The Australian Government recently published a consultation to reform its anti-money laundering and counter-terrorism financing (AML/CTF) regime. The fundamental objective of the proposed reform is to ensure Australia’s compliance with the international standards set by the Financial Action Task Force (FATF). The proposed reforms aim to improve the effectiveness of the current regime and ease the regulatory burden by simplifying, modernising and clarifying. The impact should be to make it easier for businesses to meet their obligations, and to reflect changing business structures and technologies across the economy.
The proposal consisted of five papers, out of which Napier AI commented on Paper 5 ‘Broader reforms to simplify, clarify and modernise the regime’. The paper seeks to replace the current prescriptive AML/CTF program and Customer Due Diligence (CDD) requirements with clear, risk-based and outcomes-focused obligations. This paper also outlines reforms to ensure appropriate information sharing and risk management.
Proposal to simplify business groups:
The Australian government’s Department of the Attorney General has proposed to replace the ‘designated business group’ concept with simplified ‘business groups’. This is to reduce complex compliance burdens and to facilitate greater information sharing between members.
Napier AI welcomes the reforms’ intent to reduce the burden that businesses face interpreting complex provisions, and help regulated entities understand the outcomes they are expected to achieve.
While this approach might be helpful in alleviating costs for smaller entities, compliance, needs careful assessment and policies in place for efficient information sharing across the members of the group supported by the right permissions and controls.
This might be challenging for a diverse ecosystem of individuals and entities with different structures, list data (of vendors and customers) and different levels of risk, legal obligations and data privacy concerns. Complying with AML/CTF obligations in this manner could also lead to entities settling for the ‘lowest denominator’ risk threshold across the group. This may lead to ignoring local risk factors, potentially resulting in non-compliance and reputational harm.
The scope and extent of information sharing within such structures based on the applicable regulation to the group, sensitivity of the information, confidentiality and use of information exchanged and its relevance to AML/CFT risk management should be carefully measured to ensure adequate safeguarding of financial data. Segmenting and segregating compliance frameworks, policies and procedures according to industries and company sizes is recommended. This could be achieved though a multi-org, multi-configuration AML solution supported by flexible permissions and controls.
The right tools can deliver simplicity, and specificity
A multi-org, multi screening configuration deployment of an AML solution enables distinct risk management controls within each of a group’s segregated business units. This can help maintain different risk appetites over different parts of the same organisation held within a common structure, while aligning to information security requirements and regulatory commitments.
Standardised reporting establishes a common standard that simplifies administration and reduces complexity. These features offer organisations a considerable reduction in total cost of ownership for compliance.
Proposed core obligations on Customer Due Diligence (CDD) framework:
The department identified that the current CDD obligations are ‘are overly detailed, complex and are substantively contained in the Rules despite being a core pillar of the AML/CTF regime’.
By clarifying the AML/CTF CDD framework's core obligations, the proposal moves away from a procedural approach to focusing on the intended outcomes. This is a welcome shift, which prompts regulated organisations to consider their role actively in fighting financial crime, and not simply ‘ticking a compliance box’.
Napier AI recommends that customer due diligence needs to be multi-faceted, continuous, real-time, and make use of triggers across a set of dynamic vectors that will flag changing risk level of customers. This can be achieved through Perpetual Client Risk Assessment (PCRA). PCRA aims to ingest real-time information from any risk events such as screening, monitoring and CDD to provide a full 360-degree snapshot of the client and their risk.
PCRA enables a more comprehensive understanding of a client’s financial behaviours and business activities over the course of their business relationship. Using such ‘always listening’ tools for financial crime compliance in line with organisational risk policies and regulations, and across every permutation of risk events, organisations enable a holistic, real-time assessment of financial crime risk.
Read our full response to the consultation questions:
Photo by Quentin Grignet on Unsplash