Reporting entities are required to identify, mitigate and manage ML/TF risk not only at or through their permanent establishments in Australia, but also for any designated services offered through a permanent establishment in a foreign country. You will need to consider the risks posed by differences in the legal frameworks or AML/CTF controls in those countries and factor those into your program, as well as any ML/TF risks you may reasonably face from customers of those establishments.

Part A of a standard AML/CTF program affects a reporting entity's permanent establishments (defined in section 21 of the AML/CTF Act) in foreign countries, including members of designated business groups, as follows:

• requirements relating to oversight by boards and senior management, designation of an AML/CTF Compliance Officer, independent reviews and consideration of AUSTRAC feedback, do apply
• requirements relating to the implementation of appropriate risk-based systems or controls, ML/TF risk awareness training program and employee due diligence program, do not apply
• where a reporting entity provides a designated service at a permanent establishment in a foreign jurisdiction which is regulated by AML/CTF laws that are comparable to Australia, the reporting entity need only consider minimal additional systems and controls.

Part A of an AML/CTF program is also designed to ensure that a reporting entity takes actions specified in the AML/CTF Rules relating to providing designated services via a permanent establishment in a foreign country.