In this three-part series, we will be summarising the steps you need to take to set up a successful AML compliance programme for your business.
This series is meant to help Lawyers, Accountants, Real Estate Agents and Financial Services subject to the AML/CTF Act. This guide is designed for anyone in the organisation involved in the AML/CTF Compliance Programme.
If you’d like to go straight into the thick of it, you can download the complete guide for free here!
For the past few weeks, we've been covering Parts 1 and 2 of setting up an AML/CTF compliance programme. In Part 1, we talked about the first three things you must consider when setting up your AML compliance programme. In Part 2, we covered Step 4 of the process which is about Customer Identification and Due Diligence processes. This week, let's talk about the final steps involved in setting up a compliance programme.
5. Enhanced customer due diligence
Enhance customer due diligence involves carrying out extra checks on a customer's identification, and collecting additional information and doing additional verification. This is because the due diligence measures that are appropriate for a particular customer may change over time as the L/TF risk profile of the customer changes. Carrying out ECDD allows you to decide whether a suspicious matter should be reported. Here are a couple of examples of high risk situations where ECDD is necessary:
- the service you are asked to provide is for a customer who is (or has a beneficial owner who is) a foreign politically exposed person (PEP);
- A customer's suspicious activity or behaviour may lead to you making a suspicious matter report (SMR).
6. Transaction monitoring
Transaction monitoring ensures you are meeting your OCDD and ECDD obligations under the Act, as well as reporting suspicious activity to AUSTRAC. You should include your transaction monitoring in Part A of your AML/CTF Programme, defining how you identify suspicious customer activity including unusually large transactions, complex transactions and unexpected patterns of transactions.
7. Employee due diligence
You must screen your employees as part of your AML/CTF Programme. Your screening must be based on your Risk Assessment, including what processes you have in place to mitigate risk by screening your employees. This screening process should include verifying their identity, confirming their employment history, and deciding on whether they don't pose a risk to your business based on your information.
8. Employee training
All reporting entities must provide AML/CTF risk awareness training to their relevant staff. Providing risk awareness training to your staff is a key part of Part A of your Compliance Programme. It must cover the ML/TF risks your business could face, your business's obligations under the AML/CTF Act, and the consequences of not complying.
Certain transactions and suspicious matters must be reported to AUSTRAC. Ongoing reporting obligations include, but not limited, to:
- Threshold transaction reports for transfers over AUD$10,000 in cash, due 10 business days after the transaction is complete.
- International funds transfer instruction (IFTI) reports for any transfer into or out of Australia, due 10 business days after the transaction is complete.
- AUSTRAC compliance reports when requested by AUSTRAC to tell them how you are complying with the AML/CTF Act and AML/CTF rules.
10. Record keeping
All reporting entities need to keep a full and accurate record of transactions, customer identification procedures, and your compliance programme. They must be stored securely, and in a manner that can be easily accessed and audited. You can find the full list of the types of records you must keep in the Complete Guide to Setting Up a Successful AML Compliance Programme.
11. Independent reviews
Part A of your AML/CTF Programme must be regularly and independently audited. The frequency and type of independent review (audit) will vary depending on the size, nature and complexity of your business, as well as your ML/TF risk profile. A review will ensure that you are properly addressing your ML/TF risks, complying with your legal obligations, and that your programme is working. That's it! You've covered all the 11 steps required to set up a successful AML Compliance Programme! If you're looking for more detailed information on all the steps required to set up the programme, download the Complete Guide to Setting Up a Successful AML Compliance Programme today.
About First AML
First AML is an AML technology provider, and the maker of Source, an all-in-one AML platform. Source powers thousands of compliance experts around the globe to reduce the time and cost burden of complex and international entity KYC. Its enterprise-wide, long term approach to the KYC / CDD data lifecycle addresses time and cost challenges while minimising compliance, reputational and security risks.