by 'cash dealers' under the Act. This chapter provides an overview of the obligationsthat remain operational under the FTR Act.

Back to top


119 of 147 18/9/17, 2:46 PM

BackgroundWho has obligations under the FTR Act?

The FTR Act applies to 'cash dealers', which are defined under section 3 of the FTR Act and include thefollowing:

financial institutionsfinancial corporationsinsurer or insurance intermediariessecurities dealers and futures brokerscash carrierstrustees or a manager of a unit trustpersons that deal in travellers cheques and money orderspersons who collect, hold, exchange or remit currency on behalf of other personscurrency and bullion dealerscasinos and gambling housestotalisator agency boards.

Under the FTR Act, solicitors are not cash dealers. However, the FTR Act imposes certain reportingobligations on solicitors (including a solicitor corporation or a partnership of solicitors) and these are outlinedbelow.

Can an entity be both a 'cash dealer' under the FTR Act and a 'reporting entity' underthe AML/CTF Act?

Generally, if a service offered by a cash dealer is a designated service under the AML/CTF Act, obligationsunder the FTR Act about that service no longer apply. For example, the provision of accounts is now whollycaptured under the AML/CTF Act.

However, a reporting entity under the AML/CTF Act may also provide other services as a cash dealer underthe FTR Act. For example, where a reporting entity provides a designated service under the AML/CTF Actand also provides general insurance services. The provision of general insurance services is not listed as adesignated service under section 6 of the AML/CTF Act but is captured under the FTR Act. In this example,the reporting entity would have obligations under both the AML/CTF Act and the FTR Act.

What are the reporting obligations under the FTR Act?

Under the FTR Act, cash dealers must report:

significant cash transactions under section 7 of the FTR Actsolicitor significant cash transactions under section 15A of the FTR Actsuspect transactions under section 16 of the FTR Act.

Do international funds transfer instruction (IFTI) reporting obligations apply under theFTR Act?

No. The IFTI reporting obligations under the FTR Act ceased on 11 September 2010. Section 45 of theAML/CTF Act prescribes the obligation to report IFTIs to AUSTRAC.

Does an entity have an obligation to report transactions under both the FTR Act and theAML/CTF Act?

The reporting obligations under the FTR Act apply only to transactions to which the AML/CTF Act does notapply. Specifically, the FTR Act reporting obligations no longer apply if:

the cash dealer is an AML/CTF Act reporting entity for the designated service under which the


120 of 147 18/9/17, 2:46 PM

transaction occursthe transaction occurred after the AML/CTF Act reporting obligations commenced - that is, after 11March 2010 for suspicious matter reports (SMRs) or threshold transaction reports (TTRs) and after 11September 2010 for international funds transfer instructions (IFTIs); andthe transaction is a 'designated service transaction'.

Section 3 of the FTR Act defines a designated service transaction as a transaction involved in providing adesignated service by a reporting entity to a customer within the meaning of the AML/CTF Act.

What are the penalties for failing to report under the FTR Act?

Part V of the FTR Act provides for penalties of up to two years imprisonment if convicted by a court forrefusing or failing to communicate information (as prescribed under Parts II and III of the Act) to AUSTRAC.

The Act also provides for penalties of up to five years imprisonment if convicted by a court where a cashdealer or solicitor knowingly provides incomplete information to AUSTRAC and makes it an offence toconduct a transaction in such a way as to avoid a reporting obligation.

How does a cash dealer or solicitor report to AUSTRAC?

Cash dealers and solicitors can create an AUSTRAC Online business account to submit transaction reportselectronically. Please visit the Enrolment and registration page to find out more about creating an AUSTRACOnline business account.

Cash dealers or solicitors without internet access may submit paper reports. Reporting forms may be requestedfrom the AUSTRAC Contact Centre.

Back to top

Significant cash transaction reportsWhat are the significant cash transaction reporting obligations for cash dealers?

A cash dealer which is not a reporting entity but is a party to a significant cash transaction must submit toAUSTRAC a significant cash transaction report (SCTR).

The FTR Act defines a cash transaction as a transaction involving transferring physical currency ofAUD10,000 or more (or foreign currency equivalent). This includes banking amounts of currency which,when aggregated, amount to AUD10,000 or more (or foreign currency equivalent).

Example

ABC Cars is a motor vehicle dealer and offers its customers motor vehicle insurance policies on behalf ofDEF Insurance. ABC Cars is an insurance intermediary and a cash dealer under the FTR Act.Mr K purchased a motor vehicle from ABC Cars and paid a deposit of AUD10,000 in cash on Monday andreturned the following day to pay the balance of AUD15,000 in cash. ABC Cars accepted the payments.

In this example, ABC Cars must submit two SCTRs to AUSTRAC:

SCTR for the cash deposit of AUD10,000SCTR for the final cash payment of AUD15,000.

What is the definition of currency under the FTR Act?

The FTR Act defines currency as the coin and paper money of Australia or of a foreign country that:

is designated as legal tender; and


121 of 147 18/9/17, 2:46 PM

circulates as, and is customarily used and accepted as, a medium of exchange in the country of issue.

What are the reportable details for a significant cash transaction?

The FTR Act (refer to Schedule 1 Part A and Part B) specifies the reportable details for a significant cashtransaction.

What are the reporting periods for a significant cash transaction?

Section 3 of the FTR Act states that significant cash transactions must be reported within the followingreporting periods:

If the transaction involves foreign currency, the reporting period ends the day after the day thetransaction occurredIf the transaction does not involve foreign currency, the reporting period ends 15 days after the day thetransaction occurs.

Back to top

Solicitor significant cash transaction reports (solicitor SCTRs)What are 'solicitor SCTRs'?

The FTR Act requires a solicitor to report cash transactions which are entered into by, or on behalf of, asolicitor, a solicitor corporation, or a partnership of solicitors in the course of practicing as a solicitor, wherethe cash transaction involves the transfer of currency of AUD10,000 or more (or foreign currency equivalent)in value.

The following examples indicate when a significant cash transaction reporting obligation may arise:

A client enters into a transaction with their solicitor and the transaction involves the transfer of cash tothe value of AUD10,000 or more to the solicitorSolicitor A, who is acting on behalf of a client, enters into a transaction with Solicitor B which involvesthe transfer of cash to the value of AUD10,000 or more to Solicitor BA person makes a payment of cash to the value of AUD10,000 or more into a solicitor's trust account.

Whether or not a transaction is entered into 'in the course of practising as a solicitor' and 'entered into by, or onbehalf of, a solicitor' can only be determined on a case-by-case basis.

This reporting obligation does not apply to a solicitor in relation to a transaction where:

the solicitor is a reporting entity under the AML/CTF Act; andthe transaction occurred after 11 March 2010; andthe transaction is a designated service under the AML/CTF Act.

This reporting obligation also does not apply where a solicitor provides a threshold transaction report undersection 43 of the AML/CTF Act in relation to the transaction.

What are the reportable details for a solicitor SCTR?

Schedule 3A of the FTR Act specifies the reportable details for a solicitor SCTR.

What are the reporting periods for a solicitor SCTR?

Section 3 of the FTR Act provides that solicitor significant cash transactions must be reported within thefollowing reporting periods:


122 of 147 18/9/17, 2:46 PM

If the transaction involves foreign currency, the reporting period ends the day after the day thetransaction occurredIf the transaction does not involve foreign currency, the reporting period ends 15 days after the day thetransaction occurs.

Back to top

Suspect transaction reportsWhat are the suspect transaction reporting obligations?

Under section 16 of the FTR Act, cash dealers who are a party to a 'suspect' transaction must report thattransaction to AUSTRAC. The cash dealer must submit a suspect transaction report (SUSTR) to AUSTRACas soon as practicable after forming the suspicion.

Example

ABC Cars is a motor vehicle dealer and offers its customers insurance policies on behalf of DEF Insurance.ABC Cars is an insurance intermediary and a cash dealer under the FTR Act.

Mr G purchased a motor vehicle from ABC Cars and entered into a contract for an insurance policy with DEFInsurance. Mr G purchased the motor vehicle for AUD25,000 and offered to pay in cash. Mr G also providedABC Cars AUD7,000 towards the car insurance policy. The cash payments were made over several days inbundles of AUD5,000 and AUD7,000.

Mr G claimed the cash was the proceeds from his house sale, but the customer service representative noticedthe funds appeared to be damp and dirty. Further, Mr G insisted on purchasing the motor vehicle using cashand would not proceed with the purchase if ABC Cars did not accommodate his request. The customer servicerepresentative considered Mr G's behaviour and the transaction to be suspicious and submitted a SUSTR toAUSTRAC.

Several weeks later, Mr G contacted ABC Cars and requested ABC Cars cancel the insurance policy andrefund the remaining insurance premium as a cheque. The customer service representative regarded thisrequest also to be suspicious and submitted another SUSTR to AUSTRAC with this additional information.

What are the 'grounds for suspicion'?

The FTR Act provides that a cash dealer must submit a SUSTR to AUSTRAC if the cash dealer hasreasonable grounds to suspect that:

information that the cash dealer has concerning the transaction may be relevant to an investigation of anevasion or attempted evasion of a taxation law; orinformation that the cash dealer has concerning the transaction may be relevant to an investigation orprosecution of an offence against a law of the Commonwealth or of a territory; orinformation that the cash dealer has concerning the transaction may assist with the enforcement of theProceeds of Crime Act 1987 or the Proceeds of Crime Act 2002; orthe transaction is preparatory to committing a financing of terrorism offence or information may berelevant to investigating or prosecuting a financing of terrorism offence. A 'financing of terrorismoffence' is defined as meaning an offence under section 102.6 or Division 103 of the Criminal Code, orsection 20 or 21 of the Charter of the United Nations Act 1945.

Is a SUSTR required if no physical cash is involved in the transaction?

Suspect transaction reporting requirements apply to all types of transactions, whether or not physical cash isinvolved.


123 of 147 18/9/17, 2:46 PM

What are the reporting time frames for SUSTRs?

The cash dealer must submit a SUSTR to AUSTRAC as soon as practicable after forming the suspicion. 'Assoon as practicable' is not defined in the FTR Act. In keeping with the reporting periods set out in section 41of the AML/CTF Act for suspicious matter reports, AUSTRAC considers 24 hours is an appropriate timeframe for reporting terrorism financing matters and three business days for reporting all other matters.

Does the transaction need to be completed?

No. Even if a transaction does not proceed, cash dealers must submit a SUSTR to AUSTRAC if they form therequired suspicion in relation to a proposal for a transaction or in the course of negotiations concerning thetransaction.

Is a cash dealer immune from any action, suit or proceeding for submitting SUSTRs?

Yes. The FTR Act provides immunity from any action, suit or proceeding for any cash dealer or agent of thecash dealer that submitted a SUSTR. However, section 29 of the FTR Act makes it an offence punishable byimprisonment for a period of up to five years if a cash dealer is convicted of intentionally communicating falseor misleading information in a report submitted to AUSTRAC.

Is a cash dealer allowed to disclose information concerning a SUSTR that was submittedto AUSTRAC to any other person?

No. A cash dealer submitting a SUSTR must not disclose to anyone (including the customer) that it formedthe suspicion or that the transaction was reported to AUSTRAC. This includes disclosing any otherinformation from which a person could reasonably infer the cash dealer formed a suspicion or submitted aSUSTR to AUSTRAC.

It is a criminal offence under the FTR Act, punishable by imprisonment for up to two years, for a cash dealerto disclose to any person information concerning forming a suspicion or submitting a SUSTR to AUSTRAC.

Can a cash dealer be required to provide further information about a SUSTR?

Yes. The FTR Act provides that a cash dealer who submits a SUSTR to AUSTRAC must provide furtherinformation if requested by the:

AUSTRAC CEOa relevant authority (meaning the Commissioner of the Australian Federal Police, the IntegrityCommissioner, the Chief Executive Officer of the Australian Crime Commission, the Commissioner ofTaxation, or the Chief Executive Officer of Customs)aninvestigating officer carrying out an investigation arising from, or relating to, the matters referred toin the SUSTR (meaning a taxation officer, an Australian Federal Police member, a customs officer, astaff member of the Australian Commission for Law Enforcement Integrity, an examiner or member ofthe staff of the Australian Crime Commission).

Further information could include any subject or topic relevant to the information provided by the cash dealerin a SUSTR; for example, transactions and any information in a cash dealer's possession which is in writtenform.

Can a cash dealer continue a business relationship with a customer if the cash dealer hasformed a suspicion about that customer?

The FTR Act does not direct a cash dealer to stop providing services to, or terminate a business relationshipwith a customer, even if the cash dealer has formed a suspicion about that particular customer. A cash dealermust determine whether to terminate the relationship with the customer, based on its own assessment.

If the cash dealer does decide to terminate the business relationship with the customer, the cash dealer mustnot disclose to anyone (including the customer) that it formed the suspicion, or that the transaction was


124 of 147 18/9/17, 2:46 PM

reported to AUSTRAC.

Back to top

Record-keeping obligationsThe FTR Act requires cash dealers to retain:

financial transaction documentsaccount and signatory information.

This information must be held for seven years (as specified in section 40E of the FTR Act).

Back to top

ExemptionsThe FTR Act (refer to section 41A) enables the AUSTRAC CEO to issue a written instrument which exemptsa specified person from an obligation or obligations under the FTR Act. An exemption may applyunconditionally or be subject to conditions.

For further information on how to apply for an exemption see AUSTRAC's exemption policy.

Further information

AUSTRAC Public Legal Interpretation No. 6 - Suspicious matter and suspect transaction reports.

Back to top

Industry specific guidanceAvailable guides:

Pubs and clubs with gaming machines

Pubs and clubs with gaming machinesGambling is a known method of laundering money. It is used to make the proceeds of crimes look legitimateand to avoid paying tax.

Venues with gaming machines have obligations under AML/CTF legislation, including

enrolling with AUSTRACprotecting your business from misuse by criminalsreporting suspicious activity to AUSTRAC.

Advice is available:

print this poster (PDF, 2MB): it has suggestions for protecting your business from money launderingread the compliance guide and other material on this sitecall our Contact Centre


125 of 147 18/9/17, 2:46 PM

More resources are being developed.

Ready reckonerSummary of AML/CTF program requirements relating toidentification and verification of customers and beneficial ownersUnder the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) reportingentities offering one or more designated services must identify and verify their customers.

The AML/CTF Act requires reporting entities to check a customer's identity before providing a designatedservice to the customer. Only in special circumstances specified in the AML/CTF Rules can a reporting entitydelay checking a customer's identity until after a designated service has been provided.

The AML/CTF Rules set out the minimum customer identification information, and information aboutbeneficial owners of a customer, which reporting entities must collect and verify. Reporting entities are alsorequired to identify whether a customer or the beneficial owner of a customer is a 'politically exposed person'(PEP).

The AML/CTF Rules require verification of customer information from reliable and independentdocumentation or electronic data, or a combination of both.

Further information on AML/CTF programs and the obligations of reporting entities is available in theAUSTRAC compliance guide.

This ready reckoner outlines the minimum identification information reporting entities must collect and verifyfor the following customer types:

Individualother than a sole traderacting as a sole trader

Companydomesticregistered foreignunregistered foreign

PartnershipTrusteeAssociation

incorporatedunincorporated

Registered co-operativeGovernment bodyAgent

of an individual customerof a non-individual customerverifying officer

Beneficial owners

Please note: For higher risk customers or situations, reporting entities must collect and verify furtherinformation in accordance with their AML/CTF program.

Individual customer


126 of 147 18/9/17, 2:46 PM

Other than a sole trader

For more information see Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Rules: 4.2.3and 4.2.6

Name

Collect and verify the full name of the individual. A customer’s full name comprises all of thecustomer’s given names and their family name.

‘Safe harbour’ verification procedures for individual customers

Where the relationship with the customer is of medium or lower ML/TF risk, the reporting entity mayelect to use the safe harbour verification procedures in paragraphs 4.2.10 – 4.2.13 of the AML/CTFRules, which do not require verification of the customer’s full name.

Address and date of birth

Collect the residential addressCollect the date of birthVerify either the residential address or date of birth

PEPs

Determine whether the individual is a PEP

Beneficial owner(s)

For individuals, a reporting entity may assume that the customer and beneficial owner are the sameperson, unless there are reasonable grounds to consider otherwise.

VERIFY: See AML/CTF Rules 4.2.7, 4.2.10-4.2.13 for more information on how to verify.

Individual customerActing as a sole trader

For more information see AML/CTF Rules: 4.2.4 and 4.2.6

Name

Collect and verify the full name of the individual. A customer’s full name comprises all of thecustomer’s given names and their family name.

‘Safe harbour’ verification procedures for individual customers

Where the relationship with the customer is of medium or lower ML/TF risk, the reporting entity mayelect to use the safe harbour verification procedures in paragraphs 4.2.10 – 4.2.13 of the AML/CTFRules, which do not require verification of the customer’s full name.


Collect either the residential address or full address of the customer's principal place of business (if any)Collect the date of birthVerify either the residential address or the date of birth

Other

Collect the full business name under which the customer carries on their business (if any)


127 of 147 18/9/17, 2:46 PM

Collect the Australian Business Number (ABN) issued to the customer (if any)

PEPs

Determine whether the individual is a PEP

Beneficial owner(s)

For individuals, a reporting entity may assume that the customer and beneficial owner are the sameperson, unless there are reasonable grounds to consider otherwise

VERIFY: See AML/CTF Rules 4.2.7, 4.2.10-4.2.13 for more information on how to verify.

CompanyDomestic

For more information see AML/CTF Rules: 4.3.2, 4.3.3(1), 4.3.5(1), 4.3.8

Name

Collect and verify the full name of the company, as registered by the Australian Securities andInvestments Commission (ASIC)

Address

Collect the full address of the company's registered officeCollect the full address of the company's principal place of business (if any)

Other

Collect and verify the Australian Company Number (ACN) issued to the companyCollect and verify whether the company is registered by ASIC as a proprietary or public companyCollect the name of each director if the company is a proprietary company

Beneficial owner(s)

Identify the beneficial owner(s) of the companyDetermine whether each beneficial owner of the company is a PEP

Simplified company verification procedure

Confirm that the company is either:

a domestic listed public companya majority owned subsidiary of a domestic listed public companylicensed and subject to Commonwealth, state or territory regulatory oversight in relation to its activitiesas a company.

Identification and verification of the beneficial owner(s) is not required for a company which has been verifiedunder the 'simplified company verification procedure'.

VERIFY: See AML/CTF Rules 4.3.10-4.3.11, 4.9.4-4.10.2 for more information on how to verify.

Disclosure certificates can be used for verification purposes in certain circumstances. See AML/CTF Rules30.2 and 30.3 for more information on using disclosure certificates for domestic companies.

CONFIRM: For more information on how to confirm the status of these types of companies see Rule 4.3.8.


128 of 147 18/9/17, 2:46 PM

CompanyRegistered foreign

For more information see AML/CTF Rules: 4.3.2, 4.3.3(2), 4.3.5(2)

Name

Collect and verify the full name of the company, as registered by ASIC

Address

Collect the full address of the company's Australian registered office

Collect one of the following:

Full address of the company's principal place of business in Australia (if any)Full name and address of the company's local Australian agent (if any)

Other

Collect and verify the Australian Registered Body Number (ARBN) issued to the companyCollect the name of the country in which the company was formed, incorporated or registeredCollect and verify whether the company is registered by the relevant foreign registration body, and if so,whether it is registered as a private, public or other type of companyCollect the name of each director if the company is registered as a private company

Beneficial owner(s)

Identify the beneficial owner(s) of the companyDetermine whether each beneficial owner of the company is a PEPIdentification and verification of the beneficial owner(s) is not required for a foreign listed publiccompany which is subject to 'transparency of beneficial owner' disclosure requirements (whether bystock exchange rules or by law or enforceable means) which are, or are comparable to, the requirementsin Australia

VERIFY: See AML/CTF Rules 4.3.9, 4.3.10-4.3.11, 4.9.4-4.10.2 for more information on how to verify.Disclosure certificates can be used for verification purposes in certain circumstances. See AML/CTF Rules30.2 and 30.4 for more information on using disclosure certificates for foreign companies registered inAustralia.

CompanyUnregistered foreign (registered by relevant foreign registration body)


Name

Collect and verify the full name of the company

Address

Collect the full address of the company in the country of formation, incorporation or registration

Other

Collect the name of the country in which the company was formed, incorporated or registered


129 of 147 18/9/17, 2:46 PM

Collect and verify any identification number issued to the companyCollect and verify whether the company is registered as a private, public or other type of companyCollect the name of each director if the company is registered as a private company

Beneficial owner(s)


VERIFY: See AML/CTF Rules 4.3.9, 4.3.10-4.3.11, 4.9.4-4.10.2 for more information on how to verify.Disclosure certificates can be used for verification purposes in certain circumstances. See AML/CTF Rules30.2 and 30.5 for more information on using disclosure certificates for foreign companies not registered inAustralia.

CompanyUnregistered foreign (not registered by relevant foreign registration body)


Name

Collect and verify the full name of the company

Address

Collect the full address of the principal place of business of the company in the country of formation orincorporation

Other

Collect the country in which the company was formed or incorporated

Beneficial owner(s)



Disclosure certificates can be used for verification purposes in certain circumstances. See AML/CTF Rules30.2 and 30.5 for more information on using disclosure certificates for foreign companies not registered inAustralia.

PartnershipFor more information see AML/CTF Rules: 4.5.2, 4.5.3, 4.5.5

Name


130 of 147 18/9/17, 2:46 PM

Collect and verify the full name of the partnership (see AML/CTF Rule 4.5.5(1) for more detail on howto verify)Collect the full business name as registered with any state or territory business name authorityCollect the full name of each partner (not required if the regulated status of the partnership is confirmedby referring to a current membership directory of the relevant professional association)

Address

Collect the full residential address of each partner (not required if the regulated status of the partnershipis confirmed by referring to a current membership directory of the relevant professional association)

Other

Collect the name of the country in which the partnership was establishedCollect and verify the information relating to one of the partners (as per the 'Individual' identificationprocedure)

Beneficial owner(s)

Identify the beneficial owner(s) of each partnerDetermine whether each of the partners or the beneficial owner of each partner is a PEP


Disclosure certificates can be used for verification purposes in certain circumstances. See AML/CTF Rules30.2 and 30.7 for more information on using disclosure certificates for partnerships.

TrusteeFor more information see AML/CTF Rules: 4.4.2, 4.4.3, 4.4.5, 4.4.8, 4.4.9

Name

Collect and verify the full name of the trust (see AML/CTF Rule 4.4.5(1) for more detail on how toverify)Collect the full business name (if any) of the trustee of the trustCollect the full name of all trusteesCollect and verify the settlor of the trust, unless:

the material asset contribution to the trust by the settlor at the time the trust is established is lessthan $10,000; orthe settlor is deceased; orthe trust is verified using the simplified trustee verification procedure

Address

Collect the full address of all trustees

Other

Collect information regarding the type of trust and the country in which the trust was established

Beneficiaries


full name of each beneficiary of the trust (see AML/CTF Rules 4.4.11-4.4.12 for more informationabout verification)if beneficiaries are identified by reference to a class, details of the class (see AML/CTF Rules


131 of 147 18/9/17, 2:46 PM

4.4.11-4.4.12 for more information about verification)

Sole trustee

Collect and verify information relating to the sole trustee (as per appropriate 'Individual' or 'Company'identification procedure)

Multiple trustees

Collect and verify information relating to one trustee (as per appropriate 'Individual' or 'Company'identification procedure)

Beneficial owner(s)

Determine the beneficial owner(s) of the trustCollect and take reasonable measures to verify each beneficial owner’s full name and one of either thebeneficial owner’s date of birth or full residential addressDetermine whether a beneficial owner of the trust is a PEP

VERIFY: See AML/CTF Rules 4.4.15–4.4.16 and 4.9.4–4.10.2 for more information on how to verify.

Disclosure certificates can be used for verification purposes in certain circumstances. See AML/CTF Rules30.2 and 30.6 for more information on using disclosure certificates for trusts.

Simplified trustee verification procedure

Verify that the trust is either:

a managed investment scheme registered by ASICa managed investment scheme not registered by ASIC that only has wholesale clients and does notmake small scale offerings to which section 1012E of the Corporations Act 2001 appliesregistered and subject to Commonwealth regulatory oversight in relation to its trust activitiesa government superannuation fund established by legislation

Identification and verification of the beneficial owner(s) is not required for a trust which has been verifiedunder the 'simplified trustee verification procedure' .

VERIFY: For more information on how to verify the status of these types of trusts, see AML/CTF Rule 4.4.8.

AssociationIncorporated association

For more information see AML/CTF Rules: 4.6.2, 4.6.3(1), 4.6.5

Name

Collect and verify the full name of the associationCollect the full name of the chairman, secretary and treasurer or equivalent officer (in each case)

Address


Full address of the principal place of administration or registered office (if any) (only one of theserequired for collection)Residential address of the public officerResidential address of the president, secretary or treasurer (if no public officer) (only one of theserequired for collection)


132 of 147 18/9/17, 2:46 PM

Other

Collect and verify any unique identifying number issued to the association by the incorporating state,territory or overseas 'incorporation body'

Beneficial owner(s)

Identify the beneficial owner(s) of the associationDetermine whether each beneficial owner of the association is a PEP

VERIFY: See AML/CTF Rules 4.6.5(1), 4.6.7-4.6.8, 4.9.4-4.10.2 for more information on how to verify.Disclosure certificates can be used for verification purposes in certain circumstances. See AML/CTF Rule30.2 and 30.8 for more information on using disclosure certificates for incorporated associations.

AssociationUnincorporated association

For more information see AML/CTF Rules: 4.6.2, 4.6.3(2), 4.6.5

Name

Collect and verify the full name of the associationCollect the full name of the chairman, secretary and treasurer or equivalent officer (in each case)

Address

Collect the full address of the principal place of administration (if any)

Other

Collect and verify information relating to the member (as per the appropriate 'Individual' identificationprocedure where the customer is acting in the capacity of a member of the unincorporated association

Beneficial owner(s)

Identify the beneficial owner(s) of the associationDetermine whether each beneficial owner of the association is a PEP

VERIFY: See AML/CTF Rules 4.6.5(2), 4.6.7-4.6.8, 4.9.4-4.10.2 for more information on how to verify.Disclosure certificates can be used for verification purposes in certain circumstances. See AML/CTF Rules30.2 and 30.8 for more information on using disclosure certificates for unincorporated associations.

Registered co-operativeFor more information see AML/CTF Rules: 4.7.2, 4.7.3, 4.7.5

Name

Collect and verify the full name of the co-operativeCollect the full name of the chairman, secretary and treasurer or equivalent officer (in each case)

Address

Collect only one of the following:

Full address of the registered office


133 of 147 18/9/17, 2:46 PM

Principal place of operations (if any)Residential address of the co-operative's secretaryResidential address of the co-operative's president or treasurer (if no secretary)

Other

Collect and verify any unique identifying number issued to the co-operative on registration by the state,territory or overseas 'registration body'

Beneficial owner(s)

Identify the beneficial owner(s) of the registered co-operativeDetermine whether each beneficial owner of the registered co-operative is a PEP

VERIFY: See AML/CTF Rules 4.7.5, 4.7.7-4.7.8, 4.9.4-4.10.2 for more information on how to verify.

Disclosure certificates can be used for verification purposes in certain circumstances. See AML/CTF Rule30.2 and 30.9 for more information on using disclosure certificates for registered co-operatives.

Government bodyFor more information see AML/CTF Rules: 4.8.2, 4.8.3, 4.8.5

Name

Collect and verify the full name of the government body

Address

Collect and verify the full address of the government body's principal place of operations

Other

Collect and verify whether the government body is:a separate legal entity, agency or authority; and/orestablished under legislation of the Commonwealth, state or territory or a foreign country; and ifso the name of the state, territory or foreign country

Beneficial owner(s)

Identification and verification of the beneficial owner(s) is not required for an Australian Governmententity.Optional procedure - collect and verify the beneficial owner(s) of a foreign government body(AML/CTF Rules 4.8.7-4.8.8 provide more detail about collecting and verifying information about thebeneficial owner(s) of foreign government bodies)Determine whether each beneficial owner of the foreign government body is a PEP

VERIFY: See AML/CTF Rules 4.8.5, 4.9.4-4.10.2 for more information on how to verify

AgentOf an individual customer

For more information see AML/CTF Rules: 4.11.1, 4.11.2

Name


134 of 147 18/9/17, 2:46 PM

Collect the full name of each agent acting on the customer's behalf regarding the provision of thedesignated service(s)

Other

Collect evidence (if any) of the authorisation of the agent to act on behalf of the customer

VERIFY: See AML/CTF Rules 4.11.3-4.11.4 for more information on how to verify.

AgentOf a non-individual customer


Name

Collect the full name of each agent acting on the customer's behalf regarding the provision of thedesignated service(s)

Other

Collect evidence of the authorisation of the agent to act on behalf of the customer

VERIFY: See AML/CTF Rules 4.11.7-4.11.8 for more information on how to verify.

Verifying officerAppointed by a non-individual customer to verify their agent(s) only


Name

Collect the full name of the agent(s)

Other

Collect the title of the position/role held by the agent(s) with the customerCollect a copy of the signature of the agent(s)Collect evidence of the authorisation of the verifying officer to act on behalf of the customerCollect and verify information relating to the verifying officer (as per the appropriate 'Individual'identification procedure)

Note: AML/CTF Rule 4.11.13 specifies the minimum identification procedures to be undertaken by theverifying officer appointed to identify agent(s).

Beneficial owner(s) of customersWhere the identity of the beneficial owner(s) is known

For more information see AML/CTF Rules: 4.12.1, 4.12.2 and 4.12.4-4.12.7

Name


135 of 147 18/9/17, 2:46 PM

Collect and verify the full name of each beneficial owner


Collect and verify one of the following:residential address of each beneficial ownerdate of birth of each beneficial owner

PEPs

Determine whether any of the beneficial owners of the customer is a PEP

VERIFY: Reasonable measures must be taken to verify beneficial owners. See AML/CTF Rules4.12.4-4.12.7 for more information on how to verify.

Disclosure certificates can be used for verification purposes in certain circumstances. See Chapter 30 of theAML/CTF Rules for further information.

Where the identity of the beneficial owner(s) is unable to be determined, see AML/CTF Rule 4.12.9 andChapter 6 - AML/CTF programs of the AUSTRAC compliance guide for further information.

Glossary

TermsAccountAustralian financial services licenceAustralian Government EntityAuthorised deposit-taking institutionBearer negotiable instrumentBeneficial ownerCarrying on a businessCash carrierCertified copyClose associates of PEPsDesignated business groupDesignated remittance arrangementDomestic listed public companyE-currencyEligible gaming machine venuesGaming machineGovernment bodyImmediate family membersInternational organisationKey personnelLoanMoneyNon-financierPermanent establishmentPersonPhysical currencyPolitically exposed person (PEP)Prescribed foreign countryProminent public positionProperty


136 of 147 18/9/17, 2:46 PM

Reasonable measuresReliable and independent documentationReliable and independent electronic dataRemittance Sector RegisterReporting Entities RollSanctions listSenior managing official

Account'Account' includes:

a credit card accounta loan account (other than a credit card account)an account of money held in the form of units in:

a cash management trusta trust of a kind prescribed by the AML/CTF Rules.

To avoid doubt, it is immaterial whether:

an account has a nil balanceany transactions have been allowed in relation to an account.

Australian financial services licenceAn Australian financial services licence (AFSL) is a licence provided the Australian Securities andInvestments Commission (ASIC) under section 913B of the Corporations Act 2001 that authorises a personwho carries on a financial services business to provide financial services.

Australian Government EntityAustralian Government Entity means:

the Commonwealth, State or a Territory; oran agency or authority of:

the Commonwealth; ora State; ora local governing body established by a law of the Commonwealth, a State or Territory, other thana body whose sole or principle function is to provide a particular service, such as the supply ofelectricity or water.

Authorised deposit-taking institutionAuthorised deposit-taking institution (ADI) means:

a body corporate that is an ADI for the purposes of the Banking Act 1959; orthe Reserve Bank of Australia; ora person who carries on State banking within the meaning of paragraph 51(xiii) of the Constitution.

Bearer negotiable instrument


137 of 147 18/9/17, 2:46 PM

A bearer negotiable instrument is:

a bill of exchange; or1. a cheque; or2. a promissory note; or3. a bearer bond; or4. a traveller's cheque; or5. a money order, postal order or similar order; or6. a negotiable instrument not covered by any of the above paragraphs.7.

For the purposes of determining whether a document is covered by 6 or 7 above, it is immaterial that thedocument is incomplete because the document does not specify:

an amount to be paid; ora payee.

Beneficial ownerBeneficial owner:

of a person who is a reporting entity, means an individual who owns or controls (directly or indirectly)the reporting entity;of a person who is a customer of a reporting entity, means an individual who ultimately owns orcontrols (directly or indirectly) the customer;In this definition: control includes control as a result of, or by means of, trusts, agreements,arrangements, understandings and practices, whether or not having legal or equitable force and whetheror not based on legal or equitable rights, and includes exercising control through the capacity todetermine decisions about financial and operating policies; andIn this definition: owns means ownership (either directly or indirectly) of 25% or more of a person.

Note: The definition of 'control test' as set out at section 11 of the AML/CTF Act does not apply to the term'control' referred to in the definition of beneficial owner.

Carrying on a businessThe phrase 'carrying on a business' (or industry or sector specific variants) is included in many of thedescriptions of the designated services. Items 6 and 7 (table 1, section 6, AML/CTF Act), for example, definedesignated services made in the course of 'carrying on a loans business'.

The AML/CTF Act uses a broader definition of 'business' than some other legislation. For example, an activitymust be regular or continuous to be classified a business for taxation purposes. By contrast, the AML/CTF Actcovers activities whether or not conducted on a regular, repetitive or continuous basis.

Cash carrierCash carrying involves transporting physical currency and refers to collecting and delivering physicalcurrency, irrespective of the value involved. A cash carrier is a person engaged to collect and/or transportphysically currency and is not the owner of that currency.

Certified copyCertified copy means a document that has been certified as a true copy of an original document by one of thefollowing persons:


138 of 147 18/9/17, 2:46 PM

a person who, under a law in force in a State or Territory, is currently licensed or registered to practisein an occupation listed in Part 1 of Schedule 2 of the Statutory Declarations Regulations 1993;a person who is enrolled on the roll of the Supreme Court of a State or Territory, or the High Court ofAustralia, as a legal practitioner (however described);a person listed in Part 2 of Schedule 2 of the Statutory Declarations Regulations 1993. For thepurposes of the AML/CTF Rules:

where Part 2 of the Statutory Declarations Regulations uses the term '5 or more years ofcontinuous service', this should be read as '2 or more years of continuous service';

Persons listed under Part 2 of Schedule 2 of the Statutory Declarations Regulationsinclude:

item 202 – an ‘Australian Consular Officer’ or an ‘Australian Diplomatic Officer’ item 212 – an authorised employee of the Commonwealth who is employed locallyin a place outside Australia.

an officer with, or authorised representative of, a holder of an Australian financial services licence,having 2 or more years of continuous service with one or more licensees;an officer with, or a credit representative of, a holder of an Australian credit licence, having 2 or moreyears of continuous service with one or more licensees; a person authorised as a notary public in a foreign country.

Note: The Statutory Declarations Regulations 1993 are accessible through the Commonwealth of Australialaw website.

Close associates of PEPsA close associate of a politically exposed person means any individual who is known (having regard toinformation that is public or readily available) to have:

joint beneficial ownership of a legal entity or legal arrangement with a person who is a PEPsole beneficial ownership of a legal entity or legal arrangement that is known to exist for the benefit aperson who is a PEP.

Designated business group'Designated business group' is a group of 2 or more persons, where:

each member of the group has elected, in writing, to be a member of the group, and the election is inforce; andeach election was made in accordance with the AML/CTF Rules; andno member of the group is a member of another designated business group; andeach member of the group satisfies such conditions (if any) as are specified in the AML/CTF Rules; andthe group is not of a kind that, under the AML/CTF Rules, is ineligible to be a designated businessgroup.

Designated remittance arrangementSection 10 of the AML/CTF Act defines a 'designated remittance arrangement' as being an arrangement whereat least one of the following is a 'non-financier':

the person who accepts an instruction from the transferor entity for the transfer of money or propertyunder the remittance arrangementa person who makes money or property available to the ultimate beneficiary as a result of the transferunder the remittance arrangementthe person who arranges for money or property to be made available to the ultimate beneficiary as aresult of the transfer under the remittance arrangement.


139 of 147 18/9/17, 2:46 PM

Accordingly, if both:

the person accepting the instruction andthe person that makes the money available, or arranges for it to be made available to an ultimatebeneficiary

are financial institutions, such arrangements for transferring money or property are not 'designated remittancearrangements'.

Domestic listed public companyA domestic listed public company means a company that is registered under the Corporations Act 2001 (otherthan a registered foreign company) that is included in an official list of a domestic stock exchange.

E-currencyThe AML/CTF Act defines e-currency (or e-money or digital currency) as an internet-based, electronic meansof exchange not issued by, or under the authority of, a government body. For example, the currency must bebacked by a precious metal or bullion.

Eligible gaming machine venues'Eligible gaming machine venues' are venues where:

a person (the first person) is in control of a particular venue, andone or more gaming machines are located at the venue, andthe first person is neither the owner nor the lessee of the gaming machines, andsuch other conditions (if any) as are specified in the AML/CTF Rules are satisfied

then:

the venue is an eligible gaming machine venue, andthe first person is the controller of the venue.

An 'eligible gaming machine venue' is therefore a venue where the person who controls the venue is neitherthe owner nor the lessee of the gaming machines located at the venue. This addresses situations where largegaming companies provide machines that are neither owned nor leased by the persons in control of the venuesin which the machines are located.

Gaming machine'Gaming machine' is a machine for playing a game where:

the game is played for money or anything else of value, andthe game is game of chance or of mixed chance and skill.

Government bodyGovernment body means:

the government of a country; oran agency or authority of the government of a country; or


140 of 147 18/9/17, 2:46 PM

the government of part of a country; oran agency or authority of the government of part of a country.

Immediate family membersAn immediate family member of a politically exposed person includes:

a spousea de facto partner (a person who is considered by national law as equivalent to a spouse)children and their spouses or de facto partnersparents.

International organisationInternational organisation means an organisation:

established by formal political agreement by two or more countries and that agreement has the status ofan international treaty; andis recognised in the law of the countries which are members of the organisation.

Key personnelFor a company, corporation sole or body politic, key personnel are individuals who are:

a beneficial owner (in respect of a company, any individual who owns through one or moreshareholdings more than 25 per cent of the issued capital of the company);a director or secretary of a body corporate;a person who makes or participates in making decisions that affect the whole or part of the business of abody corporate;a person who has the capacity to significantly affect the corporation’s financial standing;a person in accordance with whose wishes or instructions the directors of the corporation areaccustomed to acting;a receiver, or receiver and manager of the property of the corporation;an administrator of a deed of company arrangement executed by the corporation;a liquidator of the corporation;any employee or agent of the body corporate with duties of such responsibility that his or her conductmay be fairly presumed to represent the body corporate’s policy; for example, a person that hasdecision-making powers in respect to obligations under the AML/CTF Act.

For a sole trader, trust or partnership, key personnel are individuals who are:

an employee or agent with duties of such responsibility that his or her conduct may fairly be assumed torepresent the policy of the individual, trust or partnership; for example, a person with decision-makingpowers in respect to obligations under the AML/CTF Act.

AUSTRAC expects that the individual appointed as the AML/CTF Compliance Officer of a business is listedas one of the key personnel of a business applying for registration.

Loan'Loan' includes:

an advance of money


141 of 147 18/9/17, 2:46 PM

the provision of credit or any other form of financial accommodationfull or partial payment of a debt, which can be on account of, on behalf of, or at the request of, a personwhere there is an obligation (whether expressed or implied) to repay the amountsatisfying another person's debtany transaction which in substance effects a loan of money.

Money'Money' includes:

physical currencymoney held in an account, whether denominated in Australian currency or any other currencymoney held on deposit, whether denominated in Australian currency or any other currencye-currency, however amounts of the e-currency are expressed

Non-financierA 'non-financier' is a person who is not:

an ADIa banka building societya credit union, ora person specified in the AML/CTF Rules.

To date, no persons have been specified to be a non-financier in the AML/CTF Rules.

Chapter 23 of the AML/CTF Rules provides an exception from the definition of 'non-financier' for personscarrying on an accounting practice or a law practice.

Permanent establishmentA 'permanent establishment' is either:

a place at or through which the person carries on any activities or businessa place where the person is carrying on activities or business through an agentwhere the service is provided on a mobile basis or while travelling - the country where the person (ortheir agent) provides a service.

PersonA 'person' is:

an individual (that is, a natural person)a company (for example, private company, public company, public and listed company or a foreigncompany)a trust (for example, discretionary family or unit)a partnership (incorporated and unincorporated)an incorporated or unincorporated associationa corporation solea body politic.


142 of 147 18/9/17, 2:46 PM

Physical currency'Physical currency' is the coin and printed money (whether of Australia or of a foreign country) that:

is designated as legal tender, andcirculates as, and is customarily used and accepted as, a medium of exchange in the country of issue.

Politically exposed person (PEP)A 'politically exposed person' (PEP) is an individual:

who holds a prominent public position or function in a government body or an internationalorganisation, oran immediate family member or close associate of an individual who holds a prominent public positionor function in a government body or an international organisation.

There are three categories of PEPs:

Domestic PEPs are individuals who are entrusted domestically with a prominent public position orfunction in an Australian government bodyForeign PEPs are individuals who are entrusted with a prominent public position or function in agovernment body of a foreign country.International organisation PEPs are individuals who are entrusted with a prominent public position orfunction in an international organisation.

Prescribed foreign countryA 'prescribed foreign country' for the purposes of the AML/CTF Act is a foreign country declared by theAML/CTF Regulations to be a prescribed foreign country. The Australian Government has declared viaRegulation under the AML/CTF Act that Iran and the Democratic People's Republic of Korea (DPRK) areprescribed foreign countries and, consequently, are subject to AML/CTF countermeasures.

Prominent public positionA prominent public position or function in a government body or an international organisation includes:

Head of State or head of a country or governmentgovernment minister or equivalent senior politiciansenior government officialJudge of the High Court of Australia, the Federal Court of Australia or a Supreme Court of a State orTerritory, or a Judge of a court of equivalent seniority in a foreign country or international organisationgovernor of a central bank or any other position that has comparable influence to the Governor of theReserve Bank of Australiasenior foreign representative, ambassador, high commissionerhigh-ranking member of the armed forcesboard chair, chief executive, or chief financial officer of, or any other position that has comparableinfluence in, any State enterprise or international organisation.

Property'Property' is any legal or equitable estate or interest in real or personal property including a contingent orprospective one, but does not include money.


143 of 147 18/9/17, 2:46 PM

Property refers to a possession or possessions owned by a person that can be tangible or intangible.

Reasonable measuresReasonable measures means, appropriate measures which are commensurate with the money laundering orterrorist financing risks.

Reliable and independent documentation'Reliable and independent documentation' includes but is not limited to:

an original primary photographic identification document;an original primary non-photographic identification document; andan original secondary identification document.

Note: This is not an exhaustive definition. A reporting entity may rely upon other documents not listed aboveas reliable and independent documents, where that is appropriate having regard to ML/TF risk.

'Primary non-photographic identification document', 'primary photographic identification document' and'secondary identification document' are defined in chapter 1 of the AML/CTF Rules.

Reliable and independent electronic dataReliable and independent electronic data is not defined in the AML/CTF Act or AML/CTF Rules. However,reporting entities are required take into account the following factors in determining whether the electronicdata is reliable and independent:

the accuracy of the datahow secure the data ishow the data is kept up-to-datehow comprehensive the data is (for example, by reference to the range of persons included in the dataand the period over which the data has been collected)whether the data has been verified from a reliable and independent sourcewhether the data is maintained by a government body pursuant to legislationwhether the electronic data can be additionally authenticated.

See Part 4.10 of the AML/CTF Rules for further information on verification from reliable and independentelectronic data.

Remittance Sector RegisterThe Remittance Sector Register contains the following details of all registered remitters:

legal name and trading namesAustralian Business number (ABN), Australian Company Number (ACN), Australian Registered BodyNumber (ARBN) (as applicable)address of the principal place of businessany conditions placed on the entity's registration.

Reporting Entities Roll


144 of 147 18/9/17, 2:46 PM

All reporting entities are required to enrol with AUSTRAC and be entered on AUSTRAC's Reporting EntitiesRoll. The roll is not available publicly and is used by AUSTRAC to understand its regulated population.

Sanctions listSanctions are measures not involving the use of armed force that are imposed in situations of internationalconcern, including the grave repression of human rights, the proliferation of weapons of mass destruction ortheir means of delivery, or armed conflict.

They impose restrictions on activities that relate to particular countries, goods and services, or persons andentities.

Australian sanction laws implement United Nations Security Council sanctions regimes and Australianautonomous sanctions regimes.

For further information on sanctions, please refer to the Sanctions page of the AUSTRAC website orDepartment of Foreign Affairs and Trade website.

Senior managing officialSenior managing official means an individual who makes, or participates in making, decisions that affect thewhole, or a substantial part, of the business of a customer of a reporting entity or who has the capacity toaffect significantly the financial standing of a customer of a reporting entity.

Updates to the AUSTRAC Compliance guideThis page lists updates made to the AUSTRAC Compliance guide since its publication inSeptember 2014

Date Page/section Description

November2014

How does a reporting entityidentify the beneficial ownerof a customer?

Minor changes to two examples in Chapter 6 (AML/CTFprograms), which relate to the requirements for identifying thebeneficial owner of a company and identifying the beneficialowner of a trust

December2014

Remitter registrationrequirements

Glossary: 'Key personnel'

Minor updates to Chapter 5 (Remitter registrationrequirements) and the Glossary to include information aboutthe remitter registration obligations, specifically the definitionof 'key personnel'.

16 April2015

The Document VerificationService and individualcustomer and beneficialowner identification

Extensive new guidance on the Document Verification Serviceincorporated into Chapter 6 (AML/CTF programs).

16 October2015

Exemptions specified by theAML/CTF Act

Correction to Table 1 in Chapter 9 (Exemptions fromobligations under the AML/CTF Act).


145 of 147 18/9/17, 2:46 PM

Correction made to clarify that the exemption fromidentification and ongoing customer due diligence obligationsfor the item 40, 42 and 44 designated services does notinclude an exemption from the ongoing customer duediligence (OCDD) obligations (under Division 6 of theAML/CTF Act).

25November2015

Politically exposed persons

Key terms used in theAML/CTF Rules definitionof PEPs

Extensive new guidance included in Chapter 6 (Customerdue diligence procedures) on key terms used in the 'politicallyexposed person' definition, covering:

the meaning of the term 'as soon as practicable' (see thesection titled What are the requirements for PEPs?)the meaning of a number of key terms used in theAML/CTF Rules, such as 'prominent public position orfunction' and 'senior government official'the interaction between the PEP obligations imposed bythe AML/CTF Rules and those imposed by otherlegislation (such as superannuation legislation)reporting entity use of external databases to determinewhether a customer or beneficial owner is a PEP (seethe section titled What are the requirements for PEPs?)the meaning of the term 'sensitive information'.

16 March2016

Remittance NetworkProviders applying for therenewal of an affiliate'sregistration

New guidance added to Chapter 5 (Remitter registrationrequirements) showing the step-by-step process for RNPsseeking to apply to AUSTRAC to renew the registration oftheir affiliates.

18 May2016

Special circumstance andexemptions that apply forCDD obligations

Correction to Table 2 within Chapter 6 (AML/CTFprograms).

Correction made to clarify that the exemption fromidentification and ongoing customer due diligence obligationsfor the item 40, 42 and 44 designated services does notinclude an exemption from the ongoing customer duediligence (OCDD) obligations (under Division 6 of theAML/CTF Act).

28 June2016

What are the exceptions tothe beneficial ownershipobligations?

A note has been added to Chapter 6 (Customer due diligenceprocedures) to clarify the application of the exceptions to thebeneficial ownership obligations.

28 June2016

What types of remittanceservices are required to beregistered with AUSTRAC?

A text box has been added to Chapter 5 (Remitter registrationrequirements) to clarify the obligations of reporting entitieswhere they provide remittance services that are incidental totheir core business.


146 of 147 18/9/17, 2:46 PM

30 June2016

Identification of persons ofAboriginal and/or TorresStrait Islander heritage

Guidance has been added into Chapter 6 (AML/CTFprograms) which clarifies the requirement to refer to “reliableand independent documentation” when conducting customeridentification. For a variety of reasons, some people may nothave access to conventional identification documents.

3November2016

Safe harbour procedures forindividuals with a medium orlower ML/TF risk

Customer identification andverification ‘Readyreckoner’

Guidance within Chapter 6 (AML/CTF programs) and theReady reckoner has been updated to provide clarity for onthe ‘safe harbour’ customer identification and verificationprocedures for individual customers, including requirementsaround a customer’s ‘full name’.

3November2016

Glossary – ‘Certified copy’

Glossary entry for ‘certified’ copy’ has been updated toinclude ‘Australian Consular Officer’ and ‘AustralianDiplomatic Officer’ as persons who can certify a copy of anoriginal document.

14November2016

Reporting methods Update to the note regarding access to AUSTRAC XML fileformat schemas and specifications documents.

16November2016

Exemptions from therequirement to be registeredon the Remittance SectorRegister

Minor updates to Chapter 5 Remitter registration requirementsto provide additional guidance on the scope and application ofthe exemption.

16November2016

Scenarios of commoninternational funds transfersconducted by casino licenceholders

Additional guidance has been added to Chapter 7 – AML/CTFreporting obligations in relation to the international fundstransfer instruction obligations. The guidance provides sixexamples of the common types of international funds transfersconducted by licensed casinos that are required to be reportedto AUSTRAC.

22 May2017

Identifying customers whodo not have conventionalforms of identification(including customers ofAboriginal and/or TorresStrait Islander heritage)

Provides clarity on the application of risk-based approaches toidentifying categories of customers who do not haveconventional forms of ID. The guidance issued on 30 June2016 in relation to customers of Aboriginal and/or TorresStrait Islander heritage may also be applied to other categoriesof customers e.g. a person who has resettled in Australia as arefugee.

22 May2017

Does the identificationinformation collected andverified need to be in theEnglish language?

Clarifies AUSTRAC’s expectations with respect to thetranslation of customer identification information that is not inthe English language.


147 of 147 18/9/17, 2:46 PM

AUSTRAC compliance guide · Anti-Money Laundering and Counter-Terrorism Financing Act 2006 ... The...

Documents

Transcript of AUSTRAC compliance guide · Anti-Money Laundering and Counter-Terrorism Financing Act 2006 ... The...