Its AUSTRAC 2019 Compliance Report Time!
Did you know that this year’s Compliance report is inclusive of a free text box and behind the scenes analytics so that AUSTRAC can analyse your data better? Now lets get you thinking about some important trigger questions that will help you identify your ML/CTF risk. Remember as a reporting entity you have a legal obligation to complete the report before the 31st March 2020!
Lets get to it!
- Before you start, are your details and designated services correct in AUSTRAC Online?
- Did you offer and new designated services this year? If so make sure you include these and equally if there are services that you no longer offer, remember to remove them from your report.
- How many employees do you have? Did you employ additional? If its more than five and they are employed on a full time basis, make sure you include them all!
- Do you understand how your designated services were/are provided and delivered this year? For example were they via ATM or IDM, were they via your internet banking platform known as mobile application or were they face to face? In any instance they must be listed with additional methods if they don’t fall into a specific category, for further information click designated services.
- Do you outsource any of your domestic and/or international AML activities to a third party provider? This includes alert management and customer screening to AML programme development. Make sure that you list all outsourcing that is utilised by your organisation in your report including multiple providers.
Managing your AML/CTF Program:
- Is your AML/CTF Program up to date? Has the most recent program been signed off by your board and senior management?
- Is your programme undergoing changes? If so what are they, can you demonstrate discussions held with senior management and your board? Do you need to reference the uplift in the free text box provided to give AUSTRAC a clear line of sight of those changes?
- Has your program been independently reviewed? What was the reason for this review, was it based off AUSTRAC feedback, internal uplift of systems, policy or procedure maybe? Any advice given from an external consultants?Are you comfortable if you have not had an independent review for some period of time.
- Are senior management and AML/CTF Officer reporting to your board of directors on a regular basis? Do you know when these meetings occur and what is discussed? Does your record keeping allow you to evidence the ongoing oversight?
- If so, what is management reporting information telling you? Are you comfortable with how you manage your internal risk? Are you using the information to remediate or possibly implement better practice and are you moving towards better compliance? Its always good to ask yourselves these questions!
Assessing ML/TF Risk:
- When was the last time your organisation had a risk assessment? What prompted the risk assessment? Perhaps it was it based off AUSTRAC feedback (e.g. recent typology reports) , internal uplift of systems, policy or procedure? Make sure you add this detail into your compliance report!
Managing Employee Risk:
- How do you conduct your employee due diligence checks? Do you check licensing, perhaps you conduct PEP’s and Sanctions screening using your third party outsourcing provider or you conduct open source or social media checks, whatever the case, make sure you complete with accuracy in your report!
- How do you assess the risk of each role of employment? Perhaps you do sense check different levels of roles within your organisation or is everyone subject to the same level of checks?
- Did you update your training programme this year? What did you change? Did you make specific uplifts to certain areas perhaps? What prompted the change? Training is a pivotal part of AML/CTF awareness, the focus on the “why” we do what we do is important for those in roles that assist protect our community!
- Do you understand the types of customers you have on your book?
- How many high risk customers do you have? You are required to understand the nature of your customers and their business, do you have entities with corporate complex structures or customers living overseas? Do you hold accounts for criminal entities and are they within your risk appetite?
- Has your high risk customer population changed significantly from last year? Do you need to consider explaining why?
- Is your organisation detecting and checking activity and more importantly reporting to AUSTRAC appropriately in the form of SMR’s where required?
- What is your management information telling you? Have the numbers increased or decreased? What does this mean for your risk?
Managing Customer Risk:
- What M.I do you see from the reports? What are the alert levels telling you, do you see a lot of false positives? How are you using the information?
- What factors are given priority for detection? Do you focus on Jurisdictional risk, customer type risk, product or transactional risk? Remember every organisation is different and will have different levels of risk based on their business!
- How does your organisation conduct ECDD? What is your specific methodology? Do you refresh KYC? Do you gather additional information in order to make an informed assessment, you may even require senior management approval at some stage!
Reporting to AUSTRAC:
- Did you table your last compliance report findings to the board? What action items came out of those discussions?
- Do you report to AUSTRAC within the external SLA’s required for TTR’s, ITFI’s and SMR’s?
- If you go over any of the external SLA’s for whatever reason, do you notify AUSTRAC as soon as the matter has come to the attention of Senior Management?
- Do you self-disclose any areas of non-compliance to AUSTRAC and do you know how to do this?
- Are your board aware of all areas of the above? If not, why not?!
AUSTRAC Feedback and Guidance:
- Did you communicate back to AUSTRAC appropriately with an action plan? AUSTRAC want to work with reporting entities not against them so best to be transparent and honest!
Your compliance report can be completed by logging on to your AUSTRAC online account AUSTRAC Online clicking on “My Business” and selecting “Compliance reports”. There are instructions within the form to assist in completion and you can now start your online submission, and you can save your progress as you go as well view last years for 2018. For more information please see; https://www.austrac.gov.au/business/how-comply-and-report-guidance-and-resources/reporting/austrac-compliance-reports”