On 21 November 2022 AUSTRAC released for consultation draft guidance for financial institutions when providing designated services to customers that are assessed as high risk for money laundering and terrorist financing (ML/TF). While de-banking of certain industries is not new, the consultation follows an increase in financial institutions either declining, withdrawing or limiting the designated services provided to customers that are assessed as high risk for ML/TF. The guidance responds to the Council of Financial Regulators third recommendation in the Potential Policy Responses to De-Banking in Australia report released in August 2022, to provide guidance to the four major banks of AUSTRAC’s expectations in relation to their risk tolerance and requirements to bank the digital currency exchange (DCE), fintech and remittance sectors.

AUSTRAC has expressed concern that customers assessed as high risk are turned away and de-banked by financial institutions are seeking unregulated alternatives, reducing the information gathered by financial institutions and reported to AUSTRAC. This creates a gap in regulatory oversight and reduces the ability to detect and prevent ML/TF and other serious crimes. The detriment caused by de-banking was outlined by AUSTRAC in a media release on 29 October 2021 after many years of industry voicing concerns.

While the substance of the guidance does not change statutory obligations for reporting entities, it clarifies AUSTRAC’s expectations of the way that reporting entities and high-risk customers manage their relationship to mitigate de-banking. As a key component, AUSTRAC’s expectations are that financial institutions request high risk customers that are reporting entities disclose significant aspects of their anti-money laundering and counter-terrorism financing (AML/CTF) compliance framework so they can make informed decisions as to the residual ML/TF risk of these customers. Ultimately, limiting or ceasing to provide designated services to high-risk customers is unaffected and remains a commercial decision, however, it is expected that such decisions will be made on a case by case basis after the financial institution has considered information relevant to a particular customer, rather than blanket refusals to bank entire industries (unless the financial institution does not have the resources to understand how a specific customer type or industry sector operates).

Importantly, the guidance reiterates that the decision to provide designated services is a commercial one to be made by the financial institution and that the financial institution is in control of requesting information about the high-risk customer. It does however provide clarity for high risk customers on the types of conversations they can expect to have with financial institutions in order to demonstrate they have appropriate systems and controls in place to manage and mitigate their ML/TF risks. Further, it may also serve to realign financial institutions policies and approaches to high-risk customers so that a more fulsome assessment is undertaken on a case by case basis, before a customer is de-banked.   

Although the intended audience for the draft guidance is specifically financial institutions and their customers that are assessed as high risk, in the remittance, DCE and fintech sectors, principles may also be applicable to reporting entities with high-risk customers that are also reporting entities.

Summary of the guidance for financial institutions

The guidance for financial institutions reiterates existing statutory obligations applicable to reporting entities, although it clarifies AUSTRAC’s expectations of the practical steps a financial institution may take as part of its risk-based procedures in relation to higher ML/TF risk customers.

Special considerations for high-risk customers regulated by AUSTRAC

The consultation contains guidance for financial institutions on AUSTRAC’s expectations where a high-risk customer is also a reporting entity. It is expected that a financial institution will consider the residual ML/TF risks presented by AUSTRAC regulated entities, at the beginning of a relationship and on an ongoing basis.

It is clarified that AUSTRAC does not expect a financial institution to undertake a comprehensive audit or review of a customer’s ML/TF risk assessment procedures, but they should consider asking themselves “do the business’ measures to identify, mitigate and manage ML/TF risks appear to be reasonable?”.

Summary of AUSTRAC’s guidance for high-risk customers of financial institutions

1. What high risk business customers can do to increase their chances of being provided banking services

  • Be transparent about the nature of your business and the purpose for which you are seeking to use a financial institution’s service.

  • Provide relevant information that may be requested of you in a timely manner including relevant documentary or electronic evidence to:

    • help the financial institution understand the legal structure of your business, and the individuals who ultimately own or control it;

    • describe in sufficient detail the types of services you provide to your customers;  

    • show that you understand, and have met, all licensing and other regulatory requirements applicable to your business under Commonwealth, state, territory or local laws and any relevant overseas laws;

    • share the results of any reviews of your own regulatory and risk management systems and follow-up actions (where permitted);

    • share information about the types of customers you provide services to (you do not need to disclose identifying information about individual customers);

    • provide details of the geographical locations in which your customers reside and/or the locations to which they transfer value using your services; and

    • indicate the expected volumes of transactions you are likely to engage in using the financial institution’s services.

    • your AML/CTF Program was designed for your business and is not a template or restatement of the AML/CTF laws;

    • senior management oversee and support implementation of the AML/CTF Program;

    • staff understand and implement the AML/CTF Program and receive appropriate training in accordance with the AML/CTF Rules;

    • your AML/CTF compliance officer has the seniority, competence and resources to oversee the AML/CTF Program and can understand and speak with confidence about the systems and controls implemented.

2. Additional steps high risk reporting entities (DCEs, remitters and fintechs) can take to increase their chances of being provided banking services  

  • Be prepared to provide evidence that you are complying with your AML/CTF obligations and are implementing the systems and controls in your AML/CTF program effectively.

  • Assess and understand your business’s specific ML/TF risks, ensuring you have appropriate risk-based systems and controls in relation to these risks.

  • Implement an AML/CTF program that is tailored to your ML/TF risks that has appropriate risk-based systems and controls, complies with the AML/CTF Laws and takes into account applicable AUSTRAC guidance.

  • Ensure customer due diligence is adequate for your customer types, designated services and jurisdictions you deal with.

  • Provide relevant information that may be requested of you in a timely manner including relevant documentary or electronic evidence to: Be prepared to demonstrate, if asked that:

    • help the financial institution understand the legal structure of your business, and the individuals who ultimately own or control it;

    • describe in sufficient detail the types of services you provide to your customers;  

    • show that you understand, and have met, all licensing and other regulatory requirements applicable to your business under Commonwealth, state, territory or local laws and any relevant overseas laws;

    • share the results of any reviews of your own regulatory and risk management systems and follow-up actions (where permitted);

    • share information about the types of customers you provide services to (you do not need to disclose identifying information about individual customers);

    • provide details of the geographical locations in which your customers reside and/or the locations to which they transfer value using your services; and

    • indicate the expected volumes of transactions you are likely to engage in using the financial institution’s services.

    • your AML/CTF Program was designed for your business and is not a template or restatement of the AML/CTF laws;

    • senior management oversee and support implementation of the AML/CTF Program;

    • staff understand and implement the AML/CTF Program and receive appropriate training in accordance with the AML/CTF Rules;

    • your AML/CTF compliance officer has the seniority, competence and resources to oversee the AML/CTF Program and can understand and speak with confidence about the systems and controls implemented.

  • Be responsive with financial institutions when they request further information.

Consider a more open dialogue with financial institutions about the services you provide. While the guidance does not introduce new statutory requirements, and many DCEs, remitters and fintech businesses have already attempted these strategies in response to de-banking with limited success, it provides a clear message around AUSTRAC’s expectations of both financial institutions and high-risk customers, which will hopefully lead to each party better navigating their AML/CTF obligations and enabling more efficient commercial discussions and fair outcomes that protect Australia from ML/TF and other serious crimes.

Next Steps: How G+T can help

The consultation period is open until 21 December 2022. If you would like to discuss your options or prepare a submission to Treasury, please contact our Fintech + Web3 team .

 

KNOWLEDGE ARTICLES YOU MAY BE INTERESTED IN:

Consultation on AUSTRAC industry contribution

AUSTRAC releases AML/CTF guide for digital currency exchange providers

Financial Accountability Regime: Not FAR away now