The Australian Transaction Reports and Analysis Centre (AUSTRAC) is well known as Australia’s financial intelligence agency. It was perhaps not as well known for its regulatory responsibility – at least before 2015 – for the anti-money laundering and counter-terrorism financing regime created by the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act) and Rules.
Any doubt as to AUSTRAC’s status as a regulator, however, was removed in 2015 when the AUSTRAC CEO made an application in the Federal Court against Tabcorp for a pecuniary penalty for breaches of the AML/CTF Act. Now, AUSTRAC’s latest focus is the buy now, pay later start-up, Afterpay Pty Ltd (Afterpay), In the midst of Afterpay’s shares continuing to dive, this article will explore AUSTRAC’s power and the laws it seeks to ensure are not being broken by institutions such as Afterpay and Tabcorp, leaving one to wonder, who is next on the watchdog’s hit list?
The Anti Money-Laundering and Counter-Terrorism Financing Act
Australia’s financial crime control law reflects the recommendations made by the international and inter-governmental body, the Financial Action Task Force. One key component of the Australian regime is the AML/CTF Act.
The AML/CTF Act aims to combat money laundering and the financing of terrorism via imposing a number of obligations on the financial sector, gambling sector, remittance (international money transfer) services, bullion dealers and other professionals or businesses (known as “reporting entities”) that provide particular services (known as “designated services”).These obligations include collecting and verifying certain “know your customer” (KYC) information about a customer’s identity when providing those services.
The AML/CTF Act and Rules together implement a principles-based and risk-based approach to regulation. This means that reporting entities determine how they meet their obligations based on their assessment of the risk of whether providing a designated service to a customer may facilitate money laundering or terrorism financing.
What happens when entities breach this regime?
In cases of non-compliance with the AML/CTF Act, the AUSTRAC Chief Executive Officer (CEO) may apply for civil penalty orders under s 176 of the AML/CTF Act. If the Federal Court is satisfied that a reporting entity has contravened a civil penalty provision, then the Federal Court may order a pecuniary penalty to be paid to the Commonwealth.
Case study: Tabcorp and the $45 million penalty
On 16 March 2017, the Federal Court ordered that Tabcorp pay a massive $45 million pecuniary penalty for breaches of the AML/CTF law. This penalty was the highest ever civil penalty in Australian corporate history. The penalty was applied for as a consequence of Tabcorp failing to:
- have a compliant AML/CTF program for over 3 years to manage the risk of money laundering and terrorism financing;
- give AUSTRAC reports about suspicious matters on time or at all on 105 occasions;
- identify a customer who collected $100,000 in winnings; and
- enrol with AUSTRAC on time.
More generally, AUSTRAC considered that Tabcorp’s corporate culture was indifferent to a meaningful AML/CTF compliance and risk mitigation.
The Tabcorp matter preceded an application for a pecuniary penalty against the CBA the same year. In August 2017, the AUSTRAC CEO made an application for a civil penalty against CBA. On 20 June 2018, the Federal Court ordered CBA to pay an incredible $700 million pecuniary penalty for its breaches of the AML/CTF law. The CBA matter involved more than 53,000 contraventions of the AML/CTF Act. These contraventions fell into the following categories:
- CBA failed to carry out an appropriate assessment of the money laundering and terrorism financing (ML/TF) risks of its Intelligent Deposit Machines (IDMs) prior to October 2017.
- CBA failed to complete the introduction of appropriate controls to mitigate and manage the ML/TF risks of IDMs prior to April 2018.
- CBA failed to provide 53,506 threshold transaction reports to AUSTRAC on time for cash transactions of $10,000 or more through IDMs from November 2012 to September 2015, having a total value of about $625 million.
- For a period of three years, CBA did not comply with the requirements of its AML/CTF program relating to monitoring transactions on 778,370 accounts.
- CBA failed to report suspicious matters on time, or at all, involving transactions in the tens of millions of dollars.
- Even after it became aware of suspected money laundering or structuring on CBA accounts, CBA did not monitor its customers to mitigate and manage ML/TF risk, including the ongoing ML/TF risks of doing business with those customers.
How to stay compliant for AUSTRAC in 2019
The pecuniary penalties ordered against Tabcorp and CBA were unprecedented not just in relation to AML/CTF law but also corporate history more generally. The cases demonstrate themes of (1) poor corporate culture as well as (2) non-compliance with specific parts of the AML/CTF Act.
As the first anniversary of the CBA litigation approaches, it might serve as a timely reminder for reporting entities to carefully identify and review their AML/CTF processes to avoid becoming AUSTRAC’s next target.
Fundamentally, the principles-based and risk-based regime set out in the AML/CTF Act requires reporting entities to embrace their requirement to comply with AML/CTF processes both consciously and proactively. This must start at the top of an organisation. Once the corporate culture has embraced AML/CTF obligations, this should facilitate the necessary attention and resources being given to that organisation’s AML/CTF processes.
Moving forward, now that AUSTRAC have resurfaced as a regulator well attuned to financial services activities in Australia, it’s only a matter of time before more names crop up as their next companies of interest.
Dr Mathew is the newly commissioned author of the legal resource, Financial Crime Control and Anti-Money Laundering.