Insight

AML/CTF for existing entities: key roles in AML/CTF governance

By:
insight featured image

Board and senior management governance is a component of an organisation's AML/CTF compliance framework. It’s essential for ensuring effective ML/TF risk management and maintaining AML/CTF compliance.  

Their involvement in governance, along with that of the AML/CTF compliance officer, is vital to managing ML/TF risk, achieving AML/CTF compliance, and driving an organisation's AML/CTF compliance culture.  

Governance is a crucial role of the Board and senior management in relation to AML/CTF, as they are responsible for: 

  • the organisation’s compliance with AML/CTF obligations.
  • setting the organisational tone, establishing the importance of AML/CTF compliance, influencing the organisation's culture, and ensuring that AML/CTF is appropriately prioritised.
  • fostering a culture of compliance within the organisation, reinforcing the importance of adherence to the AML/CTF Program.
  • defining the organisation’s risk appetite regarding ML/TF risks reasonably faced by the organisation, ensuring risk management strategies align with the organisation’s overall risk tolerance.  
  • ensuring adequate resources such as personnel, technology, and financial investment are allocated to AML/CTF compliance.  
  • ensuring the ML/TF risks associated with the organisation’s operations, products, services, and customer base are understood.
  • ensuring that the AML/CTF Program aligns with the AML/CTF Act obligations and AML/CTF Rule requirements and addresses the specific ML/TF risks the organisation faces.
  • overseeing the implementation of the AML/CTF Program, ensuring that the AML/CTF systems and controls are effectively put into practice and, where necessary, adapted as needed based on emerging ML/TF risks or AML/CTF regulatory changes.
  • reviewing and monitoring performance against the AML/CTF Program to identify areas for improvement.
  • addressing any AML/CTF compliance deficiencies or failures, including the implementation of corrective actions and disciplinary measures if necessary. 
  • ensuring that strategic business decisions consider AML/CTF compliance risks, and that potential ML/TF risk exposure is appropriately mitigated and managed.
  • The oversight of issue/breach management and ensuring that appropriate actions are taken to address the situation in case of an AML/CTF compliance issue or regulatory breach. 

The AML/CTF rules set out the requirements for the Board and senior management to approve Part A of the AML/CTF Program and oversee compliance with it. This is supported by a requirement to regularly commission independent reviews from a suitably skilled and expert independent party to assess the effectiveness of the AML/CTF Program and its compliance with the obligations under the AML/CTF Act and requirements set out in the AML/CTF Rules. 

The revised AML/CTF Act introduces specific governance requirements for the governing body, introduces the concept of a responsible officer and clarifies the role and responsibilities of the AML/CTF compliance officer. 

The new AML/CTF Act emphasises a more detailed and proactive approach compared to the high-level requirements of the previous AML/CTF Rules. It mandates explicit risk-based assessments, regular reviews, and a stronger focus on resource allocation and training. 

The more detailed requirements ensure better alignment with regulatory expectations, regular risk assessments and reviews help identify and mitigate emerging threats, and a clear focus on a top-down approach fosters a stronger organisational compliance culture. 

To ensure a top-down commitment to AML/CTF compliance, fostering a culture of integrity and accountability under the revised AML/CTF Act, the governing body is tasked with ensuring comprehensive risk assessments, implementing a risk-based approach, and providing effective oversight and governance, and: 

  • must oversee the development and implementation of an effective AML/CTF Program. This includes ensuring that the AML/CTF Program (which now includes the ML/TF/PF risk assessment and AML/CTF Policies) is tailored to the entity's specific risks and complies with regulatory requirements.
  • must ensure the reporting entity conducts a comprehensive risk assessment to identify potential ML/TF/PF and the assessment is regularly updated to reflect the entity's risk profile changes.
  • is responsible for implementing a risk-based approach to AML/CTF compliance. This involves requiring the development and maintenance of policies, procedures, and controls proportionate to the identified risks.
  • must appoint a dedicated AML/CTF Compliance Officer. This officer must have sufficient authority, resources, and independence to oversee the entity's AML/CTF program and ensure compliance
  • must ensure that all relevant employees receive regular training on AML/CTF obligations and the entity's policies and procedures. This training should be tailored to the employees' roles and responsibilities
  • is responsible for establishing robust internal controls and monitoring systems. This includes regular audits and reviews of the AML/CTF Program to ensure its effectiveness.
  • must ensure that the entity complies with all reporting obligations, including the timely submission of suspicious matter reports (SMRs) and other required reports to AUSTRAC.
  • must ensure that the entity maintains accurate and comprehensive records of all AML/CTF-related activities. These records must be retained for a specified period and be readily accessible for regulatory review.

For entities that are part of a reporting group, the governing body must ensure a consistent and coordinated approach to AML/CTF compliance across all group entities. This includes sharing relevant information and implementing group-wide policies and procedures. 

The revised AML/CTF Act introduces the concept of a responsible officer to ensure that the AML/CTF Program is effectively designed, implemented, and maintained, addressing specific risks faced by the reporting entity.   

While the responsible officer may also be the AML/CTF compliance officer, if it is a separate role, under the revised AML/CTF Act, the responsible officer (where appointed) oversees the development and implementation of the AML/CTF program, conducts risk assessments, and ensures compliance monitoring and reporting, and: 

  • must oversee the development and implementation of the entity's AML/CTF Program. This includes ensuring that the program is tailored to the specific risks identified in the entity's risk assessment
  • must approve the AML/CTF Program as effective. This includes ensuring that the AML/CTF Program is tailored to the entity's specific risks and complies with regulatory requirements. 

Under the revised Australian AML/CTF Act 2024, the AML/CTF Compliance Officer has several critical roles and responsibilities. These — in the absence of the appointment of a separate responsible officer — include overseeing the development and implementation of the AML/CTF program, conducting risk assessments, and ensuring compliance monitoring and reporting. As well as responsibility for implementing internal controls, ensuring timely reporting, liaising with regulatory authorities, and continuously improving the AML/CTF program.

The AML/CTF Compliance Officer's role is clarified by the revised AML/CTF Act to: 

  • oversee the development and implementation of the reporting entity's AML/CTF program, ensuring that the program is tailored to the specific risks identified in the reporting entity's risk assessment. The Compliance Officer must also ensure that all policies, procedures, and controls are effectively implemented and maintained.
  • conduct and regularly update comprehensive risk assessments to identify potential money laundering, terrorism financing, and proliferation financing risks.
  • ensure that appropriate risk mitigation measures are in place and that the risk assessment is updated to reflect any changes in the entity's risk profile.
  • establish and maintain robust internal controls and monitoring systems. 
  • ensure timely and accurate reporting to AUSTRAC, including submitting suspicious matter reports (SMRs) and other required reports.  
  • develop and deliver regular training programs for all relevant employees that are tailored to their specific roles and responsibilities and should cover AML/CTF obligations and the entity's policies and procedures, ensuring that employees are well-informed and capable of complying with AML/CTF requirements.
  • ensure accurate and accurate documentation and comprehensive record-keeping of all AML/CTF-related activities, maintaining records that are readily accessible for regulatory review.  
  • act as the primary point of contact with AUSTRAC, ensuring prompt responses to regulatory inquiries or requests for information.  
  • maintaining open communication with regulators and addressing any compliance issues that arise in the relevant timeframe.
  • regularly review and update the AML/CTF program, ensuring it remains effective and up to date with regulatory requirements and emerging risks. This involves staying informed about changes in the regulatory landscape and best practices. 

The revised AML/CTF Act 2024 also introduces a fit and proper regime to ensure the reporting entity’s governing body ensures that individuals appointed as AML/CTF Compliance Officers meet specific standards of integrity and competence, including: 

  • Conducting thorough background checks on individuals being considered for the role of AML/CTF compliance officer, including verifying the individual's qualifications, experience, and any history of criminal activity or regulatory breaches. This applies to persons who are both internal or external to the reporting entity.
  • Ensuring that the AML/CTF Compliance Officer has the necessary skills, knowledge, and experience to perform their duties effectively, demonstrating a thorough understanding of the AML/CTF Act and AML/CTF Rules, as well as the ability to implement and oversee compliance with the AML/CTF Program.
  • Regularly assess the performance and suitability of the AML/CTF Compliance Officer through periodic reviews of the officer's performance and ensuring they continue to meet the fit and proper criteria. Any issues identified must be addressed promptly.

These measures aim to ensure that AML/CTF Compliance Officers are well-equipped to fulfill their responsibilities and maintain the integrity of the AML/CTF regime. 

The revised AML/CTF Act introduces new civil penalty provisions in relation to the governance arrangements, increasing the regulatory risk of non-compliance. These include: 

  • Failure to exercise ongoing oversight of the ML/TF risk assessment, compliance with AML/CTF policies, and compliance with the AML/CTF regime.
  • Failure to designate an AML/CTF Compliance Officer and notify AUSTRAC within 28 days of providing a designated service.
  • Failure to ensure the AML/CTF Compliance Officer is a fit and proper person. 

In summary

The revised Australian AML/CTF Act 2024 clearly delineates the roles and responsibilities of the governing body, the responsible officer, and the AML/CTF Compliance Officer, which have been summarised below: 

  • The governing body is tasked with ensuring comprehensive risk assessments, implementing a risk-based approach, and providing effective oversight and governance.  
  • The responsible officer (where appointed) oversees the development and implementation of the AML/CTF program, conducts risk assessments, and ensures compliance monitoring and reporting. 
  • The AML/CTF Compliance Officer is responsible for implementing internal controls, ensuring timely reporting, liaising with regulatory authorities, and continuously improving the AML/CTF program. 

We are here to help 

While the requirements do not come into play until mid-2026, it is important to start planning and preparing for the changes to the AML/CTF requirements now. With a short lead time to compliance and limited AML/CTF experts across Australia, demand will only continue to increase as the reporting date approaches. If you would like to discuss any of the above with one of our AML/CTF specialists, please reach out.  
 

Learn more about how our Anti-Money Laundering reforms services can help you
Visit our Anti-Money Laundering reforms page
Learn more about how our Anti-Money Laundering reforms services can help you