The financial services industry is constantly grappling with
achieving a balance between reducing the risk of financial crime
and being commercially sensible. Many commentators on the
anti-money laundering and counter terrorism financing (AML/CTF)
regime in Australia note the heavy burden and cost of customer
identification, monitoring, reporting, and independent
reviews.
Associate Taylor Green explains there is a common misconception that a simple annual review of Part A of an AML/CTF Program for compliance with legislative change is sufficient to satisfy the independent review requirement of the regime. In fact, independent reviews are significantly more involved.
WHAT DOES AN INDEPENDENT REVIEW INVOLVE?
Independent reviews should be, in their essence, a quality
assurance review with sampling and testing of the practical
implementation of the program. To some extent, the Australian
Transaction Reports and Analysis Centre (AUSTRAC) allows entities
to determine their own fate, scheduling reviews as they see fit
dependent upon the size, type, complexity, and level of risk
associated with each business. Most funds tend to adopt an annual
or biennial approach to independent reviews.
The only guidance as to timing is AUSTRAC's indication that high-risk organisations should have independent reviews done at least every two to three years. What does this mean for the managed investment scheme industry?
Recently, we have been working with clients to restructure their AML/CTF review processes to achieve the most commercial but risk-focused outcome. Generally, long-term investment funds tend to measure their ML/TF risk as low or medium-low. Given AUSTRAC's statement, it could be argued that low or medium-low risk industry could extend independent reviews to every five to six years if there is sufficient monitoring and review in between.
APPROACH FOR LOW-RISK ENTITIES
We have been considering the following approach for low-risk entities (subject to the requirement to conduct ad-hoc independent reviews in the event of a change to your business):
- Annual internal reviews of the AML/CTF risk assessment and general compliance of the AML/CTF Program. This may include breach monitoring, board reporting, and general legislative uplift.
- Internal quality assurance reviews every three years. This may involve internal testing, sampling, and process reviews. These operate as pseudo-independent reviews conducted internally by those familiar with the systems.
- Independent review every five to six years. These reviews will examine the regime and the implementation of the AML/CTF Program from top-to-bottom.
The extended timeframe between independent reviews, with
increased internal monitoring between, may drastically reduce costs
and ensure independent reviews are not simply 'tick-box'
activities.
Scheduling these reviews on a rotating one, three, and five-year basis may also enable entities to align their reviews with their customer identification refreshes (particularly if they adopt a 'one-three-five' approach where high risk clients are reviewed annually, medium-risk clients every three years, and low risk clients every five years).
ARE YOU MEETING YOUR AML/CTF OBLIGATIONS?
