Australia's FIU and AML/CTF regulator

AUSTRAC's functions

AUSTRAC's purpose is to protect the integrity of Australia's financial system and contribute to the administration of justice through our expertise in countering money laundering and the financing of terrorism.

AUSTRAC is the interface between reporting entities and government agencies in providing financial intelligence to partner agencies involved in the collection of revenue, law enforcement, national security and financial markets regulation.

This purpose is achieved through the collaborative efforts of two interdependent functions:

• as Australia's FIU, we collect, analyse and disseminate financial intelligence to revenue, law enforcement, national security and other partner agencies in Australia and overseas
• as Australia's AML/CTF regulator, we aim to improve the compliance of reporting entities in the money services, financial services, bullion and gambling sectors with their obligations to manage ML/TF risk and submit reports to AUSTRAC. This is designed to maximise the quality of the raw data AUSTRAC receives and enables us to produce financial intelligence of the highest value. We seek to achieve reporting entity compliance via a range of less formal through to more formal mechanisms.

This flow of information and activities is shown in the diagram below.

AUSTRAC's dual roles complement each other. Intelligence on entities, trends and emerging concerns helps to inform regulatory efforts about vulnerable and high-risk sectors. Industry supervision is vital for promoting compliance with AML/CTF obligations, not least the transaction reporting upon which our financial intelligence is largely based.

Combining regulatory and financial intelligence also provides a more detailed picture of the money laundering and terrorism financing environment, which benefits not only our own work but also the efforts of partner agencies.

Diagram 1: Flow of information and activities

Description of diagram: Diagram illustrating the flow of information and activities between AUSTRAC, businesses, people committing crimes and law enforcement and other agencies. The diagram shows that the people committing crimes interact with businesses, such as financial institutions, bullion dealers, gambling service providers and money service businesses. Those businesses report suspicious behaviour and transaction reports to AUSTRAC, which in its role as a financial intelligence unit uses that information to collect, analyse and disseminate financial intelligence to law enforcement and other agencies. The diagram then shows that law enforcement and other agencies use the financial intelligence provided by AUSTRAC to identify illicit behaviour and apprehend people committing crimes. In terms of it's regulatory role, the diagram shows that AUSTRAC monitors and enforces the AML/CTF obligations of the businesses it regulates. The final aspect of the diagram shows that law enforcement and other agencies provide feedback to AUSTRAC on the intelligence we provide.

Reporting entities' responsibilities

The AML/CTF Act embodies five key areas that are internationally recognised as best practice in deterring and detecting ML/TF. Broadly speaking, reporting entities are required to:

1. Conduct ML/TF risk assessments. Businesses must understand and manage the ML/TF risks they are exposed to when they provide different products and services, use different distribution channels, deal with different customers and operate in different jurisdictions.
2. Implement systems and governance to manage their ML/TF risks. Businesses must establish appropriate oversight of ML/TF risk by senior management, ensure there is an employee due diligence program and that staff are trained to detect ML/TF behaviour and regularly review the effectiveness of their systems and compliance with their obligations.
3. Know their customers. Businesses must verify the identity of their customers, monitor their customers' behaviour and keep appropriate records of these actions. Financial institutions must also appropriately identify any other financial institutions with which they do business.
4. Make themselves known to AUSTRAC. Most reporting entities(1) must advise AUSTRAC that they have obligations under the AML/CTF Act, either through submission of a compliance report (CR) under section 47 or, if they are a remittance service provider, by registering under Part 6 of the AML/CTF Act. As a practical measure, most reporting entities make themselves known through enrolling on AUSTRAC Online.
5. Report to AUSTRAC. Businesses must provide reports to AUSTRAC on cash transactions above a $10,000 threshold, instructions for international funds transactions and suspicious matters. Most must also report regularly on their own compliance with their obligations under the AML/CTF Act through a CR.

Compliance with these key obligations should result in high quality transaction reporting to AUSTRAC and ultimately an Australian community hostile to money laundering and the financing of terrorism.

The external environment

Internationally the value of effective national AML/CTF frameworks drew the attention of national leaders during the Global Financial Crisis (GFC). In April 2009, the G20 leaders met in London and requested that the Financial Action Task Force (FATF) revise and reinvigorate its review process for non-compliant countries. This, at a time of great economic uncertainty, amounted to an implicit endorsement of the global importance of AML/CTF regulation. By early 2010, FATF responded to this request with the release of a public list of countries with strategic deficiencies in their AML/CTF frameworks. The G20 reaffirmed its commitment to AML/CTF regulation at its meeting in Toronto this year.

As FATF moves towards the end of its current mandate (2004-12), considerable activity is focused on improving the international AML/CTF standards, including those relating to regulation, prior to the next FATF term. The outcomes of these deliberations are likely to inform Australia's AML/CTF framework into the future.

The significance of AML/CTF regulation has also been raised at the domestic level. In November 2009, the Attorney-General launched the Government's Organised Crime Strategic Framework. Money laundering is a critical component of organised criminal activity and imposes significant costs on the Australian community.

Structure of AUSTRAC's supervision function

AUSTRAC's regulatory function has evolved and our processes have matured since the commencement of the AML/CTF Act in December 2006. In October 2009, in recognition of the two significant operational elements of AUSTRAC, the agency was divided into two Divisions: Supervision and Intelligence.

In April 2010, a new organisational structure was adopted for AUSTRAC's Supervision Division.
The Supervision Division is made up of the two frontline Supervision Branches, AUSTRAC's Office of General Counsel (whose responsibilities include drafting AML/CTF Rules under the AML/CTF Act) and AUSTRAC's enforcement team.

Under the new Supervision structure, the two frontline Supervision Branches have been reformed along regional lines: Supervision Central and North West; and Supervision South. These branches, led by their respective General Managers oversee reporting entities in the following three regions:

• North West region - Queensland, Western Australia, Northern Territory
• Central region - New South Wales, Australian
  Capital Territory
• South region - Victoria, South Australia, Tasmania.
  

The new structure will better meet the challenges posed by a large and geographically dispersed reporting entity population by adopting a regional approach to supervision activities. The regional approach will not reduce AUSTRAC's emphasis on industry sectors as each region will contain frontline business units that focus on specific industry types.

The regional teams are supplemented by two specialist frontline teams. A Major Reporters team has been established with responsibility for the supervision of AUSTRAC's largest reporting entities (by volume of transaction reports lodged with AUSTRAC). This reflects the importance of these entities to AUSTRAC's data holdings and their significance to the integrity of Australia's payments system. In addition, a Referrals team has been established to further enhance partner agency outcomes, particularly investigations involving high-risk industry cohorts.

In addition, there are three enabling business units within the Supervision Branches.

• Reporting Entity Operations - responsible for maintaining census information about AUSTRAC's reporting entities and providing the infrastructure for AUSTRAC's broad-based engagement activities with reporting entities through the AUSTRAC Help Desk and mail-out capabilities.
• Technical Development and Advice - responsible for managing processes associated with applications for relief from reporting entities (exemptions and no-action letters) and drafting technical guidance and other explanatory materials for both internal AUSTRAC staff and reporting entities.
• Data Research and Statistics - responsible for monitoring the quality, timing and volume of transaction reports lodged with AUSTRAC by reporting entities, managing the transition of reporting entities to new transaction report formats, undertaking macro analysis of AUSTRAC's transaction report holdings for supervision purposes and undertaking primary research activities to increase AUSTRAC's understanding of its reporting entity population and the way in which obligations under the AML/CTF Act have been interpreted and applied by reporting entities.
  

AUSTRAC's supervision activities

The central focus of our supervision strategy is to maximise our coverage of the regulated population by matching different supervisory activities to the compliance behaviours of different cohorts. This will ensure we use our resources effectively to achieve the greatest impact on the compliance behaviours of the different parts of the regulated population.

Description of diagram: Diagram illustrating how AUSTRAC's supervisory activities range from low intensity to high intensity. The list of activities, from lowest intensity to highest intensity reads: messages through media, preliminary assessments, guidance, forums, presentations and speeches, email and letter campaigns, desk reviews, information gathering reviews, themed reviews, individual entity relationship management, enforcement consideration, comprehensive on-site assessments, remedial directions or enforceable undertakings, and at the highest level, civil penalties. The diagram also states that low intensity activities provide high coverage, while high intensity activities provide low coverage.

AUSTRAC categorises its supervisory activities into three levels of intensity:

• Low intensity or 'engagement' activities such as mail-outs, e-newsletters and the development and distribution of guidance materials. These activities are designed to influence the behaviours of a broad group of reporting entities, but are not specifically targeted towards any individual reporting entities.
• Moderate intensity or 'heightened' activities such as behavioural assessments, desk reviews, themed reviews and transaction monitoring. These activities are directed towards assessing the actual compliance behaviour of a particular group of reporting entities or individual reporting entities.
• High intensity or 'escalated' activities such as on-site assessments and enforcement consideration. These activities are specifically tailored to individual reporting entities and are designed to have a direct impact on improving compliance outcomes. Where these activities do not result in improved compliance, they are likely to result in enforcement action.

AUSTRAC expects that low intensity activities will be applied to relatively larger cohorts of reporting entities as compared to moderate or high intensity activities.

These various activities are shown in the diagram above.

Relative application of supervisory activities

Determining which type of activity to use in which circumstance will depend on the:

• AML/CTF risk associated with a reporting entity
• nature and scale of the problem
• impact of the problem on AUSTRAC's intelligence data holdings
• resources available
• type of reporting entity to which the activity
  is directed
• the compliance history of the reporting entity
• nature of the industry, including its competitiveness, maturity, compliance attitudes and level of support available through industry bodies.
  

Description of diagram: This diagram is in the shape of a pyramid. It shows how AUSTRAC categorises it's supervisory activity into three levels of intensity, which may eventually lead to enforcement, at the top of the pyramid. At the bottom of the pyramid are what is known as 'engagement activities'. Examples of these include mail outs, e-newsletters and the distribution of guidance material. In the middle section of the pyramid are what is known as 'heightened activities' which include behavioural assessments, desk reviews, themed assessments and transaction monitoring. At the top of the pyramid, underneath enforcement, is the highest level of AUSTRAC's supervisory activities, known as escalated activities. These include: on-site assessment, information gathering notices and enforcement consideration.

(1) Holders of an Australian financial services licence who only make arrangements for a person to receive a designated service (such as financial planners) are not required to register or submit a compliance report.