The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act), regulates a wide range of “reporting entities”, including businesses in the financial services sector, the gambling sector and bullion dealers. These reporting entities are regulated to the extent that they provide “designated services” under the Act. Section 6 of the Act defines a “designated service” to include a wide range of business activities, including opening an account with a financial services provider, becoming an account signatory, making a loan or providing credit, conducting a transaction, providing a lease, issuing a life insurance policy, exchanging currency and receiving a bet or conducting a gambling service.

An important impact of the AML/CTF Act is that small businesses that come within the definition of a reporting entity are required to comply with the National Privacy Principles and the obligations of the Privacy Act, even if they otherwise would not have been subject to the Privacy Act’s coverage. The regime established under the AML/CTF Act is detailed and failure to comply with the Act can carry heavy penalties, including fines of up to $11 million.

The Act requires reporting entities to undertake customer identification procedures before providing services to individuals. Those customer identification procedures have been defined by Pt 2 of the Act and by Rules issued under the Act. Where there are suspicious matters, these must be disclosed to AUSTRAC.

Certain procedures must also be adopted for the ongoing surveillance of designated services through developing and implementing anti-money laundering and counter terrorism financing programs for the purpose of identifying and materially mitigating risks. These due diligence procedures must be relevant to the risk profile of customers, and where the due diligence identifies any suspicious behaviour, this must be reported to AUSTRAC. Under record keeping requirements in Pt 10 of the AML/CTF Act, certain information must also be retained by the reporting entity for a period of seven years (s 107).

The Act extends obligations to collect personal information, with greater requirements for identification and less scope for individuals to make anonymous transactions (overruling NPP 8). The Privacy Commissioner has noted that this might mean that businesses need to change their privacy notices that they provided to individuals when they collect personal information, since they must tell individuals when they are collecting personal information for the purpose of meeting their AML/CTF obligations.

To determine if your business operations is regulated by the AML/CTF Act and you are required to register with Austrac and have on hand relevant policy documents please contact Affinity Lawyers on 07 5630 6888.