AUSTRALIA Law and Practice Contributed by: Andrew Stone, Dhanushka Jayawardena, Andrew Choi and Chris Kinsella, Holding Redlich
legislation. The new regime expressly requires that an AML/CTF programme documents a reporting entity’s risk assessment. The assessment must identify and assess the risks associated with money laundering, terrorism financ - ing and proliferation financing that it may reasonably expect to face in providing designated services to its customers. It must be appropriate to the nature, size and complexity of the reporting entity’s business. The risk assessment is then used to inform the policies, procedures and systems documented in a reporting entity’s AML/CTF programme. The risk assessment must be reviewed every three years and when a review trigger occurs, including if there is a significant change to any of the facts in the risk assessment or if AUS - TRAC communicates to the reporting entity informa - tion that identifies or assesses risks associated with them. The reporting entity must update its risk assessment to address any issues identified by a review. They must not provide a designated service if they do not review their risk assessment and keep it up-to-date. AML/CTF Policies As at 2 October 2025, the legislation requires an AML/ CTF programme to include “Part A” and “Part B” – details of which are set out in the AML/CTF rules. Reporting entities are likely to have AML/CTF policies that are prepared separately and support their AML/ CTF programme. Under the new AML/CTF laws, the prescriptive obliga - tion for AML/CTF programmes to be structured into “Part A” and “Part B” has been removed. Instead, the programme must consist of the reporting entity’s money laundering/terrorism financing risk assessment and AML/CTF policies that: • appropriately manage and mitigate money laun - dering/terrorism financing risks that the reporting entity may reasonably face in providing designated services; and • ensure the reporting entity complies with the AML/ CTF rules, regulations and the AML/CTF Act.
A reporting entity may nevertheless retain the existing “Part A” and “Part B” structure of its programme, pro - vided that the substance of the programme is updated – as necessary – to ensure the requirements under the new AML/CTF regime. In summary, the AML/CTF policies must specify pro - cedures regarding: • identification of significant changes to “risk factors” that are the basis for a reporting entity’s money laundering/terrorism financing risk assessment (see above); • carrying out customer due diligence in accordance with the AML/CTF Act; • reviewing and updating AML/CTF policies in response to a review of the entity’s money launder - ing/terrorism risk assessment or in response to any other circumstances specified in the AML/CTF rules; and • reviewing the AML/CTF programme on a regular basis (of at least three years). The reporting entity must include provisions in their AML/CTF policies addressing the following: • ensuring its governing body is sufficiently informed of the risks of money laundering, financing of ter - rorism and proliferation financing that the reporting entity may reasonably face in providing its desig - nated services; • designating an AML/CTF compliance officer for the reporting entity; • designating one or more senior managers of the reporting entity as responsible for approving the policies and the AML/CTF risk assessment of the reporting entity; • undertaking employee due diligence on potential employees who will perform functions relevant to the reporting entity’s obligations under the AML/ CTF Act; • providing AML/CTF training to employees; and • on the conduct of independent evaluations of the AML/CTF programme, which must be appropriate to the nature, size and complexity of the entity and conducted at least once every three years.
26 CHAMBERS.COM
Powered by FlippingBook