Afterpay escapes enforcement action over millions of ‘technical’ AML breaches

Australian fintech giant Afterpay has escaped formal enforcement action over millions of “technical” breaches of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006.

The Australian anti-money laundering regulator has issued a “no further action” letter to the Australian Securities Exchange (ASX)-listed company following its independent audit in 2019. The external review found that Afterpay had breached the AML/CTF Act on millions of occasions but was unlikely to have facilitated any actual money laundering.

The technical nature of the breaches and the low-risk nature of Afterpay’s business model prompted the Australian Transaction Reports and Analysis Centre (AUSTRAC) to refrain from taking further action.

Afterpay said in an ASX announcement on Wednesday that it had received final notification from AUSTRAC, following the AML agency’s consideration of the Final Audit Report. The audit was undertaken by Neil Jeans, founder of Initialism, in the second half of 2019.

In the letter to Afterpay, AUSTRAC said it had taken into account the company’s efforts to improve its AML/CTF compliance framework and financial crime function. The regulator said it had “satisfactorily completed all required remediation activity.” 

Elana Rubin, Afterpay’s chairman, said AUSTRAC’s decision would provide welcome certainty to Afterpay shareholders. She said it was a reflection of the constructive working relationship between AUSTRAC and its reporting entities.

“AUSTRAC’s decision … acknowledges the work the company has undertaken to strengthen its AML/CTF compliance,” Rubin said.

“The external audit provided Afterpay with the opportunity to better understand our obligations and to improve the way we manage our AML/CTF risks. We will use these learnings and our ongoing engagement with AUSTRAC to continue enhancing our AML/CTF framework as the business continues to grow.”

In June 2019, AUSTRAC ordered the appointment of an external auditor to Afterpay to examine its compliance with the AML/CTF Act.

“In response to the findings and recommendations identified in the external audit report, Afterpay has uplifted its AML/CTF compliance framework and financial crime function, and completed all remediation necessary to ensure compliance,” AUSTRAC said in a statement.

“AUSTRAC has reiterated the importance for Afterpay to meet its compliance obligations in the future and will continue to work with Afterpay to ensure they understand their compliance obligations and role in fighting financial crime to protect the Australian community from harm.”

The AML agency said the case was a “reminder to new and emerging financial services businesses” that they need to take their AML/CTF obligations seriously.

“Start-up ventures and technology-based financial businesses must consider whether they have AML/CTF obligations and if they do put in place systems and controls that identify and mitigate money laundering and terrorism financing risks,” AUSTRAC said.

Afterpay’s “buy now, pay later” business model is relatively low-risk from an AML/CTF perspective. Even so, the business undertakes five “designated services” each time it enters a relationship with the customer. There is one designated service when it issues a loan to a customer and a designated service is provided each time the customer makes the four required repayments.

Subscribe toBusiness Insight

Discover best practice and keep up-to-date with insights on the latest industry trends.