1.1 This program
This Anti-Money Laundering and Counter-Terrorism Financing (AML CTF) Program
is a policy is set by MDJ & Associates Pty Ltd’s (ABN 47 618 856 652) (the
Company, we, us, our) Board of Directors (Board).
All directors, employees, representatives and contractors (you) must comply with it.
It forms part of, and is to be read together with, our Compliance Framework.
1.2 Background
We provide designated services under the Anti-money Laundering and Counter
terrorism Financing Act 2006 (Cth) (AML CTF Act) and are consider to be a
Reporting Entity. Reporting Entities must maintain an AML CTF Program pursuant
to section 81 of the AML CTF Act.
This document is Part A of the AML CTF Program for the Company. The primary
purpose of Part A of the AML CTF Program is to identify, manage and mitigate the
money laundering/terrorism financing (ML/TF) risk arising from the provision of
designated services. Part B (Customer Identification) of the AML CTF Program is
contained in a separate document.
The laws related to AML CTF are regulated by the Australian Transaction Reports
and Analysis Centre (AUSTRAC).
2.1 Money laundering
Money laundering takes many forms and includes:
(a) the process of concealing the existence or illegal source of income derived
from criminal activity;
(b) converting dirty money into clean money by moving illicit income into the
legitimate financial system;
(c) handling stolen goods and the proceeds from stolen goods;
(d) handling the benefits that flow from crimes such as theft, fraud and tax
evasion;
(e) the transfer, movement or involvement with criminal property; or
(f) the investment by criminals of the proceeds of crime in financial products
and services.
By way of example, money laundering can follow the following factual sequence.
(a) A crime is committed which generates money. The criminal needs to
change the quality of the money from illegitimate to legitimate and/or to
distance the money from the crime committed.
(b) At some point the money enters the financial system and moves around
that system. It may ultimately leave the financial system through the
acquisition of an asset. Alternatively, it may remain on a long-term basis in
the financial system, safely disguised or hidden from view through complex
movements of funds across borders and banks.
The legal, compliance and regulatory risks begin for a financial institution from the
moment illegitimate money enters the financial system. It is these risks that a
financial institution needs to manage in order to protect it from the consequences of
being involved in laundering money.
2.2 Terrorism financing
Terrorism financing also takes many forms and can be more difficult to detect than
money laundering. It is associated with:
(a) the provision of money to further terrorist acts;
(b) the provision of money to support the living expenses of terrorists; and/or
(c) the acquisition, movement or realisation of assets controlled by terrorists.
The factual sequence involved in the financing of terrorism is not easily or simply
described because:
(a) it is often difficult to pinpoint when the funds become tainted with a
terrorism purpose or when they become the assets of terrorists;
(b) the legal, compliance and regulatory risks associated with terrorism
financing span all aspects of the operations of a financial institution;
(c) internationally, law enforcement organisations freely acknowledge that they
have little guidance to offer financial institutions regarding the detection of
terrorism financing.
This makes terrorism financing difficult to manage using a risk-based approach.
The following key stakeholders contribute to the overall management of ML/TF
risks:
3.2 Board
The Board sets our policies and procedures relate to AML CTF and is ultimately
responsible for:
(a) our compliance with AML CTF regulations;
(b) setting the tone for the Company regarding the level of commitment to AML
CTF;
(c) the performance and effectiveness of the AML CTF policies and
procedures;
(d) determining action required in response to any independent review of our
AML CTF arrangements, instances of non-compliance with the AML CTF
Act and any feedback received after an assessment by AUSTRAC of our
AML CTF arrangements.
3.3 Compliance Manager
The Board delegates day-to-day management of AML CTF arrangements to the
Compliance Manager. The Compliance Manager must be a management level
director or employee of our business.
As at the date of this Part A Program, the designated Compliance Manager is
Director, Manohar Tiwari.
The Compliance Manager is responsible for:
(a) overseeing AML CTF arrangements;
(b) reporting to the Board on the performance and effectiveness of the AML
CTF procedures, including the results of any independent review,
instances of non-compliance with the AML CTF Act and any AUSTRAC
review or feedback received;
(c) monitoring and overseeing any AML CTF issues or developments;
(d) acting as the designated AML CTF Compliance Officer;
(e) coordinating the design, implementation and maintenance of AML CTF
compliance training, procedures and systems;
(f) the continued compliance with AML CTF laws;
(g) managing the implementation of the AML CTF program and ML/TF risk;
(h) liaising with AUSTRAC including for matters such as reporting suspicious
matters, international funds transfer instructions, urgent reporting,
compliance audits, or requests for information or documents;
(i) formulating and implementing action plans to address any required
developments to our AML CTF arrangements including due to regulatory
change or any feedback from AUSTRAC or an independent reviewer;
(j) regular reporting to the Board on AML CTF arrangements;
(k) monitoring and reviewing ongoing reporting from third-party service
providers regarding AML CTF obligations;
(l) due diligence checks on our employees and contractors;
(m) preparing the necessary reports and supporting documentation required by
section 47 of the AML CTF Act (compliance reports); and
(n) retention of all records that must be retained under the AML CTF Act or
AML CTF processes and procedures.
3.4 Employees and contractors
Employees and contractors are responsible for, where applicable to their role:
(a) performing the ongoing and enhanced customer due diligence, Know Your
Customer (KYC), Politically Exposed Person (PEP), and transaction
monitoring procedures;
(b) capturing, processing and storing transaction data and KYC information;
(c) administering the provision of designated services to clients;
(d) conducting due diligence on the internal and external risk and compliance
procedures in place to ensure compliance with the AML CTF Program;
(e) reporting any unusual, suspicious or illegal activity to the Compliance
Manager for investigation;
(f) receiving appropriate ongoing AML CTF training;
(g) understanding the law prohibiting tipping-off and complying with the
Company procedures;
(h) complying with any reasonable instruction by the Compliance Manager in
relation to AML CTF arrangements and/or investigation.
3.5 Third Party Service Providers
If relevant to the services they provide, third party service providers must comply
with our AML CTF Program and AML CTF laws. Third-party service providers are
all subject to contractual obligations regarding AML CTF compliance including
regular reporting, where relevant.
The designated service we provide under section 6 of the AML CTF Act are listed in
the below table.
Designated service Product/Service Channel description
Exchanging digital currency
and fiat currency in the
course of carrying on a
digital currency exchange
business (item 50A)
Digital currency
exchange
Individuals exchanging
digital money and fiat
currency
Whenever there are material changes to the products or services we offer, the
Compliance Manager must review section 6 of the AML CTF Act 2006 to determine
whether or not there are any changes to our designated services.
We align our ML/TF risk assessment with our organisational risk management
assessment. As part of our annual risk assessment process, the Compliance
Manager considers the ML/TF risk profile, and if necessary, the ML/TF risk
methodology, to incorporate any new risks identified.
Our ML/TF risk assessment methodology is summarised below:
(a) Risks are identified for customers, products, distribution channels, and
countries separately (see Part B of the AML CTF Program for the sources
of risks – influence assessment).
(b) Assessment of the risk posed by our employees facilitating the money
laundering or terrorism financing of clients or themselves engaging in
money laundering or terrorism financing.
(c) Controls are designed against the identified risks according to the nature of
these risks and are recorded in the risk register and in Part B of the AML
CTF Program for the scenarios risk assessment.
A methodology review may be conducted if material money laundering or terrorism
financing events occur, when relevant controls indicate weaknesses, and also on a
periodic basis.
The following core principles have been adopted to guide the way ML/TF risk is
identified, managed and mitigated:
(a) We oppose the crimes of money laundering and terrorism financing and do
not tolerate the use of our products and services for either of these
purposes.
(b) Products and services will only be provided for legitimate purposes to
persons whose identities can be reasonably ascertained.
(c) Only certain payments are allowed to be made from our products and
services to persons whose identities have been able to be reasonably
ascertained.
(d) We avoid relationships with those that are reasonably assessed as
representing too high of a risk of money laundering or terrorism financing,
and we may exit existing relationships that fit these criteria (see section 8.2
under the ECDD for situations that present a high ML/TF risk).
(e) Sufficient funding and resources will be made available for the
implementation, and performance of activities required by the AML CTF
Program.
(f) Employees will receive the necessary AML CTF training for them to
understand their obligations under the law and to perform in their roles.
(g) We will monitor employees and clients, selected transactions, consistent
with the level of money laundering and terrorism financing risk they
represent.
(h) Changes to products, business processes and systems will be managed to
ensure that money laundering and terrorism financing risks are identified
and managed.
As part of managing the day-to-day business activities, the Compliance Manager is
responsible for identifying situations that could present significant changes in ML/TF
risk. These situations might include, but are not restricted to:
(a) where significant changes are made to our products and services;
(b) where new designated services are to be introduced;
(c) where significant changes to systems or technologies that support the
delivery of designated services are to be developed and implemented; and
(d) where significant changes arise in the nature of our business relationship,
control structure, or beneficial ownership of its clients.
The Compliance Manager will modify AML CTF arrangements where required such
as through the introduction of new controls and business processes which flow from
any new risks identified.
This section records the approach to conducting due diligence on our employees to
identify the risk that they may facilitate money laundering or terrorism financing for
clients or engage in money laundering or terrorism financing themselves. The
employee due diligence process is embedded as part of the new employee on
boarding process. The new employee on boarding process includes:
(a) Screening of new employees and directors to identify their ML/TF risk
(b) Criminal history checks for all new employees, contractors and directors
(c) Insolvency checks for all new employees, contractors and directors
(d) Checks including 100-point ID, qualifications and entitlement to work in
Australia
(e) New directors are checked against the ASIC disqualified person’s registers
When an employee moves to a different role and may be in a position to facilitate
the commission of a money laundering or terrorism financing offence, then the
probity information already held about that person is reviewed by the Compliance
Manager, and if it is considered insufficient then additional screening is undertaken.
Where the provision of certain services has been outsourced, we require the third
party to perform similar probity checks on their employees if the types of services
they provide could be used to facilitate the commission of a money laundering or
financing of terrorism offence.
If an employee fails to comply with this AML CTF Program, the employee is subject
to possible termination of employment, for example on the grounds of misconduct.
The Compliance Manager is responsible for administering our AML CTF training
and risk awareness programs. The Compliance Manager may engage third party
services providers to assist in delivering the program.
AML CTF training and awareness programs must include content which enables
our employees to understand:
(a) The Company’s commitment to the prevention, detection and reporting of
money laundering and terrorism financing
(b) Our obligations under the AML CTF Act and Rules including in relation to
the prevention, detection and reporting of the risks of money laundering
and terrorism financing
(c) The types of ML/TF risk that we might face and the consequences of such
risks
(d) The consequences to you and us of a failure to comply with the AML CTF
Act and Rules
(e) The processes and procedures provided for by our AML/CTF program that
are relevant to the work carried out by the relevant employee
(f) The laws that apply to us and you against tipping-off (unauthorised
disclosure of information about suspicious matter reports).
Training and awareness programs for AML CTF are designed around the roles of
employees. When new employees (and/or contractors if considered necessary) are
engaged, the Compliance Manager must ensure that they receive the AML CTF
training appropriate to their role upon commencement.
When employees move from one role to another, they may need further AML CTF
training for their new role as determined by the Compliance Manager.
If the Compliance Manager determines that an employee’s role should receive AML
CTF training, the Compliance Manager must ensure that such training is provided
during a new employee’s induction program.
The Compliance Manager must also ensure that annual:
(a) refresher AML CTF training is also completed each year by all relevant
employees; and
(b) reviews of the AML CTF training and awareness program is completed.
The Company provides the training and awareness program using a risk-based
approach, which in turn is driven by the ML/TF risk assessment. The Compliance
Manager may determine that some employees must receive training more
frequently than others depending on their role.
8.1 KYC requirements
The requirements under the AML CTF Rules cover the areas of enhanced customer
due diligence and transaction monitoring.
The KYC requirements under the AML CTF Act and Rules require a reporting entity
to put in place appropriate risk-based systems and controls to determine whether
any further KYC information should be collected in respect of customers for ongoing
customer due diligence purposes. Consideration must be given as to whether there
is reason to suspect that a person is not the person they purport to be. This may be
required before the relationship begins, at the inception of the relationship, during
the relationship and at the end of the relationship. Refer to Part B of AML CTF
Program for the applicable customer identification procedures and KYC information
required.
It is a requirement of the AML CTF Act that the Company remains in compliance
with the Privacy Act 1988 (Cth) and the Australian Privacy Principles at all times.
8.2 Enhanced Customer Due Diligence (ECDD)
ECDD may be applied to a client under the following circumstances:
(a) it has been determined that the ML/TF risk is high (see below for further
guidance on high ML/TF risk);
(b) there are discrepancies or key details missing for a customer (such as date
of birth); or
(c) where a law enforcement agency requires it.
“Client” includes the individual client and any beneficial owner.
Situations that present a high ML/TF risk might include, but are not limited to:
(a) where there has been a suspicion formed, for example, through ongoing
transactions monitoring and/or during the client’s responses to
client/beneficial owner queries;
(b) where a client/beneficial owner has been determined as a PEP;
(c) where a client/beneficial owner has been identified to be associated with
countries that are subject to sanctions, embargos or countries that have
been identified as providing funding or support for terrorist activities;
(d) where a client/beneficial owner is physically located in a foreign country;
(e) where discrepancies arise in the course of verifying information collected
for a customer/beneficial owner; or
(f) where a customer/beneficial owner’s identity is unable to be established.
8.3 ECDD measures
ECDD measures to be undertaken to appropriately respond to these circumstances
comprise of:
(a) perform identification verification (see Part B of AML CTF Program);
(b) contact the client or relevant third parties, to clarify and request
confirmation of necessary details, including:
(i) KYC information already collected;
(ii) beneficial owner information already collected;
(iii) the purpose, reasons for, or nature of the customer’s ongoing
business from the client/beneficial owner; and
(c) undertake a more detailed analysis of the customer’s KYC information
including taking reasonable measures to identify:
(i) the source of the customer’s and each beneficial owner’s wealth;
and
(ii) the source of the customer’s and each beneficial owner’s funds;
and
(d) obtaining senior management approval before establishing or continuing a
business relationship with the individual and before the provision, or
continued provision, of a designated service to the customer.
If appropriate to the circumstances, you may also complete a more detailed
analysis and monitoring of the customer’s transactions (past and future) including:
(a) the purpose, reasons for, or nature of specific transactions; or
(b) the expected nature and level of transaction behaviour, including future
transactions.
If no response or inadequate information is received from the client or relevant third
parties, or if suspicion remains, we may:
(a) place a flag in the client’s account to alert us if/when the customer attempts
to transact with us;
(b) collate necessary details to enable us to lodge a Suspicious Matter Report
(SMR) to AUSTRAC (see section 10.2); and
(c) action additional procedures as determined by the Compliance Manager
on a case-by-case basis to comply with Chapter 15 of the AML CTF Rules.
8.4 Transaction Monitoring Program
The purpose of the transaction monitoring program is to identify any suspicious
transactions.
In our designated services, transactions arise from client initiated transactions in
relation to exchanging digital currency for fiat currency.
The transaction characteristics that the transaction monitoring program should be
reviewing are:
(a) complex transactions;
(b) unusually large transactions;
(c) unusual patterns of transactions based on:
(i) regularity;
(ii) source of funds;
(iii) frequency; and
(iv) ‘bunching’ of payments.
Monitoring is completed by the Compliance Manager on an ongoing, day-to-day
basis.
If at any time, transaction volume or client numbers increase to the point where
ongoing monitoring by the Compliance Manager is impractical or ineffective,
monitoring will be completed by the Compliance Manager through a transaction
data mining process. The data mining process will review transaction characteristics
for the relevant period to identify:
(a) Transactions during the relevant period that meet or exceed a pre-defined
threshold
(b) Accounts which have a high volume of transactions
(c) Accounts which have a high turnover
Where any suspicious matters are identified, or where a customer is high-risk or a
PEP, the Compliance Manager will undertake the necessary suspicious matter
investigation (see Section 10.3) and apply the ECDD process as outlined above
when a suspicion is formed.
8.5 Politically Exposed Persons (PEP)
A PEP is defined in section 1.2.1 of the AML CTF Rules, and in summary, is an
individual who occupies a prominent public position or function in a government
body or international organisation, both within and outside Australia. This definition
extends to immediate family members, close associates as well as executives of
state-owned enterprises.
8.6 PEP Monitoring
Regular checks of members against official lists of PEP are undertaken to identify
foreign or domestic PEPs and those associated with a PEP. Where a PEP is
identified:
(a) we must action additional procedures as determined by the Compliance
Manager on a case-by-case basis, which may include the application of the
ECDD process as outlined above; and
(b) the client identification procedures (see Part B of the AML CTF Program)
must be satisfactorily completed before any payments to the impacted
customer/beneficial owner.
9.1 Digital currency exchange provider
In accordance with the AML CTF Act, we must not provide digital currency
exchange services unless we are registered as a digital currency exchange provider
on the Digital Currency Exchange Register. The Digital Currency Exchange
Register is a public register which sets out registered provider names and details,
the date on which our registration takes effect and any conditions which apply to a
registration.
AUSTRAC assesses applications and may cancel, suspend or renew registrations
in accordance with applicable regulations.
As a registered digital currency exchange provider, we must comply with
requirements to maintain our registration including:
(a) Applying to renew our registration – ordinarily within the 90 days period
prior to our registration ceasing (3 years after the day on which registration
took effect)
(b) Notifying AUSTRAC within 14 days of:
(i) a change which could materially affect our registration
(ii) a change which materially affects any information previously
provided in connection with our registration
(iii) becoming aware of any information or document provided in
connection with our registration being incorrect, incomplete, or
misleading in a material respect
We have an obligation to provide reports to AUSTRAC, including:
(a) AML CTF Compliance Report
(b) Suspicious Matter Report
(c) Threshold Transaction Report
(d) Enrolment Details Changes
(e) Digital Currency Exchange Provider.
10.2 AML CTF Compliance Report
It is a legislative requirement under the AML CTF Rules for a reporting entity to
lodge an annual AML CTF Compliance Report with AUSTRAC by 31 March each
year for the previous calendar year. The report provides AUSTRAC with information
about our compliance with the AML CTF Act and Rules.
10.3 Suspicious Matter Report (SMR)
We are responsible for reporting suspicious matters to AUSTRAC. Any suspicions
are internally reported through to the Compliance Manager by email and
investigated by the Compliance Manager.
A suspicious matter report must be submitted to AUSTRAC if we form a suspicion
on reasonable grounds that:
(a) a person (or their agent) is not the person they claim to be, or
AML CTF Program – Part A
15
(b) information that we have may be relevant to the investigation or
prosecution of a person for:
(i) an evasion (or attempted evasion) of a tax law (include that of a
state or territory); or
(ii) an offence against a Commonwealth, state or territory law; or
(iii) of assistance in enforcing the Proceeds of Crime Act 2002 (or
regulations under that Act); or
(iv) a state or territory law that corresponds to that Act or its
regulations, or the provision of a designated service may be:
(A) preparatory to the commission of an offence related to
money laundering or the financing of terrorism; or
(B) relevant to the investigation or prosecution of a person for
an offence related to money laundering or financing of
terrorism.
Our employees are trained to identify suspicious matters.
If a law enforcement agency contacts us with regard to a suspicious matter in
relation to a client or beneficiary, the Compliance Manager must investigate the
matter and where appropriate complete an SMR for submission to AUSTRAC.
Reports about money laundering or tax evasion must be lodged with AUSTRAC
within 3 days of the suspicion forming. Terrorism financing reports must be lodged
within 24 hours of suspicion forming. The Compliance Manager will ensure records
of all SMRs and their supporting documents are maintained.
Under section 123 of the AML CTF Act “tipping off provision”, all employees and
third parties are prohibited from disclosing to any person, unless the Company is
permitted or required by law to do so:
(a) that a suspicion has been formed about identity or transactional behaviour
of a customer;
(b) any information from which a person could reasonably infer that a
suspicion has been formed about identity.
Given the sensitive nature of AML CTF information, information must only be
communicated within the Company on a need to know basis. Documents must be
kept in secure environments with only authorised persons having access to them.
10.4 Threshold Transaction Report
We are responsible for lodging Threshold Transaction Reports (TTRs) to
AUSTRAC. We are required to lodge TTRs where we receive or pay physical cash
in the amount of AU$10,000 or more as part of providing a designated service.
You are required to report to the Compliance Manager any receipt or payment of
physical cash in the amount of AU$10,000 or more as part of any designated
service.
The Compliance Manager is responsible for lodging TTRs with AUSTRAC within 10
business days of the transaction through AUSTRAC Online. TTRs must contain all
details required by law and AUSTRAC including details of:
(a) the customer, which includes the account holder and any signatory or
signatories to the account conducting the transaction;
(b) the individual who conducted the transaction (if they weren’t the customer);
(c) the transaction, including the method of conducting the transaction and the
amount of cash, digital currency and any other currency;
(d) the recipient of the money (if it wasn’t the customer); and
(e) the reliable and independent documentation and/or electronic data
source(s) used to verify the identity of the customer.
If the receipt of payment of physical cash is in connection with a digital currency
transaction, the TTR must also include details of:
(a) the denomination or code of the digital currency and the number of digital
currency units;
(b) the value of the digital currency involved in the transaction, expressed in
Australian dollars, if known;
(c) a description of the digital currency including details of the backing asset or
thing, if known;
(d) the name(s) of the recipient(s);
(e) the full address(es) of the recipient(s) (not being a post box address), if
known;
(f) the date(s) of birth of the recipient(s), if known;
(g) a description of the purpose of the transfer(s);
(h) if the purpose of the transfer(s) is to:
(i) enable a cheque to be provided to the customer using all or part of
the digital currency transferred by the customer; or
(ii) enable the customer to receive digital currency in exchange for all
or part of a cheque produced by the customer to the reporting
entity;
the following details:
(iii) the name of the drawer;
(iv) the name of the drawee; and
(v) the amount of the cheque;
(i) the Internet Protocol (IP) address information of the customer and the
recipient(s), if known;
AML CTF Program – Part A
17
(j) the email address of the customer and the recipient(s), if known;
(k) the mobile phone number of the customer and the recipient(s), if known;
(l) the social media identifiers of the customer and the recipient(s), if known;
(m) the unique identifiers relating to the digital currency wallet(s) of the
customer and the recipient(s), if known;
(n) the unique device identifiers of the customer and the recipient(s), if known.
10.5 Enrolment Details
The Compliance Manager is responsible for advising AUSTRAC of any change in
our enrolment details as a reporting entity in compliance with section 8.9.1(3) of the
AML CTF Rules, and s51F of the AML CTF Act and Chapters 63 and 64 of the AML
CTF Rules.
Any change in our enrolment details must be reported within 14 days of the change
arising and in accordance with the AUSTRAC’s approved forms which are available
through our AUSTRAC online account.
10.6 Digital Currency Exchange Register
In relation to our registration as a digital currency exchange provider on the Digital
Currency Exchange Register, we must report matters to AUSTRAC and renew our
registration as set out in section 9.1.
10.7 Other Reporting
The Board may also request additional reports to be provided to it from the
Compliance Manager, as and when required, including:
(a) status of compliance with the requirements of the AML CTF Act;
(b) nature of any communications with AUSTRAC;
(c) details of all corrective AML CTF actions launched and the reasons for that
action to the extent the information has not otherwise been provided to the
Compliance Committee;
(d) details of any material AML CTF event that has occurred;
(e) each report prepared by the independent auditor to satisfy the
requirements of independent review of the AML CTF Program.
You must report any potential breaches of our AML CTF Program or the AML CTF
Act or Rules to the Compliance Manager as soon as practicable but no later than 1
business day of becoming aware of the potential breach.
The Compliance Manager must consider the following where an AML CTF incident
has been reported:
(a) investigate the circumstances;
(b) identify gaps or weaknesses in processes;
(c) plan and complete remediation action in a timely manner;
(d) adjust the ML/TF risk assessment methodology, the risk-based approach,
training and any other processes, procedures and controls where
necessary including any consequential adjustments to the Risk
Management Policy and Risk Register;
(e) report actions to the stakeholders who received notification of the original
potential breach;
(f) review the incident again when preparing the next AML CTF Compliance
Report to AUSTRAC; and
(g) meet the record retention requirements associated with AML CTF incident
escalation, investigation and remediation.
All employees must fully cooperate with the Compliance Manager in the
investigation process.
Following investigation, if an incident or breach has occurred, the Compliance
Manager must determine an action plan to address the incident or breach which, as
appropriate, may include:
(a) changes to our AML CTF arrangements;
(b) Company or individual training on AML CTF requirements and/or
arrangements;
(c) remediation of any consequences of the incident/breach; and/or
(d) independent review of our AML CTF arrangements.
11.2 Breach reporting
While not mandated by law, the Compliance Manager at its discretion may
determine that we should self-report an incident or breach to AUSTRAC. This may
be likely in the event that a significant breach of the AML CTF Act or the AML CTF
Rules has occurred.
The AML CTF Act provides a civil penalty framework for non-compliance with
regulatory obligations under the AML CTF Act. A civil penalty is a penalty imposed
by a court using civil procedure rather than criminal law. In civil penalty proceedings
the civil standard of proof applies, namely the balance of probabilities, rather than
the criminal standard of proof of beyond reasonable doubt. This means that the
court only has to be satisfied that it was more likely than not that we have breached
an obligation under the AML CTF Act to impose a penalty. There is also no
requirement to prove that we intended to breach the AML CTF Act, as would be
required for a criminal offence.
The maximum penalty for a corporation is 100,000 penalty units and the maximum
penalty for an individual is 20,000 units ($313 per penalty unit as at 1 July 2023).
AUSTRAC also has a range of other enforcement powers, such as:
(a) accepting enforceable undertakings,
(b) infringement notices,
(c) remedial directions,
(d) written notices requiring an external audit or to carry out an ML/TF risk
assessment; and/or
(e) refusal, suspension or cancellation of registrations as a remittance or
digital currency exchange provider.
13.1 Review
The AML CTF Program – Part A must be reviewed by the Compliance Manager
annually. The Compliance Manager must report any finding arising from its review
to the Board.
In addition, any regulatory or process change which requires amendment to the
AML CTF Program – Part A must be made as and when required. Situations that
may give rise to an out of cycle amendment include changes to the AML CTF Act or
Rules, internal employee changes or re-structures, product or services changes and
material external environment changes.
A regular independent review of Part A of the AML CTF Program is required under
the AML CTF Rules. AUSTRAC considers that high-risk organisations should have
independent reviews done at least every two to three years.
We have determined that our business carries a low ML/TF risk given the relatively
low number of clients and transactions. On this basis, we have determined that an
independent review must be completed every 5 years, by an appropriate
independent party which has not been involved in:
(a) the design, implementation, or maintenance of the Part A program; or
(b) the development of our risk assessment or related internal controls.
The purpose of the review is to:
(a) assess the effectiveness of the Part A program having regard to the
Company’s ML/TF risk;
(b) assess whether the Part A program complies with the AML CTF Rules;
(c) assess whether the Part A program has been effectively implemented; and
(d) assess whether the Company has complied with its Part A program.
The independent review report is provided to the Board.
13.2 Feedback and guidance on ML/TF risks from AUSTRAC
In updating Part A of an AML/CTF program, we must take into account:
(a) any applicable guidance material disseminated or published by AUSTRAC;
and
(b) any feedback provided by AUSTRAC in respect of the reporting entity or
the industry it operates in,
that is relevant to the identification, mitigation, and management of ML/TF risk
arising from the provision of a designated service we provide.
13.3 Version history
The below table sets out the history of versions of this policy.
Version Approval Written/amended by Comment
1.0 Board meeting of
20 August 2025
Manohar Tiwari with the assistance
of Bastian O’Connor lawyers.
Creation of policy