View full documentView full document Previous section | Next section
House of Representatives

Anti-Money Laundering and Counter-Terrorism Financing Amendment Bill 2024

Explanatory Memorandum

(Circulated by authority of the Attorney-General, the Hon Mark Dreyfus KC MP)

GENERAL OUTLINE

1. This Bill would reform Australia's anti-money laundering and counter-terrorism financing regime, which is comprised of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (the AML/CTF Act), the Anti-Money Laundering and Counter- Terrorism Rules Instrument 2007 (No.1) (the AML/CTF Rules) and associated regulations, and would repeal the Financial Transaction Reports Act 1988 (FTR Act).

2. Australia's AML/CTF regime establishes a regulatory framework for combatting money laundering, terrorism financing and other serious financial crimes. At its core, the AML/CTF regime is a partnership between the Australian Government and industry. Through the regulatory framework, businesses play a vital role in detecting and preventing the misuse of their sectors and products by criminals seeking to launder money and fund terrorism.

3. The reforms in the Bill would ensure Australia's AML/CTF regime continues to effectively deter, detect and disrupt illicit financing, and protect Australian businesses from criminal exploitation. The reforms would improve the ability of Australian national security and law enforcement agencies and the Australian Transaction Reports and Analysis Centre (AUSTRAC), as the AML/CTF regulator and Financial Intelligence Unit, to target illicit financing. This will impact the ability of transnational, serious and organised crime groups to invest their illicit funds into further criminal activities in Australia and our broader region.

4. The reforms would also ensure that Australia's AML/CTF regime meets international standards set by the Financial Action Task Force (FATF), the global financial crime body. The FATF Standards (comprising the FATF Recommendations and their Interpretative Notes and Glossary) are a comprehensive framework of measures to combat money laundering, terrorist financing and proliferation financing. These standards set an international benchmark for countries to implement and adapt to their legal, administrative and operational frameworks and financial systems. The FATF Standards are regularly revised to strengthen requirements and adapt to emerging crime trends and threats.

5. The FATF promotes compliance and effective implementation of the standards through peer assessment mechanisms—known as mutual evaluations—and public listing of jurisdictions found to have weak AML/CTF systems. In 2015, the FATF identified deficiencies in Australia's compliance with the FATF Standards and areas for improvement. Since then, the FATF Standards have continued to be strengthened, particularly in relation to the regulation of virtual assets.

6. The reforms in this Bill would ensure that many of the key legislative gaps in Australia's regime are addressed. This will minimise the risk of Australia being 'grey listed' by the FATF, which would result in significant economic and reputational costs. Australia will undergo its next mutual evaluation by the FATF in 2026–27.

7. There are three key objectives of the Bill:

to extend the AML/CTF regime to certain higher-risk services provided by real estate professionals, professional service providers including lawyers, accountants and trust and company service providers, and dealers in precious stones and metals—also known as 'tranche two' entities
to improve the effectiveness of the AML/CTF regime by making it simpler and clearer for businesses to comply with their obligations, and
to modernise the regime to reflect changing business structures, technologies and illicit financing methodologies.

8. An outline of key measures in each Schedule of the Bill is set out below.

Schedule 1 – Anti-money laundering and counter-terrorism financing programs and business groups

9. The AML/CTF Act currently requires a reporting entity to have an AML/CTF program that identifies, mitigates and manages the money laundering and terrorism financing risks that the reporting entity may face when providing a designated service.

10. Schedule 1 of the Bill would replace Part 7 of the AML/CTF Act with a set of outcomes-focused obligations that will ensure reporting entities undertake appropriate measures to mitigate and manage risk. This includes:

introducing new, flexible concepts for reporting entities that organise themselves into groups to manage risks more efficiently
clarifying the roles and responsibilities of a reporting entity's governing body and its AML/CTF compliance officer, and
clarifying obligations for Australian companies operating overseas through a foreign branch of an Australian reporting entity, or a foreign subsidiary of an Australian parent company.

Schedule 2 – Customer due diligence

11. Customer due diligence (CDD) is a foundational requirement of the AML/CTF regime. It requires reporting entities to:

identify, and verify the identity, of their customer and certain associated persons, and
understand the money laundering, terrorism financing and proliferation financing risks associated with providing designated services to the customer, and take appropriate steps to mitigate and manage these risks.

12. Schedule 2 of the Bill would reframe and clarify the core requirements for initial CDD and ongoing CDD, clarify when enhanced CDD must be applied, and streamline the circumstances when simplified CDD may be applied.

Schedule 3 – Regulating additional high-risk services

13. A key element of the reforms is to expand the AML/CTF regime to certain services provided by gatekeeper professions: real estate professionals, dealers in precious metals and precious stones, and professional service providers, including lawyers, conveyancers, accountants and trust and company service providers (also known as 'tranche two' entities).

14. Certain services provided by these sectors are recognised globally as high risk for money laundering exploitation. AUSTRAC's Money Laundering in Australia National Risk Assessment 2024 found that these sectors posed a medium to high money laundering vulnerability. The assessment also identified that gaps in regulation of tranche two entities is a key national vulnerability that impacts the effectiveness of Australia's AML/CTF regime.

15. Schedule 3 of the Bill would expand the list of designated services in section 6 of the AML/CTF Act to include higher risk services provided by tranche two entities. Businesses that provide these designated services would be regulated under the AML/CTF regime.

Schedule 4 – Legal professional privilege

16. Schedule 4 would clarify the treatment of information subject to legal professional privilege for the purposes of the reporting and information disclosure obligations in the AML/CTF Act. Existing section 242 already provides that the AML/CTF Act does not affect the law relating to legal professional privilege. The Bill provides stronger protections for the disclosure of information or documents subject to legal professional privilege once legal practitioners are brought into the AML/CTF regime, in response to stakeholder feedback.

17. These amendments preserve the core intention of the doctrine of legal professional privilege in both common law and statute, and ensure that regulated entities who handle client information that is subject to legal professional privilege can comply with their reporting and information disclosure obligations under the AML/CTF Act.

Schedule 5 – Tipping off offence and disclosure of AUSTRAC information to foreign countries or agencies

18. Schedule 5 would reform the current prohibition against reporting entities 'tipping off' their customer about the formation of a suspicion. The new offence will focus on preventing the disclosure of suspicious matter report (SMR) information or information related to a notice issued under section 49 or 49B of the AML/CTF Act where it would or could reasonably prejudice an investigation. The new offence framework would be more flexible for reporting entities seeking to share information for legitimate purposes, including within reporting groups to manage risk and prevent further crime.

Schedule 6 – Services relating to virtual assets

19. Digital and virtual assets are an increasingly popular conduit to represent, store and move value, and the virtual asset sector and related technologies continue to evolve rapidly. AUSTRAC's Money Laundering in Australia National Risk Assessment 2024 identified digital currency exchanges and digital currencies as a store of value as an increasing money laundering vulnerability.

20. Schedule 6 would extend the AML/CTF regime to additional virtual asset-related services to appropriately address the sector's risk, amends the current terminology of 'digital currency' to 'virtual asset', and inserts a new definition of 'virtual asset' in line with FATF Recommendation 15. The amendments would ensure that the rapidly growing virtual asset sector is hardened against exploitation by criminals.

Schedule 7 – Definition of bearer negotiable instrument

21. Schedule 7 would clarify what monetary instruments are captured by the definition of a 'bearer negotiable instrument' and its subsequent reporting requirements. This responds to industry concerns that the current definition is unclear and too broad because it includes negotiable instruments that are not payable to bearer. The amendments in this schedule would reduce the volume of reportable bearer negotiable instruments to reduce regulatory burden and maintain compliance with FATF Standards.

Schedule 8 – Transfers of value and international value transfer services

22. Schedule 8 would simplify and modernise the framework for electronic funds transfer instruction obligations, designated remittance arrangements and international funds transfer instruction (IFTI) reporting purposes. The amendments in Schedule 8 replace the previous funds transfer chain concept with an updated and simplified value transfer chain. Streamlining value transfer chains would reduce undue regulatory burden on industry. The value transfer chain concept will provide a framework for key AML/CTF reporting obligations for certain entities that transfer value on behalf of customers, like the travel rule and IFTI/international value transfer service reporting obligations.

Schedule 9 – Powers and definitions

23. Schedule 9 would introduce a number of new information gathering powers for AUSTRAC to effectively monitor, investigate and enforce compliance with the AML/CTF regime. These include an examination power, an important investigatory tool to enable AUSTRAC to obtain relevant information needed to make enforcement decisions and obtain evidence to be used in proceedings, and additional notice to produce powers allowing AUSTRAC to gather information to assist with its financial intelligence functions.

24. Schedule 9 also includes updates to a number of definitions to respond to issues identified by the 2016 Statutory Review of the AML/CTF Act, AML/CTF Rules and the Associated Regulations, or where updates are otherwise required to modernise and simplify the AML/CTF regime.

Schedule 10 – Exemptions

25. Schedule 10 would move current exemptions under the AML/CTF Rules into the AML/CTF Act either by reframing the primary obligation to avoid the need for the exemption, or incorporating an express exception in the AML/CTF Act. This will ensure that enduring exemptions are codified in the AML/CTF Act, and subject to appropriate parliamentary scrutiny.

26. This Schedule would also make amendments to the exemption currently in Chapter 75 of the AML/CTF Rules, lower the threshold exempting casinos, on-course bookmakers, totalisator agency boards and gaming machine operators from conducting initial CDD measures when providing certain gambling services to customers involving transactions from less than $10,000 to less than $5,000 to align with the FATF Standards.

Schedule 11 – Repeal of the Financial Transaction Reports Act 1988

27. Schedule 11 would repeal the FTR Act to streamline and simplify the AML/CTF regime, establishing a single source of obligations for industry. The repeal of the FTR Act would deregulate cash dealers who provide low risk services under the FTR Act, including motor vehicle dealers, sellers of traveller's cheques and offshore online remitters.

28. This Schedule also makes minor amendments to the Australian Securities and Investments Commission Act 2001, Commonwealth Electoral Act 1918, Criminal Code Act 1995 (Criminal Code), Freedom of Information Act 1982, Proceeds of Crime Act 2002, and the Surveillance Devices Act 2004, which are consequential to the repeal of the FTR Act.

Schedule 12 – Transitional rules

29. Schedule 12 would provide a power for the Minister to make rules concerning any amendments introduced by this Bill. This modification power is limited to 4 years to address any unforeseen issues that may arise after the reforms commence and to accommodate the extensive time needed for industry to effectively implement each measure.

FINANCIAL IMPACT

30. Nil.

REGULATION IMPACT

31. An Impact Analysis has been prepared by the Attorney-General's Department and has been assessed by the Office of Impact Analysis. The executive summary and a table outlining the average annual regulatory costs from the Impact Analysis is at Attachment A. The full Impact Analysis is available on the Office of Impact Analysis website: (https://oia.pmc.gov.au/published-impact-analyses-and-reports/reforming-australias-anti- money-laundering-and-counter).

ACRONYMS AND ABBREVIATIONS
ADI Authorised deposit-taking institution
AFSL Australian Financial Services Licence
AML/CTF Anti-money laundering and counter-terrorism financing
AML/CTF Act Anti-Money Laundering and Counter-Terrorism Financing Act 2006
AML/CTF Rules Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No. 1)
APRA Australian Prudential Regulation Authority
ASX Australian Securities Exchange
ASIC Australian Securities and Investments Commission
ATO Australian Taxation Office
AUSTRAC Australian Transaction Reports and Analysis Centre
BECS Bulk Electronic Clearing System
CCA Competition and Consumer Act 2010
CDD Customer due diligence
CEO Chief Executive Officer
DAO Decentralised autonomous organisation
EFTI Electronic funds transfer instruction
FATF Financial Action Task Force
FIU Financial Intelligence Unit
FTR Act Financial Transaction Reports Act 1988
IFTI International funds transfer instruction
IGIS Inspector-General of Intelligence and Security
IVTS International value transfer services
ML/TF Money laundering/terrorism financing
NPP New Payments Platform
POCA Proceeds of Crime Act 2002
RBA Reserve Bank of Australia
SMR Suspicious matter report issued under section 41 of the AML/CTF Act
VASP Virtual asset service provider

STATEMENT OF COMPATIBILITY WITH HUMAN RIGHTS

Prepared in accordance with Part 3 of the Human Rights (Parliamentary Scrutiny) Act 2011

Anti-Money Laundering and Counter-Terrorism Financing Amendment Bill 2024

1. This Bill is compatible with the human rights and freedoms recognised or declared in the international instruments listed in section 3 of the Human Rights (Parliamentary Scrutiny) Act 2011.

Overview of the Bill

2. The Bill makes amendments to the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) to:

extend the AML/CTF Act and Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No. 1) (AML/CTF Rules), and associated regulations, which are together referred to as Australia's 'AML/CTF regime', to additional services that are globally recognised by the Financial Action Task Force (FATF) as posing high money laundering and terrorism financing risks
simplify the AML/CTF program and customer due diligence (CDD) obligations to minimise regulatory burden and improve compliance
provide new powers for the Australian Transaction Reports and Analysis Centre (AUSTRAC), as the AML/CTF regulator and Financial Intelligence Unit (FIU), to require the disclosure of information and conduct examinations, and
modernise current obligations under the regime to reflect emerging technologies and evolving business structures.

3. The reforms will not fundamentally change the central tenets of the existing AML/CTF regime, which align with international obligations. These are:

a business must enrol (and, in certain circumstances, register) with AUSTRAC if they provide a designated service
reporting entities must develop, maintain and comply with an AML/CTF program that identifies, mitigates and manages the money laundering/terrorism financing (ML/TF) risks associated with their services
reporting entities must identify their customers, verify their customers' identity, understand the associated ML/TF risk before providing a designated service, and undertake ongoing CDD
reporting entities must report certain transactions and suspicious matters, and
reporting entities must make and retain certain records and ensure they are available to law enforcement.

Human rights implications

4. The Bill may engage, directly or indirectly, with the following human rights:

protections against arbitrary or unlawful interference with privacy, and unlawful attacks on honour or reputation, in Article 17 of the International Covenant on Civil and Political Rights (ICCPR)
right to a fair trial and fair hearing and criminal process rights in Article 14 of the ICCPR
right to freedom of expression in Article 19 of the ICCPR
right to equality and non-discrimination in Articles 2 and 26 of the ICCPR, and
right to freedom of association in Article 22 of the ICCPR.

Protections against arbitrary or unlawful interference with privacy, and unlawful attacks on honour or reputation – Article 17 of the ICCPR

5. Article 17 of the ICCPR provides that no one shall be subjected to arbitrary or unlawful interference with his or her privacy, family, home or correspondence. Article 17 of the ICCPR also provides that a person must not be subjected to unlawful attacks on his or her honour or reputation.

6. The protection for privacy under Article 17 can be permissibly limited to achieve a legitimate objective and where the limitations are lawful and not arbitrary. The term 'unlawful' in Article 17 of the ICCPR means that no interference can take place except as authorised under domestic law.

7. The term 'arbitrary' means that any interference with privacy must be in accordance with the provisions, aims and objectives of the ICCPR and should be reasonable in the particular circumstances. The United Nations Human Rights Committee has interpreted 'reasonableness' to mean that any limitation must be proportionate and necessary in the circumstances. In this case, the legitimate end is the protection of public safety, addressing crime and protecting the rights and freedoms of individuals by requiring certain personal information to be collected, retained and disclosed to support relevant investigations.

8. Measures in the Bill that engage the protection against arbitrary and unlawful interference with privacy in Article 17 of the ICCPR include:

extension of the AML/CTF regime to additional services (Schedules 3 and 6)
changes to CDD requirements (Schedule 2)
changes to transfer of value requirements (Schedule 8)
providing new powers for AUSTRAC to require the provision of information and conduct examinations (Schedule 9), and
other amendments and clarifications to the AML/CTF regime.

Extension of the AML/CTF regime to additional services

9. Schedule 3 of the Bill would extend the AML/CTF regime to certain high-risk services provided by real estate professionals, professional service providers (such as lawyers, conveyancers, accountants, and trust and company service providers), and dealers in precious metals and precious stones. In addition, Schedule 6 of the Bill would extend the AML/CTF regime to additional services provided by virtual asset service providers (VASPs). These amendments would close regulatory gaps and bring Australian law in line with the international standards set by the FATF.

10. The expansion of the reporting entity population would result in a larger number of Australian businesses that are authorised or obligated to collect and verify customer and beneficial owner information when providing a designated service for the purposes of knowing the identity of customers when providing designated services. It is anticipated that AUSTRAC's reporting population will increase from approximately 17,000 by approximately 90,000 entities.

11. The expansion of the reporting entity population required to report to AUSTRAC would also have flow on impacts in terms of increasing the number of reports received by AUSTRAC that contain customer information. Any customer information provided to AUSTRAC as part of these reports would be considered to be 'AUSTRAC information'. As such it would be subject to the secrecy and access provisions outlined in Part 11 of the AML/CTF Act, which restrict access, use or disclosure of AUSTRAC information to a limited range of legitimate purposes.

12. To the extent these provisions impact the privacy of individuals, this impact is not arbitrary because the amendments are targeted at addressing the specific money laundering and/or terrorism financing risk posed by the additional regulated services:

The use of real estate is an established, well-known method of laundering money internationally and in Australia. Real estate is one of the most common property types restrained following investigations by the Australian Federal Police-led Criminal Assets Confiscation Taskforce, reflecting its popularity as an asset and the ease with which illicit funds can be laundered and/or invested in this sector.
Criminals are also known to seek out the involvement of professional service providers for specialist skills, advice, technical proficiency or knowledge that assists in their money laundering schemes. Law enforcement has often observed these professionals being unwitting facilitators, or reckless as to the risk of illicit financing or concealment of illicit wealth.
Precious metals and precious stones are particularly vulnerable to use for illicit financing purposes as they are small and easily concealable, may be readily purchased and sold anonymously using cash or virtual assets, and can be used as an alternative currency to make untraceable payments for illicit goods and services.
Virtual assets allow criminal groups to move funds across borders quickly, cheaply and pseudo-anonymously.

13. The new designated services provided for in the Bill target the activities provided by these sectors that pose the highest risk of exploitation. For clarity, regulation will not apply to all services provided by these businesses – for example, a professional service provider, such as legal professional, may not practice in an area of law covered by the designated services. In this instance, the legal professional would not be covered by the AML/CTF regime. Further, should a reporting entity provide a range of services of which only one or two are designated services under the AML/CTF Act, they would only have to carry out AML/CTF obligations in relation to those specific services. This approach ensures that any interference with the privacy of individual customers only occurs where it is reasonable, necessary and proportionate to the risks of money laundering, terrorism financing and proliferation financing associated with designated services.

14. The collection and verification of personal information by reporting entities would continue to be conducted within the legal framework of the AML/CTF Act, as well as other applicable laws and policies. In relation to CDD, personal information is collected to enable a reporting entity to establish on reasonable grounds that it knows the identity of its customer and can identify the 'ML/TF risk' (defined in Item 5 of Schedule 2 of the Bill) of the customer. Personal information will only be collected to fulfil these requirements and the type of information collected will be appropriate to the customer's identified ML/TF risk. In some cases, such as where enhanced CDD is required, a reporting entity may need to collect additional personal information about a customer. This information will also support a reporting entity to mitigate and manage the ML/TF risk of providing the service to the customer.

15. Reporting entities would continue to be required to retain customer information records for 7 years after the business relationship has ended, or the occasional transaction has stopped. Reporting entities under the AML/CTF Act are responsible entities under the Privacy Act 1988, and have data protection policies, systems and controls in place where they collect and handle personal information.

16. The extension of the AML/CTF regime to additional high-risk services would not constitute an arbitrary or unlawful interference with privacy. To the extent that this aspect of the Bill constitutes a limitation on the protection against arbitrary or unlawful interference with a privacy, the legislative requirements and other safeguards ensure any interference is reasonable, necessary and proportionate.

Changes to Customer Due Diligence requirements

17. The changes to the CDD framework in Schedule 2 of the Bill would apply to the additional services being regulated as a result of Schedules 3 and 6 of the Bill, as well as impacting currently regulated reporting entities. This would expand the number of customers whose personal information is collected by reporting entities.

18. The requirements in new Division 2 of Part 2 of the AML/CTF Act (to be inserted by Item 7 of Schedule 2 of the Bill) for a reporting entity to identify their customer(s) through initial CDD include:

if the customer is an individual, taking reasonable steps to establish that the customer is who they claim to be, including if they are a politically exposed person
identifying the ML/TF risk of the customer
collecting information about the customer that is appropriate to ML/TF risk, and
verifying the customer information using independent and reliable data that is appropriate to ML/TF risk using independent and reliable data.

19. The ongoing CDD requirements in new Division 3 of Part 2 of the AML/CTF Act (to be inserted by Item 7 of Schedule 2 of the Bill) would require reporting entities to monitor their customers to appropriately identify, assess, manage and mitigate the ML/TF risks they may reasonably face in providing designated services. Ongoing CDD includes reviewing and updating 'Know Your Customer' (KYC) information (as defined in Item 5 of Schedule 2 of the Bill), as well as monitoring for unusual transactions and behaviours that may give rise to a suspicious matter reporting (SMR) obligation (outlined further below).

20. New Division 4 of Part 2 of the AML/CTF Act (to be inserted by Item 7 of Schedule 2 of the Bill) would establish parameters for when reporting entities may apply simplified CDD, or when they must apply enhanced CDD as part of initial and ongoing CDD. Simplified CDD would give reporting entities more discretion, provided the ML/TF risk of the customer is low and other requirements are met, to apply simplified initial and ongoing CDD.

21. Reporting entities must apply enhanced CDD appropriate to customer risk in certain specified circumstances, or if the customer is high ML/TF risk. In these cases, reporting entities are required to collect and/or verify additional KYC information relevant to mitigating the identified higher risk, and must be reasonably satisfied that they know and understand the identity of their customer. In enhanced CDD scenarios, ongoing CDD must also be adjusted to ensure it is appropriate to the ML/TF risk of the customer, and meets specific requirements to be set out in the AML/CTF Rules in line with the FATF Standards.

22. Combined, these provisions clarify the focus on effective risk mitigation in the regime. That is, reporting entities are required to collect personal information that enables them to know and understand their customers, including their ML/TF risk, and to apply appropriate measures to help mitigate the risks they may be exposed to, such as by seeking further customer information. As for newly regulated reporting entities, the collection and verification of personal information would continue to be conducted within the legal framework of the AML/CTF Act, as well as other applicable laws and policies.

23. To the extent the changes to CDD requirements constitute a limitation on the protection against arbitrary or unlawful interference with privacy, any interference is reasonable, necessary and proportionate.

Changes to transfer of value requirements

24. In addition to those outlined above, the Bill contains measures that would expand the customer base whose personal information is collected by reporting entities as part of reporting and CDD requirements.

25. Schedule 8 of the Bill would amend the requirements in Part 5 of the AML/CTF Act for limited personal information to travel with the transfer of value for financial institutions, remittance providers and VASPs, for both domestic and cross-border transfers. This includes a new requirement for payee information to be sent, in addition to payer information, which is currently required to accompany transfers of value for financial institutions. Schedule 8 of the Bill would also extend this requirement to remittance services and VASPs by inserting a new definition of 'transfer of value' in section 5 that incorporates virtual assets, and captures what was previously referred to as a 'designated remittance arrangement'. Currently the requirement only attaches to financial institutions.

26. Consistent with FATF Recommendation 16, the inclusion of limited personal information travelling with transfers of value would ensure that basic information is immediately available to:

law enforcement agencies to assist them to detect or investigate terrorists or other criminals, and trace their assets
AUSTRAC, for analysing suspicious or unusual activity and disseminating as necessary, and
financial institutions, remitters and VASPs to facilitate the identification and reporting of suspicious transactions, and take appropriate actions.

27. To the extent these provisions would constitute a limitation on the protection against arbitrary or unlawful interference with privacy, any interference is reasonable, necessary and proportionate.

Powers enabling AUSTRAC to require the production of information and conduct examinations

28. Schedule 9 of the Bill provides new powers for AUSTRAC to gather information to support AUSTRAC's regulatory, enforcement and intelligence functions. The amendments recognise the delineation of AUSTRAC's dual function as a FIU, and as the AML/CTF regulator.

29. These amendments would enable the AUSTRAC CEO to issue a written notice to a person (under new Division 3 of Part 14 of the AML/CTF Act) compelling that person to produce documents, or to appear before an examiner to answer questions under an oath or affirmation to support its enforcement functions. This could potentially include compelling a person to disclose personal information about themselves or another person.

30. The ability to conduct examinations would provide an important investigatory tool for AUSTRAC to obtain relevant information needed to make enforcement decisions, and enable AUSTRAC to obtain evidence in a form that can be utilised in court proceedings. Introducing an examination power in the AML/CTF Act would also align AUSTRAC's information gathering powers with other regulatory and enforcement agencies, such as the Australian Securities and Investments Commission.

31. The AUSTRAC CEO would only be permitted to exercise these powers and issue a notice requiring attendance for an examination where the AUSTRAC CEO has a reasonable belief that the person has information or documents relevant to compliance with the AML/CTF Act, AML/CTF Rules or the regulations, or a related criminal offence. The AUSTRAC CEO would not be able to compel a person to provide information or attend an examination where these thresholds are not met.

32. In addition, Schedule 9 includes appropriate protections for the examinee, including a requirement that the examination take place in private (new section 172D), allowing an examinee to be accompanied by their lawyer, who may address both the examinee and examiner (new section 172F), and allowing the AUSTRAC CEO to provide a written record of the examination to an examinee's lawyer where the examinee is contemplating or carrying on proceedings related to the examination (new section 172H).

33. Schedule 9 of the Bill also amends AUSTRAC's primary notice to produce power in section 167 of the AML/CTF Act to expand who may receive a notice and accordingly narrow the purpose for which notices can be issued. To account for this narrowing in scope, an additional notice to produce power is included in new section 49B (to be inserted by Item 6 of Schedule 9) to allow AUSTRAC to proactively issue notices to produce in circumstances that are not linked to a report that has been given under sections 41, 43 and 45.

34. The new section 49B power may only be used to support the performance of functions of the AUSTRAC CEO and may only be issued if the AUSTRAC CEO reasonably believes the recipient has notice of, or possession, custody or control of the information requested. This power recognises the delineation of AUSTRAC's dual functions, and that the ability to compel information supports AUSTRAC's ability to compel the production of information with legality, propriety and consistency with human rights.

35. To the extent these provisions would constitute a limitation on the protection against arbitrary or unlawful interference with privacy, any interference is reasonable, necessary and proportionate.

Other amendments and clarifications to the AML/CTF regime

36. Schedule 11 of the Bill would repeal the whole of the Financial Transactions Reports Act 1988 (FTR Act) to give effect to the Government's efforts to streamline AML/CTF obligations and remove unnecessary complexities from existing legislation. Repeal of the FTR Act would also result in deregulating remaining cash dealers that have obligations under the FTR Act, including motor vehicle dealers, sellers of traveller's cheques, and offshore online remitters. This reform promotes the right to freedom from arbitrary or unlawful interference with privacy as these FTR Act reporting entities would no longer be required to collect information about their customers.

37. Several other aspects of the Bill promote the right to freedom from arbitrary or unlawful interference with privacy by improving the clarity of AML/CTF obligations and making them easier for reporting entities to understand and apply. This includes clarifications on matters such as when enhanced CDD measures must be applied, when simplified CDD measures may be used, and clarifications about the record-keeping requirements applicable to CDD obligations described above.

Rights to a fair trial and fair hearing, and minimum guarantees in criminal proceedings - Article 14 of the ICCPR

38. The right to a fair trial and fair hearing are protected by Article 14(1) of the ICCPR. The right to a fair trial and fair hearing applies to both criminal and civil proceedings. A range of criminal process guarantees are also afforded by Article 14 to persons accused and convicted of criminal offences, including the presumption of innocence (Article 14(2)), the right to not incriminate oneself (Article 14(3)(g)), the right to have a sentence reviewed by a higher tribunal (Article 14(5)) and the right not to be tried or punished twice for the same offence (Article 14(7)).

39. Measures in the Bill that may engage the right to fair trial and fair hearing and/or criminal process rights in Article 14 of the ICCPR include:

amendments to criminal offence provisions in relation to tipping off (Schedule 5)
new criminal offence provisions in relation to examinations (Schedule 9)
new civil penalty provisions (Schedules 2, 4, 9 and 11), and
strengthening protections for information subject to legal professional privilege (Schedule 4).

Criminal offence provisions

40. Schedule 5 of the Bill would amend the scope of the existing offence of tipping off in section 123 of the AML/CTF Act to prevent the disclosure of SMR, section 49 or section 49B related information where the disclosure would or could reasonably be expected to prejudice an investigation. The offence carries a maximum penalty of imprisonment for 2 years or 120 penalty units, or both.

41. This amendment engages with the right to a fair trial and other criminal process rights in Article 14 of the ICCPR, but does not place any additional limitations on those rights. It does not change the statutory protections afforded to someone accused of a tipping off offence. The objectives of the tipping off offence framework remain the same as under the current framework, along with the existing protections and safeguards for persons charged with an offence.

42. Schedule 9 of the Bill would provide for the following criminal penalties associated with the new powers for the AUSTRAC CEO to issue a notice compelling a person to disclose documents or attend for an examination:

the offence of intentionally or recklessly failing to comply with a notice issued by the AUSTRAC CEO, which carries a maximum penalty of imprisonment for 2 years or 100 penalty units, or both (section 172A, Item 5 of Schedule 9)
the offence of intentionally or recklessly failing to comply with a requirement to answer a question put to the person during an examination by the examiner, which carries a maximum penalty of imprisonment for 2 years (section 172C, Item 5 of Schedule 9)
the strict liability offence for refusing or failing to comply with a requirement made by an examiner to take an oath or make an affirmation, which carries a maximum penalty of imprisonment for 3 months (section 172C, Item 5 of Schedule 9)
the strict liability offence of being present at an examination without meeting the criteria, which carries a maximum penalty of 30 penalty units (section 172D, Item 5 of Schedule 9)
the strict liability offence of refusing or failing to comply with a requirement made by an examiner, which carries a maximum penalty of 20 penalty units (section 172F, Item 5 of Schedule 9)
the strict liability offence of failing to comply with a requirement to read or sign a statement, which carries a maximum penalty of 3 months imprisonment (section 172G, Item 5 of Schedule 9)
the strict liability offence of copying, publishing, or communicating the contents of the record of an examination, except in the course of preparing, beginning or carrying on a proceeding, which carries a maximum penalty of 30 penalty units (section 172H, Item 5 of Schedule 9), and
the strict liability offence of breaching a condition related to the disclosure of the copy of the record of an examination, which carries a maximum penalty of 30 penalty units (section 172J, Item 5 of Schedule 9).

43. These amendments engage with the right to the presumption of innocence in Article 14(2) of the ICCPR by introducing new strict liability offences. Article 14(2) provides that a person charged with a criminal offence has a right 'to be presumed innocent until proven guilty according to law.' Strict liability offences engage Article 14(2) because, where strict liability is applied to an offence, the requirement for the prosecution to prove fault is removed and a defence of honest and reasonable mistake of fact may be raised. Strict liability provisions will not violate the presumption of innocence so long as they are reasonable in the circumstances and maintain rights of defence.

44. These new offences and the strict liability components of the offences in Schedule 9 of the Bill are not inconsistent with the presumption of innocence because they are reasonable, necessary and proportionate in the pursuit of a legitimate objective. In line with the Guide to Framing Commonwealth Offences, the application of strict liability to all physical elements of these offences is considered appropriate in these circumstances because:

this is likely to significantly enhance and effectiveness of enforcement of the new powers in Schedule 9 by deterring non-compliance
the centrality of the examination power to AUSTRAC's ability to monitor compliance is such that it is appropriate that there be a significant deterrent to conduct that undermines the exercise of the power
the information to be obtained through the exercise of the powers is critical to AUSTRAC's ability to monitor and ensure compliance with the AML/CTF regime, which in turn is aimed at protecting the community from money laundering, terrorism financing and other serious crimes
a person receiving a notice under the new powers will be made aware of the criminal offences applicable for non-compliance, to guard against the possibility of inadvertent contravention, and
in relation to some offences, terms of imprisonment are not applicable to ensure the sanction for the offence is proportionate to the gravity of the conduct and required deterrent effect.

Civil penalty provisions

45. The United Nations Human Rights Committee has stated that the notion of criminal charges may 'also extend to acts that are criminal in nature with sanctions that, regardless of their qualification in domestic law, must be regarded as penal because of their purpose, character or severity'. As such, a penalty or other sanction may be 'criminal' for the purposes of the ICCPR even if it is described as a civil penalty under Australian law.

46. The Bill includes a number of new civil penalty provisions, including in relation to:

commencing to provide a designated service without an up to date ML/TF risk assessment (new section 26E, Item 24 of Schedule 1)
contravention of requirements to develop and maintain AML/CTF policies (new section 26F, Item 24 of Schedule 1), which replaces the existing civil penalty provision in section 81 of the Act)
contravention of responsibilities related to governing bodies (new section 26H, Item 24 of Schedule 1)
contravention of requirements related to AML/CTF compliance officers (new sections 26J, 26K and 26M, Item 24 of Schedule 1)
contravention of requirements related to AML/CTF program documentation and approvals (new sections 26N, 26P and 26Q, Item 24 of Schedule 1)
contravention of requirements related to a written notice from the AUSTRAC CEO (new section 26R, Item 24 of Schedule 1)
failure to make an AML/CTF program available to registered remittance affiliates (new section 26S, Item 24 of Schedule 1), which replaces the existing civil penalty provision in subsection 84(5A) of the AML/CTF Act
failure to retain records relating to Part 1A of the AML/CTF Act (new section 116, Item 35 of Schedule 1), which replaces the existing civil penalty provision in section 116 of the AML/CTF Act
commencing to provide a designated service to a customer without establishing certain matters in relation to the customer (new subsection 28(8), Item 7 of Schedule 2), which replaces the existing civil penalty provision in section 32 of the AML/CTF Act
continuing to provide a designated service to a customer or commencing to provide any other designated service to a customer if the reporting entity does not undertake initial CDD as soon as reasonably practicable or within the period specified in the AML/CTF Rules (new subsection 29(3), Item 7 of Schedule 2), which replaces the existing civil penalty provision in section 34 of the AML/CTF Act
failure to monitor customers in relation to the provision of designated services in order to appropriately identify, assess, manage and mitigate the risks of money laundering, terrorism financing and proliferation financing (new subsection 30(6), Item 7 of Schedule 2), which replaces the existing civil penalty provision in section 36 of the AML/CTF Act
failure to retain certain records that demonstrate compliance with obligations under Part 2 and are in a form readily accessible or convertible into the English language (new subsection 111(4), Item 23 of Schedule 2), which replaces the existing civil penalty provisions in sections 112 and 113 of the AML/CTF Act
failure to provide a 'LPP form' in certain circumstances (new subsections 26Q(3), paragraphs 41(3)(aa) and 43(3)(aa), subsections 49(3) and 49B(7), paragraph 50(6)(aa), subsections 75N(4), 76Q(4), 167(6) and 202(6) in Schedule 4)
contravention of obligations of institutions in value transfer chains (new sections 64, 65, 66 and 66A, Item 22 of Schedule 8), which replace existing civil penalty provisions in sections 64, 65 and 66 of the AML/CTF Act
failure to comply with a notice to provide information or documents (new section 49B, Item 6 of Schedule 9), and
failure to comply with a notice to provide information or documents (new section 167, Item 16 of Schedule 9).

47. The civil penalty provisions in the Bill would form part of a regulatory regime aimed at ensuring compliance with the obligations imposed by the Bill, as opposed to being for the purpose of punishment. In addition, no term of imprisonment is provided for and, while the maximum pecuniary penalties that can be applied under section 150 of the AML/CTF Act are high, these penalties are appropriate given the nature of the sectors and entities being regulated and the illicit financing risks they face. As the civil penalty provisions in the Bill are properly characterised as civil penalty provisions and not criminal penalty provisions, the criminal process guarantees in Article 14 of the ICCPR do not apply.

48. The civil penalty provisions in the Bill engage with the right to fair hearing in Article 14(1) of the ICCPR. However, this right is not limited by these provisions because the imposition of a civil penalty in these circumstances does not derogate from, or abridge, existing procedural rights of parties to litigation and would not result in actual disadvantage or unfairness to the defendant. In addition, these provisions do not affect the ability of parties to a relevant civil proceeding being provided the opportunity to adduce or challenge arguments or evidence on the matters at issue.

Legal professional privilege

49. Legal professional privilege is a fundamental principle of common law in Australia that serves the public interest in the administration of justice by encouraging full and frank disclosure by clients to their lawyers. It enables a person to resist the giving of information or production of documents that would reveal the content of communications between a client and their lawyer for the dominant purpose of giving or obtaining legal advice or the provision of legal services.

50. Schedule 4 of the Bill promotes the rights to rights to a fair trial and fair hearing and criminal process rights in Article 14 of the ICCPR by providing more explicit protections for information subject to legal professional privilege. Schedule 4 achieves this by:

replacing existing section 242 of the AML/CTF Act with stronger and clearer protections for legal professional privilege
inserting a definition of 'legal professional privilege' in section 5 of the AML/CTF Act that refers to the Evidence Act 1995 (Cth) to provide clarity and greater certainty, and
making clear that nothing in the AML/CTF Act affects the right of a person to refuse to give information (including by answering a question) or produce a document if the information would be privileged from being given or produced on the ground of legal professional privilege.

Right not to incriminate oneself

51. The minimum guarantees in criminal proceedings in Article 14(3) of the ICCPR include that a person is not to be compelled to testify against himself or herself, or to confess guilt, in the determination of criminal charges against that person. The privilege against self-incrimination is a well-established common law principle in Australia and will apply unless expressly abrogated by legislation, with such abrogation often viewed as permissible.

52. New section 172K of the AML/CTF Act (to be inserted by Item 5 of Schedule 9 of the Bill) would expressly abrogate the privilege against self-incrimination. It provides that an individual is not excused from producing a document under new section 172A, or answering a question at an examination under Part 3, Division 14 of the AML/CTF Act, on the grounds that the information or document might tend to incriminate the individual giving the information or document or expose that person to a penalty.

53. Importantly, new subsection 172K(2) of the AML/CTF Act would contain corresponding immunities ensuring that the information and documents provided are not admissible as evidence in civil proceedings or criminal proceedings against the individual that has provided them, subject to certain exceptions. Similar to the examination framework set out in the Australian Securities and Investments Commission Act 2001, information and documents may only be used in civil or criminal proceedings insofar as they relate to the falsity of the information or document provided.

54. Schedule 9 of the Bill would also clarify the abrogation in section 169 of the AML/CTF Act by making it clear that information provided in response to a notice under section 167 can also be used in criminal proceedings for an offence covered by the definition of 'money laundering', 'financing of terrorism' and 'proliferation financing' under section 5 of the AML/CTF Act. This could include proceedings relating to offences against state or territory laws that relate to money laundering, financing of terrorism or proliferation financing where relevant information has been collected by AUSTRAC under section 167.

55. To ensure the limitations being placed on the privilege against self-incrimination are reasonable and proportionate while still enabling effective regulatory powers, the Bill also maintains the existing safeguards in section 169. Further, this abrogation is reasonable, necessary and proportionate, as it balances the rights and interests of the individual with benefits to the public that arise from the investigation and prosecution of serious criminal offences such as money laundering and the financing of terrorism. The abrogation is only to the extent necessary to ensure AUSTRAC's effectiveness in monitoring and ensuring compliance with the AML/CTF regime.

Right to freedom of expression – Article 19 of the ICCPR

56. The right to freedom of expression in Article 19 of the ICCPR protects the right to hold opinions without interference and the right to express those opinions to others.

57. Part 1 of Schedule 9 of the Bill may engage the right to freedom of expression because it would enable the AUSTRAC CEO to direct a person undergoing an examination not to disclose to third parties that the examination took place or to disclose the questions asked or information disclosed during the examination. Under new section 172D of the AML/CTF Act, an examination would be required to take place in private and the examiner may give directions about who may be present. The lawyer of a person being examined may be present at the examination.

58. The purpose of the examinations power is to improve AUSTRAC's access to information for the purposes of investigating serious contraventions of the AML/CTF Act. Examinations will be conducted as part of an AUSTRAC investigation into a suspected contravention of the AML/CTF regime. This aspect of the Bill advances a legitimate objective of protecting the information that may form part of an examination, and the investigation to which the examination relates. Accordingly, it is reasonable, necessary and proportionate that the information is kept confidential while the investigation is ongoing, in order to protect the operations of law enforcement.

59. The amendments provide that a person being examined would be entitled to particular protections during the course of an examination, including attendance by their lawyer who may address the examiner, or examine their client about matters being discussed. The person being examined may also request a copy of the written record of the examination. However, there will be limits on disclosing that record in order to protect AUSTRAC information and investigations.

60. To the extent that a person's ability to communicate and express their opinions to others could be limited by this aspect of the Bill, the circumstances under which a person can be required to attend for an examination ensure the limitation is reasonable, necessary and proportionate. In addition, any limitation would be consistent with Article 19(3) of the ICCPR, which allows for restrictions for the protection of national security or of public order.

Right to equality and non-discrimination - Articles 2, 16 and 26 of the ICCPR

61. Articles 2, 16 and 26 of the ICCPR provide for the right of equality and non-discrimination. All persons are equal before the law and are entitled without any discrimination to the equal protection of the law. Discrimination is prohibited, and laws should guarantee to all persons equal and effective protection against discrimination on any ground such as race, colour, sex, language, religion, political or other opinion, national or social origin, property, birth or other status.

62. The provisions in Schedule 2 of the Bill related to initial CDD, enhanced CDD and politically exposed persons may indirectly limit this right by permitting reporting entities to distinguish between different customers based on certain political affiliation, place of residence within a country and their property. There is potential for these measures to have a disproportionate negative impact on particular persons and groups, such as people residing in jurisdictions subject to sanctions.

63. For example, Schedule 2 of the Bill would require reporting entities to establish on reasonable grounds whether a customer is a politically exposed person, or if a person or entity is designated for targeted financial sanctions. Enhanced CDD must be applied for all foreign politically exposed persons. However, unless a reporting entity deems it is unable to mitigate the ML/TF risks posed by such customers, the provisions do not restrict the ability for such people to receive designated services. Rather the Bill would ensure the application of CDD that is proportionate and appropriate to the ML/TF risk of the customer.

64. The United Nations Human Rights Committee recognises that 'not every differentiation of treatment will constitute discrimination, if the criteria for such differentiation are reasonable and objective'. To the extent that the provisions of the Bill may reduce a person's ability to receive a designated service, these limitations are reasonable, necessary and proportionate to address the risks of money laundering, and terrorism and proliferation financing.

Right to freedom of association - Article 22 of the ICCPR

65. Article 22 of the ICCPR protects the right to form and join associations to pursue common goals.

66. The provisions in Schedule 2 of the Bill may indirectly limit this right by creating a disincentive for persons to form or join certain organisations, such as terrorist organisations or outlaw motorcycle gangs. In undertaking initial CDD and ongoing CDD, a person may potentially be required to disclose their membership of a group or association, and a reporting entity may potentially be required to treat that person differently on the basis of their association.

67. For instance, Schedule 2 of the Bill would require enhanced CDD to be applied to all high ML/TF risk customers. Enhanced CDD includes measures that are more onerous or require a greater level of scrutiny about a customer. While the Bill does not restrict the ability for such people to receive designated services (unless the reporting entity it is unable to mitigate the ML/TF risks posed), this may make some people more reluctant to form or join certain organisations if they know it could potentially result in enhanced CDD being applied or services being denied.

68. Overall, the provisions in Schedule 2 of the Bill are tailored to ensure the application of CDD that is appropriate to the ML/TF risk of the customer. To the extent that these provisions may limit the right to freedom of association by disincentivising persons from joining organisations such as terrorist organisations or outlaw motorcycle gangs, this would be reasonable, necessary and proportionate to address the risks of money laundering, and terrorism and proliferation financing.

Conclusion

69. The Bill engages with a number of human rights and, to the extent the Bill limits some rights, those limitations would be reasonable, necessary and proportionate, and facilitate the overarching legitimate objectives of the AML/CTF Act.

NOTES ON CLAUSES

Preliminary

Clause 1 – Short title

1. Clause 1 of the Bill provides for the short title of the Act to be the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024.

Clause 2 – Commencement

2. Clause 2 of the Bill provides for the commencement of each Schedule of the Bill, as set out in the table. Each provision of the Bill specified in column 1 of the table commences in accordance with column 2 of the table. Any other statement in column 2 has effect according to its terms.

3. There are varying commencement times for the Schedules and in some cases, Parts of this Bill:

Clauses 1–3 of the Bill commence the day of Royal Assent.
Parts 1–3 of Schedule 9 and Schedules 11 and 12 commence 28 days after receiving Royal Assent.
Schedules 1–3, Part 1 of Schedule 5, Part 1 of Schedule 6, Schedule 8 and Schedule 10 commence on 31 March 2026.
Schedules 4 and 7 commence on 1 July 2026.

4. These commencement times are designed to ensure reporting entities have sufficient time to transition and plan for the changes to the AML/CTF regime, while ensuring changes are in place for Australia's mutual evaluation by the FATF in 2026-27.

5. Of particular note, Schedule 3 and Part 1 of Schedule 6, which expand the AML/CTF regime to new designated services, commence on 31 March 2026. Part 4 of Schedule 3 contains transitional provisions which mean that new reporting entities that provide tranche two designated services set out in Schedule 3 may enrol as reporting entities with AUSTRAC from 31 March 2026. However, regulatory obligations under Part 1A, 2, 3 and Divisions 2 to 6 of Part 10 of the AML/CTF Act do not apply until 1 July 2026.

6. There are also a range of amendments that are contingent on other legislation progressing through the Parliament. These are:

The commencement of Part 2 of Schedule 5 and Part 4 of Schedule 9 are contingent on the commencement of Schedule 1 in the Intelligence Services Legislation Amendment Act 2024.
The commencement of Part 2 of Schedule 6 is contingent on the commencement of Schedule 2 in the Crimes and Other Legislation Amendment (Omnibus No. 1) Act 2024.

Clause 3 – Schedules

7. Clause 3 of the Bill sets out that legislation specified in a particular Schedule of the Bill is amended or repealed by the applicable items in the Schedule concerned.

SCHEDULE 1 - AML/CTF PROGRAMS AND BUSINESS GROUPS

Anti-Money Laundering and Counter-Terrorism Financing Act 2006

8. This Schedule would replace current Part 7 of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) with a set of outcomes-focused obligations for an effective anti-money laundering and counter-terrorism financing (AML/CTF) program. These obligations ensure reporting entities undertake appropriate measures that focus on mitigating money laundering/terrorism financing (ML/TF) risk.

9. Current Part 7 of the AML/CTF Act requires a reporting entity to adopt an AML/CTF program with a 'primary purpose' of identifying, mitigating and managing ML/TF risk, rather than explicitly requiring the entity to identify, assess and mitigate their illicit financing risks. The amendments shift this focus to ensure reporting entities prioritise mitigating the risks they identify as being relevant to their business, in line with the Financial Action Task Force's (FATF's) risk-based approach.

10. While the amendments remove the explicit division of previous Parts A and B of an AML/CTF program, reporting entities may organise the documentation of their AML/CTF program at their discretion, as long as it complies with the high-level obligations set out in the AML/CTF Act. This means existing reporting entities may retain the division of their program in to Parts A and B if they choose to do so.

11. This Schedule also replaces the current concept of a 'designated business group' with a simple 'reporting group' concept. A reporting group will be required for traditional corporate groups and, unlike the current designated business group concept, applies a more flexible framework for related entities, including non-reporting entities that may fulfil AML/CTF obligations on behalf of reporting entities in the reporting group.

Items 1 and 2 – Section 4

12. These Items amend the simplified outline in existing section 4 of the AML/CTF Act. Item 1 removes 'financial institution' from the description of a reporting entity due to the expansion of the AML/CTF regime to non-financial businesses (see Schedule 3 of the Bill).

Item 3 – Section 5

13. This Item inserts definitions of 'AML/CTF compliance officer', 'AML/CTF policies', and 'AML/CTF program' into section 5 of the AML/CTF Act.

14. The requirement to designate an AML/CTF compliance officer is currently contained in the AML/CTF Rules, however the functions of the AML/CTF compliance officer are not set out and the term is not otherwise defined. The intention is to move the requirement to the AML/CTF Act and define the responsibilities of the AML/CTF compliance officer to reflect the importance of the position in identifying, assessing, mitigating and managing a reporting entity's risk of money laundering, terrorism financing and proliferation financing associated with providing a designated service. These concepts and definitions are discussed in more detail in Item 24 of this Schedule.

15. For 'AML/CTF policies', the definition at (a) is given as meaning the policies, procedures, systems and controls as per new section 26F of the AML/CTF Act.

16. For 'AML/CTF programs', the definition refers to the new section 26B of the AML/CTF Act.

Item 4 – Section 5 (definition of anti-money laundering and counter-terrorism financing program )

17. This Item repeals the current definition of an AML/CTF program.

Item 5 – Section 5

18. This Item inserts a new definition of 'business group' to be detailed in new subsection 10A(3) of the AML/CTF Act.

19. Item 5 also clarifies that the meaning of 'control', which is used in relation to 'business groups' and 'reporting groups', will take its meaning from section 11 of the AML/CTF Act.

Item 6 – Section 5 (definition of control test )

20. Item 6 repeals the existing definition of 'control test'. The AML/CTF Act currently relies on the definition of 'control test' from the Social Security Act 1991. This definition is no longer appropriate due to its broad nature. The 2016 Statutory Review of the AML/CTF Act, AML/CTF Rules and the Associated Regulations (the 2016 Statutory Review) found the current application of 'control test' is too expansive for AML/CTF purposes. For example, if an individual passes the Social Security Act 1991 control test for a company, so do all of their 'associates', which is defined broadly. When applied to the AML/CTF Act, this interpretation could lead to the conclusion that a company is considered to reside in each jurisdiction in which an 'associate' of the controlling individual resides.

21. As per Item 5, the AML/CTF Act will instead use the concept of 'control'. A definition will be provided in section 11 (see Item 19 of this Schedule).

Item 7 – Section 5 (definition of designated business group )

22. This Item removes the current concept of a 'designated business group', to be replaced with a modernised 'business group' and 'reporting group' concept. The new definition of 'business group' and 'reporting group' will be provided in section 10A of the AML/CTF Act, as detailed in Item 19 of this Schedule.

Item 8 – Section 5

23. Item 8 inserts a definition of a 'governing body' of a reporting entity. This is intended to define the person or persons responsible for the strategic management and oversight of a reporting entity. New section 26H of the AML/CTF Act (to be inserted by Item 24 of this Schedule) describes the responsibilities of governing bodies.

24. The term 'governing body' is intended to be a general term applicable to the management of all businesses regulated under the AML/CTF Act, from small businesses to large multinational enterprises, and includes both corporate structures and other forms of business structures. The broad term 'governing body' reflects that not all reporting entities have boards. For example, a reporting entity without a board may have one or more directors or senior employees who have primary responsibility for governance and executive decisions within the reporting entity.

25. Paragraph (a) of the definition provides that a sole trader operating a business that provides a designated service will be a reporting entity for the purposes of the AML/CTF Act and the individual comprising the business will be the governing body of that reporting entity.

Item 9 – Section 5 (definition of joint anti-money laundering and counter-terrorism financing program )

26. This Item removes the current concept of a joint AML/CTF program. In order to simplify the regime, there will only be one concept of an AML/CTF program, which is defined at new 26B (to be inserted by Item 24 of this Schedule). Under the new 'reporting group' concept, reporting groups will be able to implement group-wide AML/CTF programs. The AML/CTF Act will not prescribe the form of that program.

27. The redesign of the AML/CTF program requirements will comprise a set of outcomes-focused obligations that remove the prescriptive and overlapping requirements set out in the currently separate concepts of 'standard', 'joint' and 'special' AML/CTF programs. This allows for varying types of AML/CTF programs for individual reporting entities, reporting entities in a group, and reporting entities who only provide a designated service covered by item 54 of table 1 of section 6 of the AML/CTF Act.

Item 10 – Section 5

28. This Item inserts key terminology for the updated business group and reporting group concepts. This includes inserting the definitions of a 'lead entity' of a reporting group and a 'member' of a reporting or business group. These definitions are expanded upon in new section 10A of the AML/CTF Act (to be inserted by Item 19 of this Schedule).

29. Item 10 also provides that a new definition of a 'ML/TF risk assessment' will replace the current definition of an ML/TF risk assessment, which will be detailed in new section 26C of the AML/CTF Act (to be inserted by Item 24 of this Schedule).

Item 11 – Section 5 (definition of money laundering and terrorism financing risk assessment )

30. This Item removes the current definition of a 'money laundering and terrorism financing risk assessment' in the AML/CTF Act. A new definition is provided in new section 26C of the AML/CTF Act (to be inserted by Item 24 of this Schedule).

31. The current definition of a 'money laundering and terrorism financing risk assessment' is only used for the purpose of the section 165 notice power in the AML/CTF Act (which will be replaced by the new definition inserted by Item 10, which takes its meaning from new section 26C of the AML/CTF Act.

Item 12 – Section 5

32. This Item inserts a new definition of 'proliferation financing' in section 5 of the AML/CTF Act. The definition at paragraph (a) is intended to align with the FATF Standards, which cover any potential breach, non-implementation or evasion of United Nations Security Council targeted financial sanctions related to the proliferation of weapons of mass destruction. The definition at paragraphs (b) and (c) also extends this definition to other offences against Australian counter-proliferation laws including relevant Australian autonomous sanctions and other Australian laws giving effect to international conventions relating to the proliferation of weapons of mass destruction, for example, the Weapons of Mass Destruction (Prevention of Proliferation) Act 1995. Paragraph (g) enables relevant laws to be prescribed in regulations to assist reporting entities and allow for these laws to be updated, where appropriate, in response to international developments.

Item 13 – Section 5 (definition of reporting entity )

33. Item 13 updates the current definition of a 'reporting entity' in section 5 of the AML/CTF Act to also include the lead entity of a reporting group, which is specified at paragraph (b). As detailed at Item 19 of this Schedule, a reporting group may be formed when at least one member of a business group provides designated services. One entity in this reporting group will carry the role and functions of lead entity for the reporting group, and will be known as the lead entity.

34. Where obligations relate to the 'reporting entity', this should be understood to apply to both an individual reporting entity and the lead entity of a reporting group. Lead entities are responsible for developing the ML/TF risk assessment and the AML/CTF policies with respect to their reporting group.

35. Currently, the AML/CTF Act repetitively details the requirements for a joint AML/CTF program to be developed by the lead entity of a designated business group. This new approach in the Bill would streamline the general obligations so that they can be read as applicable to either a sole reporting entity, or to the lead entity of a reporting group. Where the lead entity develops and maintains a compliant AML/CTF program that covers the entire group, this may discharge the obligation of another member reporting entity in the reporting group to undertake its own ML/TF risk assessment or develop and maintain its own AML/CTF policies.

Item 14 – Section 5

36. This Item inserts a new definition of 'reporting group' in section 5 of the AML/CTF Act, which is to be given meaning by the new subsection 10A(1) of the AML/CTF Act (to be inserted by Item 19 of this Schedule).

37. This Item also inserts a new definition of 'senior manager' in section 5 of the AML/CTF Act, which is defined to mean an individual who makes or participates in making decisions about the operational management of a reporting entity's business. This concept is intended to be different from the definition of 'governing body' (to be inserted in section 5 by Item 8 of this Schedule), which is focused on strategic-level responsibility of a reporting entity. In a large organisation, a senior manager may be an employee who does not sit on the board of directors but is responsible for relevant activities of the reporting entity. A smaller reporting entity may not have a similar formal title, but the senior manager would make or participate in making decisions about business.

Item 15 – Section 5 (definition of shell bank )

38. This Item amends the definition of 'shell bank' in section 5 of the AML/CTF Act to reflect that the detailed definition has been moved from existing section 15 of the AML/CTF Act to new section 94A (to be inserted by Item 31 of this Schedule).

Item 16 – Section 5 (definition of special anti-money laundering and counter-terrorism financing program )

39. This Item removes the definition of a 'special' AML/CTF program as this will no longer be required. Special AML/CTF programs are currently only available to Australian Financial Services Licence (AFSL) holders that exclusively provide the designated service covered by item 54 of table 1 in section 6 (making arrangements for a customer to receive another AML/CTF designated service, for example, financial planners).

40. Reporting entities that only provide item 54 designated services will retain their exemption from certain AML/CTF program obligations. This exemption is provided in new section 26T of the AML/CTF Act (to be inserted by Item 24 of this Schedule). Any business that provides a designated service in addition to providing an item 54 service must comply with the full range of AML/CTF obligations for those services.

Item 17 – Section 5 (definition of standard anti-money laundering and counter-terrorism financing program )

41. This Item removes the concept of a 'standard' AML/CTF program as it will no longer be required. There will only be one concept of an AML/CTF program to be defined in new 26B (to be inserted by Item 24 of this Schedule).

Item 18 – After subsection 6(6)

42. This Item inserts a new subsection 6(6A) in the AML/CTF Act, which enacts the exemption currently provided for in Chapter 36 of the AML/CTF Rules. The exemption clarifies at subparagraph 6(6A)(a)(i) that any of the services provided by one business in a business group to another related business are not considered to be designated services.

43. This recognises that there is little value in applying AML/CTF measures such as customer due diligence (CDD) to services between related businesses. Where all such services provided by a business fall within the exemption, they will not be a reporting entity for the purposes of the AML/CTF Act, unless they are the lead entity in a business group that includes reporting entity members.

44. Further, subparagraphs 6(6A)(a)(ii) and (iii) specify where a reporting entity provides a designated service at items 48 or 49 of table 1 in section 6 of the AML/CTF Act (guaranteeing a loan and making a payment to the lender) and both the guarantor and borrower are members of the same reporting group, reporting entities will not be required to apply AML/CTF obligations to these services. These services are referred to specifically as they are defined in section 6 of the AML/CTF Act to have multiple customers.

45. This Item provides at subparagraph 6(6A)(a)(iv) that AML/CTF Rules may be made to apply the exemption to other designated services with multiple customers, such as trustee services being introduced in Schedule 3 of the Bill. The Item also provides at paragraph 6(6A)(b) and (c) that AML/CTF Rules may exclude designated services from the exemption, or set requirements to be met for the exemption to be applicable.

Item 19 – Section 11

46. This Item repeals existing section 11 of the AML/CTF Act, inserts new section 10A and provides key terms for reporting entities that organise themselves into groups for the purposes of group-wide risk management. The amendments replace the concept of a 'designated business group' with the concept of a 'reporting group' to refer to a group of entities that includes one or more reporting entities with common risk management and compliance arrangements. In line with FATF Recommendation 18, this Item will facilitate:

Group ML/TF risk management—this involves providing for the appropriate sharing of ML/TF risk-related information within reporting groups, including non-reporting entities. Many reporting entities, including larger multinational enterprises, use related entities within their group structures, including non-reporting entities, to fulfil AML/CTF compliance requirements such as transaction monitoring.
Group-level compliance management—Currently, designated business groups allow for the adoption of a common AML/CTF program and discharge of a limited number of AML/CTF obligations, with no requirement for group-level compliance management. Under the reforms, group-level compliance management will be required for reporting groups, with provisions for the sharing of ML/TF risk, and AML/CTF compliance-related information subject to appropriate safeguards to protect that information. It will provide more flexibility for the centralisation of AML/CTF compliance functions in one or more reporting group members in an efficient way with scope to adapt this to each reporting group's own business model.

47. The default reporting group will be a business group of related companies or other entities in a corporate structure or other control structure, where at least one entity is a reporting entity, as defined at paragraph 10A(1)(a).

48. The definition of 'reporting group' at paragraph 10A(1)(b) encompasses groups that have elected to organise themselves into groups to take advantage of group risk and compliance management within non-corporate structures such as various groupings of partnerships, or franchise arrangements. AUSTRAC will be empowered to make AML/CTF Rules allowing for other types of groups to be recognised as reporting groups, which will allow reporting entities in any sector, but tranche two entities in particular, to share or centralise compliance functions and ML/TF risk information across a group of entities. In this way, reporting groups may reduce regulatory burden for reporting entity members.

49. New subsection 10A(3) provides that reporting entities who are organised in the typical parent/subsidiary corporate structure (where a parent entity controls one or more subsidiary bodies corporate) will be recognised as a business group. The definition of business group is used to assist in defining the membership of reporting groups formed under subsection 10A(1). It is also the basis for the intra-group designated services exemption at Item 18 of this Schedule, which ensures that members of business groups that only provide designated services within the business group will not be reporting entities.

50. New subsections 10A(4) and (5) clarify the levels of membership of a reporting or business group. Each person in the reporting or business group is considered a member. These are referred to as 'ordinary members'.

51. Group risk and compliance management functions will be fulfilled by a 'lead entity' in the reporting group, which is defined at subsection 10A(5). Due to the diversity of corporate and other structures, and the need for flexibility in the concept of a 'lead entity', the AML/CTF Rules will specify how the lead entity in any reporting group is to be identified.

52. The AML/CTF Rules made under subsection 10A(5) will ensure that the lead entity is connected to Australia, for example, as an Australian resident entity or foreign company registered in Australia.

53. The lead entity will have broad responsibility for:

the identification, assessment, mitigation and management of ML/TF risk across compliance of all reporting entity members in a reporting group, and
compliance management to ensure all reporting entities in the business group comply with their obligations under the AML/CTF regime and the group AML/CTF program.

54. Subsections 236B(1), (2) and (3) (to be inserted by Item 50 in this Schedule) gives effect to the above by deeming designated services provided by a reporting entity member of a reporting group to have also been provided by the lead entity. This will trigger the lead entity's ML/TF risk assessment obligations under new section 26B such that the lead entity will be responsible for identifying and assessing risk across the designated services provided by the reporting group as a whole. It will also trigger the requirement for the lead entity to develop and maintain AML/CTF policies for risk management and mitigation, and compliance management across the group.

55. Lead entities will also have specific AML/CTF program requirements that relate to information sharing within reporting groups, which are set out at new subsection 26F(5) (to be inserted by Item 24 of this Schedule). These will require the development and maintenance of AML/CTF policies to provide for the appropriate sharing of information for ML/TF risk management and mitigation purposes, AML/CTF compliance management, and to ensure the appropriate safeguarding of information shared within the reporting group (including to prevent 'tipping off').

56. Lead entities' governing bodies will be required to exercise appropriate ongoing oversight across the reporting group and take reasonable steps to ensure that reporting entities in the reporting group are appropriately identifying, assessing, managing and mitigating their ML/TF risks and otherwise complying with AML/CTF obligations. This is given effect by new section 26U (to be inserted by Item 24 of this Schedule). The lead entity's AML/CTF compliance officer will support the leady entity's governing body to fulfil these requirements.

57. New subsection 236B(5) (to be inserted by Item 50 in this Schedule) provides that any member of a reporting group may discharge an obligation of a reporting entity under the AML/CTF Act, AML/CTF Rules or regulations. The member discharging the obligation need not be a reporting entity, however, AML/CTF Rules may set out requirements requiring reporting obligations to be discharged by reporting entity members of a reporting group. The lead entity itself (as a reporting entity) may have obligations discharged by other members of the reporting group, for example, an offshore parent entity where the reporting lead entity is an Australian subsidiary of a global bank. This framework will provide flexibility for reporting groups to structure their AML/CTF compliance operations in a way that best suits the group. Non-reporting entity members of reporting group will not be liable for failing to discharge an obligation on behalf of a reporting entity member of the group—in all cases, liability for discharging an obligation will remain with the original reporting entity.

58. New subsection 236B(6) provides that where a reporting entity member of a group fails to comply with an obligation under the AML/CTF Act, both the contravening member and the lead entity will be liable for the contravention. This reinforces the group ML/TF risk management and group compliance management approach set out above. It will also reduce the risk that reporting groups will be misused to structure out of liability for civil penalty contraventions.

59. Item 19 also replaces 'control test' with a meaning of 'control' by inserting a new section 11 in the AML/CTF Act. This intends to clarify what kind of corporate structure qualifies as a business group. Reporting entities are required to form a business group if they are related to each other as bodies corporate under the Corporations Act 2001 (the Corporations Act). This structure is common in traditional financial services businesses where one entity typically controls the subsidiary entities, that is, the parent entity either wholly owns its subsidiaries, or has the capacity to control the body corporate's board and has the maximum number of votes or shares to form a majority.

60. Subsection 11(2) relates to control of a person other than a body corporate and states that control is the capacity to control the composition of the entity's board, or having the capacity to determine decisions regarding financial and operating policies. Subparagraphs 11(2)(b)(i) and (ii) provide that in relation to the second limb, practical influence and patterns of behaviour will be considered.

Items 20 and 21

61. These Items make consequential amendments to existing subparagraphs 14(2)(b)(i) and 14(3)(b)(i) of the AML/CTF Act following the removal of the concept of 'control test' from the AML/CTF Act in Item 19 of this Schedule.

Item 22 – Section 15

62. This Item repeals the current section 15 of the AML/CTF Act that defines 'shell bank.' This Item is related to Item 15 of this Schedule, which moves the definition of 'shell bank' to new section 94A (to be inserted by Item 31 of this Schedule).

Item 23 – Subsection 21(3)

63. Item 23 amends existing subsection 21(3) of the AML/CTF Act to allow for the making of AML/CTF Rules, instead of regulations, to clarify when a designated service provided via electronic communications is considered to be provided in Australia or in another country, which may affect what AML/CTF measures must be implemented under the AML/CTF regime. The use of AML/CTF Rules for defining technical matters is more consistent with the broader approach across the AML/CTF Act, and allows appropriate flexibility to respond to changing circumstances.

Item 24 – After Part 1

64. This Item inserts a new Part 1A in the AML/CTF Act that outlines the general obligations a reporting entity must meet to develop and implement an effective AML/CTF program. These obligations are expressed as statements to guide reporting entities.

65. Given the centrality of AML/CTF programs to risk-based AML/CTF regulation, and the effectiveness of reporting entities' efforts to detect and deter misuse of their services by criminals, the AML/CTF program requirements have been moved to be some of the first obligations in the AML/CTF Act.

66. These general obligations will remove the current prescriptive obligation for AML/CTF programs to be structured with a separate Part A and Part B. Instead, an AML/CTF program will consist of the reporting entity's ML/TF risk assessment (new section 26C) and the reporting entity's AML/CTF policies (new section 26F). This reflects the common structure found globally, as reflecting the FATF Standards and the legislation of comparable jurisdictions.

67. The new framework of streamlined AML/CTF program requirements does not require reporting entities to consequently merge Part A and Part B of their existing AML/CTF programs. A reporting entity may retain its existing program structure if it is effectively identifying, mitigating and managing their risks. Reporting entities should review whether amendments to the substance of the program are required to address the requirements of Part 1A.

Application of new Part 1A to services provided overseas, including foreign branches and subsidiaries

68. Where appropriate, the provisions of Part 1A make clear which provisions apply to reporting entities providing designated services generally, and which apply only to those designated services provided at or through a permanent establishment in Australia.

69. Under FATF Recommendation 18, the home country of a reporting entity is required to ensure that foreign branches and majority-owned subsidiaries apply AML/CTF measures consistent with home country requirements, where the minimum AML/CTF requirements of the foreign country are less strict than those of the home country. This is subject to an exception where the foreign country does not permit compliance with the home country's AML/CTF requirements. The approach adopted in this Bill seeks to avoid two complications that can arise in complying with the relevant FATF Standards:

determining relative 'strictness' of laws is challenging both for reporting entities and regulators, and
the more prescriptive the obligations for foreign branches and subsidiaries, the more likely there is to be a conflict of laws.

70. To minimise these challenges for reporting entities and AUSTRAC, the Bill generally takes the following approach throughout Parts 1A (AML/CTF programs) and 2 (Customer Due Diligence):

High-level principles about the outcome to be achieved apply to all designated services under the AML/CTF Act. For example, the identification, assessment, mitigation or management of ML/TF risk. These high-level principles are consistent with the FATF Standards that are the foundation of AML/CTF regimes around the world.
More specific obligations apply to designated services provided in Australia and not to those provided overseas. For example, factors to be considered in undertaking risk assessments, specific AML/CTF policies to be included in AML/CTF programs, and specific CDD requirements. This will minimise the chances of a conflict of laws between specific Australian requirements and those of other countries in which a reporting entity operates.

Division 1 – Introduction

71. New section 26A provides a simplified outline of Part 1A. The simplified outline notes that a reporting entity must have and comply with an AML/CTF program, it should include the reporting entity's ML/TF risk assessment and AML/CTF policies that appropriately mitigate and manage the entity's risks. It also sets out the roles of the governing body and compliance officer. The simplified outline provides that the AML/CTF policies of a reporting entity should be appropriate to the nature, size and complexity of the reporting entity's business. While this simplified outline is included to assist a reader's understanding of the substantive provisions to follow, it is not intended to be comprehensive. Readers are advised to rely on the substantive provisions for full comprehension.

72. Division 1 of Part 1A amends the current approach to, or concept of, an AML/CTF program, so that it moves away from the primary obligation of simply having an AML/CTF program in place. The new intent is to shift the focus for reporting entities on to the identification, assessment, mitigation and management of money laundering, terrorism financing and proliferation financing risk itself in fulfilling AML/CTF program requirements.

73. As such, new section 26B provides that an AML/CTF program comprises a ML/TF risk assessment (subsection 26B(a)) and the AML/CTF policies that are developed and implemented to mitigate and manage the ML/TF risk and to ensure compliance with the AML/CTF regime (new subsection 26B(b)).

Division 2 – ML/TF risk assessment

74. Division 2 of Part 1A at new subsection 26C(1) requires a reporting entity to undertake a risk assessment. As part of the risk assessment, a reporting entity must identify, assess and document the risks that their designated services may be exploited to launder money, or finance either terrorism or the proliferation of weapons.

75. The AML/CTF Act currently does not clearly express the expectation for a reporting entity to undertake a risk assessment prior to commencing to provide a designated service. Reporting entities have had to infer this requirement from disparate parts of the legislation.

76. Subsection 26C(2) details that the steps taken in undertaking the ML/TF risk assessment must be appropriate to the nature, size and complexity of its business, consistent with the FATF Standards. In practice, this reflects that reporting entities that are larger, or have more complex operations, may be required to undertake their ML/TF risk assessment in a different manner as compared to a smaller reporting entity.

77. The AML/CTF Act does not prescribe the manner in which a reporting entity must undertake its ML/TF risk assessment, or the format in which a ML/TF risk assessment must be documented. Whichever approach is taken, a reporting entity's ML/TF risk assessment should be useable by the governing body in fulfilling its functions under the AML/CTF Act, and by employees and other staff of the reporting entity to implement AML/CTF policies effectively.

78. New subsection 26C(3) provides the four main factors a reporting entity must have regard to when assessing their risk, representing the risk factors set out in the FATF Standards. This new subsection also reflects current terminology in the AML/CTF Rules. These are the kinds of services being provided (paragraph 26C(3)(a)), the kinds of customers of a business (paragraph 26C(3)(b)), how these services are delivered (paragraph 26C(3)(c)), and the countries that a reporting entity does business in (paragraph 26C(3)(d)).

79. 'Countries' is defined in existing section 5 of the AML/CTF Act to include Australia and a foreign country, while the term 'foreign country' is defined to have an extended meaning to include a range of different types of regions within or associated with a foreign country.

80. Subsection 26C(4) provides that a reporting entity is not limited to the factors outlined in subsection 26C(3) and may consider more factors if appropriate to the nature, size and complexity of the business.

81. These factors will not be mandatory for the provision of designated services provided at, or through, a foreign permanent establishment of the reporting entity. This will allow flexibility for reporting entities to comply with any applicable foreign laws relating to ML/TF risk assessment.

82. Paragraph 26C(3)(e) also includes a requirement to consider any written guidance issued by AUSTRAC. AUSTRAC may communicate information in a number of ways including through publications on its website, by communication with industry peak bodies or direct communication with the reporting entity. This requirement to consider AUSTRAC communications is narrower than the existing requirement in the AML/CTF Rules for reporting entities to consider any AUSTRAC guidance or feedback relevant to the reporting entity's identification, mitigation and management of money laundering and terrorism financing risk.

83. The AUSTRAC communication as per subparagraph 26D(1)(a)(ii) must identify or assess money laundering, terrorism financing and proliferation financing risks to trigger this obligation. General guidance or other communications will not trigger this requirement. This addresses an ongoing concern from the financial sector about the breadth of the current obligation and its associated regulatory burden and brings Australia into closer alignment with the FATF Standards.

84. New section 26D provides an obligation for reporting entities to review their ML/TF risk assessments in certain circumstances to ensure that the reporting entity has identified and assessed any new or changed risks of ML/TF.

85. Subparagraph 26D(1)(a)(i) stipulates that a review should be triggered when there is a significant change to any of the factors in its ML/TF risk assessment. The term 'significant change' is intended to ensure that a reporting entity is not expected to review and update its ML/TF risk assessment in response to minor changes in risk which do not have a significant impact on the reporting entity.

86. An example of a significant change may be that a reporting entity that has provided services solely face-to-face begins delivering its services online. This would necessitate a review of the reporting entity's risk assessment before it begins using the new, online delivery channel as its services will now be available and accessible to a wider range of customers and may be vulnerable to new threats of exploitation by criminals. This review may be an internal review undertaken by the business itself.

87. If the review is conducted in response to a significant change in a risk factor, the review may not result in an update of the entire ML/TF risk assessment, but only those parts which are relevant to the significant change.

88. New subsection 26D(2) provides for two distinct kinds of changes that would trigger a review. These are changes that are within the control of the reporting entity (paragraph 26D(2)(a)) and those that are not within the control of the reporting entity (paragraph 26D(2)(b)).

89. New subsection 26D(4) provides that where the change is within the entity's control (for example, a new form of designated service), the reporting entity is required to review their risk assessment prior to the change taking place (paragraph 26D(4)(a)). Where the change is outside of the reporting entity's control (for example, a business provides services to a foreign jurisdiction which has recently been affected by targeted financial sanctions), the review and update should occur as soon as practicable after the change (paragraph 26D(4)(b)).

90. New subparagraph 26D(1)(a)(iii) provides the AML/CTF Rules may provide further detail on other kinds of circumstances that would trigger reviews of ML/TF risk assessments. New subparagraph 26D(1)(b) provides that the minimum frequency for these reviews is every 3 years, which appropriately balances the need to ensure accuracy of information with the burden to reporting entities.

91. New subsection 26E(1) further stipulates that a reporting entity must not commence to provide a designated service without an ML/TF risk assessment or if its risk assessment is not up to date. Contravening this provision carries a civil penalty as per new subsection 26E(2). This conveys the importance of the risk assessment in the effective identification, mitigation and management of money laundering, terrorism financing and proliferation financing risks.

92. Subsection 26E(3) provides that a separate contravention of that subsection is committed for each designated service that the reporting entity provides in Australia. Subsection 26E(4) says a separate contravention occurs each day the reporting entity provides designated services in a foreign country.

93. These penalties are outlined in Division 2 of Part 15 of the AML/CTF Act. The maximum civil penalty under the AML/CTF Act is set at the highest amount allowed, which is 100,000 penalty units for a corporation and 20,000 penalty units for individuals. While the penalties can be substantial, AML/CTF enforcement actions can involve serious systemic failures by a reporting entity where the number of contraventions is immeasurable. The amount of any civil penalty will be determined by the court. Courts will decide the appropriate penalty (subject to the statutory maximum) based on the circumstances of a contravention. In determining the appropriate amount for a civil penalty, the courts will consider the impact of these violations on the Australian community, the financial system, and law enforcement efforts.

Division 3 – AML/CTF policies

94. Division 3 of Part 1A details the requirement for a reporting entity to develop and maintain policies, procedures, systems and controls that achieve two outcomes. The first outcome is to manage and mitigate the ML/TF risks that the reporting entity may reasonably face in providing its designated services (paragraph 26F(1)(a)). The second outcome is internal compliance management to ensure the reporting entity complies with the AML/CTF Act, Rules and regulations (paragraph 26F(1)(b)). This internal compliance management function extends to compliance with the reporting entity's AML/CTF policies themselves, given that this is a requirement of the AML/CTF Act in section 26G. Reporting entities do not need to have separate policies to achieve these two purposes—a given policy, procedure, system or control may be relevant to both.

95. These policies, procedures, systems and controls will be known collectively as 'AML/CTF policies' and form part of the AML/CTF program. AML/CTF policies will largely include the matters that are currently dealt with in Part A and Part B of an AML/CTF program.

96. Where a reporting entity has identified and assessed its money laundering, terrorism financing and proliferation financing risks in accordance with subsection 26C(1), its ML/TF risk assessment will form the basis of the reporting entity's AML/CTF policies.

97. Subsection 26F(8) makes the obligation in subsection 26F(1) subject to a civil penalty. These penalties are outlined in Division 2 of Part 15 of the AML/CTF Act. The maximum civil penalty under the AML/CTF Act is set at the highest amount allowed, which is 100,000 penalty units for a corporation and 20,000 penalty units for individuals. While the penalties can be substantial, AML/CTF enforcement actions can involve serious systemic failures by a reporting entity where the number of contraventions is immeasurable. The amount of any civil penalty will be determined by the court. Courts will decide the appropriate penalty (subject to the statutory maximum) based on the circumstances of a contravention. In determining the appropriate amount for a civil penalty, the courts will consider the impact of these violations on the Australian community, the financial system, and law enforcement efforts.

98. Without limiting the core obligation in new subsection 26F(1), subsection 26F(3) provides a non-exhaustive list of what the risk management and mitigation policies must cover:

how the reporting entity will identify significant changes that would trigger a review of its ML/TF risk assessment (paragraph 26F(3)(a))
how the reporting entity will conduct CDD (paragraph 26F(3)(b)), and
how the reporting entity will review and update its AML/CTF policies when required (paragraphs 26F(3)(c) and (d)).

99. New paragraph 26F(3)(e) also empowers the AUSTRAC CEO to make Rules that may specify other matters related to managing and mitigating the risks of money laundering, terrorism financing and proliferation financing. This recognises the rapid evolution of financial crime threats and methodologies and the need for the regime to adapt accordingly.

100. Without limiting the core obligation in paragraph 26F(1)(b) for internal compliance management, subsection 26F(4) provides a non-exhaustive list of what the internal compliance management policies must cover:

how the reporting entity will inform its governing body of the money laundering, terrorism financing and proliferation financing risks faced by the reporting entity in its provision of designated services (paragraph 26F(4)(a))
designating an AML/CTF compliance officer (paragraph 26F(4)(b))
designating a senior manager responsible for approving any changes to the ML/TF risk assessment or AML/CTF policies (paragraph 26F(4)(c))
how the reporting entity will undertake due diligence on staff engaged by the reporting entity whose role in the reporting entity may allow them to facilitate serious financial crimes or whose role is relevant to AML/CTF compliance (paragraph 26F(4)(d))
how a reporting entity will provide risk awareness and management training to staff engaged by the reporting entity (paragraph 26F(4)(e))
how, and when, to conduct an independent review of its AML/CTF program (paragraph 26F(4)(f)), and
any other matters that may be provided in the AML/CTF Rules (paragraph 26F(4)(g)).

101. The internal compliance management policies reflect the obligations in the FATF Standards, and matters which support the operation of other provisions of the AML/CTF Act. Additional matters will be specified in AML/CTF Rules. The risk mitigation polices at subsections 26F(3) and (4) are limited in their application to entities that provide designated services at or through permanent establishments in Australia, to allow flexibility for reporting entities to comply with foreign applicable laws for designated service provided overseas. However, the overarching general requirement to develop and maintain AML/CTF policies that achieve both the ML/TF risk mitigation and management and AML/CTF compliance management outcomes in new subsection 26F(1) applies to designated services provided at or through foreign permanent establishments.

102. While the matters described above apply to all reporting entity members of a reporting group, subsections 26F(5) and (6) provide the additional matters that must be dealt with by the lead entity's AML/CTF policies. These matters include:

appropriate information sharing between members of the group (paragraph 26F(5)(a))
how and which members can discharge AML/CTF functions on behalf of other members of the group (paragraph 26F(6)(b)), and
ensuring that information shared between reporting entities is appropriately used and handled to avoid triggering the tipping off offence (paragraph 26F(6)(c)).

103. The policies for information sharing between members of a reporting group can include the ability for a reporting entity's foreign branch or subsidiary to 'passport' a customer to receive designated services in Australia where initial CDD has already been undertaken.

104. Subsections 26F(8), (9) and (10) make the obligations in subsection 25F(1) subject to civil penalties. These penalties are outlined in Division 2 of Part 15 of the AML/CTF Act. The maximum civil penalty under the AML/CTF Act is set at the highest amount allowed, which is 100,000 penalty units for a corporation and 20,000 penalty units for individuals. While the penalties can be substantial, AML/CTF enforcement actions can involve serious systemic failures by a reporting entity where the number of contraventions is immeasurable. The amount of any civil penalty will be determined by the court. Courts will decide the appropriate penalty (subject to the statutory maximum) based on the circumstances of a contravention. In determining the appropriate amount for a civil penalty, the courts will consider the impact of these violations on the Australian community, the financial system, and law enforcement efforts.

105. Subsection 26F(11) provides that a reporting entity is not required to develop or maintain specific AML/CTF policies to mitigate and manage proliferation financing risk if it has assessed under subsection 26C and 26D that risk to be low and that it can be appropriately managed by existing policies for ML/TF. Reporting entities will be supported in forming this assessment by AUSTRAC's Proliferation Financing in Australia National Risk Assessment, published in December 2022.

106. Subsection 26F(12) provides that the reporting entity bears the legal burden of proof in order to rely on this exception. Imposing the legal burden of proof on the reporting entity will require the reporting entity to prove that they have considered proliferation financing in their ML/TF risk assessment and reasonably assessed their risk as low. This will be within the reporting entity's knowledge, making the reversal of the burden of proof appropriate.

107. Section 26G provides that the AML/CTF policies developed by the reporting entity must be complied with, or the reporting entity is liable to a civil penalty for each designated service that is provided without complying with its own policies. This section provides a requirement for a reporting entity to not only have AML/CTF policies, but also to ensure that they are implemented by the reporting entity.

108. Subsection 26G(3) makes the obligations in new subsections 26G(1) and (2) subject to a civil penalty. These penalties are outlined in Division 2 of Part 15 of the AML/CTF Act. The maximum civil penalty under the AML/CTF Act is set at the highest amount allowed, which is 100,000 penalty units for a corporation and 20,000 penalty units for individuals. While the penalties can be substantial, AML/CTF enforcement actions can involve serious systemic failures by a reporting entity where the number of contraventions is immeasurable. The amount of any civil penalty will be determined by the court. Courts will decide the appropriate penalty (subject to the statutory maximum) based on the circumstances of a contravention. In determining the appropriate amount for a civil penalty, the courts will consider the impact of these violations on the Australian community, the financial system, and law enforcement efforts.

Division 4 – AML/CTF responsibilities of governing bodies

109. Division 4 sets out the strategic oversight responsibilities of the governing body, which is separate from the responsibilities of the AML/CTF compliance officer and other members of senior management.

110. New section 26H of the AML/CTF Act provides the governing body is responsible for exercising ongoing oversight of the ML/TF risk assessment (subparagraph 26H(1)(a)(i)), the reporting entity's compliance with its own AML/CTF policies (subparagraph 26H(1)(a)(ii)), and compliance with the AML/CTF regime (paragraph 26H(1)(b)).

111. While the governing body will not be required to exercise oversight of the day-to-day implementation of the AML/CTF program, they must take reasonable steps to ensure that the reporting entity is effectively identifying, assessing, mitigating and managing the money laundering, terrorism financing or proliferation financing risks it may reasonably face, as per paragraph 26H(1)(b).

112. The effect of new section 26H is that a reporting entity's board or governing body will not be required to approve iterative changes to the risk assessment and will only be required to be informed of these changes. This will ensure that governing bodies maintain strategic oversight of the effective implementation of the AML/CTF program that is informed by the entity's ML/TF risk assessment. Approvals for the ML/TF risk assessment are detailed in new section 26P.

113. Subsection 26H(3) makes the obligation in new subsection 26H(2) subject to a civil penalty. These penalties are outlined in Division 2 of Part 15 of the AML/CTF Act. These penalties are outlined in Division 2 of Part 15 of the AML/CTF Act. The maximum civil penalty under the AML/CTF Act is set at the highest amount allowed, which is 100,000 penalty units for a corporation and 20,000 penalty units for individuals. While the penalties can be substantial, AML/CTF enforcement actions can involve serious systemic failures by a reporting entity where the number of contraventions is immeasurable. The amount of any civil penalty will be determined by the court. Courts will decide the appropriate penalty (subject to the statutory maximum) based on the circumstances of a contravention. In determining the appropriate amount for a civil penalty, the courts will consider the impact of these violations on the Australian community, the financial system, and law enforcement efforts.

Division 5 – AML/CTF compliance officers

114. Division 5 provides that a reporting entity must designate an AML/CTF compliance officer (in new section 26J) and sets out eligibility requirements. This is an existing role in the AML/CTF Rules. Moving this role and its functions to the primary legislation highlights the important role an AML/CTF compliance officer fulfils in the effective operation of, and continued compliance with, a reporting entity's AML/CTF program.

115. To provide flexibility for different business models, the requirement to 'designate' an AML/CTF compliance officer does not require that the AML/CTF compliance officer be an employee of the reporting entity and may be engaged externally by the reporting entity (26J(2)(a)). However, an AML/CTF compliance officer who is not an employee will only be eligible for designation if they can meet the requirements of the role as set out below.

116. Section 26J provides the requirements for the AML/CTF compliance officer. The individual must be at the management level (paragraph 26J(2)(a)), or engaged by the reporting entity with sufficient authority, independence and access to resources and information to ensure they can perform their functions effectively (paragraph 26J(2)(b)).

117. Management level may be interpreted differently for different forms and sizes of reporting entities. For example, for a large reporting entity the relevant manager may exercise day-to-day operational management relevant to AML/CTF compliance, as opposed to the strategic oversight exercised by members of the board or executive committee. For smaller reporting entities, the compliance officer may be the owner or director of a business, or a management-level employee who is responsible for managing broader risks or operations within the business.

118. Subsection 26J(2) provides the AML/CTF compliance officer must have has sufficient authority, independence and access to resources and information to ensure they can perform their functions effectively. Independence means the AML/CTF compliance officer must be in a position to form their own judgements in exercising their AML/CTF functions.

119. Subsection 26J(3) further provides that the AML/CTF compliance officer must be a resident of Australia (if the reporting entity is based in and provides services through a permanent establishment in Australia) (paragraph 26J(3)(a)), be a fit and proper person (paragraph 26J(3)(b)), and meet any further requirements specified in the AML/CTF Rules (paragraph 26J(3)(c)).

120. 'Fit and proper' is intended to be understood with its ordinary meaning, including concepts of honesty and competency and is intended to provide sufficient flexibility to recognise different business models. A fit and proper AML/CTF compliance officer for a small domestic business will necessarily differ from the same role in a major multinational enterprise. A reporting entity may leverage AFSL or other professional fit and proper person checks, pursuant to any AML/CTF Rules made regarding this requirement.

121. New subsection 26J(5) provides that subsection 26J(2) is a civil penalty provision. These penalties are outlined in Division 2 of Part 15 of the AML/CTF Act. The maximum civil penalty under the AML/CTF Act is set at the highest amount allowed, which is 100,000 penalty units for a corporation and 20,000 penalty units for individuals. While the penalties can be substantial, AML/CTF enforcement actions can involve serious systemic failures by a reporting entity where the number of contraventions is immeasurable. The amount of any civil penalty will be determined by the court. Courts will decide the appropriate penalty (subject to the statutory maximum) based on the circumstances of a contravention. In determining the appropriate amount for a civil penalty, the courts will consider the impact of these violations on the Australian community, the financial system, and law enforcement efforts.

122. New subsection 26K(1) clarifies that a reporting entity must designate a compliance officer within 28 days of providing a designated service.

123. Failing to designate an AML/CTF compliance officer within the required time period and failing to notify AUSTRAC of the individual who is the compliance officer both give rise to civil penalties under new subsection 26K(6). These penalties are outlined in Division 2 of Part 15 of the AML/CTF Act. The maximum civil penalty under the AML/CTF Act is set at the highest amount allowed, which is 100,000 penalty units for a corporation and 20,000 penalty units for individuals. While the penalties can be substantial, AML/CTF enforcement actions can involve serious systemic failures by a reporting entity where the number of contraventions is immeasurable. The amount of any civil penalty will be determined by the court. Courts will decide the appropriate penalty (subject to the statutory maximum) based on the circumstances of a contravention. In determining the appropriate amount for a civil penalty, the courts will consider the impact of these violations on the Australian community, the financial system, and law enforcement efforts.

124. Subsection 26K(2) provides if an AML/CTF compliance officer ceases to be eligible for that role for the reporting entity, the reporting entity will also have 28 days to designate a new compliance officer. The reporting entity may continue to provide designated services during this time. Failing to designate an appropriate individual within the specified timeframes leaves a reporting entity liable to a civil penalty for each day the reporting entity provides a designated service without a compliance officer after the 28-day deadline.

125. Section 26L provides the functions specific to the AML/CTF compliance officer as separate to the those of the governing body. The AML/CTF compliance officer is responsible for overseeing and coordinating the operational implementation of the AML/CTF program. In addition, the AML/CTF compliance officer is to be the main point of contact with AUSTRAC. The AML/CTF Rules may also specify additional functions for the AML/CTF compliance officer.

126. After a reporting entity has designated their compliance officer, the reporting entity must notify AUSTRAC of the individual within 14 days, using an approved form under section 26M. Subsection 26M(1) is a civil penalty provision under subsection 26M(3). These penalties are outlined in Division 2 of Part 15 of the AML/CTF Act. The maximum civil penalty under the AML/CTF Act is set at the highest amount allowed, which is 100,000 penalty units for a corporation and 20,000 penalty units for individuals. While the penalties can be substantial, AML/CTF enforcement actions can involve serious systemic failures by a reporting entity where the number of contraventions is immeasurable. The amount of any civil penalty will be determined by the court. Courts will decide the appropriate penalty (subject to the statutory maximum) based on the circumstances of a contravention. In determining the appropriate amount for a civil penalty, the courts will consider the impact of these violations on the Australian community, the financial system, and law enforcement efforts.

Division 6 – AML/CTF program documentation and approvals

127. Division 6 sets out the requirements for a reporting entity to document and seek approvals for the reporting entity's AML/CTF program.

128. New section 26N of the AML/CTF requires that a reporting entity must document its AML/CTF program, which includes both the ML/TF risk assessment and the AML/CTF policies. The AML/CTF Rules may specify other related matters that must be documented.

129. New section 26P provides that the ML/TF risk assessment and its AML/CTF policies, and any updates to either, must be approved by a senior manager in the reporting entity. The governing body of the reporting entity must be notified of approved updates to ensure that it is able to provide effective strategic oversight of the reporting entity's money laundering, terrorism financing and proliferation financing risks and ability to manage and mitigate them.

130. This removes the previous requirement for the governing body to approve updates to most policies, procedures, systems and controls in an AML/CTF program, and instead requires this be done by a senior manager in the reporting entity. It further aligns with the intent of alleviating burden of approving minor procedural updates from the governing body.

131. The distinction between governing body, senior manager and AML/CTF compliance officer may be redundant for small businesses or sole traders.

132. New section 26Q provides that the AUSTRAC CEO may issue a written notice requesting a reporting entity to produce AML/CTF program documents and any related documents required to be made and kept from a reporting entity.

133. Subsections 26N(2), 26P(3) and 26Q(2) are civil penalty provisions. These penalties are outlined in Division 2 of Part 15 of the AML/CTF Act. The maximum civil penalty under the AML/CTF Act is set at the highest amount allowed, which is 100,000 penalty units for a corporation and 20,000 penalty units for individuals. While the penalties can be substantial, AML/CTF enforcement actions can involve serious systemic failures by a reporting entity where the number of contraventions is immeasurable. The amount of any civil penalty will be determined by the court. Courts will decide the appropriate penalty (subject to the statutory maximum) based on the circumstances of a contravention. In determining the appropriate amount for a civil penalty, the courts will consider the impact of these violations on the Australian community, the financial system, and law enforcement efforts.

Division 7 – Other matters

134. New section 26R replicates the relevant parts of the previous section 165 regarding ML/TF risk assessments and its civil penalties in new Part 1A of the AML/CTF Act, where they are more appropriate. This retains the existing provision for a civil penalty for breaching the requirements.

135. New section 26S provides that a registered remittance network provider must develop and share an AML/CTF program with its affiliates. This is due to the remittance network not being expressly captured by the streamlined 'business group' or 'reporting group' concepts. In practice, the remittance network provider must enact the functions of a lead entity in a reporting group for the purposes of the affiliates' AML/CTF compliance. This continues an existing obligation in section 84 of the AML/CTF Act.

136. New section 26T maintains the existing exemption for holders of an AFSL that only provide designated services covered by item 54 of table 1 in section 6 (for example, financial planners). These reporting entities are only required to undertake an AML/TF risk assessment, and develop and implement AML/CTF policies that deal with how the reporting entity undertakes initial CDD. This maintains the effect of the previous 'Special Anti-Money Laundering and Counter-Terrorism Financing Programs' under section 86 of the AML/CTF Act.

137. New section 26U clarifies that a reference to the nature, size and complexity of the business of a lead entity of a reporting group is taken to be a reference to consider the nature, size and complexity of the business of the lead entity, and of each member of the reporting group when complying with its obligations under Part 1A. Item 50 of this Schedule inserts a new section 236B, which provides further detail for lead entities.

138. New section 26V provides a Rule-making power to exempt specific designated services or circumstances involving designated services from Part 1A of the AML/CTF Act. This Rule-making power may be required if the amendments in this Bill unintentionally capture services that present little to no risk of ML/TF.

Item 25 – Subsection 35F(5)

139. This Item repeals existing subsection 35F(5). This is a consequential repeal of the subsection that is made redundant by the removal of the 'designated business group' concept.

Item 26 – Paragraph 38(d)

140. Item 26 adds a reference to proliferation financing in paragraph 38(d), which currently only covers money laundering and terrorism financing.

Items 27 to 29

141. These Items are consequential to the amendments required to create the new Part 1A of the AML/CTF Act.

Item 30 – Part 7

142. This Item repeals existing Part 7 of the AML/CTF Act, the current Part in the AML/CTF Act that sets out the AML/CTF programs obligations. This Part will be replaced with the Items in this Schedule.

Item 31 – After section 94

143. This Item moves the current definition of a 'shell bank' to the relevant Part 8 of the AML/CTF Act that deals with correspondent banking.

Item 32 – Section 104

144. This Item updates the simplified outline in Part 10 of the AML/CTF Act to provide that a reporting entity must retain records related to its AML/CTF program to align with the new understanding that an AML/CTF program is a collection of documented policies, procedures, systems and controls.

Items 33 and 34

145. These Items make contingent amendments for the replacement of the record keeping provisions by this Schedule, and for the repeal of the Financial Transaction Reports Act 1988 (FTR Act) (in Schedule 11 of the Bill).

Item 35 – Division 5 of Part 10

146. Item 35 replaces the AML/CTF program record-keeping requirements in existing Division 5 of Part 10 of the AML/CTF Act with a new obligation for a reporting entity to keep records that demonstrate compliance with the new Part 1A of the AML/CTF Act, in recognition that the AML/CTF program is to be understood as a collection of documented policies, procedures, systems and controls (paragraph 116(1)(a)).

147. The new Part 1A of the AML/CTF Act retains the previous record keeping requirements for reporting entities.

148. Paragraph 116(3)(b) provides that the documents and records detailed in Part 1A must be kept for 7 years after the records are no longer relevant to the reporting entity's compliance. This aligns with existing requirements and supports AUSTRAC's monitoring of reporting entities' compliance with the AML/CTF regime.

149. This means that a reporting entity must keep a record of its AML/CTF program (its ML/TF risk assessment, AML/CTF policies, any updates and the steps taken to review and update the program) for 7 years after the record is no longer relevant.

150. This continues the current 7-year document retention obligations in the AML/CTF Act. The 7-year period has been retained to align with other relevant pieces of legislation which currently already have their own 7-year document retention obligations (for example, the Corporations Act).

151. Subsections 116(1) and (3) are civil penalty provisions. These penalties are outlined in Division 2 of Part 15 of the AML/CTF Act. The maximum civil penalty under the AML/CTF Act is set at the highest amount allowed, which is 100,000 penalty units for a corporation and 20,000 penalty units for individuals. While the penalties can be substantial, AML/CTF enforcement actions can involve serious systemic failures by a reporting entity where the number of contraventions is immeasurable. The amount of any civil penalty will be determined by the court. Courts will decide the appropriate penalty (subject to the statutory maximum) based on the circumstances of a contravention. In determining the appropriate amount for a civil penalty, the courts will consider the impact of these violations on the Australian community, the financial system, and law enforcement efforts.

Items 36 and 37 – Paragraph 124(2)(a)

152. These Items update paragraph 124(2)(a) where it refers to other sections of the AML/CTF Act.

Items 38 to 44

153. These Items update sections 161 and 162 to align with the terminology introduced in the new Part 1A of the AML/CTF Act. The intent of these subsections remains the same.

Item 45 – Division 8 of Part 13

154. Item 45 repeals Division 8 of Part 13 as it will be made redundant by the inclusion of an express ML/TF risk assessment requirement in the new Part 1A.

Items 46 and 47 – Subsection 184(4)

155. These Items add the relevant new subsections to the existing list of designated infringement notice provisions.

156. The designation and notification of an AML/CTF compliance officer, and the provisions dealing with AML/CTF program documentation and approvals are designated infringement notice provisions.

Item 48 – Paragraphs 207(3)(a) and (b)

157. This Item makes a consequential amendment to terminology to align with the new terminology of a 'reporting group' that has replaced the previous 'designated business group' concept.

Item 49 – Section 234

158. This Item amends the existing simplified outline in section 234 of the AML/CTF Act to reflect the defence from civil penalty liability where a reporting entity's foreign branch or subsidiary is unable to comply with Australian AML/CTF laws due to a conflict with the laws in the host country.

Item 50 – After section 236

159. Item 50 adds two new sections to Part 18 of the AML/CTF Act pertaining to:

a defence from civil penalties for foreign branches and subsidiaries (section 236A), and
clarity on the application of the AML/CTF Act to reporting groups (section 236B).

160. New section 236A provides a defence from the civil penalty provisions in Part 1A and Part 2 where a reporting entity is prevented from complying with their Australian AML/CTF obligations by the laws of a foreign country.

161. As per paragraph 236A(1)(c), a foreign branch or subsidiary of a reporting entity is required to notify AUSTRAC that there is a conflict of laws that prevent the implementation of Australian AML/CTF Act obligations in the host country, and is taking reasonable steps to identify, assess, mitigate and manage the money laundering and terrorism financing risk arising from being prevented from compliance.

162. Subsection 236(2) provides the reporting entity bears a legal burden of proof if it intends to rely on this defence. The reversed onus is appropriate here because the elements of section 236A that would give rise to the defence will be particularly within the knowledge of the reporting entity. The reporting entity's foreign branch or subsidiary would be required to provide proof of the conflicting laws in order to rely on this defence in civil penalty proceedings.

163. New section 236B gives effect to the obligations of a lead entity in a reporting group. Subsection 236B(2) deems a designated service provided by an ordinary member of a reporting group to have been provided by the lead entity. This will trigger the lead entity's ML/TF risk assessment obligations under new section 26C (inserted by Item 24 of this Schedule) such that the lead entity will be responsible for identifying and assessing risk across the designated services provided by the reporting group as a whole. It will also trigger the requirement for the lead entity to develop and maintain AML/CTF policies for risk management and mitigation, and compliance management, across the group.

164. New subsection 236B(5) also provides that any member of a reporting group may discharge an obligation of a reporting entity under the AML/CTF Act, AML/CTF Rules, or regulations. The AML/CTF Rules may specify requirements related to the discharge of AML/CTF obligations by one member of a reporting group on behalf of another.

165. The note following subsection 236B(5) states that the member discharging the obligation need not be a reporting entity. The lead entity itself (as a reporting entity) may have obligations discharged by other members of the reporting group. This framework will provide significant flexibility for reporting groups to structure their AML/CTF compliance operations in a way that best suits the group.

166. Non-reporting entity members of reporting group will not be liable for failing to discharge an obligation on behalf of a reporting entity member of the group—in all cases, liability for discharging an obligation will remain with the original reporting entity and the lead entity.

167. Subsection 236B(6) also provides that where a member of a reporting group contravenes civil penalty provisions in the AML/CTF Act, the lead entity of the reporting group is deemed to have contravened the same provisions of the AML/CTF Act as well. Both the ordinary member and the lead entity may be liable for the civil penalty. This ensures that the lead entity is appropriately aware of and accountable for the compliance of the reporting group members.

SCHEDULE 2 - CUSTOMER DUE DILIGENCE

168. CDD is one of the primary ways in which reporting entities identify, assess, mitigate and manage their money laundering, terrorism financing and proliferation financing risk. CDD involves reporting entities achieving two related outcomes:

identifying, and verifying the identity, of their customers and certain associated persons, and
understanding the ML/TF risks associated with providing designated services to the customer, and taking appropriate steps to mitigate and manage these risks.

169. The amendments in Schedule 2 of the Bill clarify the fundamental requirements of the CDD framework, and address deficiencies identified in FATF's 2015 mutual evaluation of Australia's compliance with the FATF Standards. In particular, the amendments simplify the existing AML/CTF regime by clearly stating the outcomes to be achieved by initial CDD, rather than focusing on the procedures. This provides greater flexibility to reporting entities in the steps they take to know their customers.

170. The amendments in Schedule 2 clearly outline that a reporting entity must apply initial and ongoing CDD measures that are appropriate to the ML/TF risk of each customer, rather than applying a one-size-fits-all approach. This provides reporting entities greater flexibility to apply simplified CDD in low risk scenarios. Consistent with FATF Recommendations 10 and 12, the Bill also requires a reporting entity to apply enhanced CDD in high risk scenarios under new section 32 inserted by Item 6 of this Schedule.

171. The amendments in Schedule 2 also empower the AUSTRAC CEO to create AML/CTF Rules to set out more specific obligations for services provided in Australia. It is expected that AUSTRAC would develop comprehensive guidance, with examples, on how a reporting entity can implement the obligations.

Part 1—Main Amendments

Anti-Money Laundering and Counter-Terrorism Financing Act 2006

Items 1 to 3 – Section 4

172. Items 1 to 3 amend the existing simplified outline in section 4 of the AML/CTF Act to repeal or omit phrases or terms that are no longer applicable or required. These phrases and terms are replaced with updated terminology inserted in the AML/CTF Act by this Bill. While this simplified outline is included to assist a reader's understanding of the substantive provisions to follow, it is not intended to be comprehensive. Readers are advised to rely on the substantive provisions for full comprehension.

Item 4 – Section 5 (definition of applicable customer identification procedure )

173. Item 4 repeals the existing definition of 'applicable customer identification procedure'(ACIP) in section 5 of the AML/CTF Act. This helps to shift the focus of CDD from process and prescriptive requirements (such as carrying out ACIP under the existing framework) to clearer and risk-based outcomes (identifying and verifying who your customer is and the ML/TF risks associated with providing services to them).

Item 5 – Section 5

174. Item 5 inserts several new definitions in section 5 of the AML/CTF Act.

175. 'Beneficial owner' is defined as meaning a person who ultimately owns (either directly or indirectly) 25 per cent or more of the person, or controls (directly or indirectly) the person. This definition reflects the definition of beneficial owner as outlined in FATF Recommendations 24 and 25. The inclusion of 'ultimately owns or controls' is intended to refer to situations in which ownership or control is exercised through a chain of ownership or by means of control other than direct control. The ultimate beneficial owner is always one or more natural persons.

176. 'Business relationship' is defined as meaning a relationship between a reporting entity and a customer involving the provision of a designated service or designated services that has, or could reasonably be expected to have, an element of duration. The definition is intended to help reporting entities:

determine which types of ongoing CDD are appropriate
determine when CDD obligations cease to apply to a customer (that is, at the end of the business relationship), and
for reporting entities that would be regulated as a result of Schedule 3 of this Bill, help identify which customers are considered pre-commencement customers, in connection with new section 36 of the AML/CTF Act inserted by Item 7 of this Schedule.

177. For example, a business relationship is intended to include:

a bank opening an account for a customer and allowing transactions in relation to that account over time (multiple point in time designated services)
a safe deposit box provider holding items in a safe deposit box over time (a single designated service with an element of duration)
a legal practitioner acting as a nominee director for a company for a period of time, or
a real estate agent that has an agency agreement with a vendor to sell a property over a period of time.

178. 'Child' is defined to include:

a stepchild or an adopted child of the person
someone who would be the stepchild of the person except that the person is not legally married to the person's partner, or
someone who is a child of a person within the meaning of the Family Law Act 1975.

179. This list is non-exhaustive and provides clarity on who is considered a child for the purposes of the AML/CTF Act.

180. 'De facto partner' is defined to have the same meaning as in the Acts Interpretation Act 1901.

181. 'Domestic politically exposed person' is defined as meaning:

an individual who holds an office or position, in or for an Australian government body, specified in the AML/CTF Rules
an individual who is a member of the legislature of the Commonwealth of a State or Territory
a family member of an individual covered by the categories above, or
certain other known associates, having regard to information that is public or readily available.

182. The rule-making power in this definition would only be used to specify prominent and high-level positions in Australian government bodies.

183. 'Family member' of an individual covered by the new definitions of 'domestic politically exposed person', foreign politically exposed person below or international organisation politically exposed person below, is defined to include:

a spouse, de facto partner, or other person who is equivalent to a spouse of de facto partner under any applicable law of a foreign country, of the individual
a child of the individual
a spouse or de facto partner, or other person who is equivalent to a spouse or de facto partner under any applicable law of a foreign country, of a child of the individual, and
a parent of the individual.

184. 'Foreign politically exposed person' (foreign PEP) is defined as meaning an individual who holds a prominent office or position or public function in or for the legislature, executive or judiciary of a foreign country, including an individual who holds any the specified offices or positions. The definition also includes a family member of an individual covered by this category, or certain other known associates, having regard to information that is public or readily available. The amendment also provides a rule-making power that allows the AUSTRAC CEO to specify additional positions that must be included in the application of the definition. The approach to this definition recognises different international contexts may have different legislative, executive, judicial, military and other political frameworks.

185. 'International organisation politically exposed person' (international organisation PEP) is defined as meaning:

an individual who is entrusted with a prominent public function, position or office of a public international organisation, including a head, deputy head or board member in a public international organisation
a family member of an individual covered by the category above, or
certain other known associates, having regard to information that is public or readily available.

186. 'KYC information' is defined as information about the customer that provides reasonable grounds for a reporting entity to establish the matters set out in new subsection 28(2) inserted by Item 6 of this Schedule and assists in identifying and assessing the ML/TF risk of the customer. KYC information is short for 'Know Your Customer' information. Pursuant to new subsection 28(6) (to be inserted by Item 6 of this Schedule), the AML/CTF Rules may specify certain KYC information must be collected and/or verified in order for the reporting entity to establish those matters on 'reasonable grounds' for different kinds of customers in Australia.

187. 'ML/TF risk' of a customer is defined as meaning the risks of money laundering, financing of terrorism and proliferation financing that a reporting entity may reasonably face in providing the designated service, or designated services, to the customer. This differs from the definition of 'ML/TF risk assessment' inserted by Item 10 of Schedule 1 of this Bill, which identifies and assesses broader illicit financing risks associated with the reporting entity or reporting group providing designated services across its entire business.

188. The definition of 'ML/TF risk' of a customer is intended to clarify the understanding of customer risk and how it interacts with the CDD obligations. A risk-based approach to CDD requires a reporting entity to identify and assess its entity-specific or group-wide ML/TF risks, as well as the ML/TF risks present through the provision of a designated service to a particular customer. While the requirement to identify customer risk is not explicit in the current AML/CTF Act and AML/CTF Rules, it has always been an implicit expectation that underpins existing CDD obligations. The AML/CTF Rules would specify a range of further factors that reporting entities must consider when identifying the ML/TF risk of the customer, particularly where a reporting entity plans to undertake simplified CDD for the customer.

189. A reporting entity may adopt its own method to identify and assess the ML/TF risk of a customer, so long as it complies with the requirements of the new Part 2 of the AML/CTF Act and may determine its own risk categories. However, categories adopted by a reporting entity must be compatible with requirements in the AML/CTF Act or AML/CTF Rules that are applicable to customers presenting either low, medium or high risk and, as such, could undertake simplified or must undertake enhanced initial and ongoing CDD instead of undertaking standard CDD.

190. For example, a reporting entity may implement additional risk ratings within these three broad categories—low risk may be distinguished from moderately low risk. In this scenario, a reporting entity may implement graduated simplified CDD measures so long as they remain appropriate to the ML/TF risk of the customer and meet any requirements specified in the AML/CTF Rules. However, it should be clear what the cut-offs are for low, medium and high risk in any ML/TF risk rating scale adopted for the purposes of complying with the AML/CTF Act and Rules. For example, a reporting entity may consider that customers of high and extreme risk meet the mandatory conditions for applying enhanced CDD measures, but with additional enhanced due diligence measures applied to those customers rated as 'extreme' risk.

191. The ML/TF risk requirements for initial CDD and ongoing CDD are set out in new sections 28 and 30 (to be inserted by Item 6 of this Schedule). The ML/TF risk of the customer is not static, and should develop and become more informed as a customer goes through initial CDD and is monitored through ongoing CDD.

192. 'Nested services relationship' refers to circumstances where a financial institution, remitter or virtual asset service provider (VASP) provides its designated services to a customer who is also either a financial institution, remitter or VASP in another country, who would then use those services to provide its own designated services to its own customers. This definition exempts correspondent banking relationships between two financial institutions but covers relationships such as a bank providing services to a VASP in another country, which would then be used for the VASP to provide services to their customers. This amendment clarifies when this trigger for enhanced CDD must be applied for these relationships. Such relationships present particular risks because the Australian financial institution, remitter or VASP is reliant on their overseas counterpart's due diligence with respect to overseas counterpart's own customers. Under new subsection 28(6) (to be inserted by Item 6 of this Schedule), the AML/CTF Rules may provide specific details which must be collected and/or verified by a reporting entity in respect of undertaking enhanced CDD on a customer within a nested services relationship.

193. 'Occasional transaction' is defined as meaning the provision of a designated service by a reporting entity to a customer other than as part of a business relationship. For example, an occasional transaction could include a currency exchange business exchanging foreign currency over the counter where the customer does not have an account and there are no other indications of an enduring relationship. As above for 'business relationship', this definition is intended to help reporting entities determine which ongoing CDD measures need to be applied. For occasional transactions, not all components of ongoing CDD need to be applied. However, the provision of the designated service(s) provided as occasional transactions must still be monitored to identify possible suspicious matters.

194. 'Parent' is defined to include the parent of another person if the other person is the parent's child because of the definition of child in this section. This definition does not limit who is a parent of another person for the purposes of the AML/CTF Act.

195. 'Person designated for targeted financial sanctions' is defined as meaning a designated person or entity within the meaning of regulations made under the Charter of the United Nations Act 1945 or the Autonomous Sanctions Act 2011.

196. 'Politically exposed person' (PEP) is defined as meaning a 'domestic politically exposed person', a foreign PEP or an international organisation PEP. These categories are defined elsewhere in this Item, and set out what positions are covered for each category of PEP.

197. Individuals captured by the PEP definition often hold positions that can be abused for the purposes of money laundering or other predicate offences such as corruption or bribery. Due to these heightened risks, reporting entities must take reasonable measures to determine whether a customer or associated person is a PEP, as well as the other factors outlined in new section 28. For foreign PEPs, enhanced CDD must be applied. Similarly, for domestic and international organisation PEPs who have been identified as having high ML/TF risk, enhanced CDD must be applied. Enhanced CDD must also be applied to family members and other close associates of foreign PEPs and high ML/TF risk domestic and international organisation PEPs due to the increased risk these customers pose.

198. Under new paragraph 28(2)(g) inserted by Item 6 of this Schedule, the AML/CTF Rules will specify requirements applicable to former PEPs based on ML/TF risk of the customer. Under the current regime, PEP status ceases with the position or function which does not accurately reflect the ML/TF risks that former PEPs may pose. FATF Recommendation 12 requires that the duration of enhanced CDD measures applicable to current and former PEP is to be risk-based. It is not intended to be indefinite.

199. 'Pre-commencement customer' refers to new subsection 36(1) of the AML/CTF Act (to be inserted by Item 8 of this Schedule). This Item outlines who is a pre-commencement customer for the purposes of the AML/CTF Act, and associated CDD requirements related to pre-commencement customers.

200. 'Public international organisation' is defined to have the same meaning as in section 70.1 of the Criminal Code. This term is defined for the purposes of identifying an international organisation PEP and new subsection 6(5D) of the professional service provider designated services.

201. Section 70.1 of the Criminal Code defines 'public international organisation' as:

an organisation of which 2 or more countries, or the governments of 2 or more countries, are members, or that is constituted by persons representing 2 or more countries, or representing the government of 2 or more countries
an organisation established by, or a group of organisations constituted by organisations of which 2 or more countries, or the governments of 2 or more countries, are members, or organisations that are constituted by the representatives of 2 or more countries, or the governments of 2 or more countries, or
an organisation that is an organ of, or office within, an organisation described in the categories above, or a commission, council or other body established by an organisation so described or such an organ, or a committee, or subcommittee of a committee, of an organisation described in the categories above, or of such an organ, council or body.

202. 'Spouse' is defined to include a de facto partner of the person within the meaning of the Acts Interpretation Act 1901. This clarifies that a de facto partner is within the meaning of a 'family member' of an individual for the purposes of the AML/CTF Act.

Item 6 – Part 2 (heading)

203. Item 6 repeals the heading 'Part 2 - Identification procedures' and substitutes it with 'Part 2 - Customer Due Diligence'.

Item 7 – Divisions 1 to 5 of Part 2

Division 1 – Introduction

204. Item 7 repeals and substitutes existing Divisions 1 to 5 of Part 2 of the AML/CTF Act. These Divisions currently focus on identification and verification procedures for pre-commencement customers, low risk services, and ACIP for various customer types. The Bill replaces aspects of these Divisions with new outcomes-focused provisions for initial CDD, ongoing CDD and pre-commencement customers, detailed below. As the existing power to list low-risk designated services in Division 3 of Part 2 of the AML/CTF Act has never been used, and it is unlikely that a designated service will ever be low risk in every circumstance, the Bill repeals these provisions.

205. New section 27 contains a simplified outline of CDD. While this simplified outline is included to assist a reader's understanding of the substantive provisions to follow, it is not intended to be comprehensive. Readers are advised to rely on the substantive provisions for full comprehension.

Division 2 – Initial customer due diligence

206. New section 28 establishes the principle obligation for undertaking initial CDD. Principle obligations are established for initial CDD, ongoing CDD, enhanced CDD and simplified CDD to provide a clear overarching purpose for these obligations. Foreign branches and subsidiaries will be required to meet these high-level, principles-based obligations. If a reporting entity's AML/CTF policies, procedures, systems and controls as they apply in a foreign country achieve, in practice, the high-level outcome in the AML/CTF Act, there will be no additional requirements under Australian law.

207. New subsection 28(1) requires that a reporting entity must not commence to provide designated services to a customer until it establishes a number of matters on reasonable grounds. It also inserts new notes referencing new sections 31 (simplified CDD), 32 (enhanced CDD), and 36 (pre-commencement customers).

208. New subsection 28(2) sets out the matters that must be established on reasonable grounds. These matters reflect the requirements of FATF Recommendations 10 and 12. They are:

the identity of the customer
the identity of any person on whose behalf the customer is receiving the designated service (for example, a trustee receiving a service on behalf of beneficiaries)
the identity of any person acting on behalf of the customer and their authority to act (for example, an agent of a customer)
the identity of any beneficial owners
whether the customer, any beneficial owner, any person on whose behalf the customer is receiving the designated service, or any person acting on behalf of the customer is a PEP or designated for targeted financial sanctions
the nature and purpose of the business relationship or occasional transaction, and
any other matters in the AML/CTF Rules.

209. The reporting entity may begin to provide designated services to the customer once the reporting entity has established the matters in new subsection 28(2) on reasonable grounds to an extent that is appropriate for the ML/TF risk of the customer. 'Reasonable grounds' is an objective test and new subsection 28(3) sets out particular requirements that must be done to establish the relevant matters in new subsection 28(2). This includes:

if the customer is an individual, taking reasonable steps to establish that the customer is who they claim to be (for example, ensuring that the individual's identity is not being used by someone else—while an identity may be verified as valid it must also be connected to the customer to mitigate the risk of identity fraud)
identifying the ML/TF risk of the customer based on KYC information that is reasonably available to the reporting entity before commencing to provide a designated service (as outlined in new subsection 28(2))
collecting KYC information about the customer that is appropriate to ML/TF risk of the customer (for example, the type and extent of information collected may depend on the level of ML/TF risk associated with the customer), and
verifying the KYC information to an appropriate extent based on the ML/TF risk of the customer using independent and reliable data. The information verified may be a subset of the information collected, where appropriate to the ML/TF risk.

210. The amendments in the Bill do not prescribe a particular order or process for fulfilling these requirements. Instead they could be completed simultaneously, or in any order that allows the reporting entity to meet the 'reasonable grounds' test before it commences to provide a designated service. For example, information collected for the purpose of establishing that a customer is who they claim to be may also assist in identifying the ML/TF risk of a customer and understanding whether enhanced CDD measures must be applied.

211. As an example, a reporting entity is approached by a prospective customer:

If the customer is an individual, the reporting entity needs to take steps to ensure that the individual is who they claim to be, which may involve comparing the photo on a primary photographic identification document (for example, a driver's licence or passport) to the individual who is presenting to the reporting entity either in person or through an internet-based delivery channel.
At the same time, the reporting entity identifies where the customer fits into its broader ML/TF risk assessment by considering the details it knows about the customer against the following factors: the kind of customer (for example, an individual), the services the reporting entity would provide, the channels they propose to deliver the designated services through, and the country where the individual is located, to identify the ML/TF risk of the customer.
This identification of the ML/TF risk of the customer determines the appropriate amount of KYC information that is collected and verified by the reporting entity to establish the matters in new subsection 28(2). A low-risk customer may require less information to be collected and verified to establish the matters on reasonable grounds as compared to a medium or high-risk customer. However, whatever level of CDD is undertaken, the reporting entity must still be able to establish the required matters to the objective standard of on 'reasonable grounds'.

212. A reporting entity determines the appropriate level of initial CDD to undertake, based on the information reasonably available to them before commencing to provide a designated service.

For an individual, for example, the reporting entity may determine based on the customer's occupation and residency that the customer is a high-risk domestic politically exposed person and, as such, they would be required to undertake appropriately enhanced CDD measures from their AML/CTF policies, and as specified in the applicable AML/CTF Rules, in order to meet the requirements for reasonable grounds. As required by FATF Recommendation 12, specific enhanced CDD measures are required for foreign PEPs, and high-risk domestic and international organisation PEPs.
Conversely, the reporting entity may determine that the company is wholly owned by a publicly listed company and may determine that the ML/TF risk is low, enabling the use of simplified CDD measures from their AML/CTF policies to establish the required matters such as beneficial ownership on reasonable grounds.

213. When identifying the ML/TF risk of the customer for initial CDD under new subsection 28(3), a reporting entity must consider KYC information, such as the kind of customer, the designated service being provided, delivery channels and jurisdictional risk. It is not expected that a reporting entity undertake a bespoke 'risk assessment' for each customer. Instead, when undertaking initial CDD, the reporting entity would utilise KYC information that is reasonably available to them before commencing to provide a designated service to determine where the customer fits into in the reporting entity's ML/TF risk assessment. This KYC information would then inform what level or type of initial CDD is required.

214. New subsection 28(4) provides that if a reporting entity provides its designated services at or through a permanent establishment of the reporting entity in Australia, it must take certain matters into account for the purposes of identifying the ML/TF risk of the customer. The matters are detailed in new paragraphs 28(4)(a)–(f). However, new subsection 28(5) outlines that new subsection 28(4) does not limit the matters a reporting entity may take into account for the purposes of identifying the ML/TF risk of the customer.

215. The reporting entity may begin to provide designated services to the customer once the reporting entity has established the matters in new subsection 28(2) on reasonable grounds to an extent that is appropriate for the ML/TF risk of the customer.

216. New subsection 28(6) enables AML/CTF Rules to be made regarding specific requirements for any part of initial CDD.

217. New subsection 28(7) clarifies that rules made under any of the provisions in this section may specify different requirements for classes of customers, including those to whom simplified CDD measure may be taken in accordance with new section 31, and those to whom enhanced CDD measures must be taken in accordance with new section 32.

218. New subsection 28(8) makes the obligation in new subsection 28(1) subject to a civil penalty. These penalties are outlined in Division 2 of Part 15 of the AML/CTF Act. The maximum civil penalty under the AML/CTF Act is set at the highest amount allowed, which is 100,000 penalty units for a corporation and 20,000 penalty units for individuals. While the penalties can be substantial, AML/CTF enforcement actions can involve serious systemic failures by a reporting entity where the number of contraventions is immeasurable. The amount of any civil penalty will be determined by the court. Courts will decide the appropriate penalty (subject to the statutory maximum) based on the circumstances of a contravention. In determining the appropriate amount for a civil penalty, the courts will consider the impact of these violations on the Australian community, the financial system, and law enforcement efforts.

219. New subsection 28(9) provides that a reporting entity that fails to undertake initial CDD in accordance with new subsection 28(1) commits a separate contravention in respect of each designated service that the reporting entity provides to a customer at or through a permanent establishing of the reporting entity in Australia. That is, a reporting entity commits a separate contravention for each instance of providing a designated service without undertaking initial CDD.

220. New subsection 28(10) provides that a reporting entity that fails to undertake initial CDD in accordance with new subsection 28(1) commits a separate contravention each day that they provide designated services at or through a permanent establishment of the reporting entity in a foreign country.

221. New section 29 outlines when reporting entities may delay initial CDD, or parts of initial CDD, until after commencing to provide a designated service, in certain circumstances specified in the AML/CTF Rules. Subsections 29(1)(a)-(f) clarify that this section applies if:

the circumstances in the rules apply
the reporting entity determines on reasonable grounds that commencing to provide the designated service prior to undertaking initial CDD is essential to avoid interrupting the ordinary course of business
the reporting entity has policies to comply with initial CDD requirements in relation to the customer as soon as reasonably practicable after commencing to provide the designated service, and within any period specified in the AML/CTF Rules
the difference in ML/TF risk arising from any delay in completing initial CDD is low (as opposed to the customer being identified as low ML/TF risk)
the reporting entity implements AML/CTF policies to mitigate and manage the associated risks, and
the reporting entity complies with any requirements specified in the AML/CTF Rules.

222. New section 29 of the AML/CTF Act enables AML/CTF Rules to be made to continue existing provisions for delayed CDD, including for financial institutions opening accounts. Further, recognising the operational challenges of verifying whether a customer is a PEP or designated for targeted financial sanctions before commencing to provide a designated service, the AML/CTF Rules may include provision allowing verification of PEP status or whether the person is designated for targeted financial sanctions on 'day 2', where appropriate to the ML/TF risk of the customer and the additional risk from delay is managed and mitigated.

223. New subsection 29(2) clarifies that if a reporting entity has delayed initial CDD under subsection 29(1), they must not continue to provide the designated service to the customer or commence to provide any other designated service to the customer unless they undertake initial CDD as soon as reasonably practicable and, if applicable, within any deadline set in the AML/CTF Rules.

224. New subsection 29(3) makes the obligation from new subsection 29(2) subject to a civil penalty provision for this obligation. These penalties are outlined in Division 2 of Part 15 of the AML/CTF Act. The maximum civil penalty under the AML/CTF Act is set at the highest amount allowed, which is 100,000 penalty units for a corporation and 20,000 penalty units for individuals. While the penalties can be substantial, AML/CTF enforcement actions can involve serious systemic failures by a reporting entity where the number of contraventions is immeasurable. The amount of any civil penalty will be determined by the court. Courts will decide the appropriate penalty (subject to the statutory maximum) based on the circumstances of a contravention. In determining the appropriate amount for a civil penalty, the courts will consider the impact of these violations on the Australian community, the financial system, and law enforcement efforts.

Division 3 – Ongoing customer due diligence

225. New subsection 30(1) inserts a principle obligation outlining that reporting entities must monitor their customers to appropriately identify, assess, manage and mitigate the ML/TF risks the reporting entity may reasonably face in the provision of designated services. This section continues the existing substantive requirements of section 36 in the AML/CTF Act. Reporting entities must be able to detect any suspicious activities, unusual transactions, and material changes in their customer's behaviour. A reporting entity must apply ongoing CDD measures proportionate to the ML/TF risk of the customer throughout the course of a business relationship, as well as in relation to the provision of designated services provided as occasional transactions.

226. New subsection 30(1) also inserts new notes referencing new sections 31 (simplified CDD), 32 (enhanced CDD), and 36 (pre-commencement customers).

227. New subsection 30(2) outlines ongoing CDD requirements for reporting entities who provide its designated services at or through a permanent establishment of the reporting entity in Australia.

228. New paragraph 30(2)(a) requires reporting entities to monitor for unusual transactions and behaviours of customers that may give rise to a suspicious matter report (SMR) obligation. This requirement is similar to the current requirement for a transaction monitoring program and applies to all reporting entities regardless of whether they have a business relationship with a customer or are undertaking an occasional transaction. For example, a reporting entity may monitor customers' transactions for signs of structuring below the cash reporting threshold and to assess whether this transaction or behaviour gives rise to a suspicious matter reporting obligation.

229. New paragraph 30(2)(b) requires reporting entities to review and, where appropriate, updating the reporting entity's identification and assessment of the ML/TF risk of the customer. This requirement only applies to reporting entities that have a business relationship with a customer. Whilst the ML/TF risk of the customer is identified through initial CDD based on KYC information that is reasonably available at the time, ongoing CDD requires the reporting entity to assess and update that risk over the course of the business relationship. For example, as a customer begins to undertake transactions in respect of designated services, the behaviour exhibited may indicate that the ML/TF risk of the customer is different to what was previously identified. For occasional transactions, the ML/TF risk of the customer will need to be identified under new section 28 each time the reporting entity provides a designated service.

230. New paragraph 30(2)(c) requires reporting entities to review and, where appropriate, updating and reverifying KYC information relating to the customer. This requirement only applies to reporting entities that have a business relationship with a customer. As per new paragraph 30(2)(c), reporting entities will have flexibility to review KYC information based on a frequency that is appropriate to the ML/TF risk of the customer. This also includes a requirement to undertake CDD and update KYC information where there are doubts about the adequacy or veracity of KYC information that the reporting entity has in relation to the customer—this continues an existing requirement under Chapter 6 of the AML/CTF Rules and consistent with FATF Recommendation 10.

231. New paragraph 30(2)(d) requires reporting entities to monitor for significant changes in the nature and purpose of the business relationship for pre-commencement customers that may result in the ML/TF risk of the customer being medium or high. For example, if a pre-commencement customer begins to receive a new designated service which indicates that the customer may be using the reporting entity for a different purpose, and the circumstances may result in the business relationship being medium or high risk (for example, as indicated by the reporting entity's ML/TF risk assessment). This monitoring obligation contains a trigger for carrying out initial CDD for a pre-commencement customer under new section 36.

232. New subsection 30(3) empowers the AUSTRAC CEO to make AML/CTF Rules specifying ongoing CDD requirements that must be complied with, or setting out circumstances in which CDD requirements will be deemed to have been complied with. This may include varying the extent of transaction monitoring required for customers as part of simplified CDD measures or enhanced CDD measures, during ongoing CDD

233. New subsection 30(4) clarifies that rules made under any of the provisions in this section may specify different requirements for classes of customers, including those to whom simplified CDD measure may be taken in accordance with new section 31, and those to whom enhanced CDD measures must be taken in accordance with new section 32.

234. New subsection 30(5) clarifies what constitutes unusual transactions and behaviours. This definition expressly articulates the ongoing CDD requirement to monitor for unusual behaviour, not just transactions, that give rise to a SMR obligation under the AML/CTF Act. This may be relevant to behaviours exhibited by a customer which are not part of a transaction but are relevant to the provision of a designated service. For example, if a prospective customer is acting suspiciously when at a reporting entity's premises in regards to how they answer questions regarding their source of wealth; it may not necessarily be an unusual transaction but may constitute an unusual behaviour.

235. New subsection 30(6) makes the principle ongoing CDD obligation in subsection 30(1) subject to a civil penalty provision. These penalties are outlined in Division 2 of Part 15 of the AML/CTF Act. These penalties are outlined in Division 2 of Part 15 of the AML/CTF Act. The maximum civil penalty under the AML/CTF Act is set at the highest amount allowed, which is 100,000 penalty units for a corporation and 20,000 penalty units for individuals. While the penalties can be substantial, AML/CTF enforcement actions can involve serious systemic failures by a reporting entity where the number of contraventions is immeasurable. The amount of any civil penalty will be determined by the court. Courts will decide the appropriate penalty (subject to the statutory maximum) based on the circumstances of a contravention. In determining the appropriate amount for a civil penalty, the courts will consider the impact of these violations on the Australian community, the financial system, and law enforcement efforts.

236. New subsection 30(7) provides that a reporting entity that fails to monitor their customers in accordance with new subsection 30(1) commits a separate contravention in respect of each designated service that the reporting entity provides to a customer at or through a permanent establishment of the reporting entity in a foreign country. That is, a reporting entity commits a separate contravention for each instance of providing a designated service without monitoring their customers in accordance with subsection 30(1).

237. New subsection 30(8) provides that a reporting entity that fails to monitor their customers in accordance with new subsection 30(1) commits a separate contravention each day that they provide designated services at or through a permanent establishment of the reporting entity in a foreign country.

238. New subsection 30(9) provides that if an ongoing CDD obligation arises for a reporting entity in its capacity as a registered remittance affiliate of a registered remittance network providers, the obligation may be discharged by the registered remittance network provider.

239. New subsection 30(10) provides an exemption from ongoing CDD for a reporting entity in Item 54 of table 1 in section 6 of the AML/CTF Act. This item covers a reporting entity, in the capacity of a holder of an AFSL, making arrangements for a person to receive a designated service, other than a service covered by that Item. This continues an existing exemption under subsection 36(3) of the AML/CTF Act.

Division 4 – Simplified and enhanced customer due diligence

240. New section 31 provides that a reporting entity may apply simplified CDD measures during initial CDD under new subsection 28(1) and/or ongoing CDD under new subsection 30(1) if the ML/TF risk of the customer is low, none of the triggers for enhanced CDD apply (as set out in new section 32), and the reporting entity complies with the requirements specified in the AML/CTF Rules.

241. Simplified CDD refers to simplified measures that reporting entities may apply to the provision of designated services when collecting and verifying KYC information or undertaking ongoing CDD in respect of a customer. However, a reporting entity must not apply simplified CDD unless it has collected sufficient information enabling them to identify the ML/TF risk of the customer as low. A reporting entity cannot assume that the ML/TF risk of a customer is low until it knows enough about the customer and the designated services to be provided. Whether or not a customer's ML/TF risk is low will be an objective test. AUSTRAC will develop comprehensive guidance to support reporting entities in determining the objective level of ML/TF risk. Further, a reporting entity must ensure that simplified CDD still allows them to meet all CDD obligations in respect of the customer, including establishing all of the matters required on reasonable grounds in new subsection 28(2), and monitoring for unusual transactions or behaviours that may give rise to a suspicious matter reporting obligation under new section 30.

242. Simplified CDD is intended to give reporting entities more discretion, within clearly defined parameters, to decide when to use simplified measures and the extent to which CDD measures will be simplified. For example, under Chapter 4 of the current AML/CTF Rules, simplified due diligence for trusts is limited to Australian Securities and Investments Commission (ASIC)-regulated managed investment schemes, trusts regulated by the Australian Government, or government superannuation funds established by legislation. Under the Bill and AML/CTF Rules to be made, it is envisaged that a reporting entity may apply simplified initial CDD, for example, to foreign equivalents of these types of trusts, where the reporting entity reasonably identifies that the ML/TF risk of the customer is low.

243. The AUSTRAC CEO is empowered to make Rules regarding the simplified CDD measures that may be used by a reporting entity during either initial CDD (pursuant to new subsection 28(6)) and ongoing CDD (pursuant to new subsection 30(3)). For example, simplified CDD measures during initial CDD may involve less intensive collection and verification requirements for KYC information than would be required otherwise. During ongoing CDD, simplified CDD measures may involve undertaking less intensive transaction monitoring in respect of a customer (supported by an alert mechanism setup by the reporting entity when an unusual transaction occurs, for example, an unusually large transaction), or less frequent updates to KYC information.

244. New section 32 establishes that reporting entities must apply enhanced CDD measures appropriate to the ML/TF risk of the customer if one or more of the triggers in paragraphs 32(a)-(f) apply. The triggers for applying enhanced CDD measures include circumstances when the ML/TF risk of the customer is high, which will be an objective test. AUSTRAC will develop comprehensive guidance to support reporting entities in determining the objective level of ML/TF risk. Enhanced CDD measures also automatically apply to some specified customers regardless of assessed risk due to the inherent risks associated with prominent public positions, jurisdictions and relationships. This includes foreign PEPs, where specific forms of enhanced CDD are required by FATF Recommendation 10. It also includes designated services provided as part of a nested services relationship, where CDD is required by FATF Recommendation 13.

245. New paragraph 32(b) provides that a reporting entity must also apply enhanced CDD measures if a SMR obligation arises in relation to the customer, and the reporting entity proposes to continue to provide a designated service or services to that customer. That is, reporting entities do not have to exit customers because a SMR obligation has arisen, but must undertake enhanced CDD measures in order to continue with the business relationship. New section 39D inserted by Item 7 of Schedule 10 below provides an exception for a reporting entity to not be required to satisfy initial CDD (under new section 28) and ongoing CDD (under new section 30) in respect of the provision of a designated service a customer, where a SMR reporting obligation arises and the reporting entity reasonably believes that compliance with those sections would or could reasonably be expected to alert the customer to the reporting entity's suspicion.

246. New paragraph 32(f) establishes that the AML/CTF Rules are able to prescribe certain types of customers as high-risk, thus triggering enhanced CDD. New paragraph 32(f) is intended to allow flexibility and certainty to ensure the rules can respond to current and emerging risks. For example, if a global event results in significantly heightened risk for a particular jurisdiction, then amendments to the AML/CTF Rules can respond swiftly to such events. When that heightened risk passes, the relevant rules can be revoked.

247. Enhanced CDD measures must be applied to both initial CDD and ongoing CDD. Reporting entities must apply enhanced CDD measures that still enable them to fulfil their obligations under new subsections 28(1) and 30(1), as well as allow them to collect and verify additional KYC information relevant to mitigating and managing the identified higher risk. The types of enhanced CDD measures used will be determined by the reporting entity in accordance with its AML/CTF program and should be based on the context of the customer and the services provided, unless the AML/CTF Rules require specific measures to be used. For example, obtaining source of funds information for enhanced CDD on a customer as part of providing a loan may be less relevant to ML/TF risk as the reporting entity will be providing funds to the customer. Senior management approval or collecting more KYC information in respect of the matters in subsection 28(2) are other forms of enhanced CDD measures that could also be considered.

248. In some cases, the AML/CTF Rules may specify enhanced CDD measures that must be applied during either initial CDD (pursuant to subsection 28(6)) or ongoing CDD (pursuant to subsection 30(3)). For example, under FATF Recommendation 12, if a reporting entity proposes to provide a designated service to a foreign PEP, it must obtain senior management approval, establish the customer's source of wealth and source of funds, and apply enhanced CDD measures during ongoing CDD. These requirements are currently implemented in Chapters 4 and 15 of the AML/CTF Rules and would be continued in new AML/CTF Rules to be made.

Item 8 – Division 6 of Part 2

249. Item 8 repeals Division 6 of Part 2 and substitutes it with Division 6 – Pre-commencement customers. New subsection 36(1) outlines what constitutes a pre- commencement customer for both current and newly regulated reporting entities. For newly regulated reporting entities under this Bill, pre-commencement customers would be those in a business relationship with the reporting entity when the CDD obligations enter into force for those reporting entities on 1 July 2026. For clarity, a customer who enters into a business relationship with the reporting entity on, or from, 1 July 2026 would not be a pre-commencement customer. For example, pre-commencement customers may include:

a real estate professional that has an active agency agreement with a vendor to sell a property on 30 June 2026
a solicitor or conveyancer that is in the process of finalising the settlement for a property on 30 June 2026
an accountant that is in the process of setting up a company for a customer on 30 June 2026, or
a solicitor who has an active retainer with a client which involves the provision of newly regulated designated services on 30 June 2026.

250. New subsection 36(2) provides that once a pre-commencement customer has been subject to initial CDD, as set out at new subsection 28(1), they will cease to be a pre-commencement customer and instead transition to being an ordinary customer for the purposes of the AML/CTF Act. Over time, this should reduce the number of pre-commencement customers, improving the integrity of the AML/CTF regime without imposing a significant upfront burden on reporting entities. Pre-commencement customers can be subject to new subsection 28(1) as a result of one of the triggers outlined below or through a reporting entity's own initiative.

251. New subsection 36(3) clarifies that for pre-commencement customers, reporting entities are not required to comply with the initial CDD obligation as set out new subsection 28(1) and its supporting provisions, or with the ongoing CDD obligation at new paragraph 30(2)(b) which requires them to review and, where appropriate, update the identification and assessment of the ML/TF risk of the customer. However, for pre-commencement customers, reporting entities must still:

monitor for unusual transactions and behaviours of customers that may give rise to a suspicious matter reporting obligation as set out under new paragraph 30(2)(a)
review and, where appropriate, update the KYC information relating to the customer as set out under new paragraph 30(2)(c), and
monitor for significant changes in the nature and purpose of the business relationship that may result in the ML/TF risk of the customer being medium or high as set out under new paragraph 30(2)(d). For example, if a pre- commencement customer who currently has a savings account with a financial institution enquires to obtain a safety deposit box from the reporting entity. As the provision of this new designated service would shift the nature of the business relationship, and if the bank has assessed the inherent risk of the safety deposit service as medium or high risk (or there are other factors pointing to medium or high risk), then the reporting entity would be obliged to undertake initial CDD in respect of the customer, prior to providing the new designated service.

252. New subsection 36(4) confirms, in line with ongoing CDD obligations, a reporting entity must also comply with new subsection 28(1) in relation to a pre-commencement customer if a SMR obligation arises or if the ML/TF risk of the customer becomes medium or high. While reporting entities must review and, where appropriate, update KYC information relating to pre-commencement customers, they are not obliged to undertake initial CDD under new subsection 28(1) unless the ML/TF risk of the customer changes to medium or high, or a suspicious matter reporting obligation arises.

Items 9 to 20

253. Items 9 to 20 make consequential amendments to Division 7 of Part 2 of the AML/CTF Act to omit references to 'applicable customer identification procedure(s)' and substitute terminology and phrases to reflect the reframed initial CDD obligations. Division 7 of Part 2 provides for an agent to carry out initial CDD on a reporting entity's behalf. It also provides a framework for a reporting entity to rely on initial CDD undertaken by a third party in certain circumstances.

254. Item 9 omits the phrase 'applicable customer identification procedures' in the heading of section 37, and substitutes 'collection and verification of KYC information'.

255. Item 10 omits the phrase 'the carrying out by a reporting entity of an applicable identification procedure or an identity verification procedure' in subsection 37(1), and substitutes 'a reporting entity complying with paragraphs 28(3)(c) and (d)'.

256. Item 11 omits the phrase 'carrying out the applicable customer identification procedures' in the note in subsection 37(1), and substitutes 'complying with paragraphs 28(3)(c) and (d)'.

257. Item 12 omits the phrase 'carrying out applicable customer identification procedures or identity verification procedures' in subsection 37(2), and substitutes 'complying with paragraphs 28(3)(c) and (d)'.

258. Item 13 omits the phrase 'carrying out the applicable customer identification procedure or an identity verification procedure' in subsection 37(3), and substitutes 'complying with paragraphs 28(3)(c) and (d)'.

259. Item 14 omits the phrase 'applicable customer identification procedures' in the heading of subsection 37A, and substitutes 'collection and verification of KYC information'.

260. Item 15 omits the phrase 'applicable customer identification procedures' in paragraph 37A(1)(a), and substitutes 'the collection and verification of KYC information relating to a customer in accordance with paragraphs 28(3)(c) and (d)'.

261. Item 16 omits the phrase 'applicable customer identification procedure' in subsection 37A(2), and substitutes 'complied with paragraphs 28(3)(c) and (d)'.

262. Item 17 omits the phrase 'applicable customer identification procedures' from the heading in section 38, and substitutes 'collection and verification of KYC information'.

263. Item 18 omits the phrase 'carried out an applicable customer identification procedure' in paragraph 38(b), and substitutes 'complied with paragraph 28(3)(c) or (d)'.

264. Item 19 omits the phrase 'carried out the applicable customer identification procedure' in section 38, and substitutes 'complied with paragraph 28(3)(c) or (d)'.

265. Item 20 omits the term 'Division 6' in subsection 39(6), and substitutes 'Divisions 3 and 4'.

Items 21 and 22

266. Items 21 and 22 make consequential amendments to section 104 in Division 1 of Part 10 of the AML/CTF Act to omit references to 'applicable customer identification procedure(s)' and substitute terminology and phrases to reflect the reframed CDD obligations. Section 104 provides a simplified outline for record-keeping requirements under the AML/CTF Act.

Item 23 – Division 3 of Part 10 (heading)

267. Item 23 omits the phrase 'the carrying out of identification procedures' from the heading in Division 3 of Part 10 of the AML/CTF Act, and substitutes the phrase 'customer due diligence and other procedures'.

Item 24 – Sections 111 to 113

268. Item 24 repeals sections 111 to 113 of the AML/CTF Act and inserts a new section 111 that requires reporting entities who comply with new section 28 (undertaking initial CDD) or new section 30 (undertaking ongoing CDD) to retain the specified records set out under new subsection 111(2).

269. New subsection 111(2) outlines the records the CDD records a reporting entity must retain. In keeping with existing requirements, these records must be kept for 7 years after the business relationship is ended, or after the completion of the occasional transaction. Reporting entities must retain records that are reasonably necessary to demonstrate compliance with the reporting entity's obligations under Part 2 of the AML/CTF Act. Records must be in the English language or in a form in which the records are readily accessible and convertible into writing in the English language.

270. New subsection 111(3) provides that without limiting paragraph 111(2)(a), the reporting entity must retain:

sufficient and accurate records which demonstrate the type and content of the data collected by the reporting entity in relation to the customer for the purposes of complying with initial CDD and ongoing CDD, and
records or any analysis, identification or assessment of ML/TF risk, or decision making, undertaken by the reporting entity in relation to the customer for the purposes of complying with initial CDD and ongoing CDD.

271. These amendments do not mandate that reporting entities must keep copies of identity documents that are used throughout the CDD process. Instead, reporting entities are required to retain records of what they did to identify a customer and the identifying information the customer presented (for example, reporting entities are required to make records of the details found on a passport that were used for verification purposes rather than taking a copy of the passport itself). This requirement is also designed to be flexible in its application to new and emerging forms of identification, and methods of sharing identifying information. They are also required to keep records of any analysis, identification or assessment of ML/TF risk that supported them to determine what level of initial or ongoing CDD was required in relation to a customer.

272. New subsection 111(4) makes the obligation from subsection 111(2) subject to a civil penalty. These penalties are outlined in Division 2 of Part 15 of the AML/CTF Act. The maximum civil penalty under the AML/CTF Act is set at the highest amount allowed, which is 100,000 penalty units for a corporation and 20,000 penalty units for individuals. While the penalties can be substantial, AML/CTF enforcement actions can involve serious systemic failures by a reporting entity where the number of contraventions is immeasurable. The amount of any civil penalty will be determined by the court. Courts will decide the appropriate penalty (subject to the statutory maximum) based on the circumstances of a contravention. In determining the appropriate amount for a civil penalty, the courts will consider the impact of these violations on the Australian community, the financial system, and law enforcement efforts.

Items 25 to 33

273. These Items make consequential amendments to the AML/CTF Act to omit references to 'applicable customer identification procedure(s)' and instead substitute terminology and phrases to reflect the reframed CDD obligations.

274. Item 25 omits the phrase 'identification procedures' from the heading in section 114, and substitutes 'initial customer due diligence'.

275. Item 26 omits the phrase 'carried out an applicable customer identification procedure' in paragraph 114(1)(b), and substitutes 'complied with paragraph 28(3)(c) or (d)'. This section relates to the retention of information if a third party has conducted initial CDD on a reporting entity's behalf.

276. Item 27 omits the phrase 'an applicable customer identification procedure' from paragraph (c) in the simplified outline in section 135, and substitutes 'customer due diligence under Part 2'. This section provides that it is an offence to forge a document for use in CDD under Part 2.

277. Item 28 omits the phrase 'an applicable customer identification procedure' in paragraph 138(1)(a), and substitutes 'customer due diligence'. This paragraph provides that it is an offence to make a false document with the intention that it will be used for the purposes of CDD.

278. Item 29 repeals paragraph 138(1)(b), and substitutes 'the customer due diligence is under section 28 (undertaking initial customer due diligence) or 30 (undertaking ongoing customer due diligence'. This paragraph provides that it is an offence to make a false document with the intention that it will be used for the purposes of CDD under the AML/CTF Act.

279. Item 30 omits the phrase 'applicable customer identification procedure is under this Act' in subsection 138(2), and substitutes 'customer due diligence is under section 28 or 30'. This subsection provides that in a prosecution for an offence against subsection 138(1), it is not necessary to prove that the defendant knew that the CDD is under the AML/CTF Act.

280. Item 31 omits the phrase 'an applicable customer identification procedure' in paragraph 138(3)(b), and substitutes 'customer due diligence'. This paragraph provides that it is an offence to possess a false document with the intention that it will be used for the purposes of CDD.

281. Item 32 repeals the paragraph at 138(3)(c), and substitutes 'the customer due diligence is under section 28 or 30'. This paragraph provides that it is an offence to possess a false document with the intention that it will be used for the purposes of CDD under the AML/CTF Act.

282. Item 33 omits the phrase 'applicable customer identification procedure is under this Act' in subsection 138(4), and substitutes 'customer due diligence is under section 28 or 30'. This subsection provides that in a prosecution for an offence against subsection 138(3), it is not necessary to prove that the defendant knew that the CDD is under the AML/CTF Act.

Item 34 – Subsection 184(4) (paragraph (a) of the definition of designated infringement notice provision )

283. Item 34 repeals paragraph (a) of the definition of designated infringement notice provision

Item 35 – Subsection 184(4) (before paragraph (fl) of the definition of designated infringement notice provision )

284. Item 35 inserts new text in section 184 of the AML/CTF Act to add new subsection 111(2) to the existing list of designated infringement provisions in the AML/CTF Act by inserting new text at section 184 of the AML/CTF Act to provide that new subsection 111(2) is a 'designated infringement notice provision' for the purpose of the AML/CTF Act.

285. Subsection 111(2) deals with record-keeping requirements for CDD.

Item 36 – Paragraph 235(1)(c)

286. Item 34 makes consequential amendments to the AML/CTF Act to omit references to 'applicable customer identification procedure(s)' and instead substitute terminology to reflect the reframed CDD obligations.

Part 2 – Consequential Amendments Banking Act 1959 (Banking Act)

Item 37 – Subsection 16AH(7) (heading)

287. This Item will make a minor consequential amendment to subsection 16AH(7) (heading) of the Banking Act to omit reference to 'section 32' of the AML/CTF Act, which relates to carrying out an 'applicable customer identification procedure', and instead substitute with 'section 28' which relates to undertaking initial CDD.

Item 38– Subsection 16AH(7)

288. This Item will make a minor consequential amendment to subsection 16AH(7) of the Banking Act to omit reference to 'section 32' of the AML/CTF Act, which relates to carrying out an 'applicable customer identification procedure', and instead substitute with 'section 28' which relates to undertaking initial CDD.

Commonwealth Electoral Act 1918 (Electoral Act)

Item 39 – Subsection 90B(4) (table item 6, column headed "Person or organisation",

paragraph (b))

289. This Item makes a minor consequential amendment to subsection 90B(4) (table item 6, column headed 'Person or organisation', paragraph (b)) of the Electoral Act to omit 'carries out applicable customer identification procedures under' and substitute it with 'collects and verifies information relating to a customer in accordance with section 28 of'. Section 28 relates to undertaking initial CDD.

Item 40 - Subsection 90B(4) (table item 7, column headed "Person or organisation")

290. This Item makes a minor consequential amendment to subsection 90B(4) (table item 7, column headed 'Person or organisation') of the Electoral Act to omit 'carrying out of applicable customer identification procedures under' and substitute it with, 'collection or verification of information relating to a customer in accordance with section 28 of'. Section 28 relates to undertaking initial CDD.

Item 41 - Subsection 90B(10) (definition of applicable customer identification procedure )

291. This Item repeals the definition of 'applicable customer identification procedure' in subsection 90B(10) of the Electoral Act.

Item 42 – Subsection 91A(2D)

292. This Item makes a minor consequential amendment to subsection 91A(2D) of the Electoral Act to omit 'carry out an applicable customer identification procedure under' and substitute it with, 'collect and verify information relating to a customer in accordance with section 28 of'. Section 28 relates to undertaking initial CDD.

Item 43 - Subsection 91A(2E)

293. The Item makes a minor consequential amendment to subsection 91A(2E) of the Electoral Act to omit 'carrying out of an applicable customer identification procedure under' and substitute it with, 'collection or verification of information relating to a customer in accordance with section 28 of'. Section 28 relates to undertaking initial CDD.

Item 44 - Subsection 91A(3) (definition of applicable customer identification procedure )

294. This Item repeals the definition of 'applicable customer identification procedure' in subsection 91A(3) of the Electoral Act.

SCHEDULE 3 - REGULATING ADDITIONAL HIGH-RISK SERVICES

295. Parts 1, 2 and 3 of Schedule 3 of the Bill inserts new and amends the designated service tables in section 6 of the AML/CTF Act to extend the AML/CTF regime to certain, high-risk services provided by real estate professionals, dealers in precious metals and stones, and professional service providers. This closes regulatory gaps in Australia's AML/CTF regime that were initially flagged with the introduction of the AML/CTF Act in 2006.

296. Updates to the bullion table (table 2) at subsection 6(3) of the AML/CTF Act would be made by the Bill to reflect a broader category of dealers in precious metals, precious stones and precious products. New table 5 brings real estate services into the scope of the AML/CTF regime, and new table 6 introduces services provided by a range of professions and businesses, including accountants, legal practitioners, conveyancers, professional trustees and company secretariat services into section 6.

297. Tables 2, 5 and 6 at Items 2, 6 and 10 of this Schedule respectively set out designated services, which are the triggers for a person to become regulated under the regime. A reporting entity is a person who provides any designated service set out in section 6 of the AML/CTF Act, and has a geographical link to Australia. Key obligations under the AML/CTF regime apply when a person is a reporting entity.

298. The tables in section 6 of the AML/CTF Act also specify that the customer of a designated service is the person to whom the designated service is provided by the reporting entity. The definition of 'customer' in section 5 of the AML/CTF Act further clarifies that this term explicitly includes a prospective customer. The specification of the customer is relevant to the definition and operation of key concepts throughout the AML/CTF regime, such as CDD.

Part 1 – Real estate

Anti-Money Laundering and Counter-Terrorism Financing Act 2006

299. Part 1 of Schedule 3 of the Bill extends the AML/CTF regime to certain services provided by real estate professionals who conduct the buying and selling of real estate. This Part would improve the compliance of Australia's AML/CTF regime with FATF Recommendation 22(b), which requires AML/CTF obligations to apply to real estate professionals when they are involved in transactions for their client concerning the buying and selling of real estate.

Item 1 – Section 5

300. This Item inserts new definitions of 'land', 'land use entitlement' and 'real estate' in section 5 of the AML/CTF Act. These definitions are intended to accompany the inclusion of the new real estate designated services in table 5, and to clarify the kinds of real estate transactions that would be captured under the regime.

301. The term 'land' is defined for the purposes of the definition of 'real estate', which includes 'land', whether in Australia, a foreign country, or whether the land is subject to any 'subdivision arrangement'.

302. The term 'land use entitlement' is also defined for the purpose of the 'real estate' definition in item 1 and is further explained below in this item.

303. The definition of 'real estate' is intended to create a definition that will enable table 5 in section 6 of the AML/CTF Act to regulate the sale, purchase and transfer of ownership of 'real estate'. Consistent with the Encyclopaedic Australian Legal Dictionary general usage definition of 'real estate', the definition connotes land and buildings as a physical entity but does not seek to include intangible interests in land. The definition of 'real estate' is intended to characterise the concept of ownership of land including long term leases akin to land ownership, and ownership in land that is the subject of various forms of subdivision of a fee simple interest, a leasehold interest or a land use entitlement (arising from the ownership of shares for instance) in land that is the subject of these subdivision arrangements.

304. The definition of 'real estate' includes leasehold interests of 20 years or more not including options for further terms. This minimum term of 20 years would exclude ordinary commercial leases from regulation under the AML/CTF regime, while also ensuring that regulation applies consistently across the AML/CTF Act, for example, where land rights are granted as leasehold interests or estates in place of fee simple estates (such as in the Australian Capital Territory).

305. The definition of 'real estate' also includes 'land use entitlements'. This reflects that the nature of the rights giving rise to ownership like entitlement are not leasehold or fee simple rights, rather they may be based on exclusive rights to use the relevant property. 'Land use entitlement' is defined to refer to an entitlement to occupy land conferred through an ownership of shares in a company or units in a unit trust scheme, or a combination of a shareholding or ownership of units together with a lease or licence. However, the company constitution may as an incident of that shareholding confer on shareholders occupation rights in property owned or leased by the company. This could be by lease or licence embedded in the terms of the company's constitution or referenced in them (with separate lease or licence agreements then entered into between the land holding company and the relevant shareholder).

306. Terms included in the definition of 'real estate' such as 'leasehold' and 'fee simple' are intended to take their ordinary meaning. Specifically, the definition is not intended to capture the following:

incorporeal hereditaments (for example easements, profits à prendre and rent charges)
registered or unregistered interests in land that do not reflect ownership, such as mortgages, easements, covenants or caveats
native title, or
dwellings (such as mobile and modular homes) not attached to land that are sold as chattels, where the land the dwelling is located on is leased in caravan parks and retirement villages (that is, the resident owns the dwelling but leases the land).

307. Paragraph (h) of the definition of 'real estate' creates a regulation making power so that the definition can remain flexible in order to reflect any new interests or estates in land, or land use entitlements that may emerge in the future.

308. The term ''subdivision arrangement' is defined for the purpose of paragraph (b) of the definition of 'land'. Paragraph (a) of 'subdivision arrangements' covers arrangements (commonly referred to as 'strata title') that exist under a State or Territory law, which incorporate the following features:

the title to land (leasehold or freehold) is subdivided into different portions of land each with their own separate legal title, or where particular units of a single building are attached to separate legal titles (or a combination of the two), and
the common areas are owned or managed by a body corporate (such as an owner's corporation).

309. State and Territory laws have various names for these arrangements, such as 'strata title', 'community title', 'unit title', 'cluster title' or some other term that reflects the features above.

310. Paragraph (b) of the definition of 'subdivision arrangement' covers arrangements (commonly referred to as 'company title') involving an interest in land, whether leasehold or freehold, owned by a body corporate and for which a holder of shares in the body has or may be granted a right to occupy or use some or all of the land. The body corporate is typically a company registered under the Corporations Act.

311. Paragraph (c) of the definition of 'subdivision arrangement' covers collective property arrangements that are structured by trust. Under these arrangements:

An interest in land, whether freehold or leasehold, is held on trust and the trustee is a body corporate.
The holder of an interest in the trust has or may be granted a right to occupy or use part of the land, under the terms of the trust.
There are at least two distinct parts of the land under the terms of that trust.

Item 2 – After subsection 6(5)

312. This Item inserts a new designated services table in section 6 of the AML/CTF Act. These services bring persons who operate businesses that buy or sell 'real estate' into the AML/CTF regime.

313. Item 1 of table 5 creates a new designated service of brokering a sale, purchase or transfer of real estate on behalf of a person in the course of carrying on a business. This designated service primarily relates to real estate agents and businesses that represent:

a seller (vendor) to sell 'real estate' (for example, a typical seller's agent service), or
a buyer to identify and purchase 'real estate' (for example, a buyer's agent service).

314. Under section 5 of the AML/CTF Act, a person who provides a designated service (to a customer) is a reporting entity. Under section 6 of the AML/CTF Act, a customer is a person to whom the designated service is provided. In most cases, the reporting entity will be a business (the real estate agency, for example) and not an employee of the business.

315. The effect of the customer being specified under the AML/CTF regime as both the seller or transferor, and the buyer or transferee, is that the reporting entity will be required to apply AML/CTF obligations, such as CDD and SMRs, to both parties to a transaction.

316. Table 5 is not intended to regulate services related to residential tenancy agreements, property management, and leasing of commercial real estate. It is also not intended to regulate auctioneer services, unless the auctioning services are being provided by the seller's agent alongside brokering the sale of the real estate.

317. Item 2 of table 5 creates a new designated service of selling or transferring 'real estate' in the course of carrying on a business selling real estate, where the sale or transfer is not brokered by an independent real estate agent. For example, this service would capture property developers and other businesses who sell house and land packages, apartments off the plan, and blocks of vacant land in new subdivisions. This includes where the property developer or other business sells the real estate with their own in-house real estate agents, sales, or marketing employees rather than engaging a real estate agency for this work.

318. Items 1 and 2 of table 5 include references to the 'transfer' of 'real estate'. This is to ensure that situations where ownership of real estate is transferred for no value or consideration are still within scope of the designated service. This is important for the AML/CTF regime as criminals will seek to exploit loopholes in regulation, which may include disguising real estate transactions by not attaching or involving a purchase/sale price as a means of obfuscating the true purchase/sale price of the real estate.

319. For clarity, incidental sales of real estate by a business and private sales of residential property are not intended to be captured under these designated services (for example, where a property owner negotiates and directly sells real estate to a buyer without engaging a real estate agent to assist with marketing, negotiation and open homes).

320. A seller in a seller's agent arrangement would commence to receive the designated service when an agency agreement to sell a property is signed. The buyer in a seller's agent arrangement would commence to receive a designated service when it is reasonably expected that the transaction will proceed, for example, when the buyer's offer has been accepted and the contract to buy or receive the real estate is signed.

321. Separately, a buyer in a buyer's agent arrangement would commence to receive the designated service when an agency agreement to source or identify a property is signed. The seller in a buyer's arrangement would commence to receive a designated service when they sign the contract to buy or transfer the real estate.

322. To reduce regulatory burden, and avoid duplication where there are multiple real estate professionals (for example, in a multi-listing agreement) and other reporting entities involved in a real estate transaction, the AML/CTF Act already provides a flexible CDD reliance framework. This is set out in sections 37A to 39 of the AML/CTF Act, in which one reporting entity may rely on CDD undertaken by another reporting entity in appropriate circumstances. New reporting entities, such as real estate agencies or conveyancers may rely upon CDD carried out by another reporting entity or foreign entity (for example, a solicitor of a seller or the bank of a buyer) on a case-by-case basis, or under an ongoing arrangement, provided that the third party is either:

a reporting entity for the purposes of the AML/CTF Act that is based in Australia, and has measures in place to comply with CDD and record keeping requirements, or
a foreign entity regulated by one or more laws of a foreign country that give effect to the FATF Recommendations relating to CDD and record keeping and has measures in place to comply with obligations under those laws.

Part 2—Dealers in precious metals and stones

Anti-Money Laundering and Counter-Terrorism Financing Act 2006

323. Part 2 of Schedule 3 of the Bill extends the AML/CTF regime to regulate certain high-risk services provided by dealers in precious metals and precious stones, in line with FATF Recommendations 22(c) and 23(b). The FATF requires AML/CTF obligations be applied to dealers in precious metals and dealers in precious stones when they engage in any physical currency transaction with a customer equal to or above the applicable designated threshold.

324. The designated service for dealers in precious metals and precious stones is intended to regulate a business when it:

sells or purchases precious metals or precious stones in the course of carrying on a business, and
where the buyer or seller (the customer of the designated services) makes payment or receives payment in physical currency, virtual assets or a combination of physical currency and virtual assets of $10,000 or more.

325. The $10,000 threshold is consistent with the existing obligation under the AML/CTF Act for reporting entities to report to AUSTRAC if there is a transaction involving physical currency of $10,000 or more. The coverage of both physical currency and virtual assets recognises the possibility of displacement of money laundering, terrorism financing and proliferation financing risks from physical currency transactions to virtual asset transactions should only the former be regulated.

Item 3 – Section 5 (definition of bullion )

326. This Item replaces the existing definition of 'bullion' in section 5 of the AML/CTF Act with a detailed description for the purposes of the AML/CTF Act. This amendment is intended to ensure clarity between the new and existing designated services.

327. Bullion is a subset of 'precious metal', which is important to distinguish because of the different threshold that applies to the amended designated service involving bullion dealing. The definition of 'bullion' includes bullion bars and bullion coins which are valued according to the spot price (market price) of the contained precious metal, and used by individuals as investments or as a store of value.

328. The definition of 'bullion' does not extend to numismatic coins made of gold, silver, platinum or palladium, which are treated as a 'precious metal' under the AML/CTF Act and subject to a different threshold in table 2 of section 6 (see Item 5 of this Schedule below). However, coins traded at their bullion value will continue to fall within the amended designated service, regardless of whether they bear an explicit mark indicating fineness (for example, gold sovereigns and Krugerrands that are traded at their bullion value).

Item 4 – Section 5

329. Item 4 introduces the concepts of 'precious metal', 'precious product', and 'precious stone' into section 5 of the AML/CTF Act. The definitions for these terms are detailed below in Item 5 of this Schedule.

Item 5 – After section 5

330. Item 5 inserts a new section 5A in the AML/CTF Act that lists the substances, which are considered a 'precious metal' and a 'precious stone', and the items which are considered a 'precious product'.

331. Subsection 5A(1) provides a definition and list of types of substances that the AML/CTF Act determines are a 'precious metal', and includes gold, silver, platinum, iridium, osmium, palladium, rhodium, ruthenium or any substance with at least 2 per cent weight of any of the aforementioned substances.

332. Subsection 5A(2) provides that for the purposes of subsection 5A(1), it is immaterial whether the substance is in a manufactured or unmanufactured state.

333. Subsections 5A(3), 5A(4) and 5A(5) provide definitions of a 'precious stone' and a non-exhaustive list of types of substances that the AML/CTF Act determines are 'precious stones'. Additional substances that fall within the definition are corundum (including rubies and sapphires), chrysoberyl, crystallin and cryptocrystalline quartz, spinel, zircon, tourmaline, olivine peridot, tanzanite, nephrite jade, spodumene, feldspar, and lapis lazuli.

334. Both the 'precious metal' and 'precious stone' definitions at subsection 5A(1) and 5A(5) empower the AUSTRAC CEO to prescribe additional substances to be precious metals or precious stones in the AML/CTF Rules, to ensure that the AML/CTF regime can quickly respond should any additional substances reach similar market value and subsequent desirability to criminals in the future. This rule-making power will also improve the effectiveness of the AML/CTF regime by providing flexibility to respond to displacement, where criminals seek out unregulated products when previously favoured products become regulated.

335. Under subsection 5A(6), 'precious product' includes jewellery, a watch, other object of personal adornment or article of 'goldsmiths' or silversmiths' wares' that is made up of, contains or has attached to it any precious metal, precious stone, or both. Jewellery is intended to take its ordinary meaning of an object of personal adornment, and includes watches. 'Goldsmiths' or silversmiths' wares' in subsection 5A(7) is intended to include such articles as ornaments, tableware, smokers' requisites and other articles of personal, household, office or religious use.

336. For illustrative purposes, the following objects would be considered to be 'precious products' under the AML/CTF Act:

a ring crafted from gold and pearl
a stainless-steel watch with diamonds set on the watch face
cufflinks made of gold and tsavorite
a headdress made of platinum and garnet
a gold or diamond grill (dental jewellery)
a gold refillable lighter
a brass and ruby belt buckle
a platinum paperweight
an enamel pill box set with diamonds, or
a money clip made of silver.

Item 6 – Subsection 6(3)

337. Item 6 repeals the existing table 2 in subsection 6(3) of the AML/CTF Act (related to bullion designated services) and replaces this with a new table that co-locates all designated services related to precious metals and precious stones, whether in the form of bullion, raw product, jewellery or other precious products.

338. Item 2 of table 2 creates a new designated service of buying or selling one or more 'precious metals', 'precious stones' or 'precious products' in the course of a business, where the customer pays or the seller accepts $10,000 or more in physical currency (or the equivalent in virtual assets). This includes (but is not limited to) where the buyer or seller is:

a jewellery retailer
a watch dealer
a scrap metal dealer
a jewellery manufacturer
a precious stone cutter or polisher
a precious stone miner
a precious stone wholesaler
a pawnbroker or antique or used goods dealer/retailer
a second-hand jewellery dealer
a precious stone manufacturer
an intermediary or broker, and
a precious metal refiner.

339. For example, where a precious metals dealer sells precious metal to a buyer for $10,000 or more in physical currency or virtual assets, the precious metal dealer would be conducting a designated service and must comply with AML/CTF obligations. In a scenario where that same precious metal dealer buys precious metal from a seller (whether a supplier in the ordinary commercial sense, or where a person enters the dealer's store to sell precious metals) for $10,000 or more in physical currency or virtual assets, the seller is the customer of the designated service and the precious metal dealer must apply AML/CTF obligations to that person who is selling the precious metal.

340. For the avoidance of doubt, item 2 of table 2 is intended to include a purchase made in either a single transaction or in several transactions that are linked, or appear to be linked. A single transaction also includes staggered cash payments or payments over time in instalments, including situations such as 'lay-by' and structured payments (splitting payments up into multiple transactions).

341. Item 2 of table 2 will not regulate transactions below the $10,000 threshold where payment is made in physical currency or virtual assets, or above the $10,000 threshold where payment is made by any means other than physical currency or virtual assets, such as payments by debit card or credit card, BPAY or PayPal.

342. Businesses may decide to not accept physical currency or virtual asset payments over the $10,000 threshold and remain outside the scope of item 2 of table 2. However, when Part 2 of this Schedule commences, businesses will need to make a clear decision as to whether they will accept these types of payments and ensure employees adhere to this business rule. Accepting a payment over the threshold, even once, would mean the business meets the definition of a 'reporting entity' for the purposes of the AML/CTF Act. Therefore, the business must already have undertaken a risk assessment and developed AML/CTF policies as part of their AML/CTF program, and comply with other AML/CTF obligations, before providing that designated service.

Part 3—Professional Services

Anti-Money Laundering and Counter-Terrorism Financing Act 2006

343. Expansion of Australia's AML/CTF regime to certain services provided by professional service providers (and other tranche two entities) is required to meet FATF Recommendations 22(d) and 22(e). Services provided by these sectors are recognised globally as high-risk for money laundering exploitation. Criminal groups are constantly finding new ways to obfuscate the origins of their illicit funds and exploit weaknesses in global financial systems, and expansion of the AML/CTF regime to these services will mitigate money laundering, terrorism financing and proliferation financing risks in these services.

Item 7 – Section 5 (definition of exempt legal practitioner service )

344. Item 7 repeals the definition of 'exempt legal practitioner service' in section 5 of the AML/CTF Act. As a consequence, the concept of 'exempt legal practitioner service' is removed from items 46 and 47 of table 1 in section 6 (as seen in Item 9 of this Schedule). The exemption that previously applied to legal practitioners is no longer required, as legal practitioners carrying out these designated services are now intended to be regulated entities under the AML/CTF Act.

Item 8 – Section 5

345. Item 8 inserts definitions for the new concepts of an 'express trust', a 'legal arrangement', and a 'nominee shareholder' in section 5 of the AML/CTF Act.

346. 'Express trust' is defined to be a trust expressly and intentionally created in writing by a settlor, for example a written deed of trust. This is to be contrasted with trusts, which come into being through the operation of the law, or which do not result from the clear intent or decision of a settlor to create a trust or similar legal arrangements (for example, constructive trusts). 'Testamentary trust' is explicitly excluded from this definition and is intended to have its ordinary meaning. The definition of 'express trust' has been provided in the AML/CTF Act to ensure that the new designated services inserted by Item 10 of this Schedule are appropriately refined, and do not regulate all instances where a trustee-beneficiary relationship is created.

347. 'Legal arrangement' is defined to be an express trust, a partnership, a joint venture, an unincorporated association or an arrangement including a foreign arrangement such as a fiducie, treuhand or fideicomiso, similar to any of the other referenced arrangements. The similarity of arrangements to express trusts is to be assessed with regard to Article 2 of the Hague Convention on the Law Applicable to Trusts and on their Recognition (implemented by the Trusts (Hague Convention) Act 1991) on the law applicable to trusts and their recognition on the basis of whether legal arrangements have a similar structure or perform a similar function to an express trust.

348. 'Nominee shareholder' is defined to be a person who, in relation to a body corporate or 'legal arrangement', holds shares in the body corporate or 'legal arrangement' on behalf of another person (the nominator), and exercises voting rights associated with the shares according to the instructions of the nominator, or receives dividends on behalf of the nominator, or both. This term is introduced to the AML/CTF Act to support the operation of item 8 of table 6, which relates to acting as, or arranging for another person to act as, a 'nominee shareholder' of a body corporate or 'legal arrangement'.

Item 9 – Subsection 6(2) (cell at table item 46, column headed "Provision of a designated service")

349. Item 9 is a consequential amendment to Item 7 of this Schedule. This Item removes the concept of 'exempt legal practitioner service' from item 46 of table 1, per the justification at Item 7 of this Schedule.

Item 10 – Before subsection 6(6)

350. Item 10 inserts a new table of professional services that are designated services under the AML/CTF Act before subsection 6(6) of the AML/CTF Act.

351. The effect of new table 6 is to extend the AML/CTF regime to regulate certain services provided by professional service providers, in line with FATF Recommendations 22 and 23 which require 'designated non-financial businesses and professions' (including accountants, lawyers, notaries, trust and company service providers) to conduct AML/CTF obligations, such as CDD, SMRs and record-keeping requirements when they prepare for, or carry out, transactions for their client in relation to the following activities:

buying and selling of real estate
managing of client money, securities, or other assets
management of bank, savings or securities accounts
organisation of contributions for the creation, operation or management of companies
creation, operation or management of legal persons or arrangements, and buying and selling of business entities
acting as a formation agent of legal persons
acting as (or arranging for another person to act as) a director or secretary of a company, a partner or a partnership, or similar position in relation to other legal persons
providing a registered office, business address or accommodation, correspondence or administrative address for a company, a partnership or any other legal person or arrangement
acting as (or arranging for another person to act as) a trustee of an express trust or performing the equivalent function for another form of legal arrangement, or
acting as (or arranging for another person to act as) a nominee shareholder for another person.

352. In keeping with the existing approach of the AML/CTF Act, the new designated services in table 6 are intended to be competitively neutral and do not need to be provided by particular professions in order to qualify as designated services. Many professions and businesses, including legal practitioners, conveyancers, accountants, consultants, insolvency and restructuring practitioners, financial planners, wealth advisors, business brokers, company secretarial service providers, and trust and company service providers are involved in providing the designated services in the new table 6. Collectively this group are referred to as professional service providers for the purposes of the AML/CTF regime.

353. Professional service providers provide a range of services to a wide range of clients which differ by their method of delivery, depth and duration of relationship. Because of the nature of these services, professional service providers may wittingly, or unwittingly, serve as a 'gateway' used by criminals to gain access to the traditional financial institutions whose services are required in order to facilitate money laundering and terrorism financing. Professional service providers are uniquely placed to identify suspicious activity, and the contribution of each professional service provider capturing unique and distinct elements of a transaction or service is critical to the operation of an effective AML/CTF regime.

354. Professional service providers can also be exploited by organised criminal groups to facilitate the commission of serious offences, and to disguise the benefits of their offending. Law enforcement has also observed these services being unwitting facilitators, or reckless as to the risk of money laundering or concealing of illicit wealth. In these cases, specialised skills and proficiencies have been exploited for the benefit of criminal entities. This not only aids criminal enterprises, but increases the vulnerability of professional service providers to infiltration by serious and organised crime, and risks eroding public trust in these sectors.

355. Organised crime groups are known to exploit the services provided by professional service providers in order to:

obscure ultimate ownership or effective control of criminal assets or entities through complex layering and the establishment of complex business corporate and trust structures (including off-shore structures)
evade regulatory controls, including the AML/CTF regime
provide a veneer of legitimacy to criminal activity
avoid detection and confiscation of criminal assets, or
deliberately hinder law enforcement investigations and proceedings.

356. Under section 5 of the AML/CTF Act, a person who provides a designated service (to a customer) is a reporting entity. Under section 6 of the AML/CTF Act, a customer is a person to whom the designated service is provided. In most cases, the reporting entity will be a business (for example, the conveyancing, accounting or law firm) and not an employee of the business.

357. Designated services in section 6 of the AML/CTF Act apply to the underlying activity described, no matter the profession or branding of the business that provide them. For example, a tax agent may become a reporting entity under the AML/CTF regime if they provide any of the listed designated services, but would only have to comply with AML/CTF obligations for the designated services provided.

Item 1 of table 6

358. Item 1 of table 6 creates a new designated service of assisting a person in the planning or execution of a transaction, or otherwise acting for a person for or on behalf of a person in a transaction to:

sell 'real estate'
buy 'real estate', or
transfer 'real estate' (other than a transfer pursuant to, or resulting from, an order of a court or tribunal)

in the course of carrying on a business.

359. Item 1 of table 6 is intended to regulate where a professional service provider is engaged to assist a person to plan or execute a transaction, or otherwise act for a person in a transaction to sell buy or transfer 'real estate'. Part 1 of this Schedule inserts a definition of 'real estate' in section 5 of the AML/CTF Act. This designated service will occur when a lawyer or conveyancer undertakes work required to give effect to the transfer of ownership of 'real estate' from one person to another. There is an exception to the designated service for transfers of 'real estate' which are pursuant to, or resulting from, an order of a court or tribunal. This has the effect of excluding, for example, the regulation of:

estate lawyers' involvement in a transfer of 'real estate' from a deceased estate following court ordered grant of probate or letters of administration
family lawyers' involvement in transfers of 'real estate' from a married or de facto couple to one of the former partners in a property settlement following separation when ordered by a court, including the drafting of consent orders, or
a trustee in bankruptcy appointed by a court or the Australian Financial Security Authority, or a registered liquidator appointed by a court to transfer a 'real estate' to a creditor.

360. Item 1 of table 6 also regulates the 'planning steps' that are required in anticipation of a transfer or proposed transfer in ownership of 'real estate'. This is important as red flag indicators of suspicious activity may arise during the execution of these planning steps. The designated service will be triggered by activities a professional service provider (such as a conveyancer) carries out for a customer, including but not limited to:

preparing, reviewing or lodging the contract of sale and transfer of land instrument
researching property titles, strata documents, or land use specifications
coordinating with financial institutions regarding payments and discharge of mortgage for the 'real estate' transfer
holding funds on behalf of a buyer and disbursing trust funds at settlement, or organising for release of deposit to the seller (this will also trigger item 3 of table 6)
preparing for financial settlement, or
preparing documents to be provided to a registry authority for transfer of 'real estate' on behalf of a client.

361. The requirement for an activity to be related to a transaction to sell, buy or transfer 'real estate' in item 1 of table 6 means that where activities listed above can, and are being, carried out for another purpose, they will not trigger the designated service. For example, conducting land title searches unrelated to an actual transaction for sale, purchase or transfer of the real estate would not be captured under this designated service.

362. Items 1 and 2 of table 6 are different to the real estate designated services in Part 1 of Schedule 3. Part 1 extends the AML/CTF regime to certain services provided by real estate professionals who conduct the buying and selling of 'real estate'. Whereas, items 1 and 2 of table 6 regulate professional service providers who are engaged to assist a person to plan or execute a transaction, or otherwise acting for or on behalf of a person in a transaction to buy/sell/transfer real estate, a body corporate or legal arrangement. A key distinction is that items 1 and 2 of table 6 also regulate the 'planning steps' of a transaction related to buying/selling/transferring of real estate, a body corporate or legal arrangement.

Item 2 of table 6

363. Item 2 of table 6 creates a designated service of assisting a person in the planning or execution of a transaction, or otherwise acting for or on behalf of a person in a transaction, to:

sell a body corporate or 'legal arrangement', or
buy a body corporate or 'legal arrangement', or
transfer a body corporate or 'legal arrangement' (other than a transfer pursuant to, or resulting from, an order of a court or tribunal).

in the course of carrying on a business, where the person is or will be a beneficial owner.

364. Item 2 of table 6 regulates a professional service provider when they provide services to assist a customer to buy, sell or transfer a business, regardless of the business' legal structure. This includes where a professional service provider is engaged to assist a person to plan or execute a transaction, or otherwise act for a person in a transaction to sell, buy or transfer a business entity or structure that can hold assets, no matter whether it is a body corporate or a legal arrangement, and whether transferred for value or not.

365. There is an exception to the designated service in item 2 of table 6 where the transfer of the body corporate or 'legal arrangement' is pursuant to, or resulting from, an order of a court or tribunal, providing the same effect arises as in the examples listed above in relation to estate lawyers, family lawyers and insolvency practitioners.

366. Item 2 of table 6 only applies where the seller holds ownership rights in line with the definition of 'beneficial owner' in section 5 prior to the transfer, or the ownership rights that a buyer holds following a transfer, exceed the 25 per cent or more threshold required to be considered a 'beneficial owner'. Sales of shares and minor interests (less than 25 per cent) would not trigger this designated service. For example, a professional service provider assisting a client to buy shares or investments of less than 25 per cent would not be considered a designated service, however, buying a beneficial ownership stake in a business would be captured.

367. Item 2 of table 6 includes planning steps that are required in anticipation of a transaction or proposed transaction. The designated service will be triggered by activities a professional service provider provides for a customer, including but not limited to:

acting for a customer for a purchase, sale or transfer of ownership of a body corporate or 'legal arrangement'
preparing or reviewing contracts for sale, purchase or transfer of a body corporate or 'legal arrangement'
conducting or advising on due diligence, valuation of assets and liabilities in anticipation for a sale, purchase or transfer
obtaining Foreign Investment Review Board approvals, and Australian Securities Exchange (ASX) and ASIC waivers for clients
conducting due diligence on accounts and finances for corporate financial transactions prior to a transaction
preparing for financial settlement, and
preparing documents to be provided to an authority (such as ASIC) for transfer of a body corporate on behalf of a client.

Item 3 of table 6

368. Item 3 of table 6 creates a new designated service of receiving, holding and controlling (including disbursing) or managing a person's money, accounts, securities or securities accounts, virtual assets, or other property as part of assisting the person in the planning or execution of a transaction, or otherwise acting for or on behalf of a person in a transaction, in the course of carrying on a business.

369. Item 3 of table 6 will regulate a professional service provider who handles a person's property (being money, accounts, securities or securities accounts, virtual assets, or other property) whilst acting for or assisting that person in a transaction. There are two determining factors for whether an activity is covered by this designated service. The first is whether the professional service provider is providing the person with services that are associated with a transaction, whether planning, executing or otherwise acting on behalf of the person. The second is whether the professional service provider's interaction with a person's property has an active element (that is, controlling, disbursing or managing). The types of activities intended to be covered under this designated service include where a professional service provider:

holds sale proceeds or purchase funds for a customer on escrow (which legal practitioners may know as 'transit money')
money or property is held by a professional service provider prior to being settled as trust property on the creation of an express trust, or
has authority over a customer's bank account and makes payments from that account on behalf of a customer, for example, to make loan repayments to a financial institution.

370. Exemptions to item 3 of table 6 are set out in new subsection 6(5C) of the AML/CTF Act. These exemptions include where the money and property listed in paragraphs (a)–(e) of the designated service:

is held or managed for payment by the person for provision of goods or services by the business (for example, a person making a deposit or pre-payment for fees charged by an accountant to prepare and lodge an annual tax return)
is held or managed for the purpose of payments or receipts payable for the use, maintenance, repair, improvement or oversight of property, or received for the advertising of, or negotiating the use of property (for example, where a real estate agent manages a rental property, or where a car fleet service receives payments for use of vehicles and makes payments for maintenance of the vehicle)
being held or managed is to be received or payable under an order of a court or tribunal (for example, where a solicitor uses their trust account to receive a judgment sum from the opposing party to litigation, and then sends on the judgment sum to their client's bank account), or
the receipt or disbursement of a payment mentioned in subsection 6(5D), which is a payment to or from any of the following:

o
an Australian or foreign government body (for example, Launceston City Council, the Australian Taxation Office (ATO), or the United States Patent and Trademark Office)
o
a court or tribunal of the Commonwealth, a State or a Territory or a foreign country (for example, the Federal Circuit and Family Court, or Supreme Court of New Zealand)
o
a person who is licensed under a law of the Commonwealth, a State or a Territory to provide insurance, including self-insurance (for example, a personal injury legal practitioner receiving a payment from an insurer, such as Comcover or AAI Limited, to then pay to their client)
o
a person who carries on a business that relates solely to the services provided by the business referred to in item 3 of the table in subsection 6(5B), and the payment to the other person is reasonably incidental to the provision of a service that is not a designated service (for example, making payment to a barrister for representing a client in a legal proceeding, or payment to an expert witness consultant or supplier that is retained by a legal practitioner on behalf of a client in connection with legal services which are not designated services), or
o
a payment of a kind specified in the AML/CTF Rules.

371. The rule-making power will improve the effectiveness of the AML/CTF regime by providing flexibility through new subsections 6(5C) and 6(5D) to expand the scope of the respective exceptions in the AML/CTF Rules. This will allow the AUSTRAC CEO to make additional exemptions in exceptional circumstances and where the exemption provided reflects low money laundering and terrorism financing risk.

372. One of the key effects of the exceptions at new subsection 6(5C) is that businesses operating trust accounts will not be regulated under the AML/CTF regime purely for operating a trust account in the absence of any designated services. This exemption allows for legal practitioners to make payments for mediators, expert witnesses and court filing fees without becoming liable for regulation under the AML/CTF regime. Another key effect is that businesses will be free to facilitate transfers of money to and from licensed insurers, litigation opponents, government bodies (of all levels and jurisdictions, within Australia and otherwise) on behalf of their clients without triggering the designated service. These exemptions reflect the overall low-level of money laundering and terrorism financing risk associated with those payments.

Item 4 of table 6

373. Item 4 of table 6 creates a new designated service of assisting a person in organising, planning or executing a transaction, or otherwise acting for or on behalf of a person in a transaction, for equity or debt financing relating to a body corporate (or proposed body corporate), or a 'legal arrangement' (or proposed 'legal arrangement') in the course of carrying on a business.

374. Item 4 of table 6 is intended to capture when a professional service provider is engaged to assist a person to plan or execute a transaction, or otherwise act for a person in a transaction for equity or debt financing contributions for a body corporate, 'legal arrangement' or a proposed body corporate or proposed 'legal arrangement'. This includes work a professional service provider undertakes to assist clients with gaining capital contributions. For example, a professional service provider would be considered to be 'assisting' a client when they undertake activities such as structuring, negotiating and documenting these transactions. This may also include advising on compliance with the ASX Listing Rules and continuous disclosure obligations in relation to a transaction.

375. 'Equity or debt financing' in item 4 of table 6 is intended to refer to all capital and debt raising methods, including but not limited to:

Equity capital raising, for example: initial public offerings, venture capital, share purchase plans, rights issues, and block trades.
Debt financing, including the following whether secured or unsecured: bonds, bills or notes, asset financing, loans, including government loans, and debentures.

376. The customer of the designated service in item 4 of table 6 is the person providing instructions to the reporting entity to plan for, execute, or organise transactions for contributions for the creation, operation or management of body corporations or other legal arrangements.

Item 5 of table 6

377. Item 5 of table 6 creates a new designated service of selling or transferring a shelf company, in the course of carrying on a business. The customer of the designated service is the buyer or transferee of the shelf company. This is intended to regulate where a person creates and registers companies (with ASIC, for example), without a specific owner of the company in mind. Shelf company will take its ordinary meaning, being a company, which has a legal existence but which has not engaged in any business activity. Often, shelf companies are marketed as available for purchase by those who wish to avoid incorporating a new company themselves, or for a person who for various reasons, requires a company that has been in existence for some time.

378. Shelf companies pose a significant money laundering and terrorism financing risk and are recognised as being one of the most common type of legal arrangements used in schemes and structures designed to obscure the true ownership of assets.

379. Item 5 of table 6 is required as a standalone designated service to provide clarity on the regulation of 'shelf companies' under the AML/CTF regimes and to ensure there is no possible alternative interpretations. Item 2 of table 6 only captures where a professional service provider assists a customer in the planning or execution of a transaction, or is otherwise acting for or on behalf of a person to sell, buy or transfer a body corporate or legal arrangement, where the customer is or will be a beneficial owner of the body corporate or legal arrangement as a result of the transaction. Separately, item 6 of table 6 covers where a professional service provider assists a person to plan or execute or otherwise act for a customer to create or restructure a body corporate or legal arrangement. The key difference is that items 2 and 6 of table 6 do not apply if the professional service provider itself sells the body corporate, because the professional service provider would not be assisting with the transaction, they are directly transferring or selling the body corporate.

Item 6 of table 6

380. Item 6 of table 6 creates a new designated service of assisting a person to plan, execute or otherwise act for a person in the creation or restructuring of a body corporate or proposed body corporate (other than a corporation under the Corporations (Aboriginal and Torres Strait Islander) Act 2006), 'legal arrangement' or proposed 'legal arrangement' in the course of carrying on a business. This designated service regulates a professional service provider assisting with planning the creation or restructuring of a body corporate or 'legal arrangement'. It also regulates a professional service provider assisting a customer with the execution of the creation or restructuring of a body corporate or 'legal arrangement'.

381. Item 6 of table 6 includes planning steps that are required in anticipation of creating a body corporate or 'legal arrangement'. The designated service may be triggered by activities a professional service provider provides for a customer, including but not limited to:

drafting, reviewing and negotiating corporate agreements and business documents, including company constitutions, partnership agreements, shareholders agreements, documents creating corporate trustees and insolvency agreements
drafting and reviewing trust deeds and documents, such as preparing a deed for a family trust, a bare trust or other asset protection arrangements using legal structures
drafting, reviewing and negotiating documents to support a customer's mergers and acquisitions, as well as proposed mergers and acquisitions
registering applications and forms with ASIC for registering a company or a business name
obtaining Foreign Investment Review Board approvals, and ASX and ASIC waivers for clients, or
conducting due diligence on accounts and finances for corporate financial transactions prior to a transaction.

382. Item 6 of table 6 does not regulate pure advisory work performed by professional service providers where there is no underlying transaction or proposed transaction involved.

383. The customer of the designated service in item 6 of table 6 depends on the nature of the service being undertaken. Where the service sought is the creation or restructuring of a body corporate, the customer is the person providing instructions to the reporting entity, and the beneficial owners and directors of the company. Where the service sought is the creation of an express trust, the customer is the person providing instructions to the reporting entity, plus the trustee, settlor and beneficiaries of the trust.

384. This is an exception to the designated service for testamentary trusts created by way of a will due to the low ML/TF risk such arrangements present, and to reduce the regulatory impact of the amendments.

Item 7 of table 6

385. Item 7 of table 6 creates a new designated service of acting as, or arranging for another person to act as, any of the following, on behalf of a person (the nominator), in the course of carrying on a business:

a director or secretary of a company
a power of attorney of a body corporate or 'legal arrangement'
a partner in a partnership
a trustee of an express trust, or
a position in any other 'legal arrangement' that is functionally equivalent to a position mentioned in any of the above paragraphs, other than in the circumstances covered by subsection 6(5E).

386. Item 7 of table 6 is intended to regulate a professional service provider where they are engaged to act as, or arrange for another person to act as any of the positions listed in (a) to (e). The effect of this is that the designated service is triggered when a professional service provider:

drafts documents to authorise or make appointments to the listed positions on behalf of a customer
identifies or introduces a person to be authorised as or appointed to the listed positions on behalf of a customer, or
acts as, or is appointed as any of the listed positions on behalf of a nominator/customer.

387. The limiting factor of item 7 of table 6 is the requirement for the professional service provider to 'act as' or arrange for another person to 'act as' director, company secretary, trustee and the other listed positions in item 6. In the context of a person 'acting as' the director of a body corporate on behalf of a customer, this means the customer retains control over the acting director's fulfilment of duties and responsibilities, and the acting director acts on the wishes and instructions of the customer. Examples include where a person is authorised to act, in common language, as an alternate director, a nominee director, a resident director on behalf of a shareholder, creditor or interest group. The designated service applies to scenarios where the reporting entity, an employee of the reporting entity, or where the reporting entity assists to identify and engage a person to act as director or any other listed position in the designated service. The customer of the designated service is the person who authorises or nominates the acting director or other position listed in the designated service.

388. Item 7 of table 6 is intended to be distinguished from genuine appointments of individuals to the role of director where the appointed individual is expected to fulfil duties and responsibilities with independent decision-making authority. This means that, for example, recruitment businesses that offer a service where they assist body corporates to identify and engage executive directors are not regulated.

389. In the context of a reporting entity acting as, or arranging for another person (including an employee of the reporting entity) to act as trustee of an express trust or acting as power of attorney for a company, item 7 of table 6 will be triggered by any appointment of this nature by a client, and where the reporting entity is providing the service in the course of carrying on a business. This means a solicitor or other individual who is a trustee of their own family trust will not fall within this designated service. The designated service also does not apply to power of attorney in respect of natural persons.

390. Paragraph (e) of item 7 of table 6 provides that a person is regulated under this designated service where they perform a role for a 'legal arrangement' that is functionally equivalent to a trust to a trustee, for example, a fiduciaire of a fiducie estate or a mutawalli (manager or superintendent) of a Waqf.

391. New subsection 6(5E) provides exceptions to this designated service. For example, this includes where a person is appointed as a registered liquidator over an insolvent body corporate, or where a trustee company or public trustee manages the financial affairs of a person with a decision-making disability. Paragraph 6(5E)(b) of the exception excludes the Official Trustee or other trustees appointed to act as a trustee of a regulated debtor's estate, within the meaning of Schedule 2 of the Bankruptcy Act 1966. This includes estates regulated under that Act, being bankrupt estates, estates of a debtor under a personal insolvency agreement, an estate of a person whose property is subject to control under Division 2 of Part VI of the Bankruptcy Act 1966.

Item 8 of table 6

392. Item 8 of table 6 creates a new designated service of acting as, or arranging to act as, a 'nominee shareholder' of a body corporate or 'legal arrangement', on behalf of a person (the nominator) in the course of carrying on a business. This intends to regulate a professional service provider where they are engaged to act as, or arrange for another person to act as, a 'nominee shareholder' of a body corporate or 'legal arrangement'. 'Nominee shareholder' is defined in Item 8 of Part 3 of this Schedule to mean where a person (the nominee shareholder) holds shares or an interest in the body corporate or 'legal arrangement' on behalf of another person (the nominator), and exercises voting rights associated with the shares according to the instructions of the nominator, or receives dividends on behalf of the nominator, or both.

393. Item 8 of table 6 includes where a professional service provider arranges for another person to act as 'nominee shareholder', the effect of this is that the designated service is triggered when a person:

drafts or amends documents to authorise a 'nominee shareholder' on behalf of a nominator
identifies or introduces a person to be act as 'nominee shareholder' on behalf of a nominator, or
acts as 'nominee shareholder'. Item 9 of table 6

394. Item 9 of table 6 creates a new designated service of providing a registered office address or principal place of business address for a body corporate or 'legal arrangement', in the course of carrying on a business. This designated service intends to regulate a professional service provider where they provide a body corporate or 'legal arrangement' with a registered office address or principal place of business address for use in lieu of a genuine office address that the person operates their business from.

395. Registered office address in item 9 of table 6 takes its ordinary meaning, but in the Australian context the term should be understood to align with the Business Names Registration Act 2011, the Corporations Act, and equivalent State, Territory and foreign jurisdiction legislation.

396. Item 9 of table 6 regulates persons who provide addresses that customers may use and notify to ASIC in absence of a true office address, which a company may wish to conceal for privacy or commercial reasons, or if the company does not have a physical presence in Australia.

397. Item 9 of table 6 does not regulate businesses that lease or otherwise provide office accommodation that a business uses and occupies as its principal place of business addresses or other business premises addresses. The determining factor is whether the business is using and occupying the premises.

398. The customer of the designated service provided in item 9 of table 6 is the person that is being provided with the address.

Part 4—Transitional provisions

335. Part 4 of Schedule 3 of the Bill creates the application provisions for newly regulated entities. The effect of these provisions is that businesses that provide services prescribed as designated services covered by item 2 of table 2, or an item of table 5 or 6 of section 6 of the AML/CTF Act may enrol as reporting entities on AUSTRAC's Reporting Entity Roll from 31 March 2026, despite the regulatory obligations under Part 1A, 2, 3 and Divisions 2 to 6 of Part 10 not applying until 1 July 2026.

Item 11 – Delayed application of certain provisions of this Act

399. Subsection 11(1) defers the obligations contained in Parts 1A, 2, 3 and Divisions 2 to 6 of Part 10 of the AML/CTF Act for reporting entities who provide the new designated services set out under this Schedule until 1 July 2026.

400. Subsection 11(2) provides that the remaining provisions of the AML/CTF Act apply to a reporting entity on and after 31 March 2026. This is subject to any other provision in this Bill, including transitional rules made in accordance with the amendments in Schedule 12 of this Bill.

Item 12 – Application provision - timing of enrolment

401. Item 12 of this Schedule provides for the application of Section 51B of the AML/CTF Act to reporting entities. Section 51B of the AML/CTF Act is the requirement for reporting entities to enrol with AUSTRAC. Section 51B, by default, would require entities providing a designated service to enrol within 28 days of commencing to provide the designated service.

402. Subclauses 12(1) and 12(2) of Schedule 3 of the Bill provide that a reporting entity must enrol with AUSTRAC no later than 29 July 2026 if:

the reporting entity provides, or commences to provide, a new designated service under this Schedule at any time before 1 July 2026, and
the reporting entity does not, as at that time, provide, or commence to provide, any other designated services under the AML/CTF Act.

SCHEDULE 4 - LEGAL PROFESSIONAL PRIVILEGE

403. Schedule 4 addresses the treatment of information subject to legal professional privilege for the purposes of the reporting and information disclosure obligations throughout the AML/CTF Act.

404. Amendments made by Schedule 4 are intended to preserve the important common law doctrine of legal professional privilege and statutory client privileges in the Evidence Act 1995. The amendments will ensure that client information that is subject to legal professional privilege is handled appropriately, and reporting entities can nevertheless comply with their reporting and information disclosure obligations under the AML/CTF Act.

405. The policy intent of the amendments in Schedule 4 is that the AML/CTF Act would not require the disclosure of information or a document as part of any reporting and information disclosure obligations where the reporting entity or notice recipient reasonably believes that the information or document is subject to legal professional privilege. The reporting entity or notice recipient would be required to fulfil their reporting or information disclosure obligations to the extent possible without disclosing the privileged information or document.

Anti-Money Laundering and Counter-Terrorism Financing Act 2006

Item 1 – Section 5

406. Item 1 inserts a definition of 'legal professional privilege' into section 5 of the AML/CTF Act. This clarifies the kinds of information to which the items in this schedule would apply, by making explicit that 'legal professional privilege' includes, but is not limited to, privilege under Division 1 of Part 3.10 of the Evidence Act 1995.

407. The inclusion of a definition of 'legal professional privilege' in section 5 responds to stakeholder feedback received during the consultation process. It is intended to provide greater clarity and certainty regarding the meaning of legal professional privilege under the AML/CTF Act. It is not intended to create a new definition or category of legal professional privilege, or to deviate from the common law understanding. This outcome is achieved by referencing the relevant Part of the Evidence Act 1995, and by ensuring that the definition in the AML/CTF Act definition is inclusive in nature, allowing the AML/CTF Act to recognise ongoing developments of the common law related to the doctrine of legal professional privilege.

408. Importantly, common law and statutory privilege is not extended to information or documents made for a purpose that is contrary to the public interest; that is, where the communication is made in furtherance of an illegal or improper purpose. The illegal or improper purpose principle covers all forms of fraud or dishonesty, including fraudulent breach of trust, fraudulent conspiracy, trickery and 'sham' contrivances, as well as cases of fraud by third parties. For the purposes of the illegal or improper purpose principle, the relevant distinction is between a communication made in furtherance of an illegal or improper purpose, which is non-privileged communication, as compared with a communication made for the purpose of seeking advice in relation to a criminal or other matter at law, which may be privileged.

409. Privilege also does not apply to documents lodged or provided to a lawyer simply for the purpose of obtaining immunity from production where the dominant purpose of the communication was not to obtain or provide legal advice, or for actual or reasonably anticipated litigation. The mere fact that a lawyer has drafted or possessed a communication will not in itself substantiate a claim for legal professional privilege. For example, a list of clients and CDD undertaken in respect of those clients will not normally be subject to privilege, nor will a conveyancing file, except to the extent that the file contains legal advice provided to a client.

410. Item 1 also inserts a definition of the new term 'LPP form' into section 5 of the AML/CTF Act. An 'LPP form' is a written notice in a form approved by the AUSTRAC CEO that specifies the basis on which any relevant information or document is privileged from being given or produced on the ground of legal professional privilege. AUSTRAC, as the AML/CTF regulator, requires full access to facts to determine what supervisory or enforcement action to take with respect to reporting entities' obligations under the regime. Part of that role is to determine claims of legal professional privilege, particularly when made in response to a formal notice. For AUSTRAC to make an informed decision, it requires information about the legal professional privilege claim. The LPP form presents a balanced approach to addressing assertions of privilege, and facilitates the common law position that a person asserting legal professional privilege is required to particularise their claim for privilege in the context of a response to a compulsory information gathering power exercised by a statutory authority. The LPP form is also anticipated to dissuade reckless or potentially reckless claims of legal professional privilege.

411. The particulars of the LPP form are not included in the Bill (and therefore the amended AML/CTF Act), consistent with other approved forms in the AML/CTF regime. This also provides flexibility and ensures that the form is adaptable and responsive to different contexts and assertions of legal professional privilege. The LPP form may, for example, contain fields requiring reporting entities to provide the name of the privilege holder, the title or subject line of the document, and the type of document (for example, contract, advice, invoice), and any other supporting information. It is expected that a reporting entity completes the form to the extent possible, however there may be circumstances where not all of the particulars can be provided. The LPP form will be available on the AUSTRAC website and via the online reporting platform, along with a range of guidance to support a person in considering legal professional privilege issues. For clarity, the LPP form is to be provided in lieu of any relevant information that may be subject to legal professional privilege; there is no requirement or expectation for privileged information to be provided to AUSTRAC in the LPP form or otherwise.

412. Civil penalties would apply under Division 2 of Part 15 of the AML/CTF Act for failure to provide an LPP form in accordance with these amendments. This approach is consistent with existing approaches in the Commonwealth, for example, in section 89 of the Financial Accountability Regime Act 2023. It is also consistent with protocols and procedural approaches taken by other regulators such as the ATO and the Australian Competition and Consumer Commission.

413. The maximum civil penalty under the AML/CTF Act is set at the highest amount allowed, which is 100,000 penalty units for a corporation and 20,000 penalty units for individuals. While the penalties can be substantial, AML/CTF enforcement actions can involve serious systemic failures by a reporting entity where the number of contraventions is immeasurable. The amount of any civil penalty will be determined by the court. Courts will decide the appropriate penalty (subject to the statutory maximum) based on the circumstances of a contravention. In determining the appropriate amount for a civil penalty, the courts will consider the impact of these violations on the Australian community, the financial system, and law enforcement efforts.

Items 2 and 3

414. Item 2 inserts a new subsection 26Q(2A) in the AML/CTF Act, which provides an obligation to provide an LPP form where information specified in a notice to produce, under new section 26Q (to be inserted by Item 24 in Schedule 1), is withheld from the issuer of the notice on the grounds that the recipient reasonably believes the information is subject to legal professional privilege. The LPP form would be given in substitution of withheld information.

415. Item 2 also inserts a note after new subsection 26Q(2A) of the AML/CTF Act referring to new sections 242 and 242A of the AML/CTF Act (to be inserted by Item 30 of this Schedule). New subsection 242(1) preserves the right for a person to refuse to give information or produce documents that are subject to legal professional privilege.

416. Item 3 provides that a person may be subject to a civil penalty in accordance with Division 2 of Part 15 of the AML/CTF Act if they do not comply with a notice requirement under new subsection 26Q(2), or if they do not comply with the obligation to provide an LPP form under new subsection 26Q(2A) when information is withheld on the basis that the notice recipient reasonably believes the specified information is subject to legal professional privilege.

417. The maximum civil penalty under the AML/CTF Act is set at the highest amount allowed, which is 100,000 penalty units for a corporation and 20,000 penalty units for individuals. While the penalties can be substantial, AML/CTF enforcement actions can involve serious systemic failures by a reporting entity where the number of contraventions is immeasurable. The amount of any civil penalty will be determined by the court. Courts will decide the appropriate penalty (subject to the statutory maximum) based on the circumstances of a contravention. In determining the appropriate amount for a civil penalty, the courts will consider the impact of these violations on the Australian community, the financial system, and law enforcement efforts.

Items 4 to 8

418. Items 4, 5, 6, 7 and 8 provide a mechanism for a reporting entity to be exempted from providing certain information in order to comply with suspicious matter reporting obligations in Division 2 of Part 3 of the AML/CTF Act. A reporting entity is exempt to the extent that they reasonably believe that information that is required to be contained in a SMR is subject to legal professional privilege.

419. Item 4 clarifies that paragraph 41(2)(a) of the AML/CTF Act, which specifies the time period in which a SMR must be given if a SMR obligation arises under section 41, only applies where new paragraph 41(2)(aa) does not apply.

420. Item 5 inserts new paragraph 41(2)(aa) in the AML/CTF Act. Paragraph 41(2)(aa) provides that where a SMR obligation arises for a reporting entity, and the reporting entity reasonably believes that information required to be contained in a SMR is subject to legal professional privilege belonging to a person other than the reporting entity, the reporting entity has a total of 5 business days in respect of the requirement to give the AUSTRAC CEO a SMR, unless the SMR relates to financing of terrorism. This is an additional 2 days to the existing requirement for reporting entities to submit a SMR.

421. The intent of this extended timeframe in new paragraph 41(2)(aa) is to allow additional time for reporting entities to consider whether privilege, that does not belong to them, applies to information required to be contained in a SMR. This is also intended to reduce inadvertent disclosures of privileged information by alleviating the time pressures associated with suspicious matter reporting under section 41.

422. Current paragraph 41(2)(a) provides that this extended timeframe in new paragraph 41(2)(aa) does not apply where the suspicion relates to financing of terrorism. Due to the national security considerations associated with terrorism financing suspicions, the timing remains 24 hours after the time the relevant suspicion is formed.

423. Item 5 at new subparagraph 41(2)(aa)(iii) further establishes that this extended timeframe is only available where the legal professional privilege, if it exists, belongs to a person other than the reporting entity themselves, for example a client of a law firm or accounting practice. Such reporting entities therefore may require more time to consider whether legal professional privilege attaches to relevant information, as they are not the privilege holder.

424. Item 6 inserts new subsection 41(2A) that establishes that a reporting entity may refuse to give a SMR if they reasonably believe that all of the information comprising the grounds on which they hold the relevant suspicion is privileged from being given on the ground of legal professional privilege. The reporting entity is also not required to give the AUSTRAC CEO an LPP form in this case.

425. The intention of this amendment is that a reporting entity is not required to give a 'blank' (or 'shell') SMR and accompanying LPP form to AUSTRAC in circumstances where the entire grounds for suspicion is composed of information that the reporting entity reasonable believes is subject to legal professional privilege. The intention of this amendment is to minimise the regulatory burden for reporting entities associated with submitting 'blank' SMRs. This exception ensures that reporting entities do not attract a civil penalty liability for failing to give the AUSTRAC CEO a SMR under subsection 41(2) of the AML/CTF Act in this circumstance.

426. Item 6 frames the exception to the requirement to give the AUSTRAC CEO a report on a suspicious matter as a right to refuse, so that the reporting entity would attract protections under the AML/CTF Act if the reporting entity makes a report under subsection 41(2), where the grounds of suspicion are based on privileged information but disclosed in the SMR with the consent of the privilege holder (where obtaining such consent would not reasonably prejudice an investigation or would fit within the 'crime prevention' exception of the tipping off offence in subsection 123(4) of the AML/CTF Act). For example, a SMR made under these circumstances may arise if the customer of the reporting entity is a victim of a serious crime such as fraud, or if the suspicions that are the subject of the SMR relate to a counterparty of a customer's transaction.

427. A reporting entity would still be required to comply with other obligations in the Bill that are triggered by the SMR obligation in subsection 41(1), even if they have refused to give a report on the suspicious matter under subsection 41(2) on the ground of legal professional privilege. These obligations include:

monitoring for unusual transactions or behaviour that may give rise to a SMR obligation as part of ongoing CDD under new paragraph 30(2)(a)
if the reporting entity has a business relationship with a customer – reviewing and updating the identification and assessment of the customer's ML/TF risk if there are unusual transactions and behaviours that may give rise to a SMR obligation as part of ongoing CDD under new subparagraph 30(2)(b)(ii)
applying enhanced CDD measures if a SMR obligation arises about a customer and the reporting entity proposes to continue to provide a designated service or services to the customer under new section 32, and
undertaking initial CDD for a pre-commencement customer if a SMR obligation arises about the customer pursuant to new subsection 36(4).

428. Item 7 inserts new paragraph 41(3)(aa) of the AML/CTF Act, which provides that a reporting entity must provide an LPP form to the AUSTRAC CEO at the same time as providing a SMR under subsection 41(3).

429. Item 8 inserts a note in subsections 41(3) of the AML/CTF Act referring to new sections 242 and 242A of the AML/CTF Act, inserted by Item 30 of this Schedule. New subsection 242(1) preserves the right for a person to refuse to give information or produce documents that are subject to legal professional privilege.

Items 9 and 10

430. Item 9 inserts new paragraph 43(3)(aa) of the AML/CTF Act, which provides that if a reporting entity reasonably believes information required to be contained in a threshold transaction report under section 43 of the AML/CTF Act is subject to legal professional privilege, they must provide an LPP form to the AUSTRAC CEO in relation to the privileged information at the same time as providing a threshold transaction report under subsection 43(3).

431. Item 10 inserts a note into subsection 43(3) of the AML/CTF Act referring to new sections 242 and 242A of the AML/CTF Act. New subsection 242(1), inserted by Item 30 of this Schedule, preserves the right for a person to refuse to give information or produce documents that are subject to legal professional privilege.

Items 11 to 14

432. Items 11 to 14 insert an obligation to provide an LPP form where information specified in a notice to produce under sections 49 or new section 49B (inserted by Schedule 9 of this Bill) is withheld from the issuer of the notice, or from the report, on the grounds that the recipient reasonably believes the information is subject to legal professional privilege (in accordance with the right to refuse to give privileged information in new subsection 242(1) to be inserted by Item 30 of this Schedule).

433. New subsection 49(3) provides that a person may be subject to a civil penalty in accordance with Division 2 of Part 15 of the AML/CTF Act if they do not comply with a notice requirement under section 49(2), or if they do not comply with the obligation to provide an LPP form under new subsection 49(4) when information is withheld on the basis that the notice recipient reasonably believes the specified information is subject to legal professional privilege.

434. The maximum civil penalty under the AML/CTF Act is set at the highest amount allowed, which is 100,000 penalty units for a corporation and 20,000 penalty units for individuals. While the penalties can be substantial, AML/CTF enforcement actions can involve serious systemic failures by a reporting entity where the number of contraventions is immeasurable. The amount of any civil penalty will be determined by the court. Courts will decide the appropriate penalty (subject to the statutory maximum) based on the circumstances of a contravention. In determining the appropriate amount for a civil penalty, the courts will consider the impact of these violations on the Australian community, the financial system, and law enforcement efforts.

435. Item 11 inserts new subsection 49(4) in the AML/CTF Act that provides that a person receiving a notice under subsection 49(1) must provide an LPP form to the AUSTRAC CEO if withholding information specified to be given in a response to the notice on the basis that the person reasonably believes the information is subject to legal professional privilege. The LPP form would be given in substitution of providing the privileged information.

436. Item 12 inserts new paragraph 49B(5)(aa) that requires a notice to set out the effect of new subsection 49B(6A) (which is inserted by Item 13 below). Requiring the notice to set out the effects of this section makes it clear to the person receiving the notice what their obligations are in providing information or documents to the AUSTRAC CEO, that is, that they must provide an LPP form in certain circumstances.

437. Item 13 inserts a new paragraph 49B(6A), which provides that a person receiving a notice under section 49B must provide an LPP form to the AUSTRAC CEO if withholding information specified to be given in a response to the notice on the basis that the person reasonably believes the information is subject the legal professional privilege. The LPP form would be given in substitution of providing the privileged information.

438. Item 13 also inserts a new note at the end of section 49B referring to new sections 242 and 242A of the AML/CTF Act. New subsection 242(1), inserted by Item 30 of this Schedule, preserves the right for a person to refuse to give information or produce documents that are subject to legal professional privilege.

439. Item 14 inserts a new subsection 49B(7), which provides that a person may be subject to a civil penalty in accordance with Division 2 of Part 15 of the AML/CTF Act if they do not comply with a notice requirement under subsection 49B(6), or if they do not comply with the obligation to provide an LPP form under subsection 49B(6A) when information is withheld on the basis that the notice recipient reasonably believes the specified information is subject to legal professional privilege.

Item 15 – After paragraph 50(6)(a)

440. Item 15 inserts a new paragraph 50(6)(aa), which provides that a reporting entity must provide an LPP form to the AUSTRAC CEO or Commissioner of Taxation (as applicable) in relation to any legally privileged information withheld from a report under section 50 at the same time as providing a report under subsection 50(4) or 50(5). The LPP form would be given in substitution of providing the privileged information.

Item 16 – Subsection 50(6) (note)

441. Item 16 clarifies the existing note in section 50 of the AML/CTF Act is note 1.

Item 17 – At the end of subsection 50(6)

442. Item 17 inserts a new note 2 at the end of section 50 of the AML/CTF Act referring to new sections 242 and 242A of the AML/CTF Act. New subsection 242(1), inserted by Item 30 of this Schedule, preserves the right for a person to refuse to give information or produce documents that are subject to legal professional privilege.

Items 18 and 19

443. Items 18 and 19 insert new subsections 75N(3) and 76Q(3) in the AML/CTF Act that provide that, where a person reasonably believes that the information requested under sections 75N or 76Q is subject to legal professional privilege, the person has an obligation to provide an LPP form to the AUSTRAC CEO in relation to any information withheld from the response to the request. The LPP form would be given in substitution of providing the privileged information.

444. New subsections 75N(4) and 76Q(4) clarify that a person may be subject to a civil penalty in accordance with Division 2 of Part 15 of the AML/CTF Act if they do not comply with the obligation to provide an LPP form under subsections 75N(3) or 76Q(3).

445. These penalties are outlined in Division 2 of Part 15 of the AML/CTF Act. The maximum civil penalty under the AML/CTF Act is set at the highest amount allowed, which is 100,000 penalty units for a corporation and 20,000 penalty units for individuals. While the penalties can be substantial, AML/CTF enforcement actions can involve serious systemic failures by a reporting entity where the number of contraventions is immeasurable. The amount of any civil penalty will be determined by the court. Courts will decide the appropriate penalty (subject to the statutory maximum) based on the circumstances of a contravention. In determining the appropriate amount for a civil penalty, the courts will consider the impact of these violations on the Australian community, the financial system, and law enforcement efforts.

446. This Item also inserts a new note at the end of sections 75N and 76Q referring to new sections 242 and 242A of the AML/CTF Act. New subsection 242(1), inserted by Item 30 of this Schedule, preserves the right for a person to refuse to give information or produce documents that are subject to legal professional privilege.

Items 20 to 22

447. Items 20 to 22 make amendments to section 167 of the AML/CTF Act relating to the obtaining of information or a document by an authorised officer.

448. Item 20 inserts 'etc.' at the end of the heading of subsection 167(4) of the AML/CTF Act to connote that subsection 167(4) is being amended to reflect legal professional privilege in addition to the requirement to set out the effect of offence provisions in the notice.

449. Item 21 inserts new paragraphs 167(4)(aa) and (ab) that require a notice to set out the effect of new subsections 167(5) and (6) (which are inserted by Item 22 below). Requiring the notice to set out the effects of this section makes it clear to the person receiving the notice what their obligations are in providing information or documents to the AUSTRAC CEO, that is, that they must provide an LPP form in certain circumstances.

450. Item 22 inserts new subsection 167(5) in the AML/CTF Act that provides that where a person reasonably believes that the information, document or copy required to be given pursuant to a notice under subsection 167(2) is subject to legal professional privilege, the person has an obligation to provide an LPP form to the AUSTRAC CEO in relation to the information, document or copy withheld from the authorised officer, within the period specified in the notice. The LPP form would be given in substitution of providing the privileged information.

451. New subsection 167(6) clarifies that a person may be subject to a civil penalty in accordance with Division 2 of Part 15 of the AML/CTF Act if they do not comply with the obligation to provide an LPP form under subsection 167(5).

452. Item 22 also inserts a new note at the end of section 167 referring to sections 242 and 242A of the AML/CTF Act. New subsection 242(1), inserted by Item 30 of this Schedule, preserves the right for a person to refuse to give information or produce documents that are subject to legal professional privilege.

Items 23 to 27

453. Items 23 to 27 insert new text in section 184 of the AML/CTF Act to the provide that new subsections 26Q(2A), 49(4), 49B(6A), 50(4), 50(5), 75N(3), 76Q(3), 167(5) and 202(5) of the AML/CTF Act are 'designated infringement notice provisions' for the purposes of the AML/CTF Act.

Items 28 and 29

454. Item 28 inserts a new subsection 202(5) in the AML/CTF Act that provides that, where a person given a notice under subsection 202(2) reasonably believes that the information or document specified in the notice to be given is subject to legal professional privilege and the person decides to withhold the information or document (in accordance with the right to refuse to give privileged information in new subsection 242(1), detailed at Item 19 of this Schedule, see below), the person has an obligation to provide an LPP form to the AUSTRAC CEO in relation to the information or document within the period specified in the notice. The LPP form would be given in substitution of providing the privileged information.

455. Item 28 also inserts a new subsection 202(6) that clarifies that a person may be subject to a civil penalty in accordance with Division 2 of Part 15 of the AML/CTF Act if they do not comply with the obligation to provide an LPP form under subsection 202(5). These penalties are outlined in Division 2 of Part 15 of the AML/CTF Act. The maximum civil penalty under the AML/CTF Act is set at the highest amount allowed, which is 100,000 penalty units for a corporation and 20,000 penalty units for individuals. While the penalties can be substantial, AML/CTF enforcement actions can involve serious systemic failures by a reporting entity where the number of contraventions is immeasurable. The amount of any civil penalty will be determined by the court. Courts will decide the appropriate penalty (subject to the statutory maximum) based on the circumstances of a contravention. In determining the appropriate amount for a civil penalty, the courts will consider the impact of these violations on the Australian community, the financial system, and law enforcement efforts.

456. Item 28 also inserts a new note at the end of section 202 referring to sections 242 and 242A of the AML/CTF Act. New subsection 242(1), inserted by Item 30 of this Schedule, preserves the right for a person to refuse to give information or produce documents that are subject to legal professional privilege.

457. Item 29 inserts new paragraph 203(ea) that requires a notice to set out the effect of new subsections 202(5) and 202(6). Requiring the notice to set out the effects of this section makes it clear to the person receiving the notice what their obligations are in providing information or documents to the AUSTRAC CEO, that is, that they must provide an LPP form in certain circumstances.

Item 30 – Section 242

458. Item 30 replaces existing section 242 of the AML/CTF Act with new sections 242 and 242A. Existing section 242 of the AML/CTF Act already provides that the AML/CTF Act does not affect the common law relating to legal professional privilege. However, the Bill provides stronger protections with regard to the disclosure of information or documents subject to legal professional privilege once services which are frequently provided by legal practitioners become regulated as provided for in this Bill. This approach also response to stakeholder feedback.

459. New section 242 establishes a general framework for the protection of legal professional privilege across the AML/CTF Act. A person may choose not to rely on the right to refuse to disclose information or documents that is subject to legal professional privilege and will still receive protections offered by the AML/CTF Act, such as if a reporting entity determines it may advantage its virtual asset service provider (VASP) registration application if privileged information is disclosed, or if a privilege holder consents to privileged information being included in a SMR. Protections under the AML/CTF Act include, for example:

sections 51 and 172 which provides that a person will not be regarded as being in possession of information for the purposes of Division 400 (money laundering offences) and Chapter 5 (Security of the Commonwealth) of the Criminal Code, or
section 235 which provides reporting entities and persons acting on their behalf, protection in any action, suit or proceedings (whether criminal or civil) in relation to anything done, or omitted to be done in good faith by reporting entities or people acting on their behalf in fulfillment of a requirement or purported requirement under the AML/CTF Act.

460. New section 242A provides an ability for the Minister administering the AML/CTF Act to make guidelines about the making or dealing with claims or assertions of legal professional privilege in relation to information or documents to be given under or for the purposes of the AML/CTF Act. Any guidelines issued under section 242A are to be made by notifiable instrument.

461. It is intended that the guidelines on legal professional privilege would recommend an approach which will best assist AUSTRAC in deciding whether to accept, review or challenge a legal professional privilege claim, processes to be undertaken relating to privilege when warrants are executed, and dispute resolution processes to review or challenge claims of privilege. The guidelines will contain information relevant to legal practitioners and non-legal practitioners generally, and to all claims of privilege regardless of the business structure of the reporting entity. Noting that informal resolution of review or challenges of privilege is preferable to all parties involved, the guidelines will emphasise alternative dispute pathways, with the option of progressing disputes to court to be an avenue of last resort.

SCHEDULE 5 - TIPPING OFF OFFENCE AND DISCLOSURE OF AUSTRAC INFORMATION TO FOREIGN COUNTRIES OR AGENCIES

462. Schedule 5 would reform the offence of tipping off in existing section 123 of the AML/CTF Act so that it is compatible with modern business practice and focussed on harm prevention. The current broad scope of the offence prevents a large range of information sharing for legitimate financial crime prevention purposes, including information sharing that would allow reporting entities to effectively identify, mitigate and manage their risks.

463. The new offence would focus on preventing the disclosure of SMR information or information related to a section 49 or 49B notice where it would or could reasonably prejudice an investigation. The amendments reflect the requirements found in FATF Recommendation 21—financial institutions should be prohibited from disclosing the fact that a suspicious transaction report or related information is being reported to the Financial Intelligence Unit (FIU).

464. Schedule 5 would also make minor amendments to sections 126 and 127 of the AML/CTF Act relating to the disclosure of AUSTRAC information to foreign countries or agencies.

Part 1—Main amendments

Division 1—Tipping off offence

Anti-Money Laundering and Counter-Terrorism Financing Act 2006

Item 1 – Section 5

465. Item 1 repeals the definitions of certain Australian Government agencies in section 5 of the AML/CTF Act as they are no longer required. This amendment is consequential to amendments made to section 127 of the AML/CTF Act by Item 5 of this Schedule.

466. The list of agencies authorised to disclose AUSTRAC information to the government of a foreign country or a foreign agency is currently included in subsection 127(3) of the AML/CTF Act. The current list of eligible agencies includes: the Attorney-General's Department, the Department of Foreign Affairs and Trade, the Australian Federal Police, the Australian Crime Commission, the Australian Prudential Regulation Authority (APRA), the ASIC, the ATO, the Australian Security Intelligence Organisation, the Australian Secret Intelligence Service, the Australian Signals Directorate, the Australian Geospatial- Intelligence Organisation, the Defence Intelligence Organisation and the Office of National Intelligence.

467. This list of agencies would be repealed from the AML/CTF Act and moved into the AML/CTF Rules when they are remade. Moving the list of agencies to the AML/CTF Rules would enable a greater degree of flexibility and would ensure this provision does not easily become outdated and require legislative amendment to correct.

468. Item 1 also repeals the definition of 'corporate group' in section 5 of the AML/CTF Act. This amendment is consequential to amendments made to section 123 in Item 2 of this Schedule, which removes the concept of a corporate group as defined in subsection 123(12) once repealed.

Item 2 – Section 123

469. This Item repeals and substitutes existing section 123 of the AML/CTF Act with a reformed 'Offence of tipping off' framework.

470. New subsection 123(1) provides that it is an offence for a person to disclose information covered by subsection 123(2) to any other person except an AUSTRAC entrusted person, where the disclosure would or could reasonably be expected to prejudice an investigation of an offence against a law of the Commonwealth or of a State and Territory, or an investigation for the purposes of the POCA or a corresponding law of a state or territory. The offence carries a maximum penalty of imprisonment for 2 years, or 120 penalty units, or both.

471. Paragraph 123(1)(a) sets out who may commit an offence of tipping off and captures a person who is or has been one of the following:

a reporting entity
an officer, employee or agent of a reporting entity
a member of a reporting group
an officer, employee or agent of a member of a reporting group
required by a notice under subsection 49(1) to give information or produce documents, or
required by a notice under subsection 49B(2) to give information or produce documents.

472. The inclusion of 'is or has been' in paragraph 123(1)(a) is intended to ensure that even when a person ceases to be a person described in the list that the prohibition on disclosure of information is enduring.

473. Situations where disclosure would or could reasonably be expected to prejudice an investigation include a reporting entity notifying a customer who is the subject of a SMR or their known associate that a suspicion was formed in relation to their behaviour and a SMR has been submitted. This kind of disclosure risks criminals taking action to hide or disguise their illegal activities.

474. Examples of where disclosure of information is not intended to constitute tipping off under the reframed offence include:

disclosure of information to Australian law enforcement, regulatory or oversight agencies
disclosure of information in compliance with a requirement under a law of the Commonwealth, a State or Territory
disclosure of information within a reporting group, or with third party service providers (subject to appropriate safeguards), for the purposes of money laundering and terrorism financing risk management
disclosure of information in the context of a merger or acquisition, and
disclosure of information with consultants engaged to support AML/CTF remediation and uplift.

475. The inclusion of 'would or could reasonably be expected to prejudice' in paragraph 123(1)(d) is intended to capture both intentional and reckless disclosures. For example, the offence would cover a disclosure as a result of a lead entity or other reporting entity's failure to develop, implement or maintain appropriate AML/CTF policies to prevent tipping off when sharing within a reporting group.

476. Subsection 123(2) sets out the information that is prohibited from disclosure, including:

where a reporting entity has given, or is required to give, a report under subsection 41(2)
a report given under, or prepared for the purposes of, subsection 41(2)
a copy of such a report
a document purporting to set out information (including the formation or existence of a suspicion) contained in such a report
a person is or has been required by a notice under subsection 49(1) to give information or produce a document
a person has given information or produced a document in response to a notice under subsection 49(1)
a person is or has been required by a notice under subsection 49B(2) to give information or produce a document
a person has given information or produced a document in response to a notice under subsection 49B(2), or
information referred to in paragraphs 16(5A)(a), (b) or (c) or (5AA)(a) or (b) of the FTR Act, as in force immediately before its repeal.

477. Subsection 123(3) provides that for the purposes of paragraph (1)(d), it is immaterial whether an investigation has commenced. This is intended to clarify that a reporting entity does not need to know that an investigation is underway to consider whether the disclosure of the information would or could reasonably be expected to prejudice an investigation.

478. Subsections 123(4) and (5) contain exceptions to the offence.

479. Subsection 123(4) allows legal practitioners, qualified accountants or a person specified in the AML/CTF Rules to disclose SMR-related information where it relates to the affairs of a customer of the reporting entity. The disclosure must be made in good faith and for the purposes of dissuading the customer from engaging in conduct that constitutes, or could constitute, an offence against a law of the Commonwealth or of a State or Territory.

480. For example, in discussions with a client, a legal practitioner or qualified accountant should focus on the client's financial activities and how they could be breaking the law. The reporting entity should try not to disclose that they have submitted, or are required to submit, a SMR. Specifically disclosing that they have or will submit a SMR, would or could reasonably be expected to prejudice an investigation, even if the exception allows it.

481. The note at the end of subsection 123(4) clarifies that a person charged with the tipping off offence bears an evidential burden in relation to a matter in subsection 123(4). Subsection 123(4) implements the Interpretive Note to FATF Recommendation 23—where lawyers, notaries, other independent legal professionals and accountants acting as independent legal professionals seek to dissuade a client from engaging in illegal activity, this does not amount to tipping off.

482. For clarity, the intention is that subsection 123(4) does not permit legal practitioners, qualified accountants or a person specified in the AML/CTF Rules to disclose information referred to in paragraphs 123(2)(e) to (i).

483. Subsection 123(5) provides that the tipping off offence does not apply to the disclosure of information where the disclosure is in line with the regulations, the information is shared between reporting entities and is made for the purpose of detecting, deterring, or disrupting money laundering, the financing of terrorism, proliferation financing, or other serious crimes. It is intended that the regulations would prescribe conditions and appropriate safeguards for reporting entities entering into such information sharing arrangements. Subsection 123(5) is inoperative unless regulations have been made.

484. The intent of subsection 123(5) is to allow the creation of regulations that would establish a framework to enable private-to-private information sharing to detect, deter or disrupt money laundering, terrorism financing, proliferation financing or other serious crimes. Any information sharing arrangement would be subject to appropriate controls and safeguards set out in the regulations. The framework will help break down information silos between reporting entities and support enhanced solutions to managing illicit financing risks.

485. The note at the end of subsection 123(5) clarifies that a person charged with the tipping off offence bears an evidential burden in relation to subsection 123(5).

486. Subsection 123(6) provides that except where it is necessary for the purposes of giving effect to the AML/CTF Act, a person is not to be required to disclose to a court or tribunal information mentioned in subsection 123(2). This section limits the disclosure of such material to a court or tribunal in civil penalty, or certain other proceedings for offences under the AML/CTF Act in order to preserve the overarching intelligence and operational value to AUSTRAC and other criminal investigative agencies of material referred to in subsection 123(2).

Division 2—Disclosure of AUSTRAC information to foreign countries or agencies

Anti-Money Laundering and Counter-Terrorism Financing Act 2006

Item 3 – Paragraph 126(2)(a)

487. Item 3 substitutes existing paragraph 126(2)(a) of the AML/CTF Act. This amendment is intended to clarify the intended operation of sections 126 and 127. Section 126(2) clarifies that when a Commonwealth, State or Territory agency intends to share information with a foreign government or foreign agency they should rely on the exception under paragraph 126(2)(d) and share the information in accordance with section 127 (even where the offshore disclosure of AUSTRAC information is for the purposes of the performance of a person's functions, duties or powers as an official of a Commonwealth, State or Territory agency).

488. Item 3 repeals and replaces existing paragraph 126(2)(a) so that the offence in subsection 126(1) does not apply where:

the making of the record, disclosure or use is for the purposes of, or in connection with, the performance or exercise of the person's functions, duties or powers as an official of a Commonwealth, State or Territory agency, and
the disclosure is not to the government of a foreign country or to a foreign agency.

489. This amendment is intended to clarify that paragraphs 126(2)(a) and 126(2)(d) are alternatives and that paragraph 126(2)(a) should not be relied upon when seeking to disclose information to the government or a foreign country or to a foreign agency.

Item 4 – Paragraph 127(2)(a)

490. Item 4 is consequential to the amendment made by Item 5 of this Schedule. It provides that a person who is the head (for example, CEO, Secretary or however described) of a Commonwealth, State or Territory agency prescribed by the AML/CTF Rules may disclose AUSTRAC information to the government of a foreign country or to a foreign agency.

Item 5 – Subsection 127(3)

491. Item 5 repeals the list of agencies, authorities, bodies or organisations of the Commonwealth authorised to disclose AUSTRAC information to the government of a foreign country, or to a foreign agency under subsection 127(3). This list is intended to be moved into the AML/CTF Rules when they are remade. Moving the list of agencies to the AML/CTF Rules would enable a greater degree of flexibility and would ensure this provision does not easily become outdated and require legislative amendment to correct.

Item 6 – Subsection 127(4)

492. Item 6 is consequential to the amendment made by Item 5 of this Schedule and would provide that for the purposes of paragraph (2)(b), the head (however described) of a Commonwealth, State or Territory agency prescribed by the AML/CTF Rules for the purposes of paragraph 127(2)(a) may, in writing, authorise an official of the Commonwealth, State or Territory Agency.

Part 2—Contingent amendments

Intelligence Services Legislation Amendment Act 2024

Item 7 – Item 94 of Schedule 1

493. Item 7 is a contingent amendment relating to the relationship between section 123 of the AML/CTF Act, as amended by this Bill, and the Intelligence Services Legislation Amendment Bill 2023, which is currently before Parliament.

494. This Item repeals Item 94 of Schedule 1 of the Intelligence Services Legislation Amendment Act 2024 (ISLA Act) if it commences after the commencement of this Schedule (31 March 2026).

495. If the ISLA Act commences, Item 94 of Schedule 1 of the ISLA Act would insert a new exception to the tipping off offence which would allow a person to disclose SMR or section 49-related information to an official of the Inspector-General of Intelligence and Security (IGIS) for the purpose of the IGIS performing oversight functions.

496. As outlined above, this Schedule of the Bill would wholly replace the tipping off offence at section 123 of the AML/CTF Act with a new reframed tipping off offence that is focussed on preventing the disclosure of SMR information or information related to a section 49 or 49B notice where it is likely to prejudice an investigation

497. Once this Schedule commences, Item 94 of Schedule 1 of the ISLA Act would not be required because disclosure to an IGIS official would be permitted, as it is unlikely to prejudice an investigation.

SCHEDULE 6 - SERVICES RELATING TO VIRTUAL ASSETS

498. This Schedule amends the terminology of 'digital currency' to 'virtual asset' across the AML/CTF Act (by amending section 5 of the AML/CTF Act), updates the corresponding definition of 'virtual asset' (section 5B), and extends AML/CTF regulation to additional virtual asset-related services for VASPs (replacing the current concept of digital currency exchange providers in the AML/CTF Act). The term 'virtual asset' is consistent with the FATF terminology.

499. Virtual assets are an increasingly popular conduit to represent, store and move value, and the sector. The technologies and concept of digital currencies has continued to evolve since the Anti-Money Laundering and Counter-Terrorism Financing Amendment Bill 2017 extended the AML/CTF regime to digital currency exchange providers in 2017.

500. In October 2018, FATF Recommendation 15 was amended to require countries to apply AML/CTF regulation to the virtual asset-related services (referred to as 'limbs' of the definition of 'Virtual Asset Service Provider') outlined below:

exchanges between virtual assets and fiat currencies (first limb)
exchanges between one or more other forms of virtual assets (second limb)
transfers of virtual assets on behalf of a customer (third limb)
safekeeping or administration of virtual assets (fourth limb), and
participation in and provision of financial services related to an issuer's offer and/or sale of a virtual asset (fifth limb).

501. The FATF has identified these activities as posing a high illicit financing risk. These services can be used to move funds globally, instantaneously and facilitate pseudo- anonymous or anonymity-enhanced transactions.[1]

502. Currently, the AML/CTF Act only covers the first limb of this definition, under designated service item 50A in table 1 of section 6. This item regulates the exchanges between virtual asset and fiat currency. Bringing the additional services in the FATF's definition of 'Virtual Asset Service Provider' (specifically, the second to fifth limbs) within the scope of AML/CTF regulation will ensure the AML/CTF Act remains up-to-date and robust against potential exploitation by criminals in this rapidly growing sector.

503. To address regulatory gaps, the amendments in the Bill would also capture additional concepts like non-fungible tokens that function as a medium of exchange, as well as governance tokens, which are used to regulate participation in decentralised autonomous organisations (DAOs), in the definition of 'virtual asset' at new subsection 5B(2). Further, the 'generally available to members of the public without any restriction on its use' element of the existing definition has been removed. This is to address a regulatory gap created by the emergence of stablecoins minted on public blockchains, where the issuer only intends for it to be used by a subset of the public.

504. The third limb of the FATF's definition of a 'Virtual Asset Service Provider' (transfers of virtual assets on behalf of a customer) will be captured by the new streamlined value transfer services. Please refer to Schedule 8 for further detail on these amendments.

505. For clarity, the intention is that businesses that provide any virtual asset-related designated services are required to register with AUSTRAC as 'registered virtual asset service providers' where the AML/CTF Act's geographical link principle is satisfied.

Part 1—Main Amendments

Anti-Money Laundering and Counter-Terrorism Financing Act 2006

Items 1, 2, 4 and 7

506. These Items repeal the existing definition and associated terminology of 'digital currency' in the AML/CTF Act and replace it with the new terminology of 'virtual asset'.

507. Item 5 inserts the new term 'virtual asset' in the definition of 'property' used in the AML/CTF Act.

508. The definition of 'virtual asset' is provided in Items 16 and 17 of this Schedule (see below). This change aligns with the FATF terminology of 'virtual asset' and allows for a broader understanding of what would constitute these assets than 'digital currency'.

Item 3 – Section 5

509. Item 3 inserts a new definition of the term 'casino' into section 5 of the AML/CTF Act. It establishes that for the purposes of the AML/CTF Act, a casino operating under a license granted under a law of a State or a Territory would not be captured under the definition of 'registrable virtual asset service' and 'registrable remittance service'. New section 12 regarding the definition of a registrable remittance service excludes casinos as defined in the AML/CTF Act, so that they are not required to register as remitters. However, the definition will not capture casinos operating without a licence who provide registrable virtual asset services (see Item 10 of this Schedule), so they will be captured by the AML/CTF regime.

Item 8 – Section 5

510. Item 8 inserts a definition of a 'registered virtual asset service provider' in section 5 of the AML/CTF Act, which replaces the previous terminology of a 'registered digital currency exchange provider', but retains the previous definition, for the purpose of reflecting the changes in terminology. This updated terminology aligns with FATF's nomenclature which uses the term 'Virtual Asset Service Provider'.

Item 9 – Section 5 (definition of registrable digital currency exchange service)

511. Item 9 repeals the existing definition of 'registrable digital currency exchange service' in section 5 of the AML/CTF Act as it is no longer required.

Item 10 – Section 5

512. Item 10 inserts a new definition of 'registrable virtual asset service' in section 5 of the AML/CTF Act. The definition includes the virtual asset-related designated services brought in under items 46A, 50A, 50B and 50C in table 1 of section 6 of the AML/CTF Act. Businesses who offer services regulated under items 29 and 30 in table 1 of section 6 of the AML/CTF Act (see Item 17 of Schedule 8 below) are also required to register, where the transfer of value relates to the transfer of virtual assets.

513. Reporting entities who offer any registrable virtual asset services will be required to register with the AUSTRAC CEO, except where they are a financial institution (such as an ADI, a building society or a credit union) or casino. This is because such businesses are already subject to regulation by APRA, as well as state and territory regulators.

514. Item 10 also provides the AUSTRAC CEO with the power to make AML/CTF Rules to clarify and prescribe what is not a registrable virtual asset service. This is to ensure that the definition of what is not a registrable virtual asset service may remain flexible as the virtual asset sector continues to evolve.

Items 11, 13, 14 and 15

515. These Items amend the definitions of 'registration' and 'threshold transaction' in section 5 of the AML/CTF Act to reflect the new terminology of 'virtual asset'.

Item 12 - Section 5 (definition of stored value card )

516. Item 12 amends the existing definition of a 'stored value card' in section 5 of the AML/CTF Act to clarify the regulatory perimeter of the broad definition of a stored value card.

517. When this term was originally included in the AML/CTF Act, it was drafted to be sufficiently broad to cover virtual cards. However, the breadth of the definition has caused uncertainty. Recommendation 19.1(g) of the 2016 Statutory Review recommended redrafting the definition to provide industry with greater guidance as to what a stored value card can include. This recommendation was addressed as part of the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2017. However, since this amendment, stakeholders have raised that it remains unclear whether the definition captures Keno-related products and accounts. Historically, lotteries and Keno-related products have been explicitly exempted from the AML/CTF Act, as they have been deemed to be low risk. Further, the broad definition has created uncertainty around whether other kinds of accounts, including already regulated bank accounts and gambling accounts, are captured.

518. Chapter 80 of the AML/CTF Rules was introduced as an interim measure to clarify that accounts and cards or other instruments only used for monetary value in relation to a lottery are not captured by the definition of a stored value card. The new definition includes the current exclusions in Chapter 80, as per paragraph (e) and subparagraph (f)(v) of the definition.

519. The new definition largely retains (a) to (c) of the existing definition, with no substantial conceptual changes, but instead updates the exclusions in paragraph (d) to (g) to bring clarification to the broad definition.

520. Item 12 amends the definition by updating paragraph (d) to exclude 'a debit or a credit card', replacing 'a debit card or a credit card (whether real or virtual) linked to an account provided by a financial institution'. The amendment here is to clarify that all debit cards and credit cards, regardless of whether the card has been provided by a bank or non- bank, will be excluded under the definition.

521. Item 12 inserts paragraph (e) which relates to the exclusion of 'an account for the purposes of items 1 to 3 of table 1 in section 6 or items 11 to 13 of table 3 in section 6'. This legislates the exemption in Rule 80.2(1), but provides clarification on the types of accounts that are to be excluded for the purposes of the definition. The intent is that the new account exclusions prevent duplication with the regulation of services related to accounts under section 6 of the AML/CTF Act, being items 1 to 3 from table 1 and designated services items 11 to 13 from table 4. Item 12 also provides in paragraph (f)(i) that unless prescribed by the AML/CTF Rules that 'a thing that is intended to give access to monetary value in a debit card or credit card account' is not to be considered a stored value card. This is similar to the current exclusion under paragraph (e)(i), except that the restriction to debit card or credit card account 'provided by a financial institution' has been removed as per the above.

522. The new paragraph (f)(ii) relating to 'a gaming chip or token, or a betting instrument' will remain an exclusion to the definition (previously paragraph (e)(ii)).

523. New paragraph (f) also adds:

'a virtual asset (whether or not pegged to any currency)' in paragraph (f)(iii), and
'a thing that stores, or gives access to, virtual assets (whether or not pegged to any currency)' in paragraph (f)(iv).

524. This reflects the terminology changes, and clarifies that virtual assets themselves are not stored value cards. This is to address the potential overlaps between a stored value card product and a virtual asset product, and provide clarification when considering new technologies, such as stablecoins which might otherwise be considered to store 'monetary value'.

525. Current Rule 80.2(2) of the AML/CTF Rules is codified in the definition under paragraph (f)(v). This provides that unless prescribed by the AML/CTF Rules, a card or other thing that only stores or provides access to monetary value for the purposes of purchasing an entry into a lottery or redeeming winnings in respect of a lottery where the monetary value is denominated in a currency or pegged by its issuer to a currency stored in a form other than physical currency is excluded.

526. Paragraph (g) retains the rule-making power for the AUSTRAC CEO to exclude things that are not to be taken to be a stored value card, to clarify the regulatory perimeter in response to the emergence of new products and technologies in future.

Item 16 – Section 5

527. Item 16 amends the term 'digital currency' to instead refer to a 'virtual asset' under section 5 of the AML/CTF Act and provides a reference to section 5B for its updated definition (further detailed in Item 17 of this Schedule, see below).

528. Item 16 also introduces the new concept of a 'virtual asset safekeeping service' to the list of definitions in section 5 of the AML/CTF Act. This definition has been included in order to capture limb four of the FATF's definition of a VASP (the safekeeping and administration of virtual assets or instruments enabling control over virtual assets). This limb covers circumstances such as where a VASP holds a virtual asset or private keys to the virtual asset of another person in the course of carrying on a business. This designated service applies where a person has control of the private key associated with virtual assets belonging to another person, as well as persons in a multi-signature arrangement where the holder of the virtual assets needs several digital signatures to perform a transaction from a custodial wallet. The term 'private key' is intended take on its ordinary meaning.[2]

529. The inclusion of the qualification 'under an arrangement between the provider of the service and the customer, or between the provider of the service and another person with whom the customer has an arrangement (whether or not there are also other parties to any such arrangement)' at paragraph (a) in the definition of 'virtual asset safekeeping service' is intended to exclude a person who solely provides a software application (such as a software developer), but does not engage in direct safekeeping or administration of the virtual assets.

530. Item 16 also replaces the term 'Digital Currency Exchange Provider Register' with the term 'Virtual Asset Service Provider Register'. The underlying meaning of this term remains the same and remains in section 76B of the AML/CTF Act.

Item 17 – Before section 6

531. Item 17 inserts an updated definition of a 'virtual asset' into section 5B of the AML/CTF Act. The definition of a 'virtual asset' replaces the definition of 'digital currency', providing greater clarity on the scope of digital representation of value to be regulated for AML/CTF purposes.

532. The new definition replaces the previous definition of digital currency, notably removing the requirement to be generally available to members of the public without any restriction on its use. The updated definition establishes that a virtual asset is a digital representation of value that meets the following criteria:

functions as a medium of exchange, a store of economic value, unit of account or an investment (paragraph 5B(1)(a)),
is not issued by or under the authority of a government body (paragraph 5B(1)(b)), and
can be transferred, stored or traded electronically subparagraph (5B(1)(c)).

533. Section 5B captures the elements of the FATF definition of 'virtual assets' which forms the basis of AML/CTF regulation of VASPs globally. This covers 'a digital representation of value that can be digitally traded, or transferred, and can be used for payment or investment purposes.' Further, 'investment' was not expressly included as a function in the previous definition of 'digital currency'. 'Investment' is intended to take its ordinary meaning.

534. Paragraph 5B(1)(b) excludes Central Bank Digital Currencies and other government- issued virtual currencies from this definition. Consistent with the FATF definition of 'virtual assets' and related FATF guidance, the definition of 'money' in section 5 will be amended to specify that money includes digital representations of value issued by or under the authority of a government body, and intended to function as money. This is outlined in Item 14 of Schedule 8.

535. This Item further clarifies the scope of a 'virtual asset' by inserting a new subsection 5B(2) to establish that a virtual asset is also a digital representation of value that:

enables a person to vote on the management, administration or governance of arrangements connected with a digital representation of value (paragraph 5B(2)(a))
is not issued by or under the authority of a government body (paragraph 5B(2)(b)), and
can be transferred, stored or traded electronically (paragraph 5B(2)(c)).

536. This is intended to capture concepts such as utility and governance tokens, for example, tokens that govern DAOs.[3] Governance tokens have value and can be traded, bought or sold, including by using the services of VASPs. As such, they carry the same level of susceptibility to ML/TF exploitation as other virtual assets.

537. Due to ongoing innovation in the virtual assets sector, subsection 5B(3) empowers the AUSTRAC CEO to make AML/CTF Rules that account for any emerging virtual assets. This will ensure that the AML/CTF regime can respond to emerging technologies that are susceptible to money laundering, terrorism financing or proliferation financing exploitation, and therefore would need to be regulated.

538. Subsection 5B(4) provides a non-exhaustive list of common digital representations of value that are outside the scope of this definition. This includes:

money as currently defined (paragraph 5B(4)(a))
digital representations of value used exclusively within a game (for example, Candy Crush gold bars) (paragraph 5B(4)(b))
customer loyalty or reward points (for example, FlyBuys, Qantas Frequent Flyer points) (paragraph 5B(4)(c))
similar digital representations of value that are not intended by the issuer to be convertible into another similar digital representations of value or money (paragraph 5B(4)(d)), and
digital representations of value prescribed by the AML/CTF Rules (paragraph 5B(4)(e)).

Item 18 – Subsection 6(2) (after table item 46)

539. Item 18 inserts new item 46A into table 1 of section 6 of the AML/CTF Act, which constitutes the fourth limb of FATF's definition of a 'Virtual Asset Service Provider'. This designated service should apply to any entity that provides a safekeeping service for virtual assets or private keys, per the above definition of a virtual asset safekeeping service. This would include having the ability to hold, trade, transfer or spend the virtual asset per the owner or user's instructions. For clarity, this does not capture the provision of ancillary infrastructure, such as operators offering cloud data storage.

540. Item 46A does not capture where a professional service provider engages in the activities captured by this designated service, for example, storing a client's virtual assets cold wallet in the professional service provider's safe, unless they are doing so in the course of carrying on a business as a VASP. Similar activities are captured in Part 3 of Schedule 3 in the new 'professional service provider' designated service table in order to cover businesses who may offer such services, but are not VASPs.

Item 19 – Subsection 6(2) (table item 50A)

541. Item 19 updates existing item 50A in table 1 of section 6 of the AML/CTF Act to reflect the new terminology of 'virtual asset', and introduces the concept of 'making arrangements for the exchange of'. The latter amendment intends to reflect, in combination with new item 50C discussed below at Item 20 of this Schedule, the FATF Recommendation 15 requires regulation of the participation in, and provision of, financial services related to an issuer's offer and sale of a virtual asset.

Item 20 – Subsection 6(2) (after table item 50A)

542. Item 20 inserts two new designated services specific to VASPs. These are intended to cover the second and fifth limbs of the FATF definition of a 'Virtual Asset Service Provider'.

543. Item 20 inserts new item 50B in table 1 of section 6 of the AML/CTF Act, which constitutes the second limb of the FATF definition of a 'Virtual Asset Service Provider' . This service captures where a VASP exchanges one virtual asset for another virtual asset. The intention of new item 50B is to capture the exchange of virtual assets of the same type (for example, Bitcoin exchanged for Bitcoin) or of a different type (for example, Bitcoin exchanged for Ether). The coverage of exchanging virtual assets of the same type is necessary to address the issue of 'mixing' or 'tumbling' virtual assets to obscure traceability. A VASP would not have to provide every element of the exchange or transfer to have their activity captured by this service. For example, captured activities would include acting as a principal, a central counterparty for clearing or settling transactions, an executing facility, or another intermediary facilitating the transaction.

544. Item 20 also inserts new item 50C into table 1 of section 6 of the AML/CTF Act to regulate businesses providing financial services ancillary to initial coin offerings and other situations in which an issuer offers or sells a virtual asset. For example, this could capture businesses accepting purchase orders and funds and buying virtual assets from an issuer to resell and distribute the funds or assets, in addition to underwriting, market making and placement agent activities. The requirement for a business to 'participate' in the offer or sale is intended to exclude incidental financial services such as a bank simply processing payments for their customers to purchase virtual assets under an issuer's offer or sale of a virtual asset if the bank is not otherwise involved in the offer or sale. The sole act of issuing a virtual asset entirely on its own would not be captured by the Item 50C designated service. Issuers who exchange the issued virtual assets (either for money or another virtual asset) or transfer it on behalf of customers will instead be captured under the designated services in items 50A or 50B of table 1 of section 6, or under the designated services relating to the transfer of value in items 29 or 30 (please see Item 17 of Schedule 8 for further detail).

Items 21 to 23 and 25 to 54

545. These Items make amendments to a number of existing provisions of the AML/CTF Act to reflect the new terminology of 'virtual asset'.

Item 24 – Section 19

546. Item 24 makes amendments to the terminology in section 19 of the AML/CTF Act to establish that in determining whether the value of a virtual asset is not less than an Australian dollar amount, the value of the virtual asset is to be translated to Australian currency in accordance with the method specified in the AML/CTF Rules. This is required for the application of potential penalties.

Part 2—Contingent Amendments

Proceeds of Crime Act 2002

Item 55 – Section 338 (paragraph (ea) of the definition of account )

547. This Item repeals paragraph (ea) in the definition of account in section 338 of the Proceeds of Crime Act 2002 (POCA) and substitutes it with a new paragraph that uses terminology associated with virtual assets. Paragraph (ea) would be inserted into the POCA following the commencement of the Crimes and Other Legislation Amendment (Omnibus No. 1) Act 2024 and uses terminology such as 'digital currency' or 'digital currency exchange'.

Item 56 – Section 338 (paragraph (h) of the definition of account )

548. This Item repeals paragraph (h) of the definition of account in section 338 of the POCA and substitutes it with a new paragraph that uses terminology associated with virtual assets. Paragraph 388(h) would be inserted into the POCA following the enactment of the Crimes and Other Legislation Amendment (Omnibus No. 1) Act 2024 and refers to an account relating to 'digital currency'.

Item 57 – Section 338 (definitions of digital currency

and digital currency exchange )

549. This Item repeals the definitions of 'digital currency' and 'digital currency exchange' in section 338 of the POCA. These definitions will be inserted into the POCA following the commencement of the Crimes and Other Legislation Amendment (Omnibus No. 1) Act 2024, however, are no longer required nor appropriate.

Item 58 – Section 338 (paragraph (i) of the definition of financial institution )

550. This Item omits 'digital currency exchange' in section 338 of the POCA and substitutes it with 'registrable virtual asset service'. Paragraph (i) will be inserted into the POCA following the commencement of the Crimes and Other Legislation Amendment (Omnibus No. 1) Act 2024.

Item 59 – Section 338

551. This Item inserts two definitions in section 338 of the POCA relating to a 'registrable virtual asset service' and a 'virtual asset'.

SCHEDULE 7 - DEFINITION OF BEARER NEGOTIABLE INSTRUMENT

552. This Schedule clarifies which monetary instruments are captured by the definition of a 'bearer negotiable instrument' and its subsequent reporting requirements.

Item 1 – Section 17

553. This Item repeals the current definition of a 'bearer negotiable instrument' in section 17 of the AML/CTF Act and replaces it with a new definition. The former definition had been longstanding, having been drawn from the FTR Act. This amendment aligns the AML/CTF Act definition with the FATF definition of 'bearer negotiable instrument', by clarifying the conditions that would apply if an instrument is captured by the definition. It also retains a non-exhaustive list of the kinds of instruments that may be captured under the definition.

554. New section 17 clarifies that the definition of 'bearer negotiable instrument' only captures an instrument that is 'payable to bearer', meaning that title to the instrument passes on delivery of the instrument. For example, this may include a money order that has been signed but does not include a payee's name. An instrument is also payable to bearer if it is endorsed without restriction, or is payable to a fictitious person.

555. The new definition of 'bearer negotiable instrument' does not extend to an instrument that is 'non-bearer' or 'non-negotiable'. For example, a cheque directed to a specific payee and specific instructions, is not captured by the new definition. This ensures that the scope of the AML/CTF Act's definition of bearer negotiable instrument is appropriately tailored to the associated money laundering and terrorism financing risk.

556. New section 17 outlines a non-exhaustive list of the kinds of instruments that are captured when payable to bearer. This includes a:

bill of exchange
cheque
promissory note
bearer bond
traveller's cheque
money order, postal order or similar order, or
negotiable instrument not covered by any of the above.

557. As 'bearer negotiable instruments' are 'monetary instruments' as defined in section 5 of the AML/CTF Act, they are subject to Australia's cross-border movement reporting framework (established in Part 4 of the AML/CTF Act). The policy intention of amending the definition of bearer negotiable instrument is to reduce the burden of regulatory compliance with the cross-border movement reporting framework. This would be done by reducing the volume of bearer negotiable instruments that will be reportable under the AML/CTF Act, while appropriately managing the money laundering and terrorism financing risk associated with bearer negotiable instruments. The FATF definition of a bearer negotiable instrument does not intend for instruments that are 'non-bearer' or 'non-negotiable' to be captured by a country's cross-border movement reporting requirements. Consequently, the amended definition of a bearer negotiable instrument based on the FATF definition will provide greater clarity to reporting entities as to what types of instruments require reporting. This amendment also responds to stakeholder feedback received during the consultation processes.

SCHEDULE 8 - TRANSFERS OF VALUE AND INTERNATIONAL VALUE TRANSFER SERVICES

558. This Schedule would amend Part 5 of the AML/CTF Act to streamline the existing concepts relating to transfers of value. The amendments streamline the regulation of telegraphic transfers, remittances, virtual asset transfers, and other transfers of value to ensure consistency between different types of businesses providing similar services. In addition, this Schedule will ensure the end-to-end transparency of payments or value transfers is in line with FATF Recommendations 15 (relating to virtual assets) and 16 (relating to financial institutions and remitters). Additionally, it will update the international funds transfer instruction (IFTI) reporting regime to reduce the complexity of applying these obligations to modern, highly integrated and diversified payment services.

Transfers of value

559. This Schedule removes the outdated distinction between transfers of value for financial institutions and those by remittance service providers. This distinction has caused significant challenges for payment service providers in interpreting their AML/CTF obligations. The distinction between these transfers of value has resulted in four different designated services in the current Act:

transfers of value facilitated by financial institutions, which are subject to both electronic funds transfer instructions (EFTI) and IFTI obligations, and
transfers of value to a payee and from a payer facilitated by non-financial institutions, referred to as a 'designated remittance arrangement' which is only subject to IFTI obligations.

560. Further, this Schedule adds transfers of value relating to virtual assets, which have been required by the FATF Standards since 2019.

Travel rule obligations

561. FATF recommendation 16 requires that certain information about the payer and payee be transmitted with telegraphic transfers, remittances, transfers of virtual assets and other similar transfers of value. This is colloquially known as the 'travel rule', and is intended to support end-to-end transparency of value transfers. This transparency supports businesses providing value transfer services in managing and mitigating their money laundering and terrorism financing risks and sanctions risks, and to make information available to law enforcement authorities in appropriate circumstances.

562. Travel rule requirements are currently referred to as EFTIs in the AML/CTF Act. This Schedule updates the existing EFTI requirements to better align with FATF Recommendations 15 and 16 by extending the requirement to all entities that provide a value transfer designated service, instead of previously limiting EFTI requirements to financial institutions. The streamlined value transfer designated services will trigger the travel rule obligation for financial institutions, remittance service providers and VASPs for both domestic and cross-border transfers.

563. This Schedule removes various concepts of funds transfer, including the concept of an 'electronic funds transfer instruction' (Item 6) and its associated concepts of 'multiple institution person-to-person', 'multiple institution same person', 'same institution person-to- person' and 'same institution same person' (Item 13). Instead, the travel rule obligations are set out in the updated obligations for ordering institutions, intermediary institutions and beneficiary institutions.

564. These new definitions of ordering institutions, intermediary institutions and beneficiary institutions are intended to support the concept of the value transfer chain, and to provide a simplified understanding for entities regarding their responsibilities regarding the transmittal of travel rule information.

565. In accordance with FATF Recommendations 15 and 16, the following obligations are set out in this Part for the relevant institution in the value transfer chain:

collection of travel rule information and verifying payer details, where not already verified, for the ordering institution,
transmitting travel rule information for ordering and intermediary institutions, and
keeping records of travel rule information, screening value transfer messages for missing travel rule information and taking appropriate action for all institutions.

566. FATF Recommendation 16 also requires payee information to be included with transfers of value, not only payer information, which is currently the case in the AML/CTF Act. However, as Recommendation 16 is currently under review by the FATF, the information to be included with the transfers of value is subject to be changed. As such, this Schedule does not detail the information to be included with transfers of value and instead includes rule-making power for the AUSTRAC CEO to establish what information must accompany transfers of value for when the changes to Recommendation 16 are concluded. This Part also inserts a rule-making power for travel rule exemptions due to the changes to Recommendation 16.

567. The powers throughout this Schedule to make AML/CTF Rules to specify different types of information to be transmitted in different circumstances also recognises that until some legacy domestic payment systems[4] are decommissioned in coming years, technical limitations will prevent the transmission of information about the payer and payee in some circumstances.

568. This Schedule also introduces limited travel rule obligations where virtual asset transfers are in relation to and from a self-hosted wallet, acknowledging the limitations in obtaining travel rule information in these scenarios - as transfers of virtual assets can be unilaterally transferred both within and outside regulated institutions without the consent of the recipient of the virtual asset wallet holder.

Part 1—Transfers of value

Anti-Money Laundering and Counter-Terrorism Financing Act 2006

Items 1 to 3 – Section 4

569. These Items amend existing section 4 of the AML/CTF Act, which contains the simplified outline for the AML/CTF Act.

570. Item 1 omits 'electronic funds transfer instructions' and replaces it with 'transfers of value' in section 4. This terminology change is required given the revised obligations for ordering institutions, intermediary institutions and beneficiary institutions.

571. Item 2 omits 'transferred money' and replaces it with 'transferred value'. This is to reflect that the value transfer concept now includes virtual assets, which do not fall into the definition of money.

572. Item 3 omits 'registrable designated remittance services' and replaces it with 'registrable remittance services' in section 4 of the AML/CTF Act to reflect the changes in terminology as result of removing the concept of a 'designated remittance arrangement' to streamline the value transfer designated services.

Item 4 – Section 5 (definition of batched electronic funds transfer instruction )

573. Item 4 repeals the definition of 'batched EFTIs' from section 5 of the AML/CTF Act. The information that must be passed on with batched value transfers will be specified in the AML/CTF Rules to align with FATF Recommendation 16.

Item 5 – Section 5 (definition of beneficiary institution )

574. Item 5 repeals the existing definition of 'beneficiary institution' in section 5 of the AML/CTF Act, which is no longer required due the new definition detailed in Item 22 of this Schedule (see below).

Item 6 – Section 5

575. Item 6 repeals the definitions of 'complete payer information', 'designated remittance arrangement' and 'electronic funds transfer instruction' in existing section 5 of the AML/CTF Act to streamline transfers of value. The travel rule obligations will now be set out in the updated obligations for ordering institutions, intermediary institutions and beneficiary institutions, as outlined in Item 22 of this Schedule.

576. Item 6 repeals the existing definition of 'funds transfer chain' to be replaced by an updated concept and definition of 'value transfer chain' by Item 22 of this Schedule.

Item 7 – Section 5

577. Item 7 inserts definitions of 'institution' and 'intermediary institution' in section 5 of the AML/CTF Act, which take their meaning from new section 63A of the AML/CTF Act (to be inserted by Item 22 of this Schedule).

Item 8 – Section 5

578. Item 8 repeals the definitions of 'multiple-institution person-to-person electronic funds transfer instruction', 'multiple-institution same-person electronic funds transfer instruction' and 'non-financier' in section 5 of the AML/CTF Act as they are no longer required under the streamlined value transfer designated services.

Item 9 – Section 5 (definition of ordering institution )

579. Item 9 repeals the existing definition of 'ordering institution' in section 5 of the AML/CTF Act to allow for the new definition that will take meaning with reference to new subsections 63A(1) to (4) (to be inserted by Item 22 of this Schedule).

Item 10 – Section 5

580. Item 10 repeals the definitions of 'payer' and 'payee'. The current definitions are based on the payer or payee's role in the kinds of funds transfer instructions that would be repealed by the amendments in Items 8 and 13 of this Schedule.

581. The intention is that 'payee' and 'payer' are to take on their ordinary meaning where used in the AML/CTF Act.

Item 11 – Section 5 (definition of registrable designated remittance service )

582. This item repeals the existing definition of a 'registrable designated remittance service' in section 5 of the AML/CTF Act, which is replaced a new definition of 'registrable remittance service' (to be inserted by Item 12 of this Schedule).

Item 12 – Section 5

583. Item 12 inserts a simplified definition of 'registrable remittance service' in section 5 of the AML/CTF Act. This definition is intended to cover a designated service that:

is covered by item 29 and 30 of table 1 in section 6,
is provided by a person (other than a financial institution or casino) at or through a permanent establishment of the person in Australia,
does not involve a transfer of virtual assets, and
is anything prescribed by the rule-making power to be excluded from the definition of 'registrable remittance service'.

584. The definition of 'registrable remittance service' is intended to exclude financial institutions or casinos from having to register as a 'registrable remittance service', because these institutions are already required to be authorised or licensed by other authorities, such as APRA or state and territory gambling regulators. It also excludes the transfer of virtual assets, as this will be captured under the definition of 'registrable virtual asset service' instead. The rule-making power will give the AUSTRAC CEO the ability to specify other of entities that are not considered a 'registrable remittance service' for the purpose of registration.

Item 13 – Section 5

585. Item 13 repeals the existing definitions of 'remittance arrangement', , 'same- institution person-to-person electronic funds transfer instruction', and 'same-institution same-person electronic funds transfer instruction' in section 5 of the AML/CTF Act as these concepts are no longer needed in light of the streamlined value transfer designated services.

586. Item 13 also repeals the definitions of 'tracing information' and 'required transfer information' in section 5 of the AML/CTF Act. Instead, in the relevant provisions in the AML/CTF Act, the amendments in this Schedule provide the AUSTRAC CEO the power to make rules in relation to the travel rule information to accompany the transfer of value. This is required as a result of FATF's current review of Recommendation 16.

Item 14 – Section 5

587. Item 14 inserts a new concept and definition of 'transfer message' in section 5 of the AML/CTF Act, which means a message that contains information relating to the content of the payer's instruction for the transfer of value. The new definition also provides the AUSTRAC CEO the power to make rules that exclude types of messages to clarify the definition.

588. Item 14 also inserts a new definition of a 'transfer of value' in section 5 of the AML/CTF Act, which includes a transfer of money, virtual assets and other property to reflect the range of transfers to be captured as required by FATF Recommendation 16. The definition excludes a transfer of physical currency or other tangible property and provides a rule-making power to clarify the scope and operation of the definition where transfers of value continue to evolve, and unanticipated scenarios emerge.

589. The intention of this definition is, where it refers to property, to cover the transfer of the value of property. For example, the definition will cover the surrender of gold bullion in one place and the making available of equivalent gold bullion in another. However, it will not cover the physical transportation of gold bullion.

Item 15 – Section 5

590. Item 15 removes the existing definitions of 'transferor entity', 'ultimate transferee entity' from the AML/CTF Act as they will be superseded by the simplified institutions involved in the value transfer chain.

591. Item 15 also removes the definition of a 'unique reference number'. This was previously used as part of the information required to be included in EFTIs. This information would instead be provided in the AML/CTF Rules, as details pertaining to the travel rule information to accompany a value transfer is yet to be settled in FATF discussions on Recommendation 16.

Item 16 – Section 5

592. Item 16 inserts a definition of 'value transfer chain' that will take its meaning from new section 63A(11) of the AML/CTF Act (to be inserted by Item 22 of this Schedule).

Item 17 – Subsection 6(2) (table items 29 to 32)

593. Item 17 repeals designated service items 29 to 32 in table 1 of section 6 of the AML/CTF Act that relate to financial institutions and non-financial institutions. Two unified value transfer designated services (new items 29 and 30 in table 1) that apply to transfers of value on behalf of a customer will be created. This will ensure consistent requirements for reporting entities that perform a similar designated service regardless of whether the transfer of value involves financial institutions, remittance service providers or VASPs.

594. Item 17 inserts designated service item 29 in table 1 of section 6 which relates to an ordering institution accepting an instruction for the transfer of value on behalf of a payer.

595. Item 17 also inserts designated service item 30 in table 1 of section 6 which relates to a beneficiary institution making the transferred value available to the payee. For clarity, this designated service intends to include scenarios where a remittance service provider makes cash available to a payee who was not previously a customer, for example, by having the payee come into their office to receive the money.

596. Item 17 also introduces a new limited designated service for intermediary institutions under designated service item 31 in table 1 of section 6 so that broader AML/CTF obligations such as managing and mitigating risk and suspicious matter reporting apply where they take an active role of receiving and passing on a value transfer message between an ordering institution and beneficiary institution. Intermediary institutions will be required to undertake ML/TF risk assessments and develop, maintain and comply with AML/CTF policies to mitigate such risks. However, they will have only limited CDD obligations under new section 39F (detailed in Item 7 of Schedule 10, see below), such as. monitoring for transactions or behaviours that may give rise to SMR obligation. This is in recognition of the fact that intermediary institutions do not have a direct relationship with either the payer or payee in a value transfer chain.

597. Item 17 is supported by the updated definitions of 'ordering institution', 'beneficiary institution', and 'intermediary institution' in section 5 of the AML/CTF Act (to be inserted by Item 22 of this Schedule).

Item 18 – Subsection 6(2) (table item 32A) (table item 32A, column headed "Provision of a designated service", paragraph (a))

598. Item 18 makes consequential amendments to designated service item 32A of table 1 in section 6 which relates to the operations of a remittance network provider, omitting the previous remittance-related services in items '31 or 32' and substituting with items '29 or 30' to reflect the changes to the value transfer designated services.

Item 19 – Subsection 6(2) (table item 32A, column headed "Provision of a designated service", paragraph (b))

599. Item 19 makes consequential amendments omitting the repealed term of 'non- financier' and substituting it with 'not a financial institution'. 'Financial institution' is defined in section 5 of the AML/CTF Act.

Item 20 – Sections 8 to 10

600. Item 20 repeals current sections 8 to 10 of the AML/CTF Act, which relate to 'person-to-person electronic funds transfer instructions', 'same-person electronic funds transfer instructions' and 'designated remittance arrangements' as a result of streamlining the value transfer designated services to remove the distinction between transfers of value facilitated by financial institutions and non-financial institutions.

Item 21 – Part 5 (heading)

601. Item 21 makes a consequential amendment to the heading of 'Part 5' to 'Part 5 – Obligations relating to transfers of value' to incorporate the simplified value transfer concept.

Item 22 – Divisions 1 to 3 of Part 5

602. Item 22 repeals and replaces Divisions 1–3 of Part 5 of the AML/CTF Act.

603. New Division 1 of Part 5 (section 63) provides a simplified outline and the key terms used throughout the new Part. While this simplified outline is included to assist a reader's understanding of the substantive provisions to follow, it is not intended to be comprehensive. Readers are advised to rely on the substantive provisions for full comprehension.

604. New section 63A provides key terms relating to transfers of value. These terms include 'value transfer chain', and the institutions that are taken to form said value transfer chain. Those institutions include the 'payer', 'payee', 'ordering institution', 'beneficiary institution', and 'intermediary institution'.

Ordering institution

605. An ordering institution is generally the institution in a value transfer chain that accepts the instruction from the payer, whether directly or indirectly. In recognition of the wide variety of value transfer services and methods of providing them, subsection 63A(1) sets out a mechanism to determine which institution, in any value transfer chain, is the ordering institution. Subsection 63A(1) clarifies that an ordering institution is an entity in a value transfer chain to satisfy a criterion set out in subsection 63A(2), with a criterion higher in the list taking priority over subsequent criteria. For clarity, the intention is that 'the first person to satisfy' does not relate to the first at a point in time but rather the first criterion to be satisfied in the list outlined in subsection 63A(2).

606. For example, if the criterion satisfied by Person A in subsection 63A(2) is at paragraph (a) and the criterion satisfied by Person B in subsection 63A(2) is at paragraph (d), the ordering institution would be Person A.

607. The listed criteria in subsection 63A(2) are intended to reflect the reality that transfers of value are done by different businesses in different ways, and therefore different entities may be the ordering institution for AML/CTF purposes. For example, some payment businesses do not hold the funds that they transfer on behalf of customers, but may instead be authorised to draw these funds from a linked bank account. This payment business would fall under criterion at paragraph 63A(1)(b) above and be an ordering institution for AML/CTF purposes. This may be distinguished from services which only pass on a request to the ordering institution to transfer funds, but are not involved in the transfer itself, under an arrangement with the ordering institution rather than by establishing a customer relationship with the payer.

608. In many cases, a series of related value transfers may involve multiple value transfer chains, with multiple payers instructing different institutions in relation to different value transfers. For example, an Australian resident may instruct an Australian remitter to transfer value to a relative offshore via an overseas remitter. The Australian remitter may separately instruct its bank to transfer money to the overseas remitter's bank account, before the offshore remitter makes the money available to the overseas relative. In this case, there will be two value transfer chains—one triggered by the Australian resident's instruction to the remitter, and one triggered by the Australian remitter's instruction to its bank. However, depending on the facts, if the Australian remitter had an arrangement with its bank under which it 'passed on' the transfer message to its bank, rather than issuing a separate instruction, there may be a single value transfer chain.

609. Subsection 63A(3) provides the AUSTRAC CEO the ability to make rules for additional criteria to be stipulated in paragraph 63A(2)(e) and which entity would constitute the 'ordering institution'. This is intended to provide flexibility given the evolving nature of payments and to cover those unanticipated emerging scenarios. It also provides the AUSTRAC CEO the ability to specify the order of priority where there is more than one criterion set out in the AML/CTF Rules.

610. The updated concept of an 'ordering institution' is intended to include what was previously captured under a designated remittance arrangement and is extended to VASPS to ensure the technology neutrality of the AML/CTF Act.

611. Subsection 63A(4) clarifies the scope of what would constitute an ordering institution by excluding most value transfers that are done incidentally to the provision of another service, unless the ordering institution is a:

a financial institution (63A(4)(a)(i)),
a business providing an international value transfer service incidentally to a designated service covered by item 50, 50A or 50B of table 1 in section 6 (63A(4)(a)(ii)), or
a business providing an international value transfer service incidentally to a gambling service (contained in table 3 of section 6) (63A(4)(a)(iii)).

612. New subsection 63A(4) is intended to address the regulatory uncertainty created by the current broad definition of 'designated remittance arrangement' in section 10 of the AML/CTF Act. As a measure to confine the regulatory perimeter of who is a 'remitter', the incidental remittance exception is not relevant to financial institutions—the scope of businesses that constitute financial institutions in Australia is already clearly defined.

613. The treatment of international value transfer services incidental to currency exchange and gambling services will ensure such activities continue to trigger international value transfer service reporting obligations where previously they triggered IFTI reporting obligations. For example, a customer may request a currency exchange business to accept Australian dollars in Sydney and make pounds sterling available in London—the currency exchange business would be an ordering institution and providing a value transfer service. With the introduction of such reporting for virtual asset transfers, the equivalent virtual asset exchange services that are incidental to an international value transfer service will be treated in the same way as international value transfer services incidental to currency exchange services.

614. Further, paragraph 63A(4)(b) provides the AUSTRAC CEO with the ability to make rules that further exclude persons from the definition of 'ordering institution'.

615. When considering if a transfer is incidental to the provision of another service, the question to consider is whether the other service is a type of value transfer service, in which case it is irrelevant to consider whether the value transfer is incidental. However, if the other service is of a different nature (for example, managing a fleet of cars), then the transfer of value will be excluded.

Beneficiary institution

616. Subsection 63A(5) defines a 'beneficiary institution', and clarifies that a beneficiary institution is the person who is the first person in a value transfer chain to satisfy the highest priority criterion set out in subsection 63(6).

617. Subsection 63A(6) provides the criteria in descending order of priority for the purposes of subsection 63A(5). The inclusion of 'in descending order of priority' in subsection 63A(6) is intended to further clarify the operation of subsection 63A(5), similar to that in subsection 63A(1) for 'ordering institutions', The intention of providing the various criteria in subsection 63A(6) is to reflect the reality that value can be made available to the payee by different businesses in different ways, but that it is still necessary to designate a 'beneficiary institution' for AML/CTF purposes.

618. New subsection 63A(6) allows the AUSTRAC CEO to make rules that provide exclusions to the definition of 'beneficiary institution'.

619. Subsection 63A(7) provides the AUSTRAC CEO the ability to make rules for additional criteria to be stipulated in paragraph 63A(6)(e) for where a person would constitute a 'beneficiary institution'. This is to acknowledge the evolving nature of payments and to cover for emerging scenarios. It also provides the AUSTRAC CEO the ability to make rules that specify the order of priority where there is more than one criterion set out in the AML/CTF Rules.

620. Subsection 63A(8) also clarifies the scope of the definition of a 'beneficiary institution' by excluding most value transfers that are done incidentally to the provision of another service. The only exceptions of the incidental remittances to be captured are transfers of value involving:

a financial institution (63A(8)(a(i))
a business providing an international value transfer service incidentally to a designated service covered by item 50, 50A or 50B of table 1 in section 6 (63A(8)(a(ii)), or
a business providing an international value transfer service incidentally to a gambling service (contained in Table 3 of section 6) (63A(8)(a(iii)).

621. These exceptions to the incidental remittance provisions are intended to bring them in scope for reporting obligations under international value transfer services.

622. The definition of a 'beneficiary institution' excludes most value transfers that are done incidentally to the provision of another service (not just a designated service). When considering if a transfer is incidental to the provision of another service, consider whether the other service is a type of value transfer service or if the service is of a different type, in which case the transfer of value will be excluded.

623. The updated concept of a 'beneficiary institution' includes what was previously captured under a designated remittance arrangement and is extended to VASPS to supplement the technology neutrality of the AML/CTF Act.

Intermediary institution

624. New subsection 63A(9) provides an updated definition of 'intermediary institution', which means a person who, in the course of carrying on a business receives and passes on a message in a value transfer chain. The intention is to capture those intermediary institutions that take a more active role in 'passing on' a value transfer message to another institution in the value transfer chain.

625. Paragraph 63A(10)(a) clarifies the scope of the definition of 'intermediary institution' to exclude businesses that solely provide messaging infrastructure to allow ordering and beneficiary institutions to communicate with each other. In this context, a 'message' is intended to mean the communication of the elements of the payer's instruction that are passed on to other institutions in the value transfer chain. Here the term 'instruction' is intended to refer to the request from the payer to the ordering institution, which triggers the start of a value transfer chain.

626. Further, paragraph 63A(10)(b) provides the AUSTRAC CEO the ability to make rules to exclude a person from the definition of an 'intermediary institution'.

Value transfer chain

627. New subsection 63A(11) provides the simplified 'value transfer chain' that replaces the previous concept of a 'funds transfer chain'.

628. Replacing the concept of 'funds transfer chain' with that of a 'value transfer chain' is intended to make the AML/CTF Act technology neutral. The concept of value includes money, property and virtual assets and recognises the array of businesses that provide these services.

629. An example of the operation of the value transfer chain includes where a customer (the payer) instructs their bank (the 'ordering institution') to transfer money to the account of another bank (the 'beneficiary institution') that is held on behalf of another person (the payee). Any correspondent bank between the payer's bank and the payee's bank would be intermediary institutions.

630. New subsection 63A(12) provides that each person in the value transfer chain is considered to be an institution. Further, subsection 63A(13) clarifies that a single person or business may be the same institution for the purposes of the value transfer chain.

631. For example, a person may seek to have money from a bank account in Australia made available to them via a correspondent bank in the United Kingdom when they travel. The person would be the payer and the payee. Likewise, if a customer seeks to move funds from one bank account to another held with the same bank, the bank would be both the ordering and beneficiary institution.

New Division 2—Obligations of institutions

632. Item 22 also inserts a new Division 2 that relates to obligations of institutions which outlines the travel rule obligations required by each institution along the value transfer chain.

New section 64 – Obligations of ordering institutions

633. New section 64 relates to the obligations of ordering institutions. Subsection 64(1) provides that the obligations apply if an ordering institution commences to provide the designated service covered by item 29 of table 1 in section 6. Note 1 provides that there may be exemptions to satisfying the obligations in this section under section 67. Note 2 provides other obligations that ordering institutions may have under the Autonomous Sanctions Act 2011 and the Charter of the United Nations Act 1945 in relation to persons designated for targeted financial sanctions.

634. Subsection 64(2) provides that before the ordering institution passes on a value transfer message, the ordering institution must have collected and verified information specified in the AML/CTF Rules. Where an ordering institution has already collected and verified information about its customer (that is, the payer), for example under CDD obligations, it should not be required to do so again.

635. The rule-making powers in paragraphs 64(2)(a) and (b) provide the AUSTRAC CEO the ability to specify the information the ordering institution must have collected and verified. The information specified for collection and the information specified for verification may be different as, for example, the ordering institution would not be required to verify information collected about the payee unless the payee is also the ordering institution's customer and initial CDD is triggered under new section 28. Further, the ability to specify information in the AML/CTF Rules provides flexibility for any future changes that may be made to FATF Recommendation 16, noting it is currently undergoing review by the FATF.

636. Subsection 64(3) provides that the ordering institution must pass on information specified in the AML/CTF Rules to the next institution in the value transfer chain, where the ordering institution and beneficiary institution are not the same person. The intention is not, however, to mandate the ordering institution to give effect to the payer's instruction where it determines in accordance with its AML/CTF program or for some other reason that is should not. If the ordering institution does decide to provide the value transfer service it must pass on the information specified in the AML/CTF Rules. For clarity, the intention is that where an ordering institution cannot comply with subsection 64(3), it must not pass on the information (subject only to the exception for virtual asset transfers which are outlined below in relation to new section 66A of the AML/CTF Act to be inserted by Item 22 of this Schedule).

637. Subsection 64(4) provides that where the value transfer message does not give effect to the transfer of value, the message must be passed on before or at the same time as, the ordering institution gives effect to the transfer of value. For example, where a virtual asset transfer is made on the Blockchain, the message must be passed on before, or at the same time as, the ordering institution giving effect to the actual transfer of value.

638. Subsection 64(5) provides that the ordering institution must provide the information specified by the AML/CTF Rules for the purposes of subsection 64(3) to another institution in the value transfer chain as soon as practicable after receiving a request from the institution for that information. This subsection provides other institutions in the value transfer chain the ability to request information for the purpose of subsection 64(3) from the ordering institution.

639. Subsection 64(6) provides that the AUSTRAC CEO may make different rules in relation to different kinds of institutions, information, circumstances or any other matter for the purposes of subsection 64(3). The intention of the broad rule-making power is to provide for flexibility to account for future changes that may be made to FATF Recommendation 16, noting it is currently being reviewed by the FATF.

640. Subsection 64(7) provides that subsection 64(2), (3) and (5) are civil penalty provisions. These penalties are outlined in Division 2 of Part 15 of the AML/CTF Act. The maximum civil penalty under the AML/CTF Act is set at the highest amount allowed, which is 100,000 penalty units for a corporation and 20,000 penalty units for individuals. While the penalties can be substantial, AML/CTF enforcement actions can involve serious systemic failures by a reporting entity where the number of contraventions is immeasurable. The amount of any civil penalty will be determined by the court. Courts will decide the appropriate penalty (subject to the statutory maximum) based on the circumstances of a contravention. In determining the appropriate amount for a civil penalty, the courts will consider the impact of these violations on the Australian community, the financial system, and law enforcement efforts.

New section 65 – Obligations of beneficiary institutions

641. New section 65 sets out the obligations of beneficiary institutions. Subsection 65(1) notes this section applies to a beneficiary institution providing designated service item 30. Note 1 states there may be exemptions to this under section 67.

642. Subsection 65(2) outlines the obligation of a beneficiary institution to take reasonable steps to monitor whether it has received the information specified in the AML/CTF Rules in relation to the transfer of value (subsection 65(2)(a)), and whether the information received about the payee is accurate (subsection 65(2)(b)).

643. In recognition of the volume of value transfers, this obligation is restricted to 'reasonable steps', which could include sampling of transfer messages and other assurance activities, as opposed to reviewing every transfer message individually.

644. Subsection 65(3) imposes the obligation on the beneficiary institution (in accordance with its AML/CTF program) to do at least one of the following where the beneficiary detects that it has not received all of the information mentioned in paragraph 65(2)(a) or that some or all of the information is inaccurate:

refuse to make the transferred value available to the payee, unless until the issue is resolved (65(3)(a)), or
to make the transferred value available and take such other action as the beneficiary institution determines 65(3)(b)).

645. A beneficiary institution acting under this obligation in good faith will not be liable due to the protection from liability offered by section 235 of the AML/CTF Act.

646. Subsection 65(4) provides the AUSTRAC CEO with a power to make rules to provide for flexibility when the review of FATF Recommendation 16 is settled. Further, the rule- making power may be used to make AML/CTF Rules to specify a more limited set of information. This may be needed due to the decommissioning of the Bulk Electronic Clearing System (BECS).

647. Subsection 65(5) provides that subsection 65(2) is a civil penalty provision. These penalties are outlined in Division 2 of Part 15 of the AML/CTF Act. The maximum civil penalty under the AML/CTF Act is set at the highest amount allowed, which is 100,000 penalty units for a corporation and 20,000 penalty units for individuals. While the penalties can be substantial, AML/CTF enforcement actions can involve serious systemic failures by a reporting entity where the number of contraventions is immeasurable. The amount of any civil penalty will be determined by the court. Courts will decide the appropriate penalty (subject to the statutory maximum) based on the circumstances of a contravention. In determining the appropriate amount for a civil penalty, the courts will consider the impact of these violations on the Australian community, the financial system, and law enforcement efforts.

New section 66 – Obligations of intermediary institutions

648. Subsection 66(1) provides that the obligations apply if an intermediary institution provides the limited designated service covered by item 31 of table 1 in section 6. Note 1 provides that there may be exemptions to satisfying the obligations in this section under section 67, as well as providing in note 2 other obligations that intermediary institutions may have under the Autonomous Sanctions Act 2011 and the Charter of the United Nations Act 1945 in relation to persons designated for targeted financial sanctions.

649. Subsection 66(2) outlines the obligation for intermediary institutions to take reasonable steps to monitor whether they have received the information specified in the AML/CTF Rules in relation to the transfer of value. In accordance with FATF Recommendation 16, this obligation should be distinguished from the same obligation applicable to beneficiary institutions.

650. In recognition of the volume of value transfers, this obligation is restricted to 'reasonable steps', which could include sampling of transfer messages and other assurance activities, as opposed to reviewing every transfer message individually

651. Subsection 66(3) imposes the obligation on the intermediary institution (in accordance with its AML/CTF Program) to refuse to pass on the transfer message or take such other action as the intermediary institution determines where the intermediary institution detects that it has not received all of the information mentioned in subsection 66(2).

652. An intermediary institution acting under this obligation will not be liable for anything that they do, or omit to do, in good faith due to the protection from liability offered by s 235 of the AML/CTF Act.

653. Subsection 66(4) provides that an intermediary institution in passing on a transfer message for a transfer of value must include:

information specified by the AML/CTF Rules received from the previous institution (paragraph 66(4)(a)), or
information obtained in accordance with is AML/CTF Program that is relevant to the transfer, for example if the intermediary institution followed up with the ordering institution to obtain missing information (paragraph 66(4)(b)).

654. Subsection 66(5) provides that the intermediary institution must provide the information to another institution in the value transfer chain as soon as practicable after receiving a request for that information. The intention is to provide other institutions in the value transfer chain the ability to request for information referred to in subsection 66(4) from the intermediary institution.

655. Subsection 66(6) also provides the AUSTRAC CEO with a power to make rules for the different circumstances in new section 66 of the AML/CTF Act when FATF Recommendation 16 is settled. Further, the rule-making power may be used to make rules to specify a more limited set of information, in anticipation of the decommissioning of the Bulk Electronic Clearing System (BECS).

656. Subsection 66(7) provides that subsections 66(2) and 66(3) are civil penalty provisions. These penalties are outlined in Division 2 of Part 15 of the AML/CTF Act. The maximum civil penalty under the AML/CTF Act is set at the highest amount allowed, which is 100,000 penalty units for a corporation and 20,000 penalty units for individuals. While the penalties can be substantial, AML/CTF enforcement actions can involve serious systemic failures by a reporting entity where the number of contraventions is immeasurable. The amount of any civil penalty will be determined by the court. Courts will decide the appropriate penalty (subject to the statutory maximum) based on the circumstances of a contravention. In determining the appropriate amount for a civil penalty, the courts will consider the impact of these violations on the Australian community, the financial system, and law enforcement efforts.

New section 66A – Obligations of ordering and beneficiary institutions relating to virtual asset transfers

657. Subsection 66A(1) provides that the application of section 66A applies only to the transfer of a virtual asset. Subsection 66A(2) requires ordering institutions to conduct counterparty due diligence to determine on reasonable grounds whether the virtual asset wallet to which the virtual assets are to be transferred is:

a custodial wallet controlled by a person who is licensed or registered under a law giving effect to the FATF Standards (regulated institution) (paragraph 66A(2)(a)), or
a custodial wallet controlled by a person not required to be licensed or registered under a law giving effect to the FATF Standards (unregulated institution) (paragraph 66A(2)(b)), or
a custodial wallet controlled by a person who is required to be licensed or registered under a law giving effect to the FATF Standards, but is not licensed or registered (prohibited institution) (paragraph 66A(2)(c)), or
a self-hosted wallet controlled by the recipient of the digital assets (paragraph 66A(2)(d)).

658. Institutions are required by subsection 66A(2) to conduct counterparty due diligence regarding virtual assets due to the disparate status of different jurisdictions in relation to regulation. For example, an entity may be transferring virtual assets to a wallet that is located in a jurisdiction that does not yet require the regulation of virtual assets.

659. Subsection 66A(3) requires ordering institutions to pass on the information specified in the AML/CTF Rules in relation to a virtual asset transfer to a beneficiary institution that is:

a custodial wallet controlled by a person who is licensed or registered under a law giving effect to the FATF Standards (regulated institution), or
a custodial wallet controlled by a person not required to be licensed or registered under a law giving effect to the FATF Standards (unregulated institution).

660. Subsection 66A(4) prohibits an ordering institution from providing designated service item 29 to a person who is required to be licensed or registered under a law that gives effect to the FATF Recommendation 15, but is not so licensed or registered.

661. Subsection 66A(5) requires beneficiary institutions to conduct counterparty due diligence to determine on reasonable grounds whether the virtual asset wallet from which the virtual asset has been transferred is:

a custodial wallet controlled by a person who is licensed or registered under a law giving effect to the FATF Standards (regulated institution) (66A(5)(a)), or
a custodial wallet controlled by a person not required to be licensed or registered under a law giving effect to the FATF Standards (unregulated institution) (66A(5)(b)), or
a custodial wallet controlled by a person who is required to be licensed or registered under a law giving effect to the FATF Standards, but is not licensed or registered (prohibited institution) (66A(5)(c)), or
a self-hosted wallet controlled by the recipient of the digital assets (66A(5)(d)).

662. Subsection 66A(6) prohibits a beneficiary institution in making the value available to a payee until the beneficiary institution has obtained the information specified in the AML/CTF Rules for the purposes of subsection 64(3).

663. Subsection 66A(7) prohibits a beneficiary institution from making virtual assets available to the payee, where the virtual asset wallet is a custodial wallet controlled by a person who is required to be licensed, but is not licensed or registered.

664. Subsection 66A(8) provides that subsections 66A(2) to (7) are civil penalty provisions. These penalties are outlined in Division 2 of Part 15 of the AML/CTF Act. The maximum civil penalty under the AML/CTF Act is set at the highest amount allowed, which is 100,000 penalty units for a corporation and 20,000 penalty units for individuals. While the penalties can be substantial, AML/CTF enforcement actions can involve serious systemic failures by a reporting entity where the number of contraventions is immeasurable. The amount of any civil penalty will be determined by the court. Courts will decide the appropriate penalty (subject to the statutory maximum) based on the circumstances of a contravention. In determining the appropriate amount for a civil penalty, the courts will consider the impact of these violations on the Australian community, the financial system, and law enforcement efforts.

665. Subsection 66A(9) provides an exception to subsection 66A(3) where ordering institutions are required to pass on the information specified in the AML/CTF Rules in relation to a virtual asset transfer to a beneficiary institution that is a regulated institution or unregulated institution, unless:

the beneficiary institution is not capable of receiving the information securely, or
the ordering institutions reasonably believes that there is a risk the beneficiary institution is not capable of safeguarding the confidentiality of the information, and the ordering institution makes and keeps a record of the reasons for not passing on the information.

666. Subsection 66A(10) provides exceptions to subsection 66A(6), where a beneficiary institution is prohibited from providing designated service item 30 of table 1 in section 6 of the AML/CTF Act until it has obtained the information specified in the AML/CTF Rules. The beneficiary institution must also establish on reasonable grounds that an institution in the value transfer chain is not capable of passing on the information securely, and, in accordance with their AML/CTF program, they identify, assess, mitigate and manage the money laundering, terrorism financing and proliferation financing risks that the beneficiary institution may reasonably face in making the virtual assets available to the payee.

667. Subsection 66A(11) provides that if an ordering institution or beneficiary institution wishes to rely on subsection 66A(9) or 66A(10), they will carry the evidentiary burden. The reversal of the burden of proof is reasonable in relation to these provisions, as evidence regarding the beneficiary institution's capacity to receive information, or evidence that it is not capable of safeguarding the information, will be particularly in the knowledge of either the beneficiary or ordering institutions, depending on the circumstance.

Item 23 – Section 67

668. Item 23 repeals existing section 67 of the AML/CTF Act and inserts a new section 67 that provides a power for the AUSTRAC CEO to make rules that this Part or a specified provision of this Part does not apply to a specified kind of designated service or transfer of value. The intention of this broad rule-making power is to provide flexibility to make AML/CTF Rules when FATF Recommendation 16 is settled.

669. Item 23 also inserts a new section 67A to bring the existing provisions in Chapter 23 of the AML/CTF Rules into the AML/CTF Act. The effect of the exemption is that businesses that provide escrow services who are, or use, qualified accountants and legal practitioners do not need to comply with travel rule and international value transfer services, as their offering of escrow services will be separately captured under the new designated services table 6 in section 6 of the AML/CTF Act (see Item 10 of Schedule 3).

670. An escrow agreement for the purpose of this section is intended to take its ordinary meaning. Escrow services provided by reporting entities that are not qualified accountants or legal practitioners will continue to be required to meet obligations under new Part 5 of the AML/CTF Act relating to international value transfer services.

Item 24 – Subsection 68(1)

671. Item 24 omits 'or 3' from subsection 68(1) so that section 68 applies to section 175 proceedings for a contravention of a civil penalty provision of Division 2 (and not Division 3).

Item 25 – Sections 69 to 72

672. Item 25 repeals existing sections 69–72 of the AML/CTF Act, which deal with the 'complete payer information' and 'tracing information' requirements. These requirements are no longer required to be detailed in the AML/CTF Act, as they will instead be provided in the AML/CTF Rules. This is because of the FATF's review of Recommendation 16, which may require changes to the type of information required.

Items 26 to 30

673. These Items omits 'designated' from 'registrable designated remittance services' to reflect the changes in concept and terminology in new section 74 of the AML/CTF Act (to be inserted by Item 12 of this Schedule).

Item 31 – Division 4 of Part 10

674. Item 31 repeals existing Division 4 of Part 10 of the AML/CTF Act, which relates to the retention of records about EFTIs. These provisions are no longer required as they are covered by the amended section 107 (to be amended by Item 10 of Schedule 10).

675. Item 31 will repeal existing section 115 of the AML/CTF Act. The purpose of section 115 is currently to ensure that interposed persons were retaining records about EFTIs. The section is no longer required as the reforms in this Bill bring intermediary institutions into AML/CTF Act. Intermediary institutions would now be subject to new section 107 of the AML/CTF Act (to be amended by Item 10 of Schedule 10), which require transaction records to be retained in relation to individual transactions relating to the provision of the designated service to the customer, including information received or passed on as part of a value transfer chain.

Item 32 – Section 118

676. Item 32 omits references to section 115 in section 118 wherever occurring.

Item 33 – Subsection 184(4) (after paragraph (fb) of the definition of designated infringement notice provision )

677. This Item inserts three new paragraphs in subsection 184(4) of the AML/CTF Act, which provide that the obligations of ordering, beneficiary and intermediary institutions are subject to designated infringement notices. This amendment adds these provisions to the current list of provisions in existing section 184 that are suitable for designated infringement notices.

Part 2—International value transfer services

678. Part 2 of this Schedule updates the terminology of 'international funds transfer instruction' to align with the changes to transfers of value and value transfer chain to 'international value transfer services' (IVTS).

679. The current framework for submitting IFTIs is outdated and increasingly complex to apply to modern payment services.

680. This Part amends Division 4 of Part 3 of the AML/CTF Act to ensure IFTI reporting obligations lie with the reporting entity closest to the Australian customer. This is opposed to the previous 'first-in last-out' principle where the obligation fell on the sender of an instruction to transfer funds out of Australia or the recipient of an instruction sent into Australia, which caused regulatory uncertainty. Shifting the reporting obligation would enable more accurate customer information to be included in IFTI reports, as reporting entities will have a closer business relationship with the customer. This Schedule would also provide that IVTS reports would relate to the movement of value rather than movement of instructions.

681. This Schedule would extend reporting to international transfers of virtual assets including those incidental to virtual asset exchange designated services in Items 50A and 50B of table 1 in section 6. Certain incidental international remittances, such as those relating to currency exchange or gambling services, will continue to trigger reporting to AUSTRAC.

682. It also streamlines the current framework into a single IVTS report, so regardless of the type of value, there will no longer be a distinction made between the two types of reports, IFTI-Es for financial institutions and IFTI-DRAs for remitters.

Anti-Money Laundering and Counter-Terrorism Financing Act 2006

Item 34 – Section 4

683. Item 34 replace references to 'international funds transfer instructions' and substitutes it with 'information about international value transfer services' in section 4 to reflect the changes in terminology.

Item 35 – Section 5 (definition of international funds transfer instruction )

684. This Item repeals the definition of 'international funds transfer instruction'.

Item 36 – Section 5

685. This Item inserts a definition of 'international value transfer service' and provides that it has the meaning given by section 45.

Item 37 – Section 40

686. This Item omits and inserts existing section 40 of the AML/CTF Act. Section 40 is the simplified outline of Part 3 of the AML/CTF Act. Item 23 adds to the simplified outline 'if a person provides a designated service involving a transfer of virtual assets to or from an unverified self-hosted virtual asset wallet, the person must give the AUSTRAC CEO a report about the provision of the service'. This is to capture the new requirements regarding the provision of reports in relation to self-hosted wallets.

687. While this simplified outline is included to assist a reader's understanding of the substantive provisions to follow, it is not intended to be comprehensive. Readers are advised to rely on the substantive provisions for full comprehension.

Item 38 – Division 4 of Part 3

688. Item 38 repeals Division 4 of Part 3 of the AML/CTF Act and substitutes it with a new Division 4 which relates to 'International value transfer services and transfers of value involving unverified self-hosted virtual asset wallets.'

New section 45 – International value transfer services

689. Section 45(1) defines an 'international value transfer service' to mean a service that is covered by designated services item 29 and 30 of table 1 in section 6, and either the value to be transferred moves between Australia and another country as a result of the provision of the designated service. The intention for the changes in subsection 45(1) is to reflect the updated value transfer designated services.

690. Subsection 45(2) provides the AUSTRAC CEO with the power to make AML/CTF Rules CEO to clarify when value is in a country at a particular time. The intention is to provide clarification given the non-physical nature of value, for example, by looking at the location of the permanent establishment of the institution at which the value is held or dealt with.

New section 46 – Reports of international value transfer services

691. Section 46 sets out requirements for a reporting entity to provide a report about the provision of the international value transfer service within 10 business days.

692. Subsection 46(1) provides that it applies to a reporting entity if it commences to provide an international value transfer service at or through a permanent establishment of the reporting entity in Australia as defined in section 45 of the AML/CTF Act. It also provides a rule-making power for the AUSTRAC CEO to prescribe other conditions that would bring in other entities for the purposes of reporting international value transfer services.

693. Subsection 46(2) provides that a reporting entity must give the AUSTRAC CEO a report about the provision of the international value transfer service within 10 business days after the reporting entity passes on the value transfer message or receives the value transfer message. The concepts of 'passing on' or 'receiving' a value transfer message should be read as aligning with the amendments to transfers of value, value transfer chain and obligations of institutions.

694. Subsection 46(3) provides that a report will not need to be given to the AUSTRAC CEO if, within 10 business day period, the reporting entity reasonably determines that the transfer of value will not occur and take reasonable steps to ensure that the transfer will not occur. This addresses an issue raised by stakeholders where transfers that were cancelled or aborted could still trigger a reporting obligation. However, where a transfer of value is cancelled due to a reasonable suspicion of criminal activity, the reporting entity will be required to submit a SMR instead.

695. Subsection 46(4) provides that a report must be in the approved form, and contain information as is specified in the AML/CTF Rules. The intention is to provide the AUSTRAC CEO the power to make AML/CTF Rules that will specify broad categories of information to be reported with the approved form setting out the specific information to be provided in the respective reports.

696. Subsection 46(5) provides that the AML/CTF rules may specify circumstances in which the reporting obligation imposed on a reporting entity by subsection 46(2) must be discharged by an intermediary institution and if so, the obligation must be discharged by the intermediary institution in accordance with the AML/CTF Rules

697. Subsection 46(6) provides that the obligation in subsection 46(5) to report international value transfer services may be discharged by an intermediary institution if:

the intermediary institution is an intermediary institution that provides, or will provide, the designated service covered by item 31 of table 1 in section 6 (paragraph 46(6)(a)), and
the reporting entity has entered into a written agreement with the intermediary institution that enables the intermediary institution to comply with the obligation (paragraph 46(6)(b)).

698. Though the obligation to report international value transfer services may be discharged by an intermediary institution, it is the intention that the ordering institution or beneficiary institution remains liable for any contravention of subsection 46(2).

699. Subsection 46(7) provides that subsection 46(2) and subsection 46(5) are civil penalty provisions. These penalties are outlined in Division 2 of Part 15 of the AML/CTF Act. The maximum civil penalty under the AML/CTF Act is set at the highest amount allowed, which is 100,000 penalty units for a corporation and 20,000 penalty units for individuals. While the penalties can be substantial, AML/CTF enforcement actions can involve serious systemic failures by a reporting entity where the number of contraventions is immeasurable. The amount of any civil penalty will be determined by the court. Courts will decide the appropriate penalty (subject to the statutory maximum) based on the circumstances of a contravention. In determining the appropriate amount for a civil penalty, the courts will consider the impact of these violations on the Australian community, the financial system, and law enforcement efforts.

700. Subsections 46(8) and 46(9) provides the AUSTRAC CEO the ability to exempt in the AML/CTF Rules an international value transfer service or a transfer of value from having to report international value transfer services. As mentioned, the FATF is currently reviewing Recommendation 16. The intention behind the broad rule-making power is to provide flexibility to make AML/CTF Rules when FATF Recommendation 16 is settled.

New section 46A – Reports of transfers of value involving unverified self-hosted virtual asset wallets

701. Subsection 46A(1) provides that a report will need to be made in relation to an unverified self-hosted wallet where:

a reporting entity commences to provide designated services item 29 or 30 at or through a permanent establishment of the reporting entity in Australia (46A(1)(a))
the service involves the receipt of digital assets from an unverified self-hosted digital wallet or the transfer of digital assets to an unverified self-hosted digital wallet (46A(1)(b)), and
the ownership or control of the self-hosted virtual asset wallet has not been verified in accordance with its AML/CTF policies. Verifying ownership involves linking the virtual asset wallet either to the reporting entity's own customer or a known third party (46A(1)(c)).

702. Transfers of virtual assets to or from unverified self-hosted wallets present particular risks. The amendments in the Bill would introduce the reporting of such transfers as a risk mitigation measure, while permitting such transfers to continue to occur.

703. Subsection 46A(2) provides that a reporting entity must give the AUSTRAC CEO a report about the provision of designated services item 29 or 30 relating to virtual asset transfers to and from unverified self-hosted virtual asset wallets (under subsection 46A(1)) within 10 business days after commencing the services. This is required as in self-hosted wallet scenarios no message is likely to be transmitted or received.

704. Subsection 46A(3) provides that a report under subsection 46A(2) must be in accordance with the approved form or in a manner specified in the AML/CTF Rules, and contain the information required by the AML/CTF Rules. The intention is to provide the AUSTRAC CEO the power to make rules that will specify broad categories of information to be reported with the approved form setting out the specific information to be provided in the report.

705. Subsection 46A(4) provides that subsection 46(2) is a civil penalty provision. These penalties are outlined in Division 2 of Part 15 of the AML/CTF Act. These penalties are outlined in Division 2 of Part 15 of the AML/CTF Act. The maximum civil penalty under the AML/CTF Act is set at the highest amount allowed, which is 100,000 penalty units for a corporation and 20,000 penalty units for individuals. While the penalties can be substantial, AML/CTF enforcement actions can involve serious systemic failures by a reporting entity where the number of contraventions is immeasurable. The amount of any civil penalty will be determined by the court. Courts will decide the appropriate penalty (subject to the statutory maximum) based on the circumstances of a contravention. In determining the appropriate amount for a civil penalty, the courts will consider the impact of these violations on the Australian community, the financial system, and law enforcement efforts.

706. Subsections 46A(5) and 46A(6) provides the AUSTRAC CEO the ability to exempt in the AML/CTF Rules transfers of value relating to section 46A (that is, transfers of virtual assets to and from unverified self-hosted virtual asset wallets) from having to report international value transfer services.

Item 39 – Before section 49

707. Item 39 inserts subsections 48A(1) and (2) to provide the AUSTRAC CEO the power to make rules in relation to the amendment or withdrawal of a report given under sections 41, 43, 46 or 46A of the AML/CTF Act. This is required as IVTS reports may need to be withdrawn or amended where the transfer of value was rescinded or aborted, but the report was not.

Items 40 and 41

708. Items 40 and 41 amend existing sections 49 and 51 of the AML/CTF Act to omit references to section '45' wherever occurring and substitute '46 or 46A' in sections to reflect the changes to this Part.

Item 42 – Subparagraph 51G(3)(c)(ii)

709. Item 42 makes consequential amendments by repealing subparagraph 51G(3)(c)(ii) and substituting it with:

section 46 (reports of international value transfer services);
section 46A (reports of transfers of value involving unverified self-hosted virtual asset wallets);

Item 43 – Subsection 184(1C)

710. Item 43 omits '45(2)' and substitute it with '46(2) or (5), 46A(2)' in subsection 184(1C) to reflect the changes to Part 3 of the AML/CTF Act made by this Schedule.

Item 44 – Subsection 184(4) (paragraph (d) of the definition of designated infringement notice provision )

711. Item 44 makes consequential amendments to the definition of 'designated infringement notice provision' in subsection 184(4)(d). This Item repeals paragraph (d) and substitutes it with:

subsection 46(2) or (5) (which deals with reporting about international value transfer services);
subsection 46A(2) (which deals with reporting about transfers of value involving unverified self-hosted virtual asset wallets);
to reflect the changes in this Part.

Item 45 – Paragraph 191(2)(b)

712. Item 45 omits '45(2)' in paragraph 191(2)(b) of the AML/CTF Act and substitutes it with '46(2) or (5), 46A(2)' to reflect the changes to Part 3 of the AML/CTF Act made by this Schedule.

SCHEDULE 9 - POWERS AND DEFINITIONS

713. Schedule 9 to the Bill would introduce an examination power, an important investigatory tool to enable AUSTRAC to obtain relevant information needed to make enforcement decisions and obtain evidence to be used in proceedings. This would also align AUSTRAC's powers with other financial regulators such as ASIC and APRA, which each have examination functions to assist in investigations under their legislation. The specifics of this new power are set out in the legislation, including appropriate safeguards and thresholds.

714. Schedule 9 would also ensure that AUSTRAC is empowered to gather information for intelligence purposes in circumstances not triggered by the receipt of a suspicious matter, threshold transaction or international value transfer services report. It would also give effect to FATF Recommendation 29 that a FIU should be able to obtain additional information from reporting entities in order to undertake its functions properly, and would provide a facilitative information sharing legislative authority to ensure entities do not face legal risk by virtue of cooperation with the Fintel Alliance.

715. In order to ensure certain definitions commence 28 days after Royal Assent of the Bill, Schedule 9 also includes updates to the definitions of 'credit card', 'debit card', 'derivative', 'issue', 'loan', 'money', 'security', 'service' and 'securities and derivatives'. The amendments to these definitions respond to issues identified by the 2016 Statutory Review, or are otherwise required to modernise and simplify the AML/CTF regime.

Part 1—Examination Power

Anti-Money Laundering and Counter-Terrorism Financing Act 2006

Item 1 – Section 5

716. Item 1 inserts a number of definitions into section 5 of the AML/CTF Act relating to the new examinations power under new Division 3 of Part 14, which is inserted by Item 5 of this Schedule.

717. 'Examinee' means the person who appears for an examination under Division 3 of Part 14 of the AML/CTF Act.

718. 'Examiner' means the AUSTRAC CEO, or a delegate of the AUSTRAC CEO, or a consultant engaged under subsection 225(1) of the AML/CTF Act to perform services as an examiner. This could include, for example, external counsel engaged to undertake the examination on behalf of the AUSTRAC CEO.

719. 'Statement' includes a question asked, an answer given, and any other comment or remark made at an examination under Division 3 of Part 14 of the AML/CTF Act.

720. 'Written record' is a record of the examination (either made in writing or as reduced to writing), or part of such a record.

Item 2 – Before section 166

721. This Item inserts a new heading for Division 1 into Part 14 of the AML/CTF Act titled 'Introduction'.

Item 3 – Section 166

722. This Item repeals and replaces the simplified outline of Part 14 in section 166 of the AML/CTF Act. The new simplified outline notes that an authorised officer may obtain information or documents under this Part, and that the AUSTRAC CEO may require a person who they reasonably believe has information or a document that is relevant to compliance with the AML/CTF Act, AML/CTF Rules or the regulations, or a related offence under the Crimes Act 1914 or Criminal Code, to produce documents, or appear before an examiner to answer questions and produce documents.

723. While this simplified outline is included to assist a reader's understanding of the substantive provisions to follow, it is not intended to be comprehensive. Readers are advised to rely on the substantive provisions for full comprehension.

Item 4 – Before section 167

724. This Item inserts a new heading for Division 2 of Part 14 of the AML/CTF Act titled 'Powers of authorised officers'.

Item 5 – At the end of Part 14

725. This Item inserts a heading for the new Division 3 of Part 14 of the AML/CTF Act titled 'Other powers to obtain information and documents'. This Division provides for AUSTRAC's new examination power.

Subdivision A—Examination of persons

726. Item 5 also inserts a subdivision heading, Subdivision A, which is titled 'Examination of persons'.

727. Subsection 172A(1) establishes the threshold that must be met before an examination can occur. It provides that this section applies if the AUSTRAC CEO believes on reasonable grounds that a person has information or a document that is relevant to:

compliance with the AML/CTF Act, AML/CTF Rules, or the regulations, or
an offence against the Crimes Act 1914 or the Criminal Code that relates to the AML/CTF Act, the AML/CTF Rules, or the regulations.

728. Subsection 172A(2) provides that the AUSTRAC CEO may give a written notice to a person requiring the person to produce documents, or appear before an examiner to answer questions and produce documents.

729. Paragraph 172A(2)(a) provides that the notice may require to produce such documents within a particular period of time or in a particular manner specified in the notice. This could be, for example, to provide the documents to the AUSTRAC CEO via an email address within a certain timeframe.

730. Paragraph 172A(2)(b) provides that the notice may require the person to appear before an examiner at a specific time and place for examination on oath and to answer questions or produce documents.

731. Subsection 172A(3) outlines what information must be included in the notice. If a person has been required to appear under paragraph 172A(2)(b), the notice must state the general nature of the matter to which the questions will relate. This would ensure a person can prepare appropriately, and is aware of what may be discussed during the course of the examination.

732. Subsection 172A(4) provides that it is an offence for a person to intentionally or recklessly fail to comply with such a notice. The offence carries a maximum penalty of imprisonment for 2 years or 100 penalty units, or both.

733. Section 172B makes it clear that new sections 172C to 172H would apply where, in accordance with a notice under section 172A, a person appears before another person for examination. This provision identifies the person appearing as the 'examinee' (defined in section 5), and the person who they are appearing in front of as the 'examiner' (defined in section 5).

734. Section 172C provides for the requirements to be made of persons appearing for examination, including how the oath is to be taken, and how questions are to be put and answered.

735. Subsection 172C(1) provides the examiner with the power to require a person to take an oath or make an affirmation, and to administer the oath or affirmation to the person.

736. Subsection 172C(2) provides that the oath or affirmation to be taken by the examinee is an oath or affirmation that the statements they will make at the examination will be true.

737. Subsection 172C(3) provides that it is a strict liability offence for a person to refuse or fail to comply with a requirement made by the examiner under subsection 172C(1). The offence carries a maximum penalty of 3 months' imprisonment.

738. The strict liability offence in subsection 172C(3) is appropriate as the information that would be obtained through an examination will be critical to AUSTRAC's ability to monitor compliance with the AML/CTF Act, the AML/CTF Rules or the regulations. In turn, this information will assist AUSTRAC in detecting, deterring and disrupting money laundering, the financing of terrorism, and other serious offences. The penalty is sufficient enough as a deterrent to potential conduct that may undermine the exercise of the power, and falls well below the threshold for strict liability offences under the Guide to Framing Commonwealth Offences.

739. Subsection 172C(4) provides the examiner with the authority to require a person to answer a question put to them that is relevant to compliance with the AML/CTF Act, AML/CTF Rules or the regulations, or an offence against the Crimes Act 1914 or the Criminal Code that relates to the AML/CTF Act, AML/CTF Rules, or the regulations.

740. Subsection 172C(5) provides that it is an offence for a person to intentionally or recklessly refuse or fail to comply with a requirement made under subsection 172C(4). The offence carries a maximum penalty of 2 years imprisonment.

741. Subsection 172D(1) provides that the examination must take place in private, and gives the examiner the power to give directions about who may be present during it, or during a part of it.

742. Subsection 172D(2) provides that the persons who may be present at the examination include:

the examiner or examinee
a member of the staff of AUSTRAC approved by the examiner
a person entitled to be present by virtue of a direction of the examiner under subsection 172D(1), or
the lawyer of a person being examined.

743. It is an offence of strict liability under subsection 172D(2) if a person is present at the examination and they are not a person that meets the above criteria. The offence carries a maximum penalty of 30 penalty units.

744. This penalty is appropriate as the information that would be obtained through an examination will be critical to AUSTRAC's ability to monitor compliance with the AML/CTF Act, the AML/CTF Rules or the regulations. In turn, this information will assist AUSTRAC in detecting, deterring and disrupting money laundering, the financing of terrorism, and other serious offences. The penalty is sufficient enough as a deterrent to potential conduct that may undermine the exercise of the power, and falls well below the threshold for strict liability offences under the Guide to Framing Commonwealth Offences.

745. Section 172E outlines the procedures an examiner may put in place for holding an examination, including location and virtual examination technology. This section is designed for flexibility, ensuring that an examination can be held in a manner that is reasonable in all of the relevant circumstances.

746. Subsection 172E(1) provides that the examiner may hold an examination at one or more physical venues, use virtual examination technology, or a combination of both.

747. Subsection 172E(2) provides that the application of subsection 172E(3) is where virtual examination technology is used, either solely or in combination with a physical venue.

748. Subsection 172E(3) provides that the examiner must ensure that the use of virtual examination technology is reasonable.

749. Subsection 172E(4) provides that where an examination has taken place using virtual examination technology, or across multiple physical venues, the examiner may appoint a single place and time as the place and time at which the examination is taken to have been held.

750. Subsection 172E(5) notes that this section applies to part of an examination in the same way it applies to all of an examination.

751. Section 172E also inserts a definition of 'virtual examination technology' for the purpose of these provisions. 'Virtual examination technology' means any technology that allows a person to appear at all or part of an examination without being physically present at the examination. This definition is future proofed, and will allow for the use of any technology that improves the flexibility of an examination.

752. Subsection 172F(1) provides that at an examinee is entitled to have their legal representative present at an examination, and that their legal representative may address the examiner or examine the examinee about matters being discussed.

753. Subsection 172F(2) puts appropriate limits on that attendance to ensure the examinee's lawyer does not obstruct the examination, and allows for the examiner to require the person's lawyer to stop addressing the examiner or examining the examinee. The examiner may only do so if they consider the examinee's lawyer is trying to obstruct the examination using the protections in subsection 172F(1).

754. Subsection 172F(3) provides for an offence of strict liability if an examinee's lawyer refuses or fails to comply with a requirement under subsection 172F(2) to stop addressing the examiner, or examining the examinee. The offence carries a maximum penalty of 20 penalty units.

755. This penalty is appropriate as the information that would be obtained through an examination will be critical to AUSTRAC's ability to monitor compliance with the AML/CTF Act, the AML/CTF Rules or the regulations. In turn, this information will assist AUSTRAC in detecting, deterring and disrupting money laundering, the financing of terrorism, and other serious offences. The penalty is sufficient enough as a deterrent to potential conduct that may undermine the exercise of the power, and falls well below the threshold for strict liability offences under the Guide to Framing Commonwealth Offences.

756. Subsection 172G(1) provides that an examiner may cause a record to be made of statements made at an examination, and clarifies that if an examinee requests a record be made, the examiner must do so.

757. Subsection 172G(2) provides that if a record is made under subsection 172G(1), the examiner may require the examinee to read it, or have it read to the examinee, and may require the examinee to sign it. If requested in writing, the examiner must give the examinee a copy of the written record, but may impose conditions on the document, for example the examiner may choose to limit who the record may be shared with.

758. Subsection 172G(3) provides that it is an offence of strict liability if a person fails to comply with a requirement made under paragraph 172G(2)(a) to read and sign the record. The offence carries a maximum penalty of 3 months' imprisonment.

759. This penalty is appropriate as the information that would be obtained through an examination will be critical to AUSTRAC's ability to monitor compliance with the AML/CTF Act, the AML/CTF Rules or the regulations. In turn, this information will assist AUSTRAC in detecting, deterring and disrupting money laundering, the financing of terrorism, and other serious offences. The penalty is sufficient enough as a deterrent to potential conduct that may undermine the exercise of the power, and falls well below the threshold for strict liability offences under the Guide to Framing Commonwealth Offences.

760. Subsection 172H(1) provides that the AUSTRAC CEO may give a copy of the whole or a part of the written record of an examination to a person's lawyer if the person is carrying on, or is contemplating in good faith, a proceeding in respect of a matter to which the examination related.

761. Subsection 172H(2) provides that it is an offence of strict liability if a person uses the copy, publishes it or communicates the contents of it to another person except in connection with preparing, beginning or carrying on, or in the course of, a proceeding. The offence carries a maximum penalty of 30 penalty units.

762. This penalty is appropriate as the information that would be obtained through an examination will be critical to AUSTRAC's ability to monitor compliance with the AML/CTF Act, the AML/CTF Rules or the regulations. In turn, this information will assist AUSTRAC in detecting, deterring and disrupting money laundering, the financing of terrorism, and other serious offences. The penalty is sufficient enough as a deterrent to potential conduct that may undermine the exercise of the power, and falls well below the threshold for strict liability offences under the Guide to Framing Commonwealth Offences.

763. Subsection 172H(3) also provides that the AUSTRAC CEO may give another person a copy of the record, and may subject this to conditions. In practice, this will ensure the AUSTRAC CEO or their delegate can provide a copy of the record to officials of law enforcement agencies or officials of the Commonwealth Director of Public Prosecutions.

764. Section 172J is an offence provision, and provides that it is an offence of strict liability if a person breaches conditions related to the disclosure of the copy of the record. The offence carries a maximum penalty of 30 penalty units.

765. This penalty is appropriate as the information that would be obtained through an examination will be critical to AUSTRAC's ability to monitor compliance with the AML/CTF Act, the AML/CTF Rules or the regulations. In turn, this information will assist AUSTRAC in detecting, deterring and disrupting money laundering, the financing of terrorism, and other serious offences. The penalty is sufficient enough as a deterrent to potential conduct that may undermine the exercise of the power, and falls well below the threshold for strict liability offences under the Guide to Framing Commonwealth Offences.

766. Subsection 172K(1) provides that it is not a reasonable excuse for an individual to refuse or fail to answer a question, produce a document or sign a record in accordance with a requirement made under this Division on the ground that doing so might incriminate them or expose them to a penalty. This section acts as a safeguard for statements made and records signed during examinations.

767. Subsection 172K(2) is an application provision for subsection 172K(3) and provides that that subsection applies if before making a statement in answer to a question, or signing a record, the examinee claims the statement or the signing of the record might tend to incriminate them or expose them to a penalty.

768. If the criteria at subsection 172K(2) are met, subsection 172K(3) provides that the statement or the fact that the individual has signed the record of the examination is not admissible in evidence against the person other than in a proceeding relating to the falsity of the statement or the falsity of any statement contained in a signed record of the examination.

769. The Guide to Framing Commonwealth Offences indicates that where a law excludes the privilege against self-incrimination as in section 172K, it is 'usual to include a use immunity or a derivative use immunity provision'. The Guide explains that the rationale for this protection is that 'removing the privilege against self-incrimination represents a significant loss of personal liberty for an individual who is forced to give evidence that would tend to incriminate him or herself'.

Subdivision B—Evidentiary use of certain material

770. Item 5 also inserts a new heading for Subdivision B – 'Evidentiary use of certain material'. This Subdivision provides for the use of certain material provided at an examination and clarifies when and how this can be used in evidence.

771. Subsection 172L(1) provides that a statement made by an examinee is admissible in proceedings against the person, unless it fits within a number of circumstances including that because of subsection 172K(3), the statement is not admissible.

772. Subsection 172L(2) provides that for the purposes of subsection 172L(1), a proceeding is a proceeding in a court, or a proceeding, hearing or examination before a tribunal, authority or person that has the power to hear, receive or examine evidence.

773. Subsection 172L(3) provides that subsection 172L(1) applies in relation to a proceeding against a person even if it is heard together with a proceeding against another person.

774. Subsection 172L(4) provides that if a written record of an examination is signed by the person under subsection 172G(2), or authenticated in another appropriate manner, the record is prima facie evidence of the statements it records. This subsection also provides that nothing in this Division limits or affects the admissibility in the proceeding of other evidence of statements made at the examination.

775. Subsection 172M(1) allows a statement made by an absent witness in an examination to be admissible as evidence in proceedings. Section 172M would operate as an evidentiary certificate. Sections 172N and 172P provide procedural safeguards to accompany section 172M.

776. Subsection 172M(2) outlines what is considered a proceeding for the purposes of subsection 172M(1).

777. Subsection 172N(1) provides that this section applies if evidence of a statement made by a person at an examination is admitted under section 172M.

778. Subsection 172N(2) specifies the matters which must be considered in deciding the evidentiary weight given to evidence provided by an absent witness under section 172M.

779. Subsection 172N(3) provides that if a person is not called as a witness in the proceeding, evidence that would have been admissible if the person had been called is admissible. This ensures statements are able to be used as evidence where a person is unable to attend proceedings, for example they are unable to travel or have died.

780. Subsection 172N(4) provides that this evidence is not admissible if, had the person been called as a witness and denied the matter in cross-examination, evidence of the matter would not have been admissible if adduced by the cross-examining party.

781. Section 172P creates a mechanism for an objection to be lodged to the admission of a statement made at an examination. Subsection 172P(1) provides that the adducing party to a proceeding may, not less than 14 calendar days before the first day of the hearing of the proceeding, give to another party to the proceeding written notice that the adducing party:

will apply to have admitted in evidence in the proceeding specified statements made at an examination, and
for that purpose, will apply to have evidence of those statements admitted in the proceeding.

782. Subsection 172P(2) outlines what matters are considered proceedings for the purposes of subsection 172P(1).

783. Subsection 172P(3) provides that a notice under subsection 172P(1) must set out, or be accompanied by writing that sets out, the specified statements.

784. Subsection 172P(4) provides that within 14 days after a notice is given under subsection 172P(1), the other party may then give the adducing party a written notice objecting to specified statements being admitted in evidence and the grounds of that objection.

785. Subsection 172P(5) allows for the period of time prescribed by subsection 172P(4) to be extended by the court or tribunal, or by agreement between the concerned parties.

786. Subsection 172P(6) provides that copies of a notice under subsection172P(1) or 172P(4) must be given to the court or tribunal by the adducing party.

787. Subsection 172P(7) provides that if the requirements of subsection 172P(6) are complied with, the court or tribunal may determine the objections as a preliminary point before the proceeding begins or defer determination of the objections until the hearing.

788. Subsection 172P(8) provides that if notice has been given in accordance with this section, the other party is not entitled to object at the hearing to the statement specified in the notice being admitted in evidence unless they have previously objected, or the court or tribunal gives leave to object.

789. Section 172Q provides that nothing in this Division renders evidence inadmissible in a proceeding in circumstances where it would have been admissible if this Division had not been enacted.

Subdivision C—Miscellaneous

790. Item 5 also inserts a new heading for Subdivision C – Miscellaneous.

791. Section 172R provides for the application of the Crimes Act 1914 (the Crimes Act) and the Evidence Act 1995 (the Evidence Act) for the purposes of this Division.

792. Subsection 172R(1) provides that for the purposes of Part III of the Crimes Act, an examination under this Division is a judicial proceeding. Part III of the Crimes Act includes offences relating to the administration of justice.

793. Subsection 172R(2) provides that for Part 2.2, sections 69, 70, 71, 147 and Division 2 of Part 4.6 of the Evidence Act apply to an examination under this Division in the same way they apply to a proceeding to which the Evidence Act applies under section 4 of that Act. The relevant provisions of the Evidence Act are:

Part 2.2 deals with adducing documentary evidence.
Section 69 provides that the hearsay rule does not apply to business records
Section 70 provides that the hearsay rule does not apply to a tag or label attached to or writing placed on an object, including a document
Section 71 provides that the hearsay rule does not apply to a representation contained in a document recording an electronic communication
Section 147 presumes that documents are produced by processes, machines and other devices in the course of business
Division 2 of Part 4.6 sets out procedures for proving certain matters by affidavits or written statements.

Part 2—Information gathering power

Division 1 – Main amendments

Anti-Money Laundering and Counter-Terrorism Financing Act 2006

Item 6 – After section 49A

794. Item 6 inserts new sections 49B and 49C following section 49A in the AML/CTF Act.

795. New section 49B provides for the AUSTRAC CEO's power to issue a notice to obtain information or documents in certain circumstances, and new section 49C provides the AUSTRAC CEO with the power to issue a written notice authorising persons to provide information or documents in certain circumstances without breaching general law obligations of confidence.

New section 49B – Notice to obtain information or documents in certain circumstances

796. The intention of new section 49B is to empower AUSTRAC to gather information for intelligence purposes in circumstances that are not triggered by the receipt of a suspicious matter, threshold transaction or international value transfer services report, in recognition of the reframing of existing section 167 of the AML/CTF Act to focus on regulatory compliance and enforcement of the AML/CTF Act. This would enable AUSTRAC to be proactive in collecting information that assists and supports the AUSTRAC CEO to carry out their functions under the AML/CTF Act.

797. The power to issue a notice under section 49B is appropriately conferred on the AUSTRAC CEO, as a notice may be issued to any person (not just a reporting entity). As with other powers conferred on the AUSTRAC CEO under the AML/CTF Act, this power may be delegated in accordance with subsection 222(1), and the CEO may provide directions that the delegate must follow in relation to the use of this power under subsection 222(2).

798. New subsection 49B(1) outlines the scope of the power to issue a notice, and provides that this section applies if a person has information or a document that may assist theAUSTRAC CEO with particular activities for the purpose of the performance of functions of the AUSTRAC CEO.

799. Those particular activities are set out in paragraphs 49B(1)(a) and (b) as:

obtaining or analysing information to support efforts to combat money laundering, terrorism financing, proliferation financing and other serious crimes; or
identifying trends, patterns, threats or vulnerabilities associated with money laundering, terrorism financing, proliferation financing and other serious crimes.

800. FATF Recommendation 29 provides that a FIU "should be able to obtain additional information from reporting entities, and should have access on a timely basis to the financial, administrative and law enforcement information that it requires to undertake its functions properly". The interpretive note to Recommendation 29 further breaks down the kinds of analysis to be carried out by the FIU into 'operational analysis' and 'strategic analysis'.

801. The activities outlined at paragraphs 49B(1)(a) and (b) are intended to reflect the FATF's expectation of FIU functions, including the broader central role to identify, assess and understand risks of money laundering and terrorist financing. The inclusion of 'other serious crimes' also reflects the objects clause of the AML/CTF Act at section 3, and the functions of the AUSTRAC CEO at section 212.

802. This item will support AUSTRAC's FIU operations in ways not currently supported by section 49 of the AML/CTF Act. In practice, paragraph 49B(1)(a) will assist in circumstances where a person comes to AUSTRAC's attention (whether by way of a referral from an international FIU, or an Australian law enforcement agency) in relation to money laundering, terrorism financing, or other serious criminal offending, and there have been no reports made by reporting entities in respect of the person of interest or the offending. New section 49B will allow the AUSTRAC CEO to issue a notice to a person (for example, a bank, bullion trader, or firearms store that AUSTRAC knows the person to be a customer of) if they reasonably believe that the person has knowledge or information on the person of interest that will support AUSTRAC's analysis.

803. In practice, paragraph 49B(1)(b) will allow AUSTRAC to conduct broader analysis at a thematic level. At present, if AUSTRAC is undertaking analysis that requires the acquisition of data relating to a theme, or a set of financial crime indicators, it is currently not possible under the existing section 49 notice power to obtain higher level, strategic information to support AUSTRAC's role to advise and assist reporting entities on risk for the purposes of their ML/TF risk assessment, or to support domestic and international efforts to combat money laundering, terrorism financing, proliferation financing and other serious crimes. Section 49B will better enable AUSTRAC to collect information from reporting entities and other persons to deliver its financial intelligence functions, and to support cooperation and collaboration among reporting entities and law enforcement agencies to detect, deter and disrupt money laundering, the financing of terrorism, and other serious crimes.

804. New subsection 49B(2) outlines the requirements for a written notice issued by the AUSTRAC CEO. A notice issued under this section must set out the time period and the manner in which the required documents are to be produced. For example, a notice may state that the documents must be produced to the AUSTRAC CEO by sending the documents to a specific email address by a specific date set out in the notice.

805. New subsection 49B(3) clarifies that the AUSTRAC CEO must not give a notice to a person unless he or she reasonably believes that the recipient of the notice has knowledge, possession or control of the information set out in the notice. This safeguard would ensure that the AUSTRAC CEO meets a particular threshold before issuing a notice to a recipient, and prevents information being sought to advance a 'fishing expedition'. This safeguard is also particularly important as non-compliance with a notice attracts a civil penalty. The AUSTRAC CEO may reach this conclusion in a number of ways, for example other documents provided to AUSTRAC may confirm the recipient has a particular document in their possession.

806. New subsections 49B(4) and 49B(5) set out the requirements for the content of the notice. At a minimum, the notice must set out the period within which the required documents are to be provided to the AUSTRAC CEO. Generally, this period must end at least 14 days after the date on which the notice is given to the recipient. However, a shorter period may be specified in the notice in circumstances where the AUSTRAC CEO considers a shorter period is necessary, or a shorter period is reasonable in the circumstances.

807. It is expected that a period of at least 14 days will be appropriate to ensure the recipient has sufficient time to obtain the documents and produce or make them available to the AUSTRAC CEO in line with the requirements set out in the notice. However, there may be circumstances where a shorter period is considered necessary, or is otherwise reasonable in the circumstances. For example, information in a document may be time sensitive, such as where AUSTRAC is conducting financial analysis on an emerging national security or terrorism financing matter.

808. New subsection 49B(5) requires a notice to set out the effect of subsection 49B(7) and sections 136 and 137 of the AML/CTF Act. Subsection 49B(7) relates to compliance with the notice and civil penalties applicable for non-compliance with a notice. This ensures the person receiving a notice is aware that they may be liable for a civil penalty if they do not comply with the notice within the period specified, and in the manner specified.

809. Both notes 1 and 2 inserted under subsection 49B(5) clarify that section 136 is about giving false or misleading information and section 137 is about producing false or misleading information. Requiring the notice to set out the effects of these sections makes it clear to the person receiving the notice what their obligations are in providing information or documents to the AUSTRAC CEO, that is, that they not be false or misleading.

810. Subsection 49B(6) requires a person to comply with a notice provided under this subsection.

811. Subsection 49B(7) makes the obligation from subsection 49B(6) subject to a civil penalty. These penalties are outlined in Division 2 of Part 15 of the AML/CTF Act. The maximum civil penalty under the AML/CTF Act is set at the highest amount allowed, which is 100,000 penalty units for a corporation and 20,000 penalty units for individuals. While the penalties can be substantial, AML/CTF enforcement actions can involve serious systemic failures by a reporting entity where the number of contraventions is immeasurable. The amount of any civil penalty will be determined by the court. Courts will decide the appropriate penalty (subject to the statutory maximum) based on the circumstances of a contravention. In determining the appropriate amount for a civil penalty, the courts will consider the impact of these violations on the Australian community, the financial system, and law enforcement efforts.

812. An individual's right to refuse to give information on the basis that it would be self- incriminating is not abrogated by this notice power.

New section 49C – Authorisation to obtain information or documents in certain circumstances

813. New section 49C would empower the AUSTRAC CEO to provide authorisation by written notice to a person allowing for the provision of information or documents voluntarily. There are no civil penalties attached to a failure to provide information under such an authorisation. This authorisation to produce recognises AUSTRAC's public-private partnerships, and other forms of cooperation between AUSTRAC and reporting entities, which facilitate cooperation to detect, deter and disrupt financial crime.

814. The Fintel Alliance is a public-private partnership led by AUSTRAC, which brings together the private sector, including major banks, as well as law enforcement and security agencies from Australia and overseas. Through the cooperation of members, the Fintel Alliance develops shared intelligence and delivers innovative solutions to detect, disrupt and prevent serious crime.

815. Members of the Fintel Alliance, alongside other cooperative reporting entities, proactively work with AUSTRAC on live intelligence cases and on strategic level intelligence analysis. However, in many cases the provision of information to AUSTRAC can only occur following the issuing of mandatory information production notice. This information sharing comes with a risk of civil penalties if entities cannot access protections from section 51 or section 235 of the AML/CTF Act. The new authorisation notice power is intended to facilitate such information sharing for defined purposes without exposing cooperative persons to legal risks such as breach of privacy or contractual obligations of confidence.

816. Section 49C is intended to allow for the AUSTRAC CEO to issue a notice to a person or entity as part of these partnerships, allowing them to voluntarily provide information. In order to encourage the sharing of information, section 49C is designed in a way that ensures recipients are protected any legal action such as breaches of confidence as a result of sharing the information.

817. Subsection 49C(1) mirrors subsection 49B(1) to set out the scope of such an authorisation, by making it clear that this section applies if a person has information or a document that may assist the AUSTRAC CEO with particular activities for the purpose of the performance of functions of the AUSTRAC CEO.

818. Similar to section 49B, those particular activities are set out in paragraphs 49C(1)(a) and (b) as:

obtaining or analysing information to support efforts to combat money laundering, terrorism financing, proliferation financing and other serious crimes; or
identifying trends, patterns, threats or vulnerabilities associated with money laundering, terrorism financing, proliferation financing and other serious crimes.

819. New subsection 49C(2) provides that the AUSTRAC CEO may, by written notice, authorise a person to give information or provide documents. Unlike section 49B, this is not limited to a particular manner or timeframe, and is intended to be as broad and flexible as possible to facilitate collaboration between AUSTRAC and its partners.

820. New subsection 49C(3) requires a notice to set out the effect of subsection 49C(5) and sections 136 and 137 of the AML/CTF Act. Subsection 49C(5) sets out the application of the section despite any general law obligations of confidence, clarifying for the person receiving the notice that in providing information or documents in response to the authorisation notice, they will be protected from inadvertently breaching any contractual obligations of confidence.

821. Both notes 1 and 2 inserted at the end of subsection 49C(3) provide that section 136 of the AML/CTF Act is about giving false or misleading information and section 137 of the AML/CTF Act is about producing false or misleading information. Requiring the notice to set out the effects of these sections makes it clear to the person receiving the notice what their obligations are in providing information or documents to the AUSTRAC CEO, that is, that they are not false or misleading.

822. New subsection 49C(4) provides that a person may give information or produce a document to the AUSTRAC CEO in accordance with a notice under subsection 49C(2). This confirms the intent of the operation of section 49C detailed above.

823. The note inserted at the end of new subsection 49C(4) clarifies that this subsection constitutes an authorisation for the purposes of the Privacy Act 1988 and other laws.

824. New subsection 49C(5) expressly provides that the authorisation to provide information or documents under section 49C applies despite general law obligation of confidence. The effect of this is to ensure a person providing information in response to a notice is protected from the operation of general law obligations as such a disclosure would not amount to a breach of confidence.

825. An individual's right to refuse to give information on the basis that it would be self- incriminating is not abrogated by this notice power.

Item 7 – Section 50A (at the end of the heading)

826. This Item inserts ', 49B or 49C' at the end of the heading. This is intended to ensure that information obtained in response to a notice issued under clauses 49B or 49C is afforded the same secrecy protections under the AML/CTF Act as notices issued under section 49. As outlined below in relation to Items 8 and 9 of this Schedule, amendments to section 50A would extend the existing criminal offence for making a record of, disclosing or otherwise using information obtained under section 49 to sections 49B and 49C.

Item 8 – Paragraph 50A(1)(b)

827. As outlined above in relation to Item 7 of this Schedule, Item 8 extends paragraph 50A(1)(b) to include information obtained through section 49B or 49C notices.

Item 9 – Paragraphs 50A(3)(a) and (b)

828. Similarly to Items 7 and 8, Item 9 extends paragraphs 50A(3)(a) and (b) to information obtained under sections 49B and 49C. This clarifies that an entrusted investigating official is not to be required to produce a document containing information obtained under these clauses to a court or tribunal, or disclose such information to a court or tribunal, except where it is necessary to do so for the purposes of giving effect to the AML/CTF Act.

Item 10 – Section 51

829. Item 10 includes reference to '49, 49B or 49C' in existing section 51 of the AML/CTF Act. Section 51 of the AML/CTF Act clarifies that a person who provides information under sections 41, 43, 45 or 49 of the AML/CTF Act will be taken not to have been in possession of that information for the purposes of Division 400 (Money laundering) and Chapter 5 (The Security of the Commonwealth) of the Criminal Code. Item 10 amends this provision to also add information obtained under sections 49B and 49C, offering the same protections to that information.

Item 11 – Section 120

830. Item 11 amends the simplified outline in section 120 of the AML/CTF Act to insert an additional point that notes certain persons must not disclose information relating to the giving or production of certain reports, information or other documents.

831. While this update to the simplified outline is included to assist a reader's understanding of the substantive provisions to follow, it is not intended to be comprehensive. Readers are advised to rely on the substantive provisions for full comprehension.

Item 12 – After subsection 123(2)

832. This is a bridging provision which would protect against the disclosure of information relating to a notice under section 49B ahead of the new tipping off offence (at Schedule 5 of the Bill) commencing on 31 March 2026. This bridging provision will then be repealed upon commencement of the new tipping off offence.

833. Item 12 inserts subsection 123(2A), which would prohibit a person from disclosing to anyone (except an AUSTRAC entrusted person) they that are or have been required by a notice under subsection 49B(2) to give information or produce a document, or that the information has been given or the document has been produced.

Item 13 – Subsection 123(10)

834. Item 13 is consequential to the amendment made by Item 12 of this Schedule (see above) and provides that except where it is necessary to do so for the purposes of giving effect to the AML/CTF Act or the FTR Act a reporting entity is not to be required to disclose to a court or tribunal information mentioned in subsections 123(1), 123(2) or 123(2A).

Item 14 – Paragraph 123(11)(a)

835. Item 14 is consequential to the amendment made by Item 12 of this Schedule (see above) and inserts new subsection 123(2A) into the tipping off offence.

Item 15 – Subsection 167(1)

836. This Item repeals and replaces subsection 167(1) of the AML/CTF Act to reinforce its original policy intent to be a complementary 'paper-based' production power to Part 13 of the AML/CTF Act. The amendments to section 167 will allow an authorised officer to issue a notice to any person the officer reasonably believes has knowledge or information relevant to compliance with the AML/CTF Act or the regulations requiring them to provide that information.

837. Authorised officers can currently only request information from a person if they are a reporting entity, an officer, employee or agent of a reporting entity, or their name has been entered on the Remittance Sector Register. New subsection 167(1) would allow a notice to be given to any person the authorised officer considers has knowledge of information, or possession or control of a document.

838. As this amendment to subsection 167(1) expands the class of potential recipients from current or former reporting entities (or their current of former employees or agents), the scope of the provision has been reduced. Whereas before an authorised officer could request anything 'relevant to the operation of this Act, the regulations or the AML/CTF Rules', new subsection 167(1) will require the information or document to be relevant to the compliance with or enforcement of:

an offence provision of the AML/CTF Act or the regulations,
a civil penalty provision of the AML/CTF Act or the regulations, or
an offence provision of the Crimes Act 1914 or the Criminal Code, to the extent that it relates to the AML/CTF Act.

839. 'Compliance with or enforcement of' the AML/CTF Rules is not included in the new subsection 167(1) as there are no criminal or civil penalty provisions contained within the AML/CTF Rules.

840. The scope of new subsection 167(1) is intended to ensure that AUSTRAC can appropriately seek the information it needs to ensure compliance with and enforcement of the AML/CTF regime where individuals or entities have information that is relevant, but may not necessarily be considered a reporting entity. This is particularly relevant given the opening up of flexibility for members of reporting groups elsewhere in these reforms, and will ensure AUSTRAC is able to ensure compliance even where AML/CTF obligations are being discharged on behalf of reporting entities.

Item 16 – After subsection 167(3)

841. This Item inserts a new 'Compliance' heading into section 167. Item 16 also inserts new subsection 167(3A) to provide that a person is required to comply with a notice given under subsection 167(2), and subsection 167(3B) to clarify that subsection 167(3A) is a civil penalty provision.

842. The insertion of these new subsections amends the penalty for non-compliance with a notice issued under subsection 167(2) from only a criminal penalty, to be a criminal and civil penalty. The addition of a civil penalty provision is so AUSTRAC is able to address non- compliance with a notice without referral for criminal prosecution. Both a criminal and civil penalty is required in this instance, as if only civil penalties were available, a reporting entity may make a commercial decision to not respond to a notice issued under subsection 167(2) and accept the civil pecuniary penalty. This would frustrate AUSTRAC's efforts and leave it unable to progress any meaningful supervision or enforcement proceedings.

843. Subsection 167(3B) makes the obligation from 167(3A) subject to a civil penalty. These penalties are outlined in Division 2 of Part 15 of the AML/CTF Act. The maximum civil penalty under the AML/CTF Act is set at the highest amount allowed, which is 100,000 penalty units for a corporation and 20,000 penalty units for individuals. While the penalties can be substantial, AML/CTF enforcement actions can involve serious systemic failures by a reporting entity where the number of contraventions is immeasurable. The amount of any civil penalty will be determined by the court. Courts will decide the appropriate penalty (subject to the statutory maximum) based on the circumstances of a contravention. In determining the appropriate amount for a civil penalty, the courts will consider the impact of these violations on the Australian community, the financial system, and law enforcement efforts.

Item 17 – At the end of paragraph 169(2)(d)

844. Section 169 currently deals with a person's privilege against self-incrimination for the purposes of giving information or producing a document under section 167 of the AML/CTF Act. Subsection 169(2) provides for limitations on the admissibility of the information provided in evidence against the person, including that it can only be used in civil and criminal proceedings under the AML/CTF Act, or proceedings under the POCA that relate to the AML/CTF Act.

845. The amendments made by Item 17 to subparagraph 169(2)(d) add three further exceptions to these limitations, being criminal proceedings for an offence against a provision covered by the definition of 'money laundering', 'financing of terrorism' or 'proliferation financing' as defined in section 5 of the AML/CTF Act. This could include proceedings relating to offences against state or territory laws that relate to money laundering, financing of terrorism or proliferation financing where information collected by AUSTRAC under section 167 is relevant.

846. This expansion of the abrogation of the privilege against self-incrimination is proportionate and reasonable, as it balances the rights and interests of the individual with benefits to the public that arise from the investigation and prosecution of serious criminal offences such as money laundering and the financing of terrorism. Further, the abrogation is no more than necessary to ensure AUSTRAC's effectiveness in monitoring and ensuring compliance with the AML/CTF Act, the AML/CTF Rules and the regulations.

Items 18 and 19

847. Items 18 and 19 add the relevant new subsections to the existing list of designated infringement provisions in the AML/CTF Act by inserting new text at section 184 of the AML/CTF Act to provide that new subsections 49B(6) and 167(3A) are 'designated infringement notice provisions' for the purpose of the AML/CTF Act.

848. Subsection 49B(6) deals with complying with a notice requiring certain documents, and subsection 167(3A) deals with complying with a notice requiring certain information or documents.

Division 2—Consequential Amendments

Freedom of Information Act 1982

Item 20 – Subparagraph 7(2G)(a)(iii)

849. This Item amends subparagraph 7(2G)(a)(iii) of the Freedom of Information Act 1982 (the FOI Act) to add information communicated to AUSTRAC in response to a notice issued under sections 49B and 49C to the list of documents exempt from the operation of the FOI Act.

850. This is intended to ensure that information obtained by AUSTRAC in response to notices issued under section 49B notices and section 49C notices has the same protections as information provided in response to notices issued under section 49 of the AML/CTF Act. The nature of the information or documents provided under all the notice powers in the AML/CTF Act will be similar and they should therefore be offered similar protections.

851. Information or documents provided in response to a notice could contain commentary that is damaging to an individual or reporting entity, and this information may not be comprehensive or substantiated. It is important, therefore that this information is afforded additional protections under the FOI Act to avoid its disclosure.

Part 3—Definitions

Anti-Money Laundering and Counter-Terrorism Financing Act 2006

Items 21 and 22

852. Items 21 and 22 amend the existing definitions of 'credit card' and 'debit card' in section 5 of the AML/CTF Act. The intention is to clarify the intended meaning of these terms, including where they are used in the amended definition of 'stored value card' inserted by Item 12 of Schedule 6.

853. The existing definitions of credit card and debit card in section 5 have the same meaning as in section 39 of Schedule 2 of the Competition and Consumer Act 2010 (CCA). The current interpretation and application of the definitions is problematic as paragraph 131A(2)(d) of the CCA states that the definitions of credit card and debit card do not apply to cards that are financial products. This has created confusion for reporting entities, as it is unclear whether the limitation under paragraph 131A(2)(d) also applies under the AML/CTF Act.

854. Recommendation 19.1(c) of the 2016 Statutory Review recommended that the definitions of credit card and debit card be replaced with definitions identical to those in section 39 of Schedule 2 of the CCA. These definitions have not been adopted in this Bill due to the need to ensure that the definitions are not restricted only to products where a physical card is issued due to the use and definition of 'article' in section 39 of Schedule 2 of the CCA.

855. The new definitions are intended to capture 'digital only' credit cards and debit cards that do not exist in a physical form. Additionally, the department considers that there is a benefit to including in both definitions that the credit card or debit card is linked to an account, which corresponds to various designated services in the AML/CTF Act (and in the definition of loan).

Item 23 – Section 5 (definition of derivative )

856. This Item replaces the existing definition of 'derivative' in section 5 of the AML/CTF Act. The new definition refers to the meaning of 'security' in new subsections 7A(1) and (2) (to be inserted by Item 29 of this Schedule). This would allow for the AML/CTF Rules to specify what is or is not a derivative for the purposes of the AML/CTF Act.

Item 24 – Section 5 (definition of issue )

857. This Item amends the definition of 'issue' in section 5 of the AML/CTF Act to clarify that it has the same meaning as in Chapter 7 of the Corporations Act.

858. There is uncertainty regarding the meaning of 'issue' in respect of the existing definition of 'security' and 'derivative' in section 5 of the AML/CTF Act (to be moved to section 8 of the AML/CTF Act by Item 29 of this Schedule), which references section 716E of the Corporations Act only in respect of timing. This provision of the Bill intends to resolve this issue by prescribing that 'issue' has the meaning of Chapter 7 (or section 716E) of the Corporations Act, including when used in relation to a security or derivative.

Item 25 – Section 5 (paragraphs (e) and (f) of the definition of loan )

859. This Item amends paragraphs (e) and (f) of the definition of 'loan' in section 5 of the AML/CTF Act to clarify the interaction between these paragraphs and the CCA. Paragraph (e) refers to goods and (f) refers to services.

860. The definition of 'loan' currently relies on the definition of goods and services outlined in the CCA. However, there are a number of banking, insurance and financial carve outs in the CCA definition of services that are not intended to be carved out of the AML/CTF regime. The ordinary meaning of both goods and services is considered more appropriate for the AML/CTF Act.

Item 26 – Section 5 (definition of money )

861. This Item amends the definition of 'money' in section 5 of the AML/CTF Act by adding digital representations of value that are issued by or under the authority of a government body and are intended to function as money. This amendment is intended to provide certainty that the definition of 'money' in section 5 of the AML/CTF Act includes digital representation of value. This includes, for example, digital currency issued by the central bank of a government.

862. The existing definition of 'digital currency' in the AML/CTF Act excludes any digital representation of value that is issued by or under the authority of a government body. However, since this definition of digital currency was introduced, there has been an emergence of digital currencies issued by central banks (known as 'central bank digital currency' or CBDC). These are considered legal tender and as such, the FATF Standards require that these forms of currency be subject to AML/CTF regulation.

Item 27 – Section 5 (definition of security )

863. This Item inserts a new definition of 'security' in section 5 of the AML/CTF Act, which refers to the meaning of security in subsections 8(1) and (2) of the AML/CTF Act.

Item 28 – Section 5 (definition of service )

864. Item 16 removes the existing definition of 'service' in section 5 of the AML/CTF Act. As outlined in Item 25 the carve outs in the CCA are not appropriate in the context of the AML/CTF Act, therefore ordinary meaning is preferred.

Item 29 – After section 7

865. This Item inserts new section 7A into the AML/CTF Act, which sets out the meaning of 'security' and 'derivative'.

866. The terms 'security' and 'derivative' are to have the same meaning as in Chapter 7 of the Corporations Act. The new definition also provides flexibility for the AUSTRAC CEO to make Rules to provide that a specific thing is or is not a security or a derivative.

867. The 2016 Statutory Review found that the potentially wide interpretation of derivative and security used within the AML/CTF Act could result in confusion as to whether AML/CTF obligations apply to a wide range of instruments, transactions and relationships that need not be issued by a financial institution as defined by the FATF, for example, executory contracts. To address this finding, and to also ensure the definition is not unnecessarily narrowed, the new definition includes a carve-in and carve-out rule-making power to allow the AUSTRAC CEO to prescribe particular securities and derivatives as securities and derivatives (or not) under the AML/CTF Act as investment products continue to rapidly evolve.

Part 4—Contingent amendment

Anti-Money Laundering and Counter-Terrorism Financing Act 2006

Item 30 – Subsection 123(8B)

868. This Item is a contingent amendment relating to the relationship between section 123 of the AML/CTF Act, as amended by this Bill, and the Intelligence Services Legislation Amendment Bill 2023, which is currently before Parliament.

869. If the ISLA Act commences, it would insert a new subsection 123(8B) in the AML/CTF Act, and would create an exception to the tipping off offence to permit the disclosure of SMR or section 49-related information to an official of the IGIS for the purpose of the IGIS performing oversight functions.

870. In the event the ISLA Act commences before Schedule 5 of this Bill, an amendment is required to subsection 123(8B) to update the tipping off offence to protect against the disclosure of s49B-related information. Item 30 amends subsection 123(8B) of the AML/CTF Act inserted by the ISLA Act to omit 'and (2) do not apply to the disclosure of information by a reporting entity' and substitute it with ', (2) and (2A) do not apply to the disclosure of information by a person'. Once Schedule 5 of this Bill commences, it will then wholly replace the tipping off offence in section 123 of the AML/CTF Act.

SCHEDULE 10 - EXEMPTIONS

871. Various provisions in the AML/CTF Act permit the AUSTRAC CEO to make rules exempting designated services from certain obligations under the AML/CTF Act. Some of these exemptions would not be remade in the new Rules due to the level of risk associated with the exemption. The AML/CTF Act was amended in 2017 to require the AUSTRAC CEO to only make exemptions when satisfied that they pose a low money laundering and terrorism financing risk (see section 212(3A) of the AML/CTF Act).

872. Additionally, some exemptions currently in the AML/CTF Rules will be incorporated into the AML/CTF Act because they are intended to be enduring, noting the view of Senate Standing Committee for the Scrutiny of Delegated Legislation that exemptions in delegated legislation should operate for no longer than 3 years. Exemptions that will remain in the AML/CTF Rules will be time-limited.

873. Some exemptions made by the AUSTRAC CEO under section 248 of the AML/CTF Act by way of non-legislative instrument are intended to be enduring and would be more appropriately legislated as statutory exceptions.

874. This Schedule would also make amendments to the exemption currently in Chapter 75 of the AML/CTF Rules, lower the threshold exempting casinos, on-course bookmakers, totalisator agency boards and gaming machine operators from conducting initial CDD measures when providing certain gambling services to customers involving transactions from less than $10,000 to less than $5,000 to align with the FATF Standards.

Anti-Money Laundering and Counter-Terrorism Financing Act 2006

Item 1 – Section 5 (definition of account )

875. This Item replaces the existing definition of 'account' in section 5 of the AML/CTF Act so that it remains an inclusive definition, but no longer lists account types.

876. The existing definition of 'account' includes specific references to account types. These references have created uncertainty for industry when trying to understand if other account types such as deposit, transaction and debit accounts are covered by the AML/CTF Act.

877. The 2016 Statutory Review recommended removing the list of account types in this definition to provide clarity and certainty for industry, and that the definition should be left to retain its ordinary meaning and be supplemented by guidance, explaining what types of account could be included in the definition.

878. This Item implements the recommendation of the 2016 Statutory Review. The list in the new definition of 'account' is not intended to be exhaustive and it is intended to have flexibility to capture any new payment methods that may become available in future in order to ensure AML/CTF obligations are adequately applied.

879. The expectation is that AUSTRAC will develop guidance on the interpretation of 'account' to explain what types of account are intended to be captured, while also making it clear that the list is non-exhaustive.

880. AUSTRAC has worked closely with financial institutions to determine at what stage a designated service can be provided on a new account. This has been reflected in the retention of paragraphs (a) and (b) of the account definition.

881. The new definition of 'account' also clarifies the meaning of account in the new definition of 'stored value card' inserted in section 5 of the AML/CTF by Item 12 of Schedule 6 of the Bill.

Item 2 – Section 5

882. Item 2 inserts a number of new definitions in section 5 of the AML/CTF Act, which are related to the exemptions that will be codified in the AML/CTF Act. This includes:

'Australian Border Force', which has the same meaning as in the Australian Border Force Act 2015.
Definitions of 'credit card acquirer' and 'credit card issuer', which rely on the concept of a designated payment system outlined in the Payment Systems (Regulations) Act 1988 and is defined in the existing Chapter 71 of the AML/CTF Rules. Chapter 71 of the AML/CTF Rules currently augments designated services 1, 2 and 3 of table 1 of section 6 of the AML/CTF Act, to expand the regulatory perimeter to include credit card issuing and acquiring by non-authorised deposit-taking institutions (ADIs). Defining these terms which will be referenced in designated services 1, 2 and 3 will support the intended enduring nature of this exemption.
'deductible gift recipient' and 'departing Australia superannuation payment', which are given the same meaning as the Income Tax Assessment Act 1997.
'exchange settlement account' means an account provided by the Reserve Bank of Australia (RBA) that is used for the final settlement of obligations between holders of such accounts.
'on-course bookmaker' 'online gambling service', and 'totalisator agency board', which relate to the gambling-related exemptions. Online gambling service takes its meaning from the provision of any of the designated services in table 3 of section 6 of the AML/CTF Act, through means referred to in paragraph 5(1)(b) of the Interactive Gambling Act 2001
'representative office', which takes its meaning from the Banking Act 1959.

883. Item 2 also introduces the concepts of 'extension notice', 'keep open notice', 'serious offence' and 'senior member', which are defined in new section 39B (see Item 7 of this Schedule below).

Items 3 to 5 – Subsection 6(2)

884. Items 3 to 5 repeal the line item 'a person specified in the AML/CTF Rules' from table items 1, 2 and 3 in subsection 6(2) of the AML/CTF Act. This line is replaced with references to a 'credit card issuer', 'credit card acquirer', or a person specified in the AML/CTF Rules. This inclusion removes the need for a specific exemption currently in Chapter 71 of the AML/CTF Rules to clarify the intended scope of the services following amendments to the Banking Regulations 1966.

Item 6 – Subsection 6(2) (table item 47, column headed "Provision of a designated service", paragraph (b))

885. Item 6 repeals paragraph (b) of designated services item 47 and replaces it with a new paragraph to transition the exemption that currently exists in Chapter 32 of AML/CTF Rules. The new paragraph excludes services provided in the course of carrying on a business that provide short-term accommodation for travellers from all AML/CTF obligations.

886. This Item gives effect to the exemption currently at Chapter 31 of the AML/CTF Rules, rather than creating a standalone exemption.

Item 7 – At the end of Division 7 of Part 2

887. Item 7 inserts new sections 39A, 39B, 39C, 39D, and 39E in Division 7 of Part 2 of the AML/CTF Act. New sections 39A to 39D relate to exemptions for assisting the investigation of certain offences, which are currently in Chapter 75 of the AML/CTF Rules. This Item legislates and amends the current exemptions in Chapter 75 of the AML/CTF Rules. Chapter 75 of the AML/CTF Rules allows the AUSTRAC CEO to exempt reporting entities from particular sections of the AML/CTF Act where providing a designated service to a customer would assist the investigation of a serious offence.

New section 39A Exemption—assisting the investigation of certain offences

888. Subsections 39A(1) and 39A(2) provide that a reporting entity is not required to satisfy sections new sections 28, 30, or 26G in respect of the provision of a designated service to the customer to the extent that they reasonably believe that compliance with those sections would or could reasonably be expected to alert the customer to the existence of a criminal investigation. This only applies in circumstances where a reporting entity has received a keep open notice in relation to the customer and the keep open notice is in force.

889. Subsection 39A(2) provides a clarifying note that the reporting entity is not required to report a SMR when they receive a keep open notice. However, a SMR obligation may otherwise arise for the reporting entity in relation to the customer in accordance with section 41 of the AML/CTF Act.

890. Further, the reporting entity will retain the discretion to choose whether to continue to provide a designated service to a customer after receipt of a keep open notice.

891. Subsection 39A(3) clarifies that for the purposes of subsection 39A(2), it is immaterial whether the reporting entity knows of the existence or otherwise of a criminal investigation.

892. Subsection 39A(4) clarifies that if subsection 39A(2) applies in relation to the provision of a designated service to a customer, the reporting entity will not be committing an offence under section 139 (providing a designated service using a false customer name or customer anonymity) for a customer under investigation.

893. The note at the end of subsection 39A(4) clarifies that a defendant will bear the evidential burden in relation to the matter in subsection (4). This reversal of the burden of proof is justifiable, as evidence regarding whether subsection (2) applies will be particularly in the knowledge of the defendant (that is, the reporting entity).

894. Section 39A is intended to create a safe harbour from liability from the relevant provisions of the AML/CTF Act for a reporting entity that continues to provide a customer with designated services so long as it conforms with the requirements of the AML/CTF Act, AML/CTF Rules and the details in the keep open notice.

Section 39B Keep open notices

895. Section 39B provides for the issuing of a 'keep open notice' where a senior member of an agency reasonably believes that providing a designated service by the reporting entity to a customer under investigation for a serious offence would assist said investigation. For example, where the investigation would benefit from continued transaction monitoring of a suspected criminal's financial behaviours.

896. For clarity, the agency does not need to seek permission from AUSTRAC to issue the keep open notice to a reporting entity. This streamlines the process by removing the largely administrative intermediary role performed by AUSTRAC previously. AUSTRAC will retain a role in overseeing the issue of notices by agencies, but without delaying the investigation of serious criminal activity.

897. Subsection 39B(2) provides the definition of 'serious offence' for the purposes of section 39B. A serious offence is an offence against any law of the Commonwealth, or a law of a State of Territory, that is be punishable by imprisonment of at least 2 years; or an offence against a law of a foreign country that involves an act or omission that, if it had occurred in Australia, would have constituted an equivalent offence. This reflects the current timeframes provided in the AML/CTF Rules.

898. Subsection 39B(3) provides the definition of 'senior member' for the purposes of section 39B. A senior member of an agency that can issue keep open notices includes any person that is the head of an agency, a person employed or acting in a senior executive position of an agency and any statutory office holder of an agency.

899. Subsection 39B(4) sets out the agencies that can issue a keep open notice pursuant to section 39B. These include all Australian Commonwealth, State and Territory police forces and services and a selection of other state and Commonwealth agencies. Subsection 39B(4)(g) permits the AUSTRAC CEO to make rules that may add to this list of agencies.

900. Subsection 39B(5) sets out requirements for the form and content of a keep open notice. The AML/CTF Rules will prescribe the form for the keep open notice and the details for information to be included therein.

901. Subsection 39B(6) sets out the duration of a keep open notice, unless extended under subsection (7) or (8). Subsection 39B(6) outlines that the keep open notice starts on the day specified in the notice and ends on the earlier of either; 6 months after the day specified in the notice, or the day the issuing agency informs the reporting entity and the AUSTRAC CEO that the relevant investigation has ended.

902. Subsection 39B(7) provides for a senior member of an agency that has issued a keep open notice to extend the period of time that the keep open notice remains in effect by issuing an extension notice. The policy intention is that an agency will be able issue a keep open notice, including extensions, for a maximum total duration of 18 months. An issuing agency may wish to extend a keep open notice to reduce the administrative burden on the agency.

903. Subsection 39B(8) sets out the requirements for AUSTRAC CEO to authorise the issuing agency to extend the notice one or more times if the keep open notice has previously been extended at least twice under subsection 39B(7). A senior member of the issuing agency is required to apply to the AUSTRAC CEO in the form prescribed in the AML/CTF Rules, and the AUSTRAC CEO must be satisfied that the continuation of the keep open notice would assist the investigation of a serious offence.

904. Subsection 39B(9) enables the AUSTRAC CEO to give a notice under paragraph 39(8)(d) more than once in relation to a particular keep open notice.

Section 39C Keep open notices – AUSTRAC oversight

905. Section 39C enables the AUSTRAC CEO to provide oversight of keep open notices to ensure that the quality and consistency of the process is upheld, including that notices are used appropriately, by:

creating an obligation for agencies to send a copy of each keep open notice and extension notice to the AUSTRAC CEO at the same time the notice is issued to the reporting entity, and
creating a discretionary power for the AUSTRAC CEO to revoke a keep open notice or extension notice where the AUSTRAC CEO is satisfied that the notice does not comply with the requirements of the AML/CTF Act or the AML/CTF Rules.

906. Subsection 39C(3) sets out that the AUSTRAC CEO may revoke a keen open notice or an extension notice if the AUSTRAC CEO is satisfied the notice does not comply with the requirements of the AML/CTF Act or the AML/CTF Rules.

907. If the AUSTRAC CEO revokes a notice under section 39C, subsection 39C(4) requires the AUSTRAC CEO to notify the agency that issued the notice, and the reporting entity to whom the notice was issued.

Section 39D Exemption – when a suspicious matter reporting obligation arises

908. Section 39D applies in circumstances where a suspicious matter reporting obligation arises for a reporting entity in relation to a customer.

909. Subsection 39D(2) provides for an exemption for a reporting entity to not be required to satisfy sections 28, 30, or 26G in respect of the provision of a designated service to a customer, where a suspicious matter reporting obligation arises and the reporting entity reasonably believes that compliance with those sections would or could reasonably be expected to alert the customer to the reporting entity's suspicion.

Section 39E Exemptions - specified conditions

910. Section 39E introduces a table into the AML/CTF Act that compiles a number of exemptions to the CDD provisions. These exemptions were all previously included in the AML/CTF Rules, and have been moved into the AML/CTF Act to provide ongoing certainty for the affected sectors regarding the status of their exemptions. The table sets out the particular designated service to which the exemption applies, and any condition they have to meet to receive the benefit of the exemption. The provision states that the exemption will not apply where the entity has an ECDD obligation under section 38. Detail on each exemption in the table is provided below.

Exemptions – specified conditions table

911. Item 1 of the table in new section 39E adds the substantive provisions in Chapter 35 of the AML/CTF Rules to the AML/CTF Act. Chapter 35 currently exempts reporting entities from customer identification requirements when the entity allows a person to become a signatory to an account, or allows a transaction to be conducted in relation to the account, where the provision of the service relates to a correspondent banking relationship.

912. This exemption only applies where the customer is a financial institution which is in a correspondent banking relationship, where the geographical links set out in section 100 of the AML/CTF Act are satisfied, and where the service relates to signatories to the account who are employees of the other financial institution. This exemption is required to be retained as it is unnecessary and burdensome to be required to conduct customer due diligence in this circumstance due to the existing requirements to conduct correspondent due diligence.

913. Items 2, 3, 4, 5, 9 and 10 of the table in new section 39E codify Chapter 14 of the AML/CTF Rules, which has been in place for over a decade and is intended to be ongoing. These items set out circumstances, such as the cashing out of a low value superannuation fund, where exemptions may apply to reporting entities from performing customer identification procedures. These exemptions are applied to extremely low risk situations where the requirement to conduct customer due diligence amounts to a burden.

914. The exemptions do not apply where a reporting entity determines, in accordance with its enhanced CDD procedures, that it should obtain and verify any KYC information about a customer in accordance with its customer identification procedures. This exemption is appropriate to include on the AML/CTF Act due to the low-risk nature of the services in question.

915. Item 6 of the table in new section 39E codifies Chapter 38 of the AML/CTF Rules to exempt reporting entities from customer identification provisions where the reporting entity disposes of low-value parcels of shares on a prescribed financial market, and gives the proceeds directly to charitable organisations who are deductible gift recipients under the Income Tax Assessment Act 1997.

916. The reporting entity must provide an undertaking to distribute by cheque or electronic funds transfer the proceeds of the security to a deductible gift recipient and lists the details of the disposal on its public website for a specified period. This exemption is limited to transactions less than or equal to $10,000. The threshold has only been amended once, in 2016, since the exemption's creation and is intended to be enduring.

917. Item 7 of the table in new section 39E codifies Part 41.2 of the AML/CTF Rules which exempts trustees of a superannuation fund from customer identification provisions where they cash out a customer's superannuation fund, in circumstances where:

the customer's account balance is not greater than $1,000
no additional contributions are accepted from the customer in relation to the interest
the whole of the interest of the customer in the superannuation fund is cashed out
the account is closed as soon as practicable after the account has been cashed out to the customer, and
the service is not a Departing Australia Superannuation Payment (DASP) as defined under s 301-170 of the Income Tax Assessment Act 1997.

918. These exemptions are appropriate to be codified in the AML/CTF Act due to the low risk nature of these situations. This exemption has been in place for 11 years and is intended to eliminate duplication of identification procedures by the ATO, who administer the DASP system, and the reporting entity. The threshold has not been changed since it was made in 2012.

919. Item 8 of the table in new section 39E codifies Part 41.43 of the AML/CTF Rules into the AML/CTF Act. This item exempts reporting entities from customer identification requirements where the reporting entity provides designated services 43 (cashing of superannuation or approved deposit fund interests) or 45 (cashing of retirement savings account interests), designated services in table 1 of section 6 of the AML/CTF Act, where:

the customer applies to cash out their interests in the superannuation fund, approved deposit fund or retirement savings account online using the DASP system
the value of the interest is less than $5000
the member does not make any more contributions, and
the whole of the interest is cashed out and the account is closed as soon practicable after the interest is cashed out.

920. As with item 7 of the table in section 39E (see above), this is intended to eliminate duplication of identification procedures by the ATO, who administer the DASP system, and the reporting entity. The threshold has not been changed since it was made in 2012.

921. Items 12 to 17 of the table in new section 39E lower the current CDD exemption threshold for reporting entities that are casinos, on-course bookmakers, totalisator agency boards (TABs) and gaming machine operators when providing specified designated services to customers involving transactions less than $5,000 (it is currently $10,000).

922. Chapter 10 of the AML/CTF Rules currently provides casinos, on-course bookmakers, TABs, and gaming machine operators with a number of exemptions from performing customer identification requirements when providing specified designated services where the service involves an amount less than $10,000, except where the reporting entity determines that enhanced CDD should be applied.

923. FATF Recommendation 22 requires countries to impose an obligation on casinos to conduct CDD on customers that engage in financial transactions equivalent to or above a designated threshold. The FATF determined that this designated threshold should be USD/EUR3,000, which, depending on the exchange rate is roughly equivalent to $4,500-5,000 in Australian dollars. This threshold is based on the globally recognised risks inherent in these services. This CDD exemption threshold has always been significantly higher than the FATF Standards.

924. In legislating this exemption, the Bill would lower the threshold to $5,000 to align more closely with the FATF Standards, recognising the ML/TF risks posed by the sector.

Section 39F – Exemption for intermediary institutions

925. New section 39F provides an exemption so that that Divisions 1 to 6 of Part 2 of the AML/CTF Act relating to CDD do not apply to entities that act as intermediary institutions for the purposes of passing on a transfer of value – see Schedule 8 of the Bill for additional information.

926. This is intended to exempt intermediary institutions from most customer due diligence obligations in recognition of the fact that intermediary institutions do not have a direct customer relationship with either the payer or the payee.

927. Subsection 39F(2) provides that intermediary institutions must monitor for unusual transactions and behaviour that may give rise to a suspicious matter reporting obligation. This will ensure that an intermediary institution must submit a SMR to AUSTRAC where, for example, it detects that a person or entity subject to targeted financial sanctions is a party to the transfer of value.

928. Subsections 39F(3) and (4) provide that subsection 39F(2) is a civil penalty provision. These penalties are outlined in Division 2 of Part 15 of the AML/CTF Act. The maximum civil penalty under the AML/CTF Act is set at the highest amount allowed, which is 100,000 penalty units for a corporation and 20,000 penalty units for individuals. While the penalties can be substantial, AML/CTF enforcement actions can involve serious systemic failures by a reporting entity where the number of contraventions is immeasurable. The amount of any civil penalty will be determined by the court. Courts will decide the appropriate penalty (subject to the statutory maximum) based on the circumstances of a contravention. In determining the appropriate amount for a civil penalty, the courts will consider the impact of these violations on the Australian community, the financial system, and law enforcement efforts.

Item 8 – At the end of section 44 (after the note)

929. Item 8 amends existing section 44 of the AML/CTF Act to provide additional exemptions from the threshold transaction reporting obligation (currently section 43 of the AML/CTF Act). These exemptions apply to:

a designated service provided by an ADI to a customer that is an ADI; and
a designated service provided by the holder of an Exchange Settlement Account (ESA) to a customer which is the holder of an Exchange Settlement Account.

930. These exemptions are appropriate as services provided between ADIs and ESAs are extremely low risk due to the regulation of these entities by APRA and the RBA.

Item 9 – Section 106

931. Item 9 repeals the current section 106 related to record keeping, as per the below Item 10, it will be replaced with the new section 107.

Item 10 – Section 107

932. Item 10 repeals the current section 107 related to record keeping and adds a new section 107 to replace the former sections 106 and 107.

933. The current obligation in section 107 is too broad as it requires entities to retain any record made in relation to the provision of a designated service to a customer, not just transaction records. As a result, Chapter 29 of the AML/CTF Rules exempts nine types of records that are exempt from the current section 107. These can be characterised as records that are not essential to permit the reconstruction of a transaction for the purposes of possible prosecution of criminal activity.

934. Due to the limited law enforcement and prosecutorial value of requiring entities to keep these documents, particularly when balanced against privacy concerns, and noting that FATF does not require that these types of records be kept, the exemption for these records should be codified so that reporting entities continue not to be required to keep these records.

935. Subsection 107(3) requires records be kept for 7 years. This timeframe aligns with other legislation, such as the Privacy Act 1988.

936. The new section 107 reframes the obligation to retain transaction records to align more closely with FATF requirements, so that records of the kind exempt by Chapter 29 would no longer be captured by the obligation and the exemption is no longer needed.

937. The exemption from keeping a record of these documents is only for the purposes of the AML/CTF Act and should not limit any record-keeping obligations that the entity may have under any other legislation, such as the Privacy Act 1988.

Item 11 – After Part 17A

938. Item 11 inserts a new Part 17B after Part 17A of the AML/CTF Act. Part 17B sets out additional exemptions in certain circumstances that are intended to apply more broadly than the above exemptions to specified Parts of the AML/CTF Act.

New section 233H – Simplified outline

939. Section 233H inserts a simplified outline into Part 17B, which provides that certain parts of the AML/CTF Act do not apply to certain persons in certain circumstances. This simplified outline is included to assist a reader's understanding of the substantive provisions to follow, and is not intended to be comprehensive.

New section 233J – Exemption – Reserve Bank of Australia

940. Section 233J codifies the exemption for the RBA. The RBA is a corporate Commonwealth entity and its functions are predominantly statutory. Its provision of designated services was previously exempted from the AML/CTF Act through a series of ad hoc exemptions. In 2016 the RBA received the overarching exemption that applies to all substantive provisions of the AML/CTF Act.

941. The current RBA exemption is currently made by the AUSTRAC CEO through legislative instrument under section 248 of the AML/CTF Act, and has no time limit and is intended to be enduring. Noting the view of the Senate Standing Committee for the Scrutiny of Delegated Legislation that exemptions made by delegated legislation should be time limited, the Bill would legislate the RBA exemption rather than have it maintained in a time- limited non-legislative instrument.

942. The risk for most of RBA's customers and services are 'low' or 'very low', and the RBA has robust and systematic risk management processes and is subject to the Public Governance, Performance and Accountability Act 2013 risk management and oversight requirements.

943. Given that the FATF does not explicitly require central banks to be subject to AML/CTF regulation and likeminded jurisdictions (the United States, the United Kingdom, New Zealand and Canada) do not subject their central banks to AML/CTF regulation, legislating this exemption would be consistent with international standards and practice.

New section 233K – Exemption for operating no more than 15 gaming machines

944. Section 233K is intended to reduce the regulatory impact to small businesses in the pubs and clubs sector that operate no more than 15 gaming machines. This amendment would move the current exemption from Chapter 52 of the AML/CTF Rules into the AML/CTF Act. This would exempt persons who are licensed to operate no more than 15 gaming machines from most AML/CTF obligations, other than enrolment, keeping enrolment details up to date, SMR reporting and certain record keeping obligations.

945. Chapter 52 of the AML/CTF Rules was made in 2011, responding to exemption applications from industry highlighting the significant regulatory burden of the AML/CTF regime on small venues that operated a limited number of gaming machines, mainly pubs and clubs. This exemption only applies to reporting entities that provide one or more of the designated service items 5, 6, 9 or 10 from table 3 in subsection 6(4) of the AML/CTF Act, limiting its application to pubs and clubs.

946. Section 233K would continue the exemption from Chapter 52 of the AML/CTF Rules into the AML/CTF Act. This exemption would not apply if a venue is part of a reporting group which collectively has an entitlement to operate no more than 15 gaming machines across all venues in the group.

SCHEDULE 11 - REPEAL OF THE FINANCIAL TRANSACTION REPORTS ACT 1988

Part 1—Repeals

Financial Transaction Reports Act 1988

Item 1 – The whole of the Act

947. This Item repeals the whole of the FTR Act.

948. The 2016 Statutory Review recommended the FTR Act should be repealed, and AML/CTF obligations should be consolidated under the AML/CTF Act to establish a single regime. The 2016 Statutory Review noted that the operation of the FTR Act alongside the AML/CTF Act creates overlap and confusion for government, industry and the public, without any demonstrable benefit. Repeal of the FTR Act would also allow for more efficient use and application of AUSTRAC resources, enabling greater focus on a single AML/CTF system.

949. Repealing the FTR Act would also have the effect of deregulating the remaining cash dealers that have obligations under the FTR Act, including motor vehicle dealers, sellers of traveller's cheques and offshore online remitters. These remaining cash dealers provide low risk services that no longer reflect the current state of sectors prone to money laundering and terrorism financing as multiple decades have passed since the FTR Act came into effect. This deregulation excludes solicitors that offer a proposed designated service to be captured under Schedule 3 of the Bill.

Part 2—Consequential amendments

Division 1—Amendment of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006

Anti-Money Laundering and Counter-Terrorism Financing Act 2006

Item 2 – Section 5 (paragraph (g) of the definition of AUSTRAC entrusted person )

950. This Item makes a minor consequential amendment to paragraph (g) of the existing definition of 'AUSTRAC entrusted person' in section 5 the AML/CTF Act to omit 'repealed section 40A of the', and substitute it with 'section 40A of the repealed'.

Item 3 – Section 5 (note to the definition of AUSTRAC entrusted person )

951. This Item inserts 'repealed' before 'Financial' in the existing note to the definition of 'AUSTRAC entrusted person' in section 5 of the AML/CTF Act. This note refers to the FTR Act which is being repealed. The reason for adopting this amendment, as opposed to repealing the note entirely, is because this section will continue in operation. It is critical to maintain the note as a reference point confirming that the former office of the Director of AUSTRAC was established under the FTR Act.

Item 4 – Section 5 (paragraph (d) of the definition of AUSTRAC information )

952. This Item inserts ', as in force immediately before its repeal' after '1988' in paragraph (d) of the existing definition of 'AUSTRAC information' in section 5 of the AML/CTF Act. This paragraph refers to the FTR Act which is being repealed. The reason for adopting this amendment, as opposed to repealing the paragraph entirely, is because this section will continue in operation. It is critical to maintain the paragraph as a reference point to when FTR Act information was considered to be AUSTRAC information.

Item 5 – Subsection 49(1)

953. This Item inserts 'of this Act, or a reporting entity communicated information to the AUSTRAC CEO under subsection 16(1) or (1A) of the repealed Financial Transaction Reports Act 1988' after 'CEO under section 41, 43 or 45' in subsection 49(1) of the AML/CTF Act. The reason for adopting this amendment is because investigating officers are intended to continue to have the ability to provide notices for further information on reports made under section 16 of the FTR Act. For example, AUSTRAC may wish to provide a notice to a bank for further information on a section 16 report submitted by a motor vehicle dealer prior to repeal of the FTR Act.

Item 6 – Subparagraph 49(1)(i)(ii)

954. This Item will insert 'of this Act, or subsection 16(1) or (1A) of the repealed Financial Transaction Reports Act 1988' after '45' in subparagraph 49(1)(i)(ii) of the AML/CTF Act for similar reasoning as for Item 5 of this Schedule (see above).

Item 7 – Subsection 50A(3)

955. This Item will insert 'repealed' before 'Financial' in subsection 50A(3) of the AML/CTF Act. This subsection refers to the FTR Act which is being repealed. The reason for adopting this amendment, as opposed to repealing the subsection entirely, is because this section will continue in operation. It is critical to maintain the subsection as a reference point to the exception that existed pre-repeal of the FTR Act.

Item 8 – At the end of Division 3 of Part 10

956. This Item inserts a new section 114B in the AML/CTF Act, which provides for the retention of records made or obtained by reporting entities under the FTR Act repealed by Item 1 of this Schedule.

957. Currently, cash dealers are required to retain records, including information relevant to suspect transaction reports for 7 years under the FTR Act. This Item ensures that cash dealers will still be required to retain these records for a total of 7 years after the FTR Act is repealed by Item 1 of this Schedule. This will allow AUSTRAC and other law enforcement agencies to continue to provide section 16(4) notices to request further information on suspect transaction reports from these entities.

958. FTR Act reporting entities would be required to continue to retain records for 7 years from repeal of the FTR Act. Reporting entities that stopped providing designated services prior to the repeal of the FTR Act would still be required to retain records for 7 years after the reporting entity stopped providing any designated services to the customer.

959. New subsection 114B(4) also provides that if the reporting entity is part of a designated business group, record-keeping obligations may be undertaken by any other member of the group. Subsection 114B(4) will be repealed on 1 March 2026, to align with the changes to the concept of a 'designated business group'.

960. After 1 March 2026, new section 236B will enable reporting entities that are part of the new 'reporting group' concept to continue record keeping obligations to this effect. This is set out in Item 50 of Schedule 1 of this Bill.

Item 9 – Paragraph 121(2)(a)

961. This Item will insert 'repealed' before 'Financial' in paragraph 121(2)(a) of the AML/CTF Act. This paragraph refers to the FTR Act which is being repealed. The reason for adopting this amendment, as opposed to repealing the paragraph entirely, is because this section will continue in operation. It is critical to maintain the paragraph as a reference point to when accessing, authorising access, making a record of, disclosing or using AUSTRAC information for the purposes of the FTR Act was an exemption to the section 121 offence.

Item 10 – Subsection 123(10)

962. This Item will insert 'repealed' before 'Financial' in subsection 123(10) of the AML/CTF Act. This subsection refers to the FTR Act which is being repealed.

Item 11 – At the end of subparagraph 124(1)(a)(i)

963. This Item will add 'of this Act or subsection 16(1) or (1A) of the repealed Financial Transaction Reports Act 1988' at the end of subparagraph 124(1)(a)(i) of the AML/CTF Act.

Item 12 – Subparagraph 124(1)(a)(iv)

964. This Item will omit 'section 41; and' and substitute it with 'section 41 of this Act or subsection 16(1) or (1A) of the repealed Financial Transaction Reports Act 1988;' in subparagraph 124(1)(a)(iv) of the AML/CTF Act.

Item 13 – At the end of paragraph 124(1)(a)

965. This Item will add '(v) information given under subsection 16(4) of the repealed Financial Transaction Reports Act 1988; and' at the end of paragraph 124(1)(a) of the AML/CTF Act.

Item 14 – Subparagraph 124(1)(b)(i)

966. This Item will insert 'of this Act or subsection 16(1) or (1A) of the repealed Financial Transaction Reports Act 1988' after 'subsection 41(2)' in subparagraph 124(1)(b)(i) of the AML/CTF Act.

Item 15 – Subparagraph 124(1)(b)(ii)

967. This Item will insert 'of this Act or subsection 16(1) or (1A) of the repealed Financial Transaction Reports Act 1988' after 'subsection 41(2)' in subparagraph 124(1)(b)(ii) of the AML/CTF Act.

Item 16 – Subparagraph 124(1)(b)(iii)

968. This Item will insert 'of this Act or subsection 16(1) or (1A) of the repealed Financial Transaction Reports Act 1988' after 'subsection 41(2)' in subparagraph 124(1)(b)(iii) of the AML/CTF Act.

Item 17 – Subparagraph 124(1)(b)(iv)

969. This Item will insert 'of this Act or subsection 16(1) or (1A) of the repealed Financial Transaction Reports Act 1988' after 'section 41' in subparagraph 124(1)(b)(iv) of the AML/CTF Act.

Item 18 – At the end of subparagraph 124(1)(b)(v)

970. This Item will add 'of this Act or subsection 16(1) or (1A) of the repealed Financial Transaction Reports Act 1988' at the end of subparagraph 124(1)(b)(v) of the AML/CTF Act.

Item 19 – Paragraph 124(2)(b)

971. This Item will insert 'repealed' before 'Financial' in paragraph 124(2)(b) of the AML/CTF Act. This paragraph refers to the FTR Act which is being repealed. The reason for adopting this amendment, as opposed to repealing the paragraph entirely, is because this section will continue in operation. It is critical to maintain the paragraph as a reference point to when criminal proceedings for an offence against sections 29 or 30 under the FTR Act were exceptions to subsection 124(1).

Item 20 – Paragraph 126(3A)(c)

972. This Item will insert 'repealed' before 'Financial' in paragraph 124(2)(b) of the AML/CTF Act. This paragraph refers to the FTR Act which is being repealed. The reason for adopting this amendment, as opposed to repealing the paragraph entirely, is because this section will continue in operation. It is critical to maintain the paragraph as a reference point to when AUSTRAC information obtained under section 16 of the FTR Act was an exception to subsection 126(3) of the AML/CTF Act.

Item 21 – Section 134

973. This Item will insert 'repealed' before 'Financial' in section 134 of the AML/CTF Act. This section refers to the FTR Act which is being repealed.

Item 22 – Paragraph 175(3)(g)

974. This Item will insert 'repealed' before 'Financial' in paragraph 175(3)(g) of the AML/CTF Act. This paragraph refers to the FTR Act which is being repealed. The reason for adopting this amendment, as opposed to repealing the paragraph entirely, is because this section will continue in operation. It is critical to maintain the paragraph as a reference point to when the Federal Court was obliged to consider proceedings under the FTR Act in determining a pecuniary penalty under section 175 of the AML/CTF Act.

Item 23 - Subsection 184(4) (before paragraph (g) of the definition of designated infringement notice provision)

975. This Item will insert subsection (fl) before paragraph 184(4)(g) of the definition of 'designated infringement notice provision' of the AML/CTF Act. This amendment ensures that the new subsection 114B(2), which deals with retaining certain records made or obtained under the FTR Act, is included under the definition of a 'designated infringement notice provision'.

Item 24 – Subsection 209(1)

976. This Item will insert 'repealed' before 'Financial' in subsection 209(1) of the AML/CTF Act. This subsection refers to the FTR Act which is being repealed.

Item 25 – Subsection 211(3)

977. This Item will insert 'repealed' before 'Financial' in subsection 211(3) of the AML/CTF Act. This subsection refers to the FTR Act which is being repealed.

Division 2 – Amendments of other Acts

Australian Securities and Investments Commission Act 2001

Item 26 – Section 243D

978. This Item will repeal section 243D of the Australian Securities and Investments Commission Act 2001.

Commonwealth Electoral Act 1918 (Electoral Act)

Item 27 – Subsection 90B(4) (table item 5)

979. This Item will repeal subsection 90B(4) (table item 5) of the Electoral Act, which refers to a prescribed person or organisation that verifies, or contributes to the verification of, the identity of persons for the purposes of the FTR Act.

Item 28 – Paragraph 90B(9)(b)

980. This Item will make a minor consequential amendment to paragraph 90B(9)(b) of the Electoral Act to omit '5'. The reference to '5' relates to subsection 90B(4) (table item 5), which is being repealed by Item 27 of this Schedule (see above).

Item 29 – Subsection 91A(2C)

981. This Item will repeal subsection 91A(2C) of the Electoral Act which refers to subsection 90B(4) (table item 5), which is being repealed by Item 27 of this Schedule (see above).

Item 30 – Subsection 91B(3)

982. This Item will make a minor consequential amendment to subsection 91B(3) of the Electoral Act to omit '5'. The reference to '5' relates to subsection 90B(4) (table item 5), which is being repealed by Item 27 of this Schedule (see above).

Criminal Code Act 1995

Item 31 – Paragraphs 400.9(2)(a) and (d) of the Criminal Code

983. This Item will insert 'repealed' before 'Financial' in paragraphs 400.9(2)(a) and (d) of the Criminal Code. These paragraphs refer to the FTR Act which is being repealed. The reason for adopting these amendments, as opposed to repealing both paragraphs entirely, is because this subsection will continue in operation. It is critical to maintain the paragraphs as reference points to when the specific considerations under the FTR Act were taken to form reasonable suspicions that money or other property were proceeds of indictable crimes.

Freedom of Information Act 1982

Item 32 – Subparagraph 7(2G)(a)(i)

984. This Item will insert 'repealed' before 'Financial' of subparagraph 7(2G)(a)(i) of the FOI Act. This subparagraph refers to the FTR Act which is being repealed. Adopting this amendment, as opposed to repealing the entire subparagraph, is to maintain the FOI Act exemption for documents under 'section 16' of the FTR Act.

Proceeds of Crime Act 2002

Item 33 – Subsection 29(3)

985. This Item will insert 'repealed' before 'Financial' of subsection 29(3) of the POCA. This subsection of the POCA refers to the FTR Act which is being repealed. The reason for adopting this amendment, as opposed to, repealing the entire reference to the FTR Act is because this section will continue in operation. It is critical to maintain the subsection as a reference point to when sections 15, 24, 29 or 31 of the FTR Act previously were legitimate offences to which a restraining order related.

Item 34 – Section 338 (paragraphs (c), (d) and (e) of the definition of serious offence )

986. This Item will insert 'repealed' before 'Financial' of section 338 (paragraphs (c) to (e) of the definition of serious offence) of the POCA. This subsection refers to the FTR Act which is being repealed. The reason for adopting this amendment, as opposed to, repealing the entire reference to the FTR Act is because this section will continue in operation. It is critical to maintain the paragraphs as reference points to when the specified sections of the FTR Act previously were legitimate serious offences.

Surveillance Devices Act 2004 (SD Act)

Item 35 – Subsection 6(1) (paragraph (c) of the definition of relevant offence )

987. This Item will insert 'repealed' before 'Financial' of subsection 6(1) (paragraph (c) of the definition of relevant offence) of the SD Act. This subsection refers to the FTR Act which is being repealed. The reason for adopting this amendment, as opposed to, repealing the entire reference to the FTR Act is because this definition will continue in operation. It is critical to maintain the paragraph as a reference point to when 'an offence against section 15' of the FTR Act previously was a legitimate relevant offence.

Part 3 – Transitional provisions

Item 36 – Reports of suspect transactions

988. This Item will continue application of section 16 of the FTR Act post-repeal to protect information that may be used in investigations to ensure potentially suspicious customers are not informed that a suspicion has been formed. Protecting the communication of information of a kind referred to in paragraphs (5A)(a), (b) or (c) or (5AA)(a) or (b) of section 16 of the FTR Act will mitigate the risk of prejudicing an investigation.

SCHEDULE 12 - TRANSITIONAL ARRANGEMENTS

Item 1 – Transitional rules

989. This Item would allow the Minister administering the AML/CTF Act, to make transitional rules by legislative instrument to be made relating to any of the amendments or repeals made by this Bill. Given the breadth and complexity of the reforms, this is necessary to address any unforeseen matters arising following from the commencement of obligations.

990. The policy intention is to allow for minor or technical adjustments to measures that may be unforeseen or arise during implementation, and to ensure the reforms work effectively in practice, once implementation has commenced. The reforms are substantial and impact sectors that already face complex and rapidly evolving changes across a range of regulatory regimes. It is expected that industry may need time to understand and meet their new obligations through the staged roll out of the reforms, potentially delaying the identification of implementation issues.

991. The ability to modify measures will offer flexibility, improve administrative efficiency and allow the Government to respond to changing circumstances without placing unnecessary burden on parliamentary processes.

992. The 4-year time period corresponds with the anticipated duration of fully implementing all reform measures. Given the significant nature of the reforms and staged rollout, this period would give industry sufficient time to understand and comply with the new obligations, and raise unforeseen issues with the Government. The modification power will allow for adjustments based on ongoing industry consultations, ensuring that the reform measures and the AML/CTF regime overall remains effective and suitable for the regulated population.

993. For example, transitional rules will be required to consider commencement timeframes for the new IVTS reporting framework to allow sufficient time for reporting entities and AUSTRAC to update or implement required systems changes. The existing IFTI reporting framework would be retained in operation under transitional rules in the meantime. Transitional rules would be required as the existing IFTI reporting regime builds on the existing EFTI framework (for banks) and designated remittance arrangements (for remitters), both of which would be repealed and replaced by the Bill.

994. Subitem (3) of this Item would establish appropriate legislative safeguards to ensure that the transitional rules are applied correctly and within reason. These safeguards prevent any rules from creating criminal offences or civil penalties, granting powers of arrest, detention, search, or seizure, imposing taxes, determining allocations from the Consolidated Revenue Fund, or making direct amendments to the text of this Bill.

995. To ensure appropriate scrutiny and oversight, any rule made by the Minister under this Item is a legislative instrument that would be subject to the disallowance process by Parliament. This would provide the Parliament with oversight and control of any delegated legislation made under this Item.

ATTACHMENT A IMPACT ANALYSIS - REFORMING AUSTRALIA'S ANTI-MONEY LAUNDERING AND COUNTER-TERRORISM FINANCING (AML/CTF) REGIME

Executive Summary

Each year billions of dollars of illicit funds are generated from illegal and harmful activities such as drug trafficking, tax evasion, human trafficking, cybercrime and scams, arms trafficking and other illegal and corrupt practices. Illicit financing is also used to fund activities that harm Australia's national security and efforts to maintain an international rules- based order. The Australian Institute of Criminology (AIC) estimated serious and organised crime to cost the Australian community $60.1 billion in 2020-21. The true total cost of crime is likely much greater, given the illicit nature of the activities and the second order effects on the community and economy. While money laundering is a criminal activity in its own right, illicit financing is a key enabler of these serious crimes with profit being the primary motivation. Criminals must launder their proceeds of crime to enjoy the proceeds of their illegal activities or to reinvest illicit funds in further criminal activity without detection. The amount of money laundered in Australia has been indicatively estimated at up to 2.3 per cent of GDP.[5]

Australia's anti-money laundering and counter-terrorism financing (AML/CTF) regime establishes a regulatory framework for combatting money laundering, terrorism financing and other serious financial crimes. At its core, the AML/CTF regime is a partnership between the Australian Government and industry. Through the regulatory framework established by the AML/CTF regime, businesses play a vital role in effectively detecting and preventing misuse of their sectors and products by criminals seeking to launder money and fund terrorism.

There are a number of inefficiencies throughout Australia's AML/CTF regime that limit the effectiveness of Australia's response to transnational crime at large. Industry and government stakeholders have consistently called for reforms to key obligations of the AML/CTF regime due to unnecessary complexity.

Currently, businesses internationally recognised as providing high-risk services (including lawyers, accountants, trust and company service providers, real estate agents, and dealers in precious metals and stones) are not regulated as part of the AML/CTF regime. These sectors are known internationally as Designated Non-Financial Businesses and Professions (DNFBPs) or tranche two in the Australian context. Gaps in the regulated population leave legitimate businesses vulnerable to exploitation by opportunistic criminals seeking to obfuscate the origins of their illicit wealth from law enforcement.

These problems impact the quality and breadth of financial intelligence generated to support national security and law enforcement operations, inflate regulatory burden for currently regulated entities and do not adequately harden businesses most at risk of criminal exploitation.

Without reform to address these problems, the AML/CTF regime will become increasingly less effective and more wasteful over time. The costs of inaction are significant, and would likely increase over time with Australia falling further behind continually strengthened international standards set by the Financial Action Taskforce (FATF), heightening the risk of substantial reputational and economic damage and increasing criminal threats to Australia's financial systems and professional services. Without hardening Australia's AML/CTF regime in line with the FATF standards, criminals would continue to exploit legitimate Australian businesses left exposed. Further, currently regulated entities will continue to be subject to an overly complex regime that inflates regulatory costs, ultimately diminishing the extent to which they are able to holistically comply with the AML/CTF regime.

To address these challenges, the proposed reforms have three objectives:

combatting crime
improving FATF compliance
minimising regulatory burden.

In line with the requirements set out in the Australian Government Guide to Policy Impact Analysis, administered by the Office of Impact Analysis (OIA), the Attorney-General's Department (the department) has conducted an impact analysis to assess and accompany proposed reforms to Australia's AML/CTF regime.

The department (with support from Nous Group) has provided a best effort at conducting a robust net benefit analysis. In accordance with OIA guidance, a multi-criteria analysis (MCA) was used as the preferred analytical tool to assess the available information and quantifiable data along with the unquantifiable but equally tangible benefits of the proposed reforms.

The department has identified and analysed four viable policy options to respond to the problems identified, including:

Option 1: Maintain the status quo
Option 2: Simplify, clarify and modernise existing legislation
Option 3: Expand the reporting population to DNFPBs
Option 4: Both simplify, clarify and modernise legislation, and expand the reporting population to DNFBPs.

Under the analysis, Option 1 does not address the key challenges facing the regime or achieve the reform objectives. Option 2 provides some benefit to crime prevention outcomes and producing higher quality financial intelligence from assisting existing regulated entities to better comply with the regime. However, it does not reduce the risk of 'grey-listing' by the FATF as it does not address the regulation of tranche two sectors. Option 3 does address this issue, as well as supporting crime prevention outcomes and increasing the amount of financial intelligence by covering a larger proportion of the economic activity at risk of exploitation. The quantifiable benefits of this are estimated to be up to $13.1 billion over ten years. However, Option 3 also comes with largest estimated regulatory impact of $15.8 billion to business, as it does not include simplifying and clarifying measures.

Option 4 is assessed to best meet the objectives and showed the highest net benefit through the MCA, by providing the same quantifiable benefits as Option 3 while imposing a lower regulatory burden. Implementing Option 4 is expected to deliver the significant law enforcement benefits and reduction in community harm from the expansion of the regime to tranche two entities, with the additional benefit of improved compliance across regulated entities and tranche two entities due to the reforms to simplify the regime. This is estimated to provide benefits of up to $2.4 billion over ten years. Option 4 will also be most effective in minimising the likelihood of grey-listing and any associated economic and reputational damage, which may be up to $10.7 billion over 10 years. Implementing Option 4 is estimated to result in an additional regulatory burden to businesses of $13.9 billion over 10 years, which is lower than Option 3.

The department notes that there are inherent limitations to the impact analysis, including:

Difficulty quantifying the value of money laundering globally and in Australia and the financial and societal impacts arising from money laundering. Estimates of benefits therefore reflect the best efforts and understanding of the department and portfolio agencies, supplemented with academic sources and international experience where possible.
A lack of evidence in the Australian context of the likely impact these reforms will have on the amount of money laundered per year.
The details of the reforms are not yet finalised as the AML/CTF Rules will build on the principles in the Act and provide further detail on how such obligations may be achieved. As such, the operational impact of the reforms is difficult to quantify, particularly for tranche two entities who have no experience with the AML/CTF regime. Estimates of regulatory burden therefore reflect the best efforts and understanding of the affected stakeholders.

o
The department notes there will be an additional public consultation process on the AML/CTF Rules to ensure the reforms are fit-for-purpose. This will provide a further opportunity to reduce regulatory burden through further refinement of the obligations and simplification of the regime.

Average annual regulatory costs

The following table sets out the estimated average annual regulatory cost of each option. This is presented in real terms and combines both upfront and ongoing costs calculated over 10 years.

Average annual regulatory costs by sector (from business as usual) – change in costs ($m) real terms

Option Business Community organisations Individuals (i.e. customers) Total change in costs
Option 2 19 - 0 19
Option 3 2,106 - 52 2,159
Option 4 1,851 - 29 1,880

FATF, 'Updated Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers' (Paper, October 2021).

The term 'private key' has been understood by the FATF to be a technology created in a pair with a 'public key' for each entity involved in a virtual asset transmission which encrypts and decrypts information during the initial part of the transmission so that only the sender and recipient can decrypt and read the information. A public key is available to everyone, while a private key is known only to the creator of the keys.

DAOs are an organisational structure with no central governing body and usually lack legal personality. DAOs may be used to govern protocols providing decentralised virtual asset exchange services and decentralised finance services, or a range of other purposes.

For example, industry has set a target date of June 2030 for decommissioning the Bulk Electronic Clearing System (BECS) which lacks the capacity to transmit the information about the payer and payee envisaged by FATF Recommendation 16.

Joras Ferwerda, Alexander van Saase, Brigitte Unger and Michael Getzner, 'Estimating money laundering flows with a gravity model-based simulation' (2020) 10(18552) Scientific Reports, 6
https://www.nature.com/articles/s41598-020-75653-x.


View full documentView full documentBack to top