by Caroline Marshall and Bronte Hearn · 4 June 2024
Is your AML/CTF program in place, up to date and rigorously reviewed?
With the uptick in anti-money laundering and counter-terrorism financing enforcement, boards of entities subject to the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (the AML/CTF Act) must ensure they continue to adequately monitor AML/CTF compliance. Under the Banking Executive Accountability Regime (BEAR)/Financial Accountability Regime (FAR), AML/CTF is also a prescribed responsibility, requiring an accountable person to be appointed, who oversees and assesses the effectiveness of the AML/CTF framework and AML/CTF compliance functions. FAR will extend the AML accountabilities to a wider set of entities in the banking, insurance and superannuation entities.
What is next for boards?
- Notwithstanding BEAR/FAR, the board is essentially responsible for the effective implementation of an AML/CTF program, including its approval and ongoing oversight. They must also ensure that an entity's AML/CTF program is subject to an independent review on a periodic basis, and that they are kept apprised of key AML/CTF risks and issues as they arise. Boards must also be comfortable that the level of AML/CTF reporting and escalation is adequate, so that they can discharge their ongoing oversight obligation.
- The board must ensure that the design of an AML/CTF program:
- is informed by a comprehensive money laundering and terrorism financing risk assessment;
- includes monitoring and assurance processes to detect non-compliance; and
- is supported by sufficient resources.
- The Australian Transaction Reports and Analysis Centre (AUSTRAC) has published guidance on board and senior management responsibilities, which points to the importance of good governance and adequate oversight of AML/CTF matters by boards. AUSTRAC expects boards and senior management to have ongoing access to coordinated, structured and quality information on a consistent basis, not limited to specific events or incidents.
What are the risks to be aware of?
- AUSTRAC's focus on board accountability and good governance regarding AML/CTF compliance is clear. Allegations made in recent AUSTRAC proceedings against the casino industry highlight its concern regarding the alleged lack of board and senior management oversight of the entities' AML/CTF program (in particular, Part A of the AML/CTF program, which includes the processes and procedures to identify, mitigate and manage money laundering and terrorism financing risks). We expect AUSTRAC to continue its focus on this area.
- As part of its wider risk governance management mandate, APRA is taking an increased interest in AML/CTF compliance. It recently worked closely with AUSTRAC to review a bank's risk and compliance culture, and entered into separate but simultaneous enforceable undertakings given by the bank as to its AML/CTF failures.
- Under BEAR/FAR, regulated entities are subject to a strengthened responsibility and accountability framework. Accountabilities under the BEAR/FAR regime sit alongside (and are not inconsistent with) existing directors' and officers' duties under the common law and the Corporations Act, as well as oversight obligations in the AML/CTF Act. The key obligations relevant to AML/CTF (both for an entity and accountable persons) are to:
- act with honesty and integrity, and with due skill, care and diligence; and
- take reasonable steps in conducting their business/responsibilities to prevent matters from arising that would adversely affect the entity’s prudential standing or prudential reputation.
Directors can also face civil penalty proceedings for breaches of their directors' duties following AML/CTF compliance failings. Recent ASIC cases against current and former directors and officers of a casino operator, for alleged breaches of their duties under section 180 of the Corporations Act have shown the importance of directors' attention to ML/TF risks.