The global pandemic continues to generate unprecedented circumstances for Australians and Australian businesses, creating new opportunities for criminal exploitation. Government assistance programs have resulted in increased fraud and identity theft, cash grabs increase potential for money laundering, and as people stay at home, online scams have sky-rocketed.
While reporting entities have ongoing and extensive obligations in helping to prevent money laundering, terrorism financing and other crimes, their alibility to comply with regulations has been reduced. Accordingly AUSTRAC, Australia’s Anti-Money Laundering and Counter-Terrorism Financing regulator and Financial Intelligence Unit, has adjusted its policies and procedures to help reporting entities maintain a “front line of defence” against financial crime.
As a preliminary measure, AUSTRAC extended the deadline for 2019 compliance reports from 30 March to 30 June 2020. Small to medium businesses prevented from opening due to the pandemic would not face regulatory action if they were unable to submit a compliance report.
Other measures taken by AUSTRAC primarily relate to reporting entities’ know your customer (“KYC”) policies. Though it’s business as usual for some, others are facing difficulties in on-boarding new customers. Many reporting entities require face-to-face onboarding under their compliance programs; policies which are difficult or impossible to implement under COVID-19 regulations.
AUSTRAC has repeatedly emphasised that the Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (“AML/CTF Rules”) support flexible KYC processes and procedures. Though an entities’ compliance program might require face-to-face procedures there are other ways a business can verify identity and fulfil KYC requirements.
Amendments to Rules under Part 4.15
Crucially, AUSTRAC has temporarily amended its Rules under Part 4.15 of the AML/CTF Rules.
Part 4.15.1 sets out the procedures to be followed when a customer cannot provide satisfactory evidence of their identity. The rule usually applies in circumstances where a customer does not possess, or cannot obtain, identity documents. This might encompass Aboriginal and Torres Strait Islander customers from remote areas, customers affected by natural disaster, victims of domestic violence, or customers experiencing homelessness. In these circumstances, if a reporting entity is unable to establish the identity of a customer “then it may use alternative identity proofing processes, in accordance with its risk-based systems and controls”.
The recent amendments now expand this rule to include situations where a customer possesses, but is unable to provide, identity documents due to COVID-19 measures. In these cases a reporting entity may use alternative identity proofing processes.
Alternative identity proofing processes appropriate during COVID-19 include:
- Acceptance of multiple types of secondary identification documents where normally a primary identification document would be required.
- Use of alternative identification that is “reliable and independent” for customers who don’t have conventional ID, such as:
- A referee statement which could include a photograph of the customer made on the official letterhead stationery of the organisation.
- Correspondence from a government authority.
- Self-attestation from the customer certifying that the information provided in relation to their identity is true and correct.
- Acceptance of a copy of a document instead of the original or a certified copy.
While the AML/CTF Rules are flexible, it’s important for reporting entities to maintain and apply their risk-based systems and controls as detailed in their AML/CTF program. If an entity cannot carry out customer onboarding face-to-face, or they have relied on alternative means of identity proof, the entity should consider additional verification, including:
- Using a video call, such as Skype, Zoom or FaceTime to compare the physical identity of a customer with scanned or photographed copies of identification documents,
- Requiring a customer to provide a clear, front-view “selfie” that can be compared with the scanned or photographed copies of identification documents, or
- Telephoning the customer to ask questions about their identification, their reason for requesting a designated service or other questions that would assist in ascertaining whether the customer is who they claim to be.
Early release of superannuation
Additionally, AUSTRAC has introduced a temporary new rule to support the Australian government’s early release of superannuation initiative. The rule applies specifically to superannuation funds in circumstances where a customer’s application for early release of their super has been approved by the Australian Taxation Office (“ATO”). In these cases, the superannuation fund can rely on the ATO verification process, and will not have to carry out their own identification procedures.
However, like with the flexible KYC procedures, due diligence is still required. Entities will have to stay alert for unusual transactions made after the payment of funds. Such transactions should be picked up by an entity’s due diligence systems and controls, including their Transaction Monitoring Program (TMP).
If a suspicious transaction is identified, entities should follow their enhanced due diligence procedures, which may include:
- Undertaking a more detailed analysis of the customer’s identification information, such as the source of the customer’s wealth.
- Re-verifying customer information, such as their full name, date of birth or residential address.
- Monitoring the customer’s past and future transactions, and trying to establish the purpose and reason for their transactions.
AUSTRAC’s guidance and amendments make it clear that reporting entities have a flexible range of options available to them in fulfilling their obligations during the COVID-19 pandemic. However, it’s crucial that reporting entities continue to maintain their risk-based systems and controls, and due diligence procedures, if they are to successfully reduce the opportunity for financial crime.