AUSTRAC urges businesses to update risk assessments, following FATF reports

The Australian anti-money laundering regulator has urged reporting entities to review their risk assessments and compliance controls in the context of two new reports from the Financial Action Task Force (FATF).

The Australian Transaction Reports and Analysis Centre (AUSTRAC) said the reports from the international standard setter have updated the money laundering and terrorism financing (ML/TF) risk landscape.

FATF’s reports set out the jurisdictions that pose a risk to the international financial system. The FATF ” call to action” for North Korea and Iran remains in effect. In addition, the ” grey list” of countries under increased monitoring has been expanded to include Haiti, Malta, the Philippines and South Sudan. The “call to action” covers the two countries on the prohibited “black list”: Iran and North Korea. For these jurisdictions, the FATF has urged all other countries to apply enhanced due diligence or counter-measures to protect the international financial system from the money laundering, terrorist financing and proliferation financing.

FATF has postponed the review process for countries in the “black list” because of the COVID-19 pandemic.

“While the statement may not necessarily reflect the most recent status of Iran and the Democratic People’s Republic of Korea’s AML/CFT regimes, FATF’s call for action on these high-risk jurisdictions remains in effect,” the agency said. The expansion of the “grey list” includes the four new countries that have strategic deficiencies in their AML/CTF regimes and are actively working with the FATF to address them.

“Reporting entities should be aware of countries that pose a higher risk of money laundering or terrorism financing and use this information to help guide ML/TF risk assessments, compliance programs and decisions about submitting suspicious matter reports to AUSTRAC,” AUSTRAC said.

In a recent interview, Sonja Marsic, senior executive lawyer with the Australian Government Solicitor, said failing to update risk assessments in the face of new information was a common failing for reporting entities.


“We all know the external environment can be dynamic. But I often see that businesses are not creating feedback loops to ensure that trends identified through transaction monitoring or internal intelligence are then considered when updating risk assessments,” Marsic said.

“I would expect to see processes set out in the Part A Program to ensure appropriate information flows so that business divisions aren’t operating in silos. And this is very much part of appropriate governance and oversight.”

Neil Jeans, consultant with Initialism in Melbourne, said managing ML/TF risk for any reporting entity is not a “set and forget” process.

“Most reporting entities operate in dynamic external environments. However, it should also be recognised that the internal environment can be equally dynamic and can result in significant change in the ML/TF risks faced,” Jeans said.

“In my experience, AML/CTF non-compliance is frequently predicated on an out-of-date understanding of the ML/TF risks faced.”  

AUSTRAC has stressed that, as part of an AML/CTF program and reporting obligations, businesses need to be aware of which countries, regions and groups may pose an elevated ML/TF risk.

“Customers from any of these places, and transactions to or from these places, require careful monitoring. You should have risk-based systems and controls in place for these customers and transactions,” AUSTRAC said.

This article first appeared on Thomson Reuters Regulatory Intelligence.

Subscribe toInsights

Discover best practice and keep up-to-date with insights on the latest industry trends.