Latest Products

Staying Compliant

Tuesday 9 May 2017

This article was republished from Financial Crime Edition 2017. Click here to download the article or scroll down. 

Tracey Beresford is the Financial Crime Intelligence Analyst specialising in AML at ME Bank spoke to the GRC Professional about factors that need to be considered when it comes to trying to stay compliant.

She was a Travel Consultant for many years then moved into the Banking Industry—Heritage Bank, Bank of Queensland ME Bank. 

Beresford also has an Undergraduate with University of New England studying Criminology and Law.


What are the common misconceptions about AML that you have encountered?
There are two - the first is that AML is only about ‘know your customer’ (KYC) requirements which means to most people it’s about collecting customer information only.  The value of the combination of the collection and verification process is to ensure that the information provided by the customer can be validated which is an important obligation under the Anti-Money Laundering and Counter-Terrorism Financing Act and Rules. It is this misconception that also doesn’t assist the business to understand our requirements for collecting and verifying additional information for any identified high risk customers.   There is a general feeling of unease to ask a customer for additional information so we need to ensure that staff are comfortable to advise customers of the requirements so education across the business is key to ensure this misconception is dispelled.
The second is the relevance of conducting risk assessments across many areas of the business whether it be products, channels, technologies and employees, and why levels of low, medium and high are assigned.  I think this is because the business does not comprehend how these areas can be used to facilitate money laundering and the funding of terrorism.  Again, education is important.
I will say though that the level of understanding of the role of AML in a business is definitely on the rise as we move towards an increase in exposure and monitoring for general awareness as well as high risk awareness.  This could be due to a heightened sense of awareness due to the airplay of the AML legislation not only in Australia, but also abroad.

What are the challenges that you might face when it comes to legislation?
The AML legislation covers a lot of different areas of a business and therefore the cost of compliance will always be the biggest hurdle. A classic example was the change introduced in 2014 for beneficial owners, politically exposed persons and customer due diligence.  The challenge many businesses faced was to implement the requirements into legacy systems that essentially may not have been designed to capture the new information.  Another factor for consideration was the time and resources required to implement these changes across the business due to the many departments that were impacted. 
Another challenge is getting it right; considering that the AML legislation is a risk-based model there is always a level of concern and I believe my opinion will find voice with many smaller reporting entities.  I have always found AUSTRAC to be helpful with assistance so any enhancements by the regulator to work more closely with reporting entities in a guidance capacity will be seen as a welcome relief by a lot of organisations.


Do you feel that regulators have an understanding of the business and their regulations are fit for purpose?
In terms of the AML legislation, there is an attempt to encompass a broad range of businesses under the definition of ‘reporting entities’.   Any changes or updates to the existing legislation would always require feedback from these diverse businesses, so the impacts on change will differ.  I will say that AUSTRAC have incorporated changes over time to suit the different types of business models in Australia e.g. the Designated Business Group so I think AUSTRAC do attempt to accommodate to a certain degree.
I believe that ongoing engagement with the different types of entities that fall under the AML legislation can produce a greater understanding of a business for the regulators.

While KYC is just some of the many concerns for an organisation like yours, is it still a major concern and expense?
KYC will always be a concern for any organisation to ensure that we remain vigilant to any gaps and weaknesses in the AML framework whether that is via systems, processes or operators.   Ongoing reviews across these areas will continue to play an important role to ensure AML compliance and there will continue to be related costs associated with this requirement e.g. a resource to complete the review process. 

There will continue to be a cost factor in terms of updating and streamlining the processes and systems for a better overall performance as well as compliance requirements so it remains a cost that is unavoidable.

ME have made a significant investment in AML/CTF capabilities over the last two years to support our positioning as a trusted brand and I am excited to be a part of the future development and growth at this organisation.

Are there any upcoming regulatory changes that you are concerned about either in Australia or any other jurisdiction that can have an impact on the AML space?

Regulatory changes, whether in Australia or another jurisdiction will always possess some level of challenge in terms of the impact to a business especially during the implementation stage.   AUSTRAC do however provide the opportunity for industry consultation for any consideration of changes to the legislation, especially how it will affect the reporting entities and these opportunities are always well represented by the banking industry.  The report on the statutory review of the AML/CTF Act  and associated rules and regulations which was released in April 2016 covers a broad range of changes which they claim will ‘strengthen, streamline and simplify the regime’, and I tend to agree that it is a positive move towards clarifying some grey areas in the legislation.  However, there is concern about the current recommendations surrounding secrecy and access and which agencies will have enforcement authority under the legislation, so there is definitely further need for discussion and clarification for the industry.  Privacy is also another area that is always to be considered with the AML legislation and there is an ongoing need to ensure consistency between the two. 


Is there a conflict between the AML legislation and the Privacy Act? What kind of revisions does there need to be of the Privacy ACT to avoid these issues?
In 2016, there was an amendment to the AML Rules Chapter 4, which allowed a reporting entity to collect information ‘about’ a customer as opposed to the previous requirement to collect the information directly ‘from’ the customer.  The changing of that one word, whilst a welcome relief for reporting entities, meant that there could be an impact to a customer’s private information.  Therefore reporting entities had to consider the impact of privacy requirements in relation to collecting information by complying with the Privacy Act and in particular the Australian Privacy Principle 3.  AUSTRAC provided the industry with an opportunity for input via a public consultation as well as publishing information relating to the implications of collecting information from sources other than directly from the customer.  This guidance certainly assists the industry in deciding how to implement these changes, if at all.  I wouldn’t say there is a conflict between the legislation and the Privacy Act but where the AML legislation is quite broad with the term ‘about’, the Privacy Act has ensured that the Principles explicitly state the boundaries of a person’s private information.


Do you have any tips for risk and compliance professionals?
It’s important that the message gets across the various layers of an organisation so a compliance professional would need to consider adapting the language of the AML legislation to suit the target audience.  This can be achieved by including relevant case studies or trends being seen in that particular area of the business so the message relates to that team’s AML requirements.  Engaging with stakeholders about the best approach for creating awareness and implementation is always a great way of working with the business and can create excellent ongoing relationships with the different teams who are exposed to money laundering and terrorism financing risks.
Keep your eyes and ears open, and don’t stop reading.  AML/CTF legislation is affected by many factors that continuously evolve e.g. technology advancements that can increase the different ways that offenders will attempt to launder money and/or fund terrorism, so we all need to keep on top of current trends and issues regardless of whether the AML role is operational or strategic.  Follow feeds on LinkedIn that relate to the AML and draw on international information e.g. Financial Action Task Force (FATF), overseas AML government regulators.  Network with peers and exchange thoughts on how to reduce risk of exposure to gaps and weakness in your organisation.  If there is one area of the industry that has a common purpose to work together, this is it! 


 Tracey Beresford, 
Financial Crime Intelligence Analyst specialising in AML at ME Bank