Blog: A 5 Minute Guide to Australia’s AML Obligations for FinTechs – ComplyAdvantage

Under the AML/CTF Act 2006, designated businesses must meet four key obligations that reflect the private sector obligations set out by the Financial Action Task Force (FATF).
These include:

1. Enrollment and registration

FinTechs that provide designated financial services must enroll with the Australian Transaction Reports and Analysis Centre (AUSTRAC), Australia’s key AML/CTF regulator. This covers all firms that provide services listed in Article 6 of the AML/CTF Act, including account or deposit-taking, lending, credit, currency exchange or investments, insurance, wires, and remittances. 

Remittances and digital currency exchange (i.e., cryptocurrency exchange) service providers must also sign up to AUSTRAC’s Remittance Register or the Digital Currency Exchange (DCE). According to AUSTRAC, it can take up to 90 days to register a remittance business or digital exchange, and there is the potential for further questions and requests for information during processing.

Licensing from other financial regulators, including the Australian Securities and Investments Commission (ASIC) and the Australian Prudential Regulation Authority (APRA), is required for broader regulatory purposes. 

2. Develop and maintain an AML/CTF program 

Firms must create policies, procedures, and controls to identify, manage, and mitigate financial crime risks. A vital aspect is appointing a senior figure legally responsible for the firm’s AML/CTF framework, known as the Money Laundering Reporting Officer (MLRO).

At the heart of an AML/CFT program is the conduct of Customer Due Diligence (CDD), including the Identification and Verification (ID&V) of customers’ identities, Enhanced Due Diligence (EDD) for high-risk customers such as Politically Exposed Persons (PEPs), and regular re-screens of customers over time. 

3. Report to AUSTRAC

In undertaking CDD, firms will sometimes come across causes for concern. From a name being found on a sanctions list to discovering unusual or suspicious behavior patterns, firms must report their concerns to the authorities through authorized channels by submitting Suspicious Matters Reports (SMRs) to AUSTRAC

The penalties imposed on FinTechs for failing to meet these expectations can be significant. For example, failing to submit an appropriate SMR, or doing it late, can lead to a fine of 20,000 penalty units in a federal court for a single business and up to 100,000 for a corporate group. One unit is currently worth AUD 222, so fines can be substantial. 

4. Record keeping

Undertaking AML/CTF requirements generate important data. To help the work of AUSTRAC and broader law enforcement, firms are expected to maintain records on AML/CFT operations for a minimum period of seven years, providing them to official bodies of law enforcement on request. 

Australian laws and regulations stress that these obligations must be met with sensitivity to the reality of risks faced by an individual business. Different approaches may be required depending on what a firm does, with whom, and where – alongside other criteria. For example, a firm fulfilling a high volume of large remittances for customers in or around a high-risk jurisdiction may conduct more intensive due diligence on client transactions than a firm doing small domestic transactions. This is called adopting a risk-based approach (RBA) to financial crime compliance and is fundamental to effectively meeting a firm’s obligations.

A Guide to AML for Australian FinTechs

Uncover the core compliance responsibilities that arise from Australia’s AML/CTF regime and how FinTechs should respond using a risk-based approach.

Download the guide

Under the AML/CTF Act 2006, designated businesses must meet four key obligations that reflect the private sector obligations set out by the Financial Action Task Force (FATF).
These include:

1. Enrollment and registration

FinTechs that provide designated financial services must enroll with the Australian Transaction Reports and Analysis Centre (AUSTRAC), Australia’s key AML/CTF regulator. This covers all firms that provide services listed in Article 6 of the AML/CTF Act, including account or deposit-taking, lending, credit, currency exchange or investments, insurance, wires, and remittances. 

Remittances and digital currency exchange (i.e., cryptocurrency exchange) service providers must also sign up to AUSTRAC’s Remittance Register or the Digital Currency Exchange (DCE). According to AUSTRAC, it can take up to 90 days to register a remittance business or digital exchange, and there is the potential for further questions and requests for information during processing.

Licensing from other financial regulators, including the Australian Securities and Investments Commission (ASIC) and the Australian Prudential Regulation Authority (APRA), is required for broader regulatory purposes. 

2. Develop and maintain an AML/CTF program 

Firms must create policies, procedures, and controls to identify, manage, and mitigate financial crime risks. A vital aspect is appointing a senior figure legally responsible for the firm’s AML/CTF framework, known as the Money Laundering Reporting Officer (MLRO).

At the heart of an AML/CFT program is the conduct of Customer Due Diligence (CDD), including the Identification and Verification (ID&V) of customers’ identities, Enhanced Due Diligence (EDD) for high-risk customers such as Politically Exposed Persons (PEPs), and regular re-screens of customers over time. 

3. Report to AUSTRAC

In undertaking CDD, firms will sometimes come across causes for concern. From a name being found on a sanctions list to discovering unusual or suspicious behavior patterns, firms must report their concerns to the authorities through authorized channels by submitting Suspicious Matters Reports (SMRs) to AUSTRAC

The penalties imposed on FinTechs for failing to meet these expectations can be significant. For example, failing to submit an appropriate SMR, or doing it late, can lead to a fine of 20,000 penalty units in a federal court for a single business and up to 100,000 for a corporate group. One unit is currently worth AUD 222, so fines can be substantial. 

4. Record keeping

Undertaking AML/CTF requirements generate important data. To help the work of AUSTRAC and broader law enforcement, firms are expected to maintain records on AML/CFT operations for a minimum period of seven years, providing them to official bodies of law enforcement on request. 

Australian laws and regulations stress that these obligations must be met with sensitivity to the reality of risks faced by an individual business. Different approaches may be required depending on what a firm does, with whom, and where – alongside other criteria. For example, a firm fulfilling a high volume of large remittances for customers in or around a high-risk jurisdiction may conduct more intensive due diligence on client transactions than a firm doing small domestic transactions. This is called adopting a risk-based approach (RBA) to financial crime compliance and is fundamental to effectively meeting a firm’s obligations.

[cta_card title=”A Guide to AML for Australian FinTechs” cta_img=”” category=”” bodytext=”Uncover the core compliance responsibilities that arise from Australia’s AML/CTF regime and how FinTechs should respond using a risk-based approach.” cta_text=”Download the guide” cta_url=”https://complyadvantage.com/insights/aml-guide-for-australian-fintechs/”%5D

Originally published September 15, 2022, updated September 15, 2022

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s