AML/CTF reform in Australia is almost here

The Australian Government introduces legislation that will transform the country’s approach to combating financial crime

A key development in the long-awaited second tranche of reforms to Australia’s anti-money laundering/counter terrorism financing (AML/CTF) regime just happened: The Anti-Money Laundering and Counter-Terrorism Financing Amendment Bill 2024 was introduced into Australia’s Parliament.

The Bill’s main objectives are to expand the AML/CTF regime to lawyers, accountants, trust and company service providers, real estate professionals and dealers in precious metals and stones. It also modernises the regulation of virtual assets and payments technology, and addresses the increasing use of digital currencies and virtual asset service providers. Finally, it reduces regulatory burdens and increases flexibility for businesses by streamlining compliance processes. The hope is this will improve business’ ability to prevent and detect financial crime.

If it passes, lawyers and accountants will have to deal with increased compliance requirements when offering services such as trust and company management, including:

  • developing and maintaining policies, procedures, systems and controls to help meet AML/CTF requirements
  • new requirements for customer due diligence (CDD)
  • monitoring for unusual customer transactions and behaviours
  • reporting certain suspicious behaviours and transactions to AUSTRAC

Real estate professionals will be subject to new regulations designed to combat money laundering risks within the property market. Dealers in precious metals and stones will be regulated to prevent these assets from being used to conceal illicit wealth.

The Act is not without its controversy. As part of the Bill, there is a new definition of proliferation financing that aligns with the Financial Action Task Force (FATF) standards that covers any potential breach or evasion of United Nations Security Council financial sanctions related to the proliferation of weapons of mass destruction. The definition also extends to other offences against Australian counter-proliferation laws including relevant Australian sanctions and other Australian laws giving effect to international conventions relating to the proliferation of weapons of mass destruction. 

Included is also a requirement for sanctions screening on all clients. 

The new laws are intended to commence in 2026 and apply to services provided both in Australia and overseas. The reforms reinforce the focus on risk-based measures to manage financial crime risks.

The country’s AML/CTF regime was initially established under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006. This Act focused on key sectors to fight financial crime, such as financial institutions, gambling operators, bullion dealers and lawyers and accountants who provide direct financial services.

For years, a second tranche of the Act was discussed to expand the scope.The Bill essentially aims to align Australia’s regulatory framework with international standards set by the FATF. Australia is one of only five countries globally that do not regulate tranche-two entities, putting Australia at risk of being “grey-listed” by the FATF. AUSTRAC has outlined that such a listing could damage Australia’s international reputation and have significant economic repercussions for the nation.

The Bill’s progression to law will largely depend on the government’s legislative agenda and, of course, any opposition. But the next round of Australia’s FATF reviews is 2026-27 and it is assumed that the Government will want to move quickly to implement the new framework prior to the reviews.

The implications for businesses in Australia or doing business in Australia are huge. They will need to meet the new AML/CTF requirements and likely face increased compliance costs. Enhanced risk management practices will be key to mitigate the risks associated with financial crime.

At Vinciworks, we are keeping track of the legislative process and will be releasing guidance in due course. We will provide insight on navigating the changes, implementing compliance measures and, most importantly, keeping pace with the regulatory requirements. 

How VinciWorks can help with AML compliance

VinciWorks is global leader in AML systems for some of the world’s leading law firms and accountants. We have decades of experience in end-to-end AML compliance, from policies to risk assessments, training and CDD.

AML client onboarding solution

Omnitrack, VinciWorks’ AML client onboarding solution provides an end-to-end AML solution with stress-free technology that adapts to your workflows.

Click here to learn more.

AML training suite – relevant training for all staff

VinciWorks strives to make its AML training more than simply a tick-box exercise.
Click here to learn more.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.