Anti-money laundering (AML) risk is fast evolving into one of the key risks any business has to manage. If companies get their AML risk management wrong, it can mean major reputational damage and massive value destruction for investors. After all, no one wants to be seen as an accessory to criminality.

In AML and counter-terrorism financing, things are accelerating in Australia and around the globe and boards and managers need to move quickly up the curve in dealing with this risk.

What's changing and why does this matter?

A couple of recent trends are highlighting AML as a key risk to mitigate:

(1) Heightened Enforcement

  • The 'why not litigate?' approach that Australian regulators are beginning to adopt.
  • More punitive action and a more aggressive stance from AUSTRAC and others (see recent Compass Global infringement notice).
  • A noticeable increase in non-compliance with AML reporting obligations.
  • AUSTRAC's campaign targeting illegal money transfer dealers and a product developed for pubs and clubs to help combat money laundering.

(2) Regulatory Change

The Global Financial Action Task Force is currently reviewing Australia's AML framework. And the Parliament is considering a new Bill to amend Australian AML legislation.

The Bill contains a range of overdue measures that seriously strengthen Corporate Australia's capability to fight money laundering, bringing it closer to the standard of other developed economies:

  • Reporting entities must not provide a service if customer identification procedures cannot be performed.
  • Reporting entities can share suspicious matter reports inter-group and with external parties such as auditors.
  • Providing a simplified framework for the use of financial intelligence to fight money laundering and terrorism financing.

The Bill, if passed, will not provide a silver bullet for regulated entities. Regulated entities must continually assess their legal, regulatory and reputational risk arising from financial crime, and then deal with those risks (echoes of Hayne).

And they will need to get across the Bill's implications for their business.

What do you need to do?

Building a Culture of Compliance

  • Those at the top don't need a deep technical knowledge of AML laws - but they have to reinforce the message that compliance is critical and that AML risk should be treated as seriously as other major business risks.
  • Look at your compliance culture – avoid a tick-the-box attitude that doesn't value risk properly.
  • Management should ask whether sufficient resources are being allocated to AML compliance. Good education and training help compliance. And remember, the costs of non-compliance dwarf the costs of compliance.
  • Boards and management need to carefully consider how remuneration can be used to encourage AML compliance.
  • Ensure that good quality information allows managers to discharge their AML duties – and flows to the right places.
  • Accountability: make this clear.

Updating your Risk Assessment

Review your Risk Assessment regularly. You need to determine the impact of the changes to the AML landscape and legislation. Make this an agenda item for the Board or at the very least your Risk Committee.

Go back to first principles when you make changes to your systems, policies and processes. Failing to ask the "why" can mean that risks are misunderstood leading to possible money laundering exposure.

Aligning Technology

Implementing and adapting technology solutions is essential for managing AML risk. Your AML related technology has to keep up with your business and how bad actors are exploiting control weakness.

One of the causes of recent examples of non-compliance was an integration failure between IT systems and ineffective communication between the risk owner and those responsible for technology.

Should I get a second opinion?

With the challenging AML landscape, boards and senior management should obtain independent advice to assist them discharging their AML obligations and particularly when instances of AML non-compliance occur.

How those instances are managed could be critical to customer retention and, even, business continuation.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.