Good roadmap needed for updated AML law

Last year, the government realised that Australia was on the verge of slipping into unaccustomed company, at the risk of finding itself on global anti-money laundering body Financial Action Task Force’s (FATF’s) “grey list” of “jurisdictions under increased monitoring” – which, trust me, is not a grouping in which Australia normally finds itself.

The main problem was that Australia’s original anti-money laundering/counter-terrorism financing (AML/CTF) legislation, the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act), had not included as entities that had reporting obligations under the Act professions such as real estate agents, lawyers, accountants, financial ad tax advisers, trust and company service providers, and precious metal dealers.

In many other jurisdictions, these and other similar professions have been identified as the higher-risk ‘gatekeeper professions’ known to be used occasionally – mostly unwittingly – by organised criminal networks to launder the proceeds of crime and to finance terrorism.

In the language of AML/CTF legislation around the world, these professions are known as ‘Tranche-two entities.’ With the passing of the Anti-Money Laundering and Counter-Terrorism Financing Amendment Bill 2024 last September, Australia brought tranche-two entities into the ambit of its AML/CTF legislation, closing a regulatory gap and bringing Australian law into line with the international standards set by the FATF.

According to law firm Norton Rose Fulbright, these reforms are anticipated to increase the reporting entity population – currently at approximately 17,000 entities – to approximately 90,000 entities. The government intends that the new laws take effect in March 2026, and apply to services provided both in Australia and beyond our shores.

For existing reporting entities, staying ahead of these shifts is not just a matter of compliance, but a strategic imperative, says Amanda Mark, co-founder and co-CEO of compliance and regulatory obligations consultancy Mintegrity. She says reporting entities need a “comprehensive AML roadmap” to help them navigate the upcoming regulatory changes effectively.

As a first step, Mark says it’s crucial to grasp the nature of the impending changes within the AML/CTF regulatory framework. While some specific details are yet to be released by AUSTRAC, she says some common themes and potential areas of focus include:

Part A of the AML/CTF program: It’s a common misconception that Part A is completely gone from AML/CTF Programs under the AML/CTF Amendment Act 2024. While the separate Part A and Part B structure is no longer mandatory, the content that used to be in Part A is still absolutely crucial and required.

Risk-based approach: The focus of AML/CTF Programs will shift from a prescriptive, “tick-the-box” approach to a more dynamic, risk-based methodology. “Reporting entities will need to demonstrate that they have taken ‘reasonable steps’ to identify and verify their customers, proportionate to the risk involved,” says Mark.

In particular, says Mark, the combination of customer due diligence (CDD) and “reasonable steps” is a crucial concept. “It requires you to demonstrate that you have taken appropriate measures to identify and verify your customers, proportionate to the risk involved,” she says. “Simply relying on database checks may no longer be sufficient in all cases.”

Technological advancements and virtual assets: The definition of “virtual asset” will be broadened to include stablecoins and non-fungible tokens (NFTs), bringing these digital assets under regulatory oversight. This reflects the growing importance of virtual assets in the financial system and the need to address their associated risks.(An NFT is a data entry on blockchain that has been described as ‘a deed of ownership’ or ‘a receipt’ for use of a commodity.)

Increased enforcement: AUSTRAC has demonstrated a commitment to enforcement, says Mark: “Maintaining a robust and compliant AML/CTF Program is paramount to avoid penalties.”
Mark recommends that reporting entities establish an AML Roadmap. At a minimum, she says this should include the following:

Stay informed: Regularly monitor AUSTRAC’s website and publications for updates, guidance, and legislative changes. Subscribe to their alerts and consider attending industry events. Engage with industry bodies like the Australian Banking Association (ABA) or Fintech Australia for sector-specific updates.

Gap analysis: Conduct a thorough review of your existing AML/CTF Program against the proposed legislation and any anticipated changes. Identify and document any gaps between your current framework and the anticipated regulatory changes.

Risk assessment refresh: With a greater focus on risk anticipated, it is timely to update your risk assessment to reflect the evolving Australian landscape. Consider new risk factors, such as emerging technologies, geopolitical risks, and assess your vulnerabilities accordingly. Ensure your risk assessment aligns with AUSTRAC’s guidance.

Program enhancement: Based on the gap analysis and risk assessment, commence enhancing your AML/CTF Program. This may involve  —

Policy and procedure updates: Revise your policies, procedures, and controls to align with the proposed regulations and best practices. Ensure they are documented clearly and comprehensively.
Technology upgrades: Consider investing in new technologies to automate KYC processes, enhance transaction monitoring, and improve risk detection.

Training: Provide comprehensive and regular training to your staff on the updated regulations as they materialise, procedures, and your internal AML/CTF program. Ensure training addresses specific Australian regulatory requirements that are likely to impact your business.

Implementation and testing: Once the changes are implemented, thoroughly test your program to ensure its effectiveness. Conduct regular independent evaluations and reviews to identify areas for improvement.

Ongoing monitoring and reporting: AML/CTF compliance is not a one-time effort. Continuously monitor regulatory developments, update your program as needed, and ensure timely and accurate reporting to AUSTRAC, including Suspicious Matter Reports (SMRs).

Mark says there are three critical considerations for Australian reporting entities:

AUSTRAC guidance: Prioritise and adhere to AUSTRAC’s guidance and publications. They are the primary source of information and interpretation of the AML/CTF legislation.

Board oversight: Bring the board on the journey with you. The AML/CTF Act now explicitly states that a reporting entity’s board or governing body has a crucial role in overseeing the AML/CTF program. “In essence, the entity’s board is expected to be more than just passively receiving reports: it must be actively involved in understanding and overseeing the AML/CTF program, ensuring it’s effective in mitigating risks, and protecting the entity from financial crime,” she says.

Compliance culture: Foster a strong culture of compliance within your organisation. This includes clear communication, accountability, and ongoing training.

“The upcoming regulatory changes in Australia may present challenges, but with a proactive and well-structured approach, you can ensure your business remains compliant and strengthens its defences against financial crime,” says Mark. “By instituting and following an AML roadmap like the one we’ve proposed, reporting entities can not only stay on top of their regulatory obligations, but also, contribute to the integrity of the Australian financial system.”

James Dunn

James is an experienced senior journalist and editor of The Inside Network's publications.