In the last month, AUSTRAC has published guidance in the following areas:
How to submit more effective suspicious matter reports (SMRs)
Applicable customer identification procedures (ACIP) and ongoing customer due diligence
AUSTRAC's expectations of risk-based procedures
Although this is a technical update, not a change to the law, it's important digital currency exchanges keep abreast of AUSTRAC's guidance and publications. Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Programs and associated procedures should be continuously evolving and reviewed.
A review of your AML/CTF Program, ML/TF register and other applicable procedures against AUSTRAC's guidance is important.
Amendments need to be adopted by the Board (or CEO if your company has a sole Director) and be fully implemented.
Reviewing the SMR reference guide against current SMR reports and procedures is an important first step to determine if SMRs being generated are in line with AUSTRAC's expectations. Some examples from this guide or AUSTRAC's SMR reporting checklist should be incorporated into your existing AML/CTF Program as a risk mitigation strategy (if your AML/CTF Program doesn't already address this).
Ensuring your ACIP and ongoing customer due diligence procedures are up to date is also of great importance - these need to be reviewed against AUSTRAC's guidance and examples relating to:
A risk based approach needs to:
Take into account customer types, products and services, geographical links and delivery channels;
Be documented, understood and overseen by senior management;
Be included within AML/CTF training;
Be continually reviewed and updated;
Include entity-level risks and also the risks of individual customers and business relationships; and
Be regularly reviewed for effectiveness and updated as required.
Registered digital currency exchanges that are developing or updating Part A of their AML/CTF Program are required to take into account any:
applicable guidance material disseminated or published by AUSTRAC, and
feedback provided by AUSTRAC in respect of their business or the DCE industry,
which is relevant to the identification, mitigation and management of the ML/TF risks arising from their digital currency exchange services (and other designated services they may provide).
Unfortunately, however, when we undertake independent reviews, this is commonly not the case. Rather we have observed:
AML/CTF Programs often state that only AUSTRAC guidance and feedback specifically provided to the entity will be incorporated into their AML/CTF program
AML/CTF Programs are not updated to reflect all of AUSTRAC’s guidance and feedback.
If your DCE has been operating for two or more years and has not undertaken an independent review, you should do so urgently and at least before the end of this year. This is so you can report that you have undertaken an independent review in next year's Annual Compliance Report. Otherwise, AUSTRAC is likely to ask why you haven't.
In other news, AUSTRAC has recently upgraded its business profile form, which is a welcome change, to a web-based solution. Although a long-awaited upgrade, it's not without quirks. Once drafted and saved, a user needs to log-in every 3 days, otherwise the new content in the form will be erased.