AUSTRAC: Risk Assessments Must be Alive to Emerging Threats

National Manager Regulatory Operations Brad Brown discusses AUSTRAC’s continued release of guidance materials, key takeaways from its enforcement actions, the ongoing work to upgrade its reporting system, and efforts to further advance Australia’s AML/CTF system.

This interview was conducted for the “AML Tech Barometer 2023” report, published by NICE Actimize and Regulation Asia to explore AML and fraud trends based on survey and interview data collected from 289 practitioners in Asia Pacific.

From an AML/CTF perspective, what risks are AUSTRAC most concerned about and how are they being addressed?

Brad Brown: I would like to suggest there is a more positive outlook, but unfortunately criminals will continue to explore and exploit weaknesses within the financial system to launder their proceeds of crime and in doing so cause harm to the community. We are increasingly vigilant of risks arising from new technologies, new payment methods and new products.

This is why it is so important that businesses take their AML obligations seriously in relation to understanding the risks within their business operations. AUSTRAC continues to provide financial intelligence and expertise to law enforcement and industry to assist in the understanding and efforts to disrupt these risks. Our ongoing positive engagement with domestic and international partners is critical to our success in protecting the community from harm.

Have there been any specific trends that AUSTRAC has observed from SMRs and how are these being addressed?

Brad Brown, National Manager Regulatory Operations, AUSTRAC

Brad Brown, National Manager Regulatory Operations, AUSTRAC

Brad Brown: Given the broad expanse of businesses that report suspicious activity to AUSTRAC, specific trends are somewhat difficult to call out, however as Australia and other jurisdictions have faced increased cyber-related threats, we have experienced increased reporting of scams and frauds.

AUSTRAC has produced financial crime guides to industry sectors including banking in relation to preventing the criminal abuse of digital currencies, detecting and stopping ransomware payments and the misuse of payment fields. More recently, AUSTRAC’s Fintel Alliance in partnership with the Australian Border Force released a financial crime guide in relation to trade based money laundering in Australia.

All of these reports have leveraged law enforcement and industry partners to bring the most contemporary understanding of risks to assist all regulated businesses.

You mention digital currencies, how does AUSTRAC mitigate the financial crime risks commonly associated with these assets?

Brad Brown: AUSTRAC has been quick to work with law enforcement partners and digital currency exchanges to generate information on preventing the criminal abuse of digital currencies. Australia was an early adopter of regulation for digital currency exchanges.

Since April 2018, AUSTRAC has regulated digital currency exchange providers on their compliance with AML/CTF laws. This regulation helps to mitigate the risk of criminals misusing digital currency for money laundering, terrorism financing and cybercrime. AUSTRAC knows that cryptocurrencies have been used in financial and other serious crimes and that global activity and technology continues to rapidly change.

The Australian Government is continuing to explore the wider framework in relation to digital assets and AUSTRAC will provide input to those ongoing efforts.

You’ve highlighted several new pieces of guidance that AUSTRAC has issued this year. What message would you like this to send to the industry?

Brad Brown: AUSTRAC regulates over 17,000 reporting entities, including banks, credit unions, financial services, gambling, remittance and digital currency exchange service providers and bullion dealers. The AML/CTF Act requires reporting entities to identify, mitigate and manage the risk that their products and services may be used to facilitate money laundering or other serious and organised crimes.

The overarching messages from our continued release of guidance is firstly for industry to understand and assess the risks they face, not just as a one-off exercise but as a cyclical approach as risks of criminal exploitation are not static. In providing the myriad of financial crime guides and risk assessments arising from AUSTRAC’s relationships with law enforcement partners and industry, we see this guidance as a key source of assistance to industry.

Secondly, there are very important AML/CTF obligations relating to understanding the interactions with a customer through the life cycle of that relationship, and it is through good practice application of due diligence and transaction monitoring that industry has the opportunity to protect itself from criminal abuse, protect its customers, and provide significant information to support efforts to disrupt harm in the community.

The intelligence and information shared by the financial services sector is critical in helping AUSTRAC and its partners identify and dismantle criminal networks moving the proceeds of crime through the Australian financial system.

What key lessons should firms be taking away from AUSTRAC’s enforcement actions?

Brad Brown: At its most simplest, a key takeaway would be that AML/CTF programmes must be a living document, not ‘set and forget’. A risk assessment must be alive to new risks arising from products being provided, new customers engaged in those products, and new markets and opportunities the business is engaged in.

In circumstances where there are global programmes and operations, risks and obligations specific to Australia need to be documented. Businesses should be actively seeking review, audit and assurance and for that to be more than simply the words on the page but the practices in operation.

AUSTRAC works closely with our reporting entities and expects them all to comply with the AML/CTF legislation. We will take appropriate action where we identify instances of non-compliance which give us concern as to the capability of the business to effectively identify, manage and mitigate its risks, and which therefore exposes the business and the financial system to criminal abuse.

Does AUSTRAC have specific expectations for the industry on technology adoption?

Brad Brown: AUSTRAC expects that when the banking industry is adopting innovative technology and practices that they are acutely aware and have assessed the risks of new platforms and products and that there is strong governance surrounding decisions made as the technology is deployed within the banks AML programme.

Importantly, strong assurance must follow implementation to minimise the risk, and/or identify the risk of unintended consequences, particularly where the technology interfaces with existing legacy technology.

One of AUSTRAC’s own technology initiatives is to upgrade your reporting system. How has this work been progressing?

Brad Brown: AUSTRAC’s Reporting Entity System Transformation (REST) programme is well underway and has been providing regular updates through our website on recent activities and upcoming and future areas of focus.

Throughout 2022, there has been significant effort in standardising AUSTRAC international funds transfer instructions (IFTI) reporting schemas to align with the introduction of the ISO 20022 cross-border messaging industry standard which is being rolled out globally from March 2023.

AUSTRAC is very keen to hear from reporting entities wishing to provide feedback on the elements of the programme. Reporting entities can visit our REST webpage, which provides a one stop shop for such feedback.

As part of the REST programme, AUSTRAC is upgrading AUSTRAC Online technology for modern connectivity to allow greater reporting ingestion speed, capacity, and enhanced user-focused efficiencies and functionality for reporting entities.

New functionality planned within the REST programme includes greater feedback to reporting entities on submitted transaction reports, provision of a secure platform for two-way exchange of information, and delivery of a knowledge base functionality for one stop access to all relevant AUSTRAC information.

Looking ahead, how does AUSTRAC intend to further advance Australia’s AML/CTF system?

Brad Brown: AUSTRAC continues to work with the Attorney-General’s Department on a range of reforms arising from the Statutory Review of the AML/CTF legislation. In doing so also have regard to changing international standards and the changing criminal threat environment.

We certainly continue to explore options to extend the reach of the AML/CTF regime where appropriate and, following 16 years of the legislative regime, identify legislative provisions that can be streamlined and clarified in order to provide certainty for business and reduce undue impact whilst responding more effectively to new risks, new technologies and new practices.

Just as we do not expect industry to rest on its laurels, the same is true of AUSTRAC. We are continually looking across our regulatory and intelligence operations to ensure we maximise the information made available to us for its value to disrupt money laundering, terrorism financing and serious crime, and its value in supporting how we apply our regulatory tools to assist businesses to comply and act swiftly on areas of non-compliance.

As mentioned earlier we have a substantial programme of transformation to assist in the future reporting and engagement between AUSTRAC and industry.

This interview was conducted for the “AML Tech Barometer 2023” report, published by NICE Actimize and Regulation Asia to explore AML and fraud trends based on survey and interview data collected from 289 practitioners in Asia Pacific. Download the report here. 

To Top
Share via
Copy link
Powered by Social Snap