The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) places a number of obligations on businesses in the financial sector in order to deter and prevent money laundering and terrorism financing.
One of the obligations includes adopting and maintaining an AML/CTF Program which complies with the AML/CTF Rules. The AML/ CFT Act requires that you arrange an independent audit of your AML/CFT program on a regular basis.
Reviewing your AML/CTF Program
Arranging for an independent review of your AML/CTF Program to be conducted is imperative to ensuring compliance with the AML/CTF laws. An independent review ensures that you’re complying with your program and that it:
- properly addresses your money laundering and terrorism financing risks;
- complies with your legal obligation; and
- is working as it should.
Who can conduct an independent review?
The independent reviewer must be someone who:
- was not involved in the design, implementation or maintenance of your AML/CTF Program;
- is not involved in the development of your ML/TF risk assessment or the internal controls in place to manage these risks.
Whilst the reviewer should be someone who understands your business and the ML/TF risks involved, it is necessary to be able to demonstrate that your reviewer is independent. Accordingly, it is important to put measures in place to ensure the reviewer’s independence.
In assessing the suitability of a person to conduct the independent review, a Reporting Entity may consider the following factors:
- whether each reviewer is a member of a professional body that imposes relevant obligations on its members;
- whether each reviewer is sufficiently free from influence by persons involved in the development of Part A of the Reporting Entity’s AML/CTF program, or the Reporting Entity’s risk assessment, and
- the adequacy of the reviewer’s understanding of, and expertise in applying, the obligations of the AML/CTF Act and Rules to the Reporting Entity.
For further information on how to determine whether the review is independent and what is required, please refer to AUSTRAC’s website.
What should be included in the Independent Review?
The review should assess and test:
- the effectiveness of your AML/CTF Program in addressing your ML/TF risks;
- if your AML/CTF Program meets the requirements of the AML/CTF laws;
- how effectively your AML/CTF Program has been implemented; and
- if you have been complying with your AML/CTF Program appropriately.
AUSTRAC may request an independent review report when a remittance or digital currency exchange business wants to renew its registration. Some banks may also require you to provide an independent review report when applying for a bank account for remittance purposes.
Frequency of Independent Reviews
Any business with an AML/CTF Program must have it reviewed regularly. It’s up to each Reporting Entity to determine how often its program is subject to an independent review. Some things you should take into account when making your decision include:
- the nature of your business (i.e. Remitter, Digital Currency Exchange Provider, Financial Planner etc);
- the size and complexity of your business; and
- the type of ML/TF risks your business faces.