The Australian Transaction Reports and Analysis Centre (AUSTRAC) aims to strengthen the financial system and use financial intelligence and regulation to disrupt money laundering, terrorism financing and other serious crime. AUSTRAC’s regulatory and financial intelligence functions are interconnected and complementary.
Intelligence on reporting entities, industry trends and money laundering and terrorism financing (ML/TF) risks is used to direct AUSTRAC’s regulatory efforts towards vulnerabilities and high-risk entities, which helps to combat criminal abuse within the financial sector.
AUSTRAC’s regulatory work and engagement with reporting entities also improves the volume and value of financial intelligence provided to partner agencies.
We explore AUSTRAC’s approach to regulation as outlined in a recent report.
What is AUSTRAC’s regulatory approach?
AUSTRAC works to ensure that regulated entities are knowledgeable, vigilant, and capable of preventing, detecting, and responding to threats of criminal abuse and exploitation.
AUSTRAC’s regulatory approach as self-outlined is to:
- Simplify regulatory requirements and align them to reinforce regulatory outcomes.
- Promote a culture of AML/CTF compliance and best practice risk management.
- Develop a comprehensive understanding of ML/TF risks and share this across the AML/CTF community.
- Engage with reporting entities who are not adequately managing their ML/TF risks to ensure increased compliance.
- Applying forceful deterrents to serious and systemic non-compliance.
- Work with other stakeholders globally – including law enforcement, other regulators, AML/CTF service providers, Fintel Alliance partners and academia.
Who does AUSTRAC regulate, and how?
The entities AUSTRAC regulates vary widely in nature, size and complexity. These factors form the basis of an entity’s ML/TF risk.
Activities are classified according to their type and intensity. The broad types of regulatory activities AUSTRAC engages in include:
- Partner and collaborate – activities undertaken to bring together AUSTRAC, reporting entities and/or other members of the AML/CTF community to improve understanding of ML/TF risks and work together to prevent, detect and disrupt serious crime.
- High-intensity example: collaborating on joint projects e.g. financial intelligence, policy and systems development.
- Moderate-intensity example: meeting with industry bodies.
- Low-intensity example: publishing information about ML/TF risks.
- Build and improve capability – activities undertaken to support reporting entities to meet their obligations, uplift their AML/CTF capability and identify and implement best practice approaches to the management of their ML/TF risks
- High-intensity example: participation in AUSTRAC-run training e.g. Financial Intelligence Analyst Course.
- Moderate-intensity example: facilitating and attending industry forums and events.
- Low-intensity example: communications campaigns to improve business awareness of AML/CTF obligations.
- Assure and enforce – activities undertaken to gain confidence that reporting entities are meeting their obligations and managing their ML/TF risks effectively, and where they are not, compel them to do so or take enforcement action as appropriate.
- High-intensity example: remedial directions and enforceable undertakings.
- Moderate-intensity example: use of administrative powers (e.g. cancellation of registration).
- Low-intensity example: warning letters.
A risk-based approach
AUSTRAC employs a risk-based approach to regulation, ensuring that its resources are allocated to best manage ML/TF risks.
For example, suppose both a major bank and a small hotel are not meeting their ML/TF obligations.
Since the major bank has high ML/TF risk exposure, AUSTRAC’s engagement with the bank will likely involve high-intensity assurance/enforcement and capability building activities.
Since the hotel has low ML/TF risk exposure, AUSTRAC’s engagement with the hotel will likely involve low intensity assurance and capability building activities. However, formal enforcement action may be a possibility if the hotel is not responsive to AUSTRAC’s concerns.
What are AUSTRAC’s enforcement powers?
AUSTRAC may take enforcement action against a reporting entity for serious and/or systemic breaches of the AML/CTF Act. Enforcement activities are intended to:
- Achieve current and future compliance.
- Deter non-compliance.
- Disrupt ML/TF activity.
- Send a message to the financial sector about what constitutes unacceptable conduct.
How does AUSTRAC select matters for enforcement?
AUSTRAC may identify a reporting entity’s failure to meet its AML/CTF obligations through its internal supervision or intelligence activities, voluntary disclosure by the entity, or referral of an issue of concern from a partner agency.
AUSTRAC will consider a number of factors in determining whether enforcement action is the most appropriate response to identified non-compliance, including:
- The nature and seriousness of the non-compliance.
- The ML/TF risk associated with the reporting entity.
- Compliance history.
- Whether the non-compliance was reported by the entity.
- The likely consequences of the enforcement action on the entity.
What enforcement actions are available to AUSTRAC?
AUSTRAC’s formal enforcement actions can include:
- Issuing an infringement notice.
- Issuing remedial directions, which require a reporting entity to take specified action to ensure compliance.
- Accepting an enforceable undertaking detailing the specific actions a reporting entity will commence or cease in order to comply with the AML/CTF Act.
- Seeking injunctions and/or civil penalty orders in the Federal Court.
- Referring a matter to the Commonwealth Director of Public Prosecutions for possible criminal prosecution.