Australian Institute of Criminology

Skip to content

Compliance measures

In Australia, as noted above, reporting entities that provide designated services are required to comply with various AML/CTF obligations including filing financial transaction reports such as threshold reports to AUSTRAC, performing risk-based customer identification procedures and monitoring customer transactions, establishing and maintaining an AML/CTF program, maintaining customer and transaction records, reporting on the level of compliance with the regime and nominating a compliance officer to AUSTRAC. A risk-based system has been developed in Australia where entities are required to assess the risks associated with specific customers and transactions, and to determine how to mitigate that risk by meeting the obligations under the Act. Reporting entities are able to adjust the level of due diligence associated with each customer and transaction according to their risk level, as well as to consider the level of risk posed by their different operations. Accordingly, regulated businesses may have different AML/CTF programs in place and act differently from one another in fulfilling their obligations under the legislation.

Each business must conduct a risk assessment of its customers, the services it provides and the methods it uses to deliver them, any foreign jurisdictions it deals with and any additional risks stemming from permanent foreign offices (AUSTRAC 2008). The customer identification, enhanced due diligence and ongoing due diligence, transaction monitoring and reporting requirements are tied to the business’ evaluation of the risks posed by its customers and operations. Compliance beyond these measures involves record keeping and staff screening obligations. Businesses in Australia are also required to submit an annual compliance report to the regulator detailing their compliance activities (AUSTRAC 2009b).

AUSTRAC (2009c) has noted that authorised deposit-taking institutions (ADIs) and investment banks are comfortable with AML/CTF compliance requirements. Smaller ADIs and non-ADI lenders, smaller financial service providers, smaller gambling and bullion entities, and money service businesses may find the processes of conducting risk assessments and implementing risk-based programs more problematic.

In the absence of other Australian surveys dealing with questions of compliance, it is appropriate to review the results of some overseas studies. Survey data from the United Kingdom in 2007 have found generally high levels of compliance with AML/CTF risk assessment requirements and follow-up procedures. Almost all of the MLROs surveyed in the United Kingdom in 2007 had undertaken a formal risk assessment of their business, although 14 percent had not developed a strategic response to the risks identified in this process. A further two percent of this group of MLROs were unsure if a response had been developed (PricewaterhouseCoopers 2007). The businesses within PricewaterhouseCoopers’ sample that had experienced problems implementing a risk-based approach to the United Kingdom’s AML/CTF regime reported concerns about time constraints, resourcing demands and difficulties altering existing processes. In another survey of Indian financial services businesses undertaken by KPMG (India) (2009), Indian businesses with AML/CTF requirements reported a similar level of compliance to those in the United Kingdom for some aspects of the regime, with close to 90 percent of respondents reporting having used a risk-based approach to customer due diligence when opening new accounts in 2009 and a further eight percent of businesses considered doing so (KPMG (India) 2009).

Previous studies have, however, suggested that reporting entities have not fared as well in the process of implementing effective procedures for transacting with PEPs, a class of customers identified by FATF as having high levels of risk in terms of ML/TF (Choo 2010 and references cited therein; see also the AICs review of international developments in Walters et al. 2012). Previous surveys of regulated businesses have found that identifying PEPs and their associates, and ameliorating the risks posed by PEPs, remain problematic. More than 70 percent of the MLROs surveyed in 2001 (Gill & Taylor 2004) considered the United Kingdom’s regulations insufficient to identify the links between PEPs and their family members and associates. By 2007, just under half of surveyed MLROs in the United Kingdom did not have a list of PEPs for use through all areas of their business (PricewaterhouseCoopers 2007). By 2009, more than half of KPMG’s sample of Indian financial services businesses had implemented procedures for identifying PEPs. Of those with PEP identification procedures, 56 percent used a purchased list as well as internal lists to identify the relevant, while a further 36 percent used a purchased list alone (KPMG (India) 2009). A majority of Tier One banks reported performing enhanced due diligence for PEPs opening accounts and 70 percent of this sample reported conducting ongoing transaction monitoring for PEPs. The authors of this report note that, in the absence of a universally accepted definition, the measures applied by these banks are unlikely to be uniform (KPMG International 2007).

Anti-money laundering/counter-terrorism financing procedures used

In the present survey, respondents were asked to indicate the extent to which they complied with the basic requirements of the AML/CTF regime in Australia. The participants were asked which of three core AML/CTF measures their businesses undertook (pre-employment screening of staff, ongoing customer due diligence for current customers and KYC procedures for new customers). They were also asked to indicate what additional AML/CTF measures their businesses employed. The data shown in Tables 14, 15 and 16 show that the proportion of businesses that conducted pre-employment screening, KYC processes for new customers and ongoing customer due diligence for existing customers varied according to the business sector they occupied. Rates of non-compliance with the three nominated AML/CTF requirements across the entire sample also differed for each of the three AML/CTF requirements examined. Approximately one-quarter (23.5%) of all respondents did not conduct pre-employment staff screening at all (see Table 14), while 15.4 percent did not carry out ongoing due diligence for existing customers (see Table 15), and 19.8 percent did not conduct KYC procedures for new customers (see Table 16).

The majority of participants from all business sectors (more than 75%) reported screening prospective staff, although the data in Table 14 show variable compliance rates according to business sector. Businesses in the managed funds and superannuation sector reported the highest pre-employment screening compliance rates (90.8%). Alternative remittance sector businesses and businesses in the ‘other’ sector category reported the lowest rates of compliance with pre-employment screening (65.5% and 63.6% respectively). These results were significantly different according to the business sector respondents occupied (χ2=125.6, df=8, p≤0.0001). A Cramér’s V of 0.18 indicated that there was a weak level of association between use of pre-employment screening and the business sector they occupied.

Table 14 : Pre-employment screening, by business sector
Conducts screening Does not conduct screening
Business sector n % n %
Managed funds/superannuation (n=346) 314 90.8 32 9.3
Banking (n=304) 251 82.6 53 17.4
Financial services (n=164) 141 86.0 23 14.0
Securities and derivatives (n=114) 103 90.4 11 9.7
Gambling (n=2,184) 1,669 76.4 515 23.6
Foreign exchange (n=203) 148 72.9 55 27.1
Cash delivery (n=57) 51 89.5 6 10.5
ARS (n=192) 122 65.5 70 35.0
Other businesses (n=360) 229 63.6 131 39.3
Total (n=4,189) 3,028 76.5 896 23.5

Source: AIC AML/CTF Australian businesses survey [computer file]

A statistically significant relationship was also found between levels of compliance with the requirement to conduct ongoing due diligence for existing customers and the business sector respondents occupied (χ2=49.863, df=8, p=0.000; Cramér’s V=0.113) (χ2=49.9, df=8, p≤0.0001). A Cramér’s V of 0.11 indicated that there was a weak level of association between these variables. Financial services sector respondents were most likely to report conducting ongoing due diligence for existing customers (92.7%), while those in the category of ‘other businesses’ were least likely to conduct due diligence (77.2%; see Table 15). Comparing mean results for these two groups, it was found that there was a statistically significant difference between respondents from the financial services sector and those in the ‘other businesses’ category who reported complying with ongoing due diligence requirements (Z=-7.4, p≤0.0001). Generally, however, all respondents reported very high levels of compliance with ongoing due diligence obligations under the legislation.

Table 15 : Ongoing due diligence for existing customers, by business sector
Conducts due diligence Does not conduct due diligence
Business sector n % n %
Managed funds/superannuation (n=346) 314 90.8 32 9.3
Banking (n=304) 274 90.1 30 9.9
Financial services (n=164) 152 92.7 12 7.3
Securities and derivatives (n=114) 104 91.2 10 8.8
Gambling (n=2,184) 1,810 82.9 374 17.1
Foreign exchange (n=203) 171 84.2 32 15.8
Cash delivery (n=57) 50 87.7 7 12.3
ARS (n=192) 165 85.9 27 14.1
Other businesses (n=360) 278 77.2 82 22.8
Total (n=3,924) 3,318 84.6 606 15.4

Source: AIC AML/CTF Australian businesses survey [computer file]

In relation to compliance with KYC requirements, it was found that over 80 percent of respondents reported using such procedures for new customers (see Table 16). Compliance with these requirements differed significantly across business sectors (χ2=122.1, df=8, p≤0.0001), although a Cramér’s V of 0.18 indicated only a weak level of association between KYC compliance and sector. The highest levels of KYC compliance for new customers existed in the managed funds/superannuation sector (92.8%) and the financial services sector (92.7%). Lowest levels of compliance with KYC procedures for new customers were reported in the gambling (75.7%) and foreign exchange sectors (79.3%). Comparing mean results for the managed funds/superannuation sector and respondents in the category of ‘other businesses’, it was found that there was a statistically significant difference between the proportion of respondents who reported complying with statutory KYC requirements in these two sector groups (Z=1.4, p≤0.0001).

Table 16 : Know-your-customer requirements for new customers, by business sector
Conducts KYC Does not conduct KYC
Business sector n % n %
Managed funds/superannuation (n=346) 3,321 92.8 25 7.2
Banking (n=304) 272 89.5 32 10.5
Financial services (n=164) 152 92.7 12 7.3
Securities and derivatives (n=114) 103 90.4 11 9.7
Gambling (n=2,184) 1,653 75.7 531 24.3
Foreign exchange (n=203) 161 79.3 42 20.7
Cash delivery (n=57) 51 89.5 6 10.5
ARS (n=192) 169 88.0 23 12.0
Other businesses (n=360) 266 73.9 94 26.1
Total (n=3,924) 3,148 80.2 776 19.8

Source: AIC AML/CTF Australian businesses survey [computer file]

Comparing mean results for responses from respondents concerning non-compliance with staff screening and KYC processes, it was found that there was a statistically significant difference between these two groups (t=-3.1; df=8358.6; p≤0.002). There was also a statistically significant difference between use of staff screening and ongoing due diligence procedures for new customers (t=-8.6; df=8209.5, p≤0.0001), and also for the use of KYC processes and ongoing customer due diligence (t=5.5; df=8297.4; p≤0.0001). Overall, reporting entities were most likely to have complied with ongoing customer due diligence requirements and were more likely to have complied with KYC requirements than pre-employment staff screening.

Additional anti-money laundering procedures identified by respondents that were not part of the measures listed included:

  • record keeping, monitoring and reporting (n=47; 1.2% of respondents);
  • general compliance with the AML/CTF regime (n=67; 1.6%);
  • training and professional development (n=38; 0.9%);
  • limiting risks by placing restrictions on transactions (n=18; 0.4%); and
  • stating that the customers and staff are personally known to the business, making KYC unnecessary (n=12; 0.3%).

Overall, it appears that high proportions of businesses complied with the risk-management procedures specified in the AML/CTF Act 2006 (Cth) and other processes designed to minimise money laundering risks.

Anti-money laundering/counter-terrorism financing software

Prior international research

As background to the results of the present Australian survey, it is useful to consider the results of previous overseas studies that have reported the varying degrees to which AML/CTF-specific software has been used by businesses in connection with their discharge of AML/CTF legislative obligations. For example, 34 percent of the Tier One banks surveyed by PricewaterhouseCoopers in its 2007 survey in the United Kingdom, monitored transactions electronically and of these, 29 percent purchased the software from a third-party provider (PricewaterhouseCoopers 2007). Within this group, fewer smaller companies used automated monitoring than did larger firms. A quarter of companies that employed fewer than 100 staff had automated transaction monitoring systems in place, while almost double this proportion (42%) of companies with more than 100 employees did so.

Another study found that half of the US-based life insurance companies surveyed by Ernst & Young (2007) had AML/CTF systems dependant, to some extent, on automated services. The companies that had automated their AML/CTF programs predominantly used systems developed in-house, with approximately 35 percent purchasing software instead of developing it. This group of companies nominated human resources expenditure as the most costly area of their AML/CTF electronic systems. Approximately 30 percent of respondents spent between US$250,000 and US$1m on human resources management and all of the companies surveyed spent less than US$250,000 on software and hardware combined.

In the United Kingdom, one-third of MLRO’s surveyed in 2007 (PricewaterhouseCoopers 2007) stated that their companies needed to improve their AML/CTF systems. They specifically identified the need to enhance or automate their transaction monitoring procedures and to improve staff training. They also indicated that an electronic identification, or an electronic means of certifying identity, would improve their systems. In a survey of financial services businesses in India undertaken by KPMG in 2009, the majority of those surveyed monitored sanctions lists as part of their transaction monitoring programs, with more than 40 percent of these businesses using software specifically designed for this purpose (KPMG India 2009).

A case study involving a Luxembourg private bank’s AML/CTF software selection process showed the predominant considerations of the bank for system flexibility, accuracy, service and follow-up procedures for flagged transactions when selecting appropriate systems. The central concern of the bank prior to making software decisions was that any automated transaction monitoring system should be fit-for-purpose in terms of the bank’s regulatory obligations, business operations, potential expansion plans and resources (Veyder 2003).

Survey results

The present AML/CTF Australian business survey sought to document the proportion of survey participants who used software of differing kinds to assist with Australian AML/CTF requirements compliance. The responses refer to software and other systems specifics that were available or used by respondent businesses at the time of the survey in 2009 and hence do not reflect improvements to either that may have occurred subsequent to the survey period.

In 2009, approximately 24 percent (n=1,044) of respondents indicated that they used some software for AML/CTF compliance purposes. The tools that respondents identified included commercial software packages that are designed to address AML/CTF and other compliance or financial crime risks (eg World-Check, Norkom (0.3%) and Complinet/Complispace) or more general software (eg Mantas, SAS, Ultradata and Ultracs, Veda, Quicken, MYOB, RIA and Microsoft Excel). Overall, use of individual software packages of either category was very low (less than 1% for most packages identified).

World-Check was the commercial software product most commonly used by respondents (2.7%). The data in Table 17 show that 10.3 percent of the managed funds/superannuation and 12.9 percent securities and derivatives reporting entities used World-Check software, while the proportions of gambling and ‘other’ sector businesses that used this product were below one percent.

Table 17 : World-Check software users, by business sector
Business sector Users of World-Check from this sector (n) Users of World-Check from this sector (%) % of World-Check users from the sector
Managed funds and superannuation 36 10.3 33.3
Banking 24 7.9 22.2
Financial services 6 3.7 5.5
Securities and derivatives 15 12.9 13.9
Gambling 17 0.8 15.7
Foreign exchange 4 2.0 3.7
Cash delivery services 2 3.5 1.9
Alternative remittance services 3 1.6 2.8
Other 1 0.3 0.9
All sectors 108 2.8 100.0

Note: Percentages may not total 100 due to rounding

Source: AIC AML/CTF Australian businesses survey [computer file]

A higher proportion of businesses reported using products developed in-house, or products developed by an industry body than licensed software from a commercial provider. These included in-house developed software (10.2%) and internal Australia Post software (2.8%). Some businesses reported using internet searching or other search functions such as Factiva (0.7%), the AUSTRAC website (0.5%), general internet usage (0.2%); and a further 0.2 percent used other unspecified electronic procedures. Banking (23.7%) and financial services businesses (19.5%) were the sectors with the highest proportions of respondents developing and using in-house AML/CTF software.

More than 60 percent (n=2,564) of respondents reported not using any AML/CTF software tools in the 12 month period to 30 June 2009 (see Figure 1). These results showed significant differences according to the business sector respondents occupied (χ2=408.1, df=8, p≤0.0001). A Cramér’s V of 0.32 indicated that there was, however, only a weak level of association between not using AML/CTF software and the business sector respondents occupied. The business sector least likely to report using AML/CTF software was the gambling sector, with almost three-quarters of respondents indicating that they did not use this software (73.7%). This is most likely due to the high proportion of small business clubs and pubs in the sector. By contrast, those in the foreign exchange sector were most likely to use AML/CTF software—only 29.6 percent indicating that they did not use software in the 12 month period to 30 June 2009.

Figure 1: Regulated businesses that did not use AML/CTF software in 12 month period to 30 June 2009, by business sector (%)

figure 01

Source: AIC AML/CTF Survey Stata file

Interviews

Two interview participants from the banking sector reported using software to augment their customer identification and transaction monitoring processes. One banking respondent noted that he used World-Check on a pay-per-use basis, rather than paying an annual licence fee of $10,000 per year. Transactions were also monitored manually using spreadsheets. The interviewee indicated that his bank was examining the feasibility of implementing a larger system to monitor transactions in the future.

One mutual financial services association interviewee reported using Orion, a commercial financial and accounting software product, to monitor Visa transactions and used an Orion add-on to conduct AML/CTF transaction monitoring. Orion software is able to identify suspicious transactions based on the parameters that the user has defined in advance. These parameters are set by the compliance officer and were determined by the nature of the customers and the relevant AUSTRAC AML/CTF risk indicators. The system identified and flagged unusual transactions that should be examined further by the compliance officer (Financial services association representative, personal communication, November 2009).

Know-your-customer processes

KYC requirements—such as customer identification and enhanced due diligence measures, including the identification of beneficial owners of customers—pose various challenges for regulated businesses seeking to implement AML/CTF measures. In Europe, the majority of the sample of Eastern European financial institutions that responded to Ernst & Young’s survey on the implementation of the European Union’s Third Anti-Money Laundering Directive, anticipated challenges meeting the Directive’s KYC requirements (Ernst & Young 2007). Identifying the economic activities of customers and identifying PEPs were the areas that posed the greatest challenges. In another survey conducted in 2001, more than 60 percent of the MLROs surveyed anticipated difficulties in identifying the beneficial owners of assets (Gill & Taylor 2004).

Know-your-customer confidence

Survey respondents were asked to indicate how confident they were in identifying each of the following categories of customers:

  • domestic companies;
  • registered foreign companies;
  • trustees;
  • partnerships;
  • incorporated and unincorporated associations;
  • registered cooperatives;
  • domestic government bodies;
  • foreign government bodies;
  • charities or not-for-profit organisations;
  • PEPs; and
  • individuals, including sole traders.

Figure 2 presents results combining the percentage of businesses that were very confident and confident, compared with those that were neutral and those that were not confident or not at all confident, for each customer type. The highest levels of confidence were reported for being able to identify individuals (86.1%) and domestic companies (84.5%). Very few respondents reported not being confident (2.4%) when identifying individuals. The highest levels of lack of confidence in identifying customers concerned the identification of foreign government bodies (24.2%), PEPs (22.4%) and foreign-registered companies (21.4%). The obvious impediments to undertaking appropriate scrutiny of overseas-based organisations and individuals are the likely reasons for the low levels of confidence expressed by respondents when responding to this question.

Figure 2: Reporting entities’ customer identification confidence, by customer type (%)

figure 02

Note: NFP= not for profit

Source: AIC AML/CTF Australian businesses survey [computer file]

Figure 3 shows more detailed information on the confidence different business sectors have in identifying foreign registered companies. Businesses in the foreign exchange (37%) and gambling (26.7%) sectors reported generally little or no confidence in their identification of foreign registered businesses, while those in the securities and managed funds/superannuation sectors had much higher levels of confidence.

Figure 3: Confidence in identifying foreign registered companies, by sector (%)

figure 03

Source: AIC AML/CTF Australian businesses survey [computer file]

Figure 4 shows levels of confidence reported by businesses from various sectors in identifying PEPs. Respondents from the alternative remittance (15.6%), foreign exchange (15.2%) and ‘other’ business categories (16.4%) reported having little or no confidence in their ability to identify PEPs. Those from the securities sector showed the highest levels of confidence in identifying PEPs—47.9 percent having some confidence and 22.5 percent being extremely confident in so doing.

Figure 4: Confidence in identifying politically exposed persons, by sector (%)

figure 04

Source: AIC AML/CTF Australian businesses survey [computer file]

Know-your-customer processes

The survey also asked respondents to identify the extent to which their businesses used manual as opposed to software-based processes to conduct customer due diligence, or some blend of the two. Figure 5 shows that 49 percent of the respondents reported using only manual processes and just over one-fifth (22%) used a mix of manual and software-based processes.

Figure 5: Current customer due diligence processes (%)

figure 05

Source: AIC AML/CTF Australian businesses survey [computer file]

These results differed significantly according to the business sector respondents occupied (χ2=721.6, df=40, p≤0.0001). A Cramér’s V of 0.19 indicated that there was a weak level of association between respondents’ use of differing due diligence processes and the business sector they occupied. Those in the gambling sector were most likely to use only manual due diligence processes (61%), while manual processes were least often used by banks (22.9%).

A statistically significant relationship was also present between the type of due diligence processes used and use of AML/CTF software (χ2=924.9, df=5, p≤0.0001, Cramér’s V=0.47). A number of businesses that reported using AML/CTF software also reported using only manual processes in relation to customer due diligence (n=209, 10.3%), perhaps because software was used principally for transaction reporting rather than due diligence activities.

A proportion of respondents from each of the sectors reported having no customer due diligence procedures in place. Just over 10 percent (10.2%) of gambling sector businesses reported having no customer due diligence procedures in place, while 11.6 percent of ‘other’ businesses had no such procedures. Nine percent of cash delivery businesses also had no procedures in place.

Views of interviewees on customer due diligence

Interview participants confirmed that the way businesses approached customer identification and due diligence was very industry specific. Interviewees from the gambling sector predominantly worked in small businesses that derived most of their income from work as hoteliers, while operating some gaming machines. Interviewees explained that hotels are not obliged to conduct formal identification processes for their customer base who simply purchase drinks or meals over the bar or who unsuccessfully play gaming machines, reflecting the results of the survey that showed that this sector used few formal due diligence processes. One club’s representative indicated that the club collected basic information about customers who were not members of the club, although this information was not recorded anywhere other than on the entry form that was completed at the door. Similarly, there were no restrictions on who may become a member or who may be signed in as a guest. That club documented the customer’s basic demographic information upon paying out a win of more than $200 and for wins of more than $1,000, the club required patrons to supply two types of government-issued identification before issuing a cheque.

One interviewee from a pub provided an example of the difficulties present in seeking information from customers (see Box 4)

Box 4: Difficulties in seeking information from customers

The pub had some bikies in a few months ago—they were passing through on their way elsewhere. The group played the pokies and drank without any issues. Those playing the pokies made some sizeable bets and received payouts of $100–200 from the TAB. Their behaviour was not suspicious in any way; anyone making bets of $500 is going to be paid out larger amounts than someone making smaller bets. The hotel staff found it very hard to ask the bikies for identification for the payouts. One of them yelled out his driver’s licence number and the staff had to tell him the licence needed to be sighted. It was certainly uncomfortable for the staff member and the publican considered the situation to be possibly dangerous. Telling customers that they need identification information for compliance might be okay for some businesses but is certainly difficult for pokies. The bikies were very obvious and the owner was aware of them constantly. If the bikies had only been in the pub for a short time and gotten large payouts then the owner would have called the police. (Publican, personal communication, October 2009).

By contrast, an interviewee from a private equity company’s current investment fund had a total of 12 investor companies, each of which were already regulated by the Australian Prudential Regulation Authority or the Australian Securities and Investments Commission (ASIC). The company also undertook its own extensive customer due diligence processes that included examination of the investors’ reputation and capacity to meet its financial commitments throughout the forthcoming decade.

Similarly, an interviewee from a commercial bank indicated that the bank employed a risk matrix that identified a clear hierarchy of management available to staff for advice or assistance. All new corporate clients were subject to a rudimentary check on the ASIC website to verify the identification of the directors and any relevant licences. All potential clients were checked against the Attorney-General’s Department and Department of Foreign Affairs and Trade watch lists, and checked against World-Check’s database of PEPs.

One interviewee from a cash delivery business indicated that he had always taken a very conservative risk-management approach to accepting new clients. The company did not deal with unknown businesses and conducted stringent assessment of any potential new clients, which encompassed a comprehensive overview of their business practices, the company’s reputation, potential lost revenue and questions of personal safety for employees. Any potential clients that failed to take on the risk management recommendations identified in the assessment process were declined. All new clients, and existing clients at the time AML/CTF preventative measures were introduced, were checked against ASIC databases. The business had a lot of face-to-face contact with its clients and required its clients to notify them when a new staff member starts.

Another interviewee who worked with a private mortgage company indicated that he found it difficult to find good borrowers, which made it difficult to invest the funds coming into the business (see Box 5).

Box 5: Difficulties in finding good borrowers

Brokers acted as intermediaries for locating borrowers. The brokers the company worked with were well-known to the credit manager but not to the employees. The company also considered referrals for borrowers from some banks and mortgage brokers. The most common thing clients were seeking was non-confirmative finance. The process for establishing a new borrower was very detailed. Borrowers outlined their scenario and supplied supporting documentation and the mortgage company provided application packs including the Corporation Act, financial services licence, money laundering brochure and identification requirements. The broker then attends to the borrower and returns the information to the mortgage company. The private mortgage company would then send the mortgage document out to the borrower. The borrower was required to sign the documents in front of a justice of the peace, who declared that signatures were witnessed, verified the identity of the borrower and confirmed that they consented to signing the application. A case of mortgage fraud using false identification in the same state compelled the mortgage company to undertake more stringent identity checks. The lenders, in this case, may not have been paid out despite an insurance fund for these situations. The private mortgage company, from then on, maintained a checklist of documentation for every file and all employees had access to these files for monitoring (Mortgage company, personal communication, October 2009).

In another instance recounted by a finance company interviewee, a borrower’s application for finance for a kebab shop exemplified the enhanced due diligence measures of the lender. The lender had reservations about the loan because of the nature of business and some issues with the proposed guarantors for the loan. The lender investigated the proposal further, had the applicants detail the history of similar businesses they owned and made separate enquiries about the applicants to the broker and lawyer involved in the transaction. The lender obtained a certificate of a witness from the solicitor for the mortgage documents, had the guarantors verify the identity of the borrowers and ensured that the guarantors had received independent advice. All clients were subject to a credit ratings agency check to uncover patterns such as ‘clear outs’ that might indicate where a person has repeatedly run away from their debt. The reasons for clear outs varied from family case law to something more sinister.

The mortgage company interviewee also noted that new investors providing funds for borrowers could only invest after being referred to the private mortgage company by an existing investor. The company regularly received calls from people seeking to invest funds with their company. They were exceedingly cautious about taking new investors as they found it difficult to invest the funds they already had. The credit manager would meet with a potential new investor to get to know them and would conduct a 100 point identity check at that stage. The investor would then receive a product disclosure statement and the 100 point check would be completed. The company considered it good practice to trial new investors by investing a small amount of money, around $25,000. Most investors disclosed where their funds originated. The mortgage company considered KYC practices important to reduce the risk for their company and to ensure the continuation of positive working relationships.

Confidence in customer due diligence assessments performed by other businesses—survey results

Section 38 of the AML/CTF Act 2006 (Cth) allows reporting entities to rely on customer identification procedures undertaken by another reporting entity carried out in accordance with the legislation and regulations. The aim of this is to reduce the burden on regulated businesses and to streamline the identification procedures required in certain specified circumstances. The Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 No.1 (Part 7.2) restricts reporting entities’ use of customer identification conducted by another business to licensed financial advisors and members of designated business groups where:

  • the first reporting entity (the entity identifying the customer) makes arrangements for the customer to receive a designated service by a second reporting entity;
  • the second reporting entity obtains a record of the identification record made by the first reporting entity or has made arrangements to access the records of the first entity; and
  • the second reporting entity has determined it appropriate to rely on the identification undertaken by the first reporting entity, having considered the money laundering and terrorism financing risks posed by providing a designated service to the customer.

Reporting entities that rely on identification procedures completed by another reporting entity, or by an agent, retain their accountability for accurately identifying their customers (AUSTRAC 2010b). Confidence in the customer due diligence procedures conducted by another business, in this context, is a crucial factor in determining whether reporting entities will ever share information in this way.

Respondents to the present survey were asked to indicate their levels of confidence in the customer due diligence assessments conducted by other businesses using the same Likert scale as described previously (ie not at all confident, not confident, neutral, confident, extremely confident). Respondents were specifically asked to consider customer due diligence conducted by financial planners, accountants, lawyers and other financial institutions, and were able to nominate other types of businesses. The professional sector businesses were included despite the fact that they did not fall within the legislation. Confidence ratings for the customer due diligence undertaken by each of these four selected business types were condensed into not at all confident/not confident, neutral and confident/extremely confident in order to simplify the results (see Table 18).

Table 18: Respondents’ confidence in know-your-customer procedures undertaken by another business (%)
Confidence rating
Sector performing KYC Not at all/not confident Neutral Confident/extremely confident
Financial planners 10.8 33.3 55.9
Accountants 5.0 18.3 76.7
Lawyers 5.6 21.0 73.4
Other financial institutions 5.5 23.4 71.1

Source: AIC AML/CTF Australian businesses survey [computer file]

Generally, there was a lower level of confidence in customer identification processes undertaken by financial planners as opposed to accountants, lawyers, or other financial institutions. Comparing mean results for responses from respondents concerning confidence in identification undertaken by financial planners and financial institutions, it was found that there was a statistically significant difference between these two groups (t=-9.1; df=2415.2; p≤0.0001).

Financial institutions were the only business sector included in this question that had AML/CTF regulatory responsibilities and yet more respondents felt confident or extremely confident in customer identification completed by accountants (76.7%). The confidence rating between accountants and financial institutions was statistically significant (t=3.2; df=3092.4; p≤0.002), indicating that more confidence existed in the processes undertaken by accountants than financial institutions. A higher percentage of respondents also expressed confidence in the due diligence processes of lawyers (73.4%) than other financial institutions (71.1%), although this was not statistically significant (t=2.4; df=3132.1; p≥0.016). A significant difference was found between levels of confidence in due diligence undertaken by accountants as opposed to lawyers (t=2.421; df=3132.13; p=0.016).

The data in Figure 6 show the marked differences that existed across business sectors in respect of their level of confidence in relying on customer due diligence procedures performed by financial planners. Those in the cash delivery services sector had the least confidence in relying on due diligence assessments made by financial planners (18.8%), while respondents from the securities and derivatives sector were generally confident or extremely confident in customer due diligence assessments conducted by financial planners (76.9%).

Figure 6: Confidence in relying on customer due diligence conducted by financial planners, by sector (%)

figure 06

Source: AIC AML/CTF Australian businesses survey [computer file]

As is apparent from Figure 7, the banking sector showed the highest proportion (11.5%) of businesses that reported low levels of confidence in relying on the processes conducted by accountants. By contrast, more than 86 percent of financial services sector respondents were confident or extremely confident in the due diligence procedures conducted by accountants.

Figure 7: Confidence in relying on customer due diligence conducted by accountants, by sector (%)

figure 07

Source: AIC AML/CTF Australian businesses survey [computer file]

In relation to levels of confidence in due diligence undertaken by those in the legal sector, Figure 8 shows that the financial services sector respondents had the highest levels of confidence (83.9%), while only 64.5 percent of the banking sector, 60 percent of foreign exchange businesses and 51.1 percent of alternative remittance dealers were confident or extremely confident in replying on due diligence undertaken by lawyers.

Figure 8: Confidence in relying on customer due diligence conducted by lawyers, by sector (%)

figure 08

Source: AIC AML/CTF Australian businesses survey [computer file]

Transaction monitoring and reporting

Both the FTR Act and the AML/CTF Act 2006 (Cth) currently require that reporting entities provide a number of financial transaction reports to AUSTRAC. A substantial change in reporting to AUSTRAC took place on 12 December 2008 when the reporting requirements of the AML/CTF Act 2006 (Cth) came into effect. The reporting requirements oblige entities providing one or more ‘designated services’ under the AML/CTF Act 2006 (Cth) to submit certain reports to AUSTRAC. These include the following (AUSTRAC 2010).

Under the AML/CTF Act 2006 (Cth), reporting entities must submit SMRs if, at any time while dealing with a customer, the entity forms a reasonable suspicion that the matter may be related to an offence (not just a ML/TF offence), tax evasion, or the proceeds of crime. Entities must submit SMRs to AUSTRAC within three days of forming the suspicion (or within 24 hours for matters related to financing of terrorism suspicions). For many reporting entities, SMRs have progressively replaced suspicious transaction reports, which fall under the FTR Act.

Under the AML/CTF Act 2006 (Cth), if a reporting entity provides a designated service to a customer that involves the transfer of physical currency (or e-currency) of $10,000 or more (or the foreign currency equivalent), that entity must submit a TTR to AUSTRAC. For many reporting entities, TTRs have replaced significant cash transaction reports, which fall under the FTR Act. Entities must submit TTRs to AUSTRAC within 10 days of the transaction.

Under the AML/CTF Act 2006 (Cth), if a reporting entity sends or receives an instruction to or from a foreign country to transfer money or property, that entity must submit an international funds transfer instruction (IFTI) report. IFTI reports were also required to be submitted under the FTR Act. Entities must submit IFTIs to AUSTRAC within 10 days of the transfer.

Under the AML/CTF Act 2006 (Cth), cross-border movement of physical currency (CBM-PC) reports are submitted when currency (coin or paper money) worth $10,000 (or the foreign equivalent) or more is carried, mailed or shipped into or out of Australia. When a person carries currency of $10,000 or more into or out of Australia, a CBM-PC report must be completed at the first customs examination area upon entry into Australia or before leaving Australia. When a person mails or ships currency of $10,000 or more into or out of Australia, a CBM-PC report must be submitted within five business days of the currency being received in Australia or at any time before the currency is sent out of Australia. On 12 December 2006, CBM-PC reports replaced international currency transfer reports, which fall under the FTR Act.

Under the AML/CTF Act 2006 (Cth), cross-border movement of bearer negotiable instrument reports must be completed by persons entering or leaving Australia who are carrying bearer negotiable instruments (such as travellers cheques, cheques or money orders) of any amount, if asked by a customs or police officer to complete such a report. This aspect of the reporting regime is examined by Smith and Walker (2010).

Finally, a reporting entity must give an annual report to AUSTRAC regarding its compliance with the AML/CTF Act 2006 (Cth) (ss 47–48). The first such report was due on 31 March 2008. The AML/CTF compliance report obligations apply to any person or entity that provides designated services. Reporting entities were encouraged to enrol via AUSTRAC Online, an internet-based information portal for reporting entities launched in December 2007. AUSTRAC Online streamlined the enrolment process for new entities and provided a simple and efficient means for entities to submit their compliance reports. By the end of the reporting year, more than 10,000 entities had enrolled via AUSTRAC Online and approximately 7,500 AML/CTF compliance reports had been submitted (AUSTRAC 2008). At 30 June 2011, a total of 18,484 entities were enrolled with AUSTRAC Online (AUSTRAC 2011).

In Australia, the pattern of suspicious transaction/matter reporting to AUSTRAC has been one of general increase between 1994–95 and 2010–11, although these increases were more pronounced from 2003–04 onwards. A substantial increase between 2008–09 and 2009–10 was followed by a slight reduction in 2010–11 (see Figure 9).

Figure 9: Suspicious transaction/matter reports received by AUSTRAC, 1994–95 to 2010–11 (n)

figure 09

Sources: AUSTRAC annual reports 1994–95 to 2010–11

The increased number of reports submitted to AUSTRAC is unlikely to be the direct result of an increase in the number of suspicious transactions performed by designated entities on behalf of their customers. Instead, it is likely to be attributed to the tightening of the AML/CTF regime (in the wake of the 11 September 2001 and other terrorist attacks), a legislative-driven increase in the number of reporting entities, an increase in the size of some regulated sectors, increased publicity by AUSTRAC of the requirements of the regime and a period of defensive reporting influenced by the securing of convictions against high profile financial institutions in the United States and the United Kingdom for failing to adequately maintain AML/CTF compliance systems (Smith et al. forthcoming).

Perceptions of the effectiveness of transaction monitoring—survey results

The AML/CTF regime requires reporting entities to monitor transactions of customers in order to identify both threshold transactions as well as suspicious matters and have regard to complex, unusual large transactions and unusual patterns of transactions, which have no apparent economic or visible lawful purpose (Chapter 15, AML/CTF Rules Instrument 2007 (No 1)). The survey sought the views of participants on the ability of their business to monitor transactions, the methods used to monitor transactions and the procedures likely to be the most effective in monitoring transactions. Respondents were specifically asked to indicate their views on the extent to which their business was effective in identifying each of a variety of types of financial transaction. Respondents were also asked to indicate their perceptions of the effectiveness of transaction monitoring in terms of identifying cash transactions equal to or more than $10,000, suspicious transactions of less than $10,000, suspicious transactions of more than $10,000, transactions involving PEPs and suspicious transactions to overseas countries. The perceptions of respondents on the effectiveness of transaction monitoring for each of these transaction types are presented in Figure 10.

Figure 10: Perceptions of the effectiveness of transaction monitoring for different types of transactions (%)

figure 10

Source: AIC AML/CTF Australian businesses survey [computer file]

Almost 95 percent of respondents considered their transaction monitoring procedures to be effective, or very effective, at identifying cash transactions of $10,000 or more. Smaller proportions of respondents considered their procedures to be very effective, or effective, at identifying transactions involving PEPs (51.2%) or at identifying suspicious transactions made to overseas countries (77.4%).

Comparing mean results for responses concerning the effectiveness of identifying transactions involving PEPs and suspicious transactions to other countries, it was found that there was a statistically significant difference between these two groups (t=-12.3; df=3429.5; p≤0.0001); that is, respondents viewed their ability to identify transactions involving PEPs as being significantly less effective than their ability to identify suspicious transactions to other countries. The foreign exchange sector was the sector that believed it was least effective in identifying transactions involving PEPs (19.1% believing processes to be either ineffective or very ineffective).

Respondents also differed significantly in terms of their perceived effectiveness in identifying suspicious transactions of less than $10,000 as opposed to those of more than $10,000 (t=-11.2; df=6077.3; p≤0.0001). Overall, respondents were less confident in their ability to identify suspicious transactions of less than $10,000 than suspicious transactions of more than $10,000.

Automated transaction monitoring

Respondents were also asked to indicate whether their transaction monitoring activities were manual, using some automated software-based system, a mixture of both, or whether no monitoring was undertaken. The data in Figure 11 show that more than half (58.2%) of respondents reported using only manual, or mainly manual, transaction monitoring processes in their businesses. A small percentage of businesses (7.8%) reported using predominantly software-based transaction monitoring processes.

Figure 11: Manual and automated transaction monitoring processes across business sectors (%)

figure 11

Note: Percentages may not total 100 due to rounding

Source: AIC AML/CTF Australian businesses survey [computer file]

Table 19 presents statistics on the transaction monitoring processes used by respondents according to their business sector. It was found that transaction monitoring software was most often used in the foreign exchange sector (23.4%) with those in the gambling (67.9%) and securities and derivatives sectors (68.1%) most often using manual processes for transaction monitoring. Almost six percent (5.7%) of respondents, mostly from the gambling sector, indicated that they used no transaction monitoring processes. This accords with the results presented in Figure 1 that showed that respondents from the gambling sector were the least likely to use AML/CTF software generally.

Table 19: Each business sector using manual, software-based, or mixed transaction monitoring processes (%)
Business sector Only/mainly manual Only/mainly software Mixture No monitoring
Foreign exchange 32.0 23.4 42.3 2.0
Banking 35.2 11.6 50.5 2.7
Alternative remittance services 49.5 14.4 33.0 3.2
Financial services 52.4 8.5 37.2 1.8
Cash delivery services 54.4 7.0 33.3 5.2
Managed funds/superannuation 54.8 6.1 37.0 2.0
Gambling 67.9 3.5 21.4 7.2
Securities and derivatives 68.1 2.7 25.7 3.5
Other 42.1 21.1 30.2 6.5

Source: AIC AML/CTF Australian businesses survey [computer file]

Perceptions of the effectiveness of transaction monitoring procedures

An attempt was also made in the survey to gauge perceptions about the effectiveness of various types of transaction monitoring procedures. Grouping the responses into three categories of very effective/effective, neutral and very ineffective/ineffective, Figure 12 presents the assessments for five types of transaction monitoring methods—anti-money laundering software, external third parties (such as consultants), external audit, internal audit and internal staff-based methods.

Figure 12: Perceptions of the effectiveness of transaction monitoring procedures (%)

figure 12

Source: AIC AML/CTF Australian businesses survey [computer file]

It was found that the majority of respondents (92.9%) indicated that using internal staff to identify transactions was an effective or very effective method of transaction monitoring. Internal auditing was also considered to be effective or very effective for 85.3 percent of respondents. Somewhat fewer respondents (77%) indicated that using external third parties, or using external audit (78%), to identify transactions were effective or very effective methods of transaction monitoring. The effectiveness ratings shown in Figure 12 also indicated that just over one half of respondents (58.1%) perceived that AML/CTF software was an effective or very effective means of monitoring transactions.

Respondents from the banking (82.2%), securities and derivatives (84%), and alternative remittance services (80%) sectors were most likely to view transaction monitoring using AML/CTF software as effective or very effective. Fewer respondents (38.4%) from the gambling sector, by contrast, viewed AML/CTF software as effective or very effective. Those from the gambling sector were also most likely to say that they did not use any AML/CTF software for any aspect of compliance. There is no indication, however, of whether gambling businesses did not use AML/CTF software because of its perceived ineffectiveness, or simply if the perception of ineffectiveness stems from a lack of exposure to using software. It could also be the case that respondents from the gambling sector considered that AML/CTF software was too expensive or not well-suited to the compliance needs of the sector.

Responses of interviewees

Interviewees were asked to provide information on the procedures they used that were relevant to the identification of suspicious transactions undertaken by their customers. Many of these procedures were used for credit control and fraud reduction reasons, rather than specifically for anti-money laundering purposes, although they were also of benefit in detecting suspicious transactions for AML/CTF purposes as well. One interviewee from a pub, for example, explained that the pub had TAB facilities as well as gaming machines and that the TAB monitored the bets placed in the pub. The TAB set a betting threshold of $200, beyond which the pub owners needed to place the bet with the TAB. The TAB would contact the pub to get some identification information of the punters on any bets they had questions about. One of the pub’s regular customers frequently placed large bets at the pub and the pub’s owners knew that the man supported himself through gambling. This punter placed a bet of $1,000 and the TAB called to verify it when he placed it and again the day after. The owner witnessed one customer winning $10,000 within the first three months that the owner had been in the pub; another won $1,800 during the same period. Each of these winners had their details recorded prior to receiving their winnings, although the owners knew them quite well and saw them often. The pub had procedures for placing large bets so that the staff could do so and the system worked well for the TAB facilities. The owners had no idea of what amounts of cash were going into the pokies by a single user though, as each machine gave a figure at the end of the day but did not log the amounts placed by each user or in a single session. Lots of big punters played the pokies and tended to favour some machines; the pub owners could usually tell who had been using a machine upon clearing it out at the end of the day.

Another interviewee who worked with a cash delivery company indicated that all cash pickups came with a receipt indicating the amount of money that a machine should be holding. Any pickups that approached $10,000, or cumulatively reached $10,000, were recorded in a spreadsheet. The risk-management system involved a recording system for all guards in the field to document everything and this information was recorded in the office. All of the company’s staff, including the guards and office staff dealing with the cash once it had been collected, were trained in AML/CTF reporting requirements. All of the guards were aware of the cash transaction reporting requirements and the office employees were aware of all of the reporting requirements as well. The company conducted an AML/CTF component within its induction process for new staff and held a monthly meeting intended for staff to ask questions and identify further training needs.

Identifying suspicious transactions—survey results

Respondents were asked to indicate whether their business ‘had identified any suspect transactions over the 12 month period ending 30 June 2009’ (ie the 2008–09 financial year). The question asked about ‘suspect transactions’ which was the terminology used at the time, rather than the term used in the current legislation, ‘suspicious matters’. There is a possibility that some respondents might not have provided a positive response to these questions where they were unable to identify a suspect transaction as relating either to money laundering or financing of terrorism, where the distinction between the two categories was unclear. However, because so few transactions concerned financing of terrorism, this problem is likely to have minimal impact.

A total of 181 respondents indicated that their business had identified a suspected money laundering transaction. At least five businesses from each business sector identified at least one transaction suspected of being linked to money laundering. More than 80 percent of the businesses that reported identifying suspect transactions identified 10 transactions or less. The low numbers of suspicious transactions that businesses in the AML/CTF Australian businesses survey identified are consistent with the reported numbers of suspect transactions in other surveys. Ninety percent of regulated businesses surveyed in the United Kingdom in 2007 reported 100 suspicious transactions or less in a year (PricewaterhouseCoopers 2007). The largest proportion of the group (58%) reported six or less transactions per year, compared with one percent of the sample that reported 500 transactions or more. The Indian financial services businesses surveyed by KPMG in 2009 showed a similar pattern, with 56 percent of respondents filing less than five reports and 12 percent reporting more than 20 transactions in a year (KPMG (India) 2009).

Figure 13 shows the percentage of suspect transactions that were reported by entities in varying sectors grouped according to five categories of volume—10 or less suspect transactions, 50 or less, 100 or less, 500 or less, or more than 500 suspect transactions. For example, 100 percent of respondents that reported over 500 suspect transactions in the year to 30 June 2009 came from the banking sector (1 bank). However, only 22 percent of entities that reported 10 or less suspect transactions came from the banking sector. Businesses within the banking sector identified 33 percent of all of the transactions suspected of involving money laundering reported in the survey.

Figure 13: Suspect transactions reported in the year to 30 June 2009, by business sector and volume reported (%)

figure 13

Source: AIC AML/CTF Australian businesses survey [computer file]

Thirteen survey respondents identified a transaction suspected of involving the financing of terrorism in the same period. At least one business from each sector identified at least one transaction it suspected of being linked to the financing of terrorism. The banking sector was also the reporting sector that identified the largest volume of transactions that were thought to involve the financing of terrorism. The number of suspected terrorism financing transactions was, however, much smaller at only four.

Under- and over-reporting

The present study sought the views of participants on under- and over-reporting of suspicious matters by seeking their responses to a series of statements suggesting situations in which under- or over-reporting might occur.

Under-reporting—survey results

Survey respondents were asked if they agreed, strongly agreed, disagreed, or strongly disagreed that failing to report a suspicious transaction to AUSTRAC was justifiable in situations where:

  • reporting was not required by law;
  • they perceived reporting to be of no use;
  • reporting would result in lost business;
  • reporting would alienate customers; and
  • there was a fear of reprisals.

Accordingly, if respondents agreed with these statements, it was considered likely that they would fail to report matters to AUSTRAC that could potentially have involved money laundering or financing of terrorism.

The results presented in Figure 14 were grouped into three categories relating to general agreement with the statements, neutrality, or disagreement. It was found that almost 80 percent of respondents disagreed, or strongly disagreed that failing to report was justifiable where reporting might result in a loss of business (79.8%) or alienate customers (78.5%). A third of respondents agreed or strongly agreed that failing to report a suspicious transaction was justifiable where reporting was not required by law and 13.3 percent of respondents agreed that failure to report was justifiable where reporting was perceived to be of no use.

Figure 14: Justifications for failing to report suspicious transactions

figure 14

Source: AIC AML/CTF Australian businesses survey [computer file]

The results relating to the statement ‘under-reporting is justifiable when it is not required by law’ were significantly different according to the business sector respondents occupied (χ2=40.4, df=16, p≤0.001). A Cramér’s V of 0.07 indicated that there was a weak level of association between respondents’ views regarding the justifiability of non-reporting ‘when not required by law’ and the business sector they occupied. Similarly, the results relating to the statement ‘under-reporting is justifiable when it is of no use’ were significantly different according to the business sector respondents occupied (χ2=68.1, df=16, p≤0.0001). A Cramér’s V of 0.10 indicated that there was a weak level of association between respondents’ views regarding the justifiability of non-reporting ‘when it is of no use’ and the business sector they occupied.

The data presented in Figure 15 show that the banking, cash delivery services and financial services sectors were most likely to disagree with the statement that failing to report ‘when it is not required by law’ was justifiable. Businesses from the securities and derivatives sector were most likely to agree that failing to report in these circumstances was justifiable.

Figure 15: Justifiability of failing to report a suspicious transaction when it is not mandatory, by business sector (%)

figure 15

Source: AIC AML/CTF Australian businesses survey [computer file]

The banking, managed funds/superannuation and financial services sectors were also most likely to disagree or strongly disagree that failing to report a transaction in circumstances in which reporting ‘would be of no use’ is justifiable, as the data in Figure 16 show. Those in the gambling sector were most likely to agree that failure to report in these circumstances would be justifiable.

Figure 16: Justifiability of failing to report a suspicious transaction when reporting is perceived to be of no use, by business sector (%)

figure 16

Source: AIC AML/CTF Australian businesses survey [computer file]

The results were also analysed in terms of the type of transaction monitoring procedures that respondents used—namely, manual, through the use of software, a mixture of both, or none. Statistically significant relationships were found between the transaction monitoring procedures businesses used and their views on under-reporting suspicious transactions. Figure 17 presents the results for the statement that failure to report is justifiable when reporting is not required by law.

Figure 17: Justifiability of failing to report a suspicious transaction when it is not mandatory, by transaction monitoring procedures (%)

figure 17

Source: AIC AML/CTF Australian businesses survey [computer file]

These results were significantly different according to the business sector respondents occupied (χ2=41.5, df=10, p≤0.0001). A Cramér’s V of 0.07 indicated that there was a weak level of association between the views of respondents concerning the justifiability of reporting when not required to do so by law and the transaction monitoring procedures they used. Businesses without any monitoring procedures were more likely than other businesses to agree that electing not to report suspicious transactions when required to do so by law was justifiable.

A statistically significant, but weak relationship was also found between the way in which businesses monitored transactions and their views on failing to report when reporting was perceived to be useless (χ2=32.6, df=10, p≤0.001; Cramér’s V=0.07). Businesses without any transaction monitoring processes were most likely to agree that failing to report if the business considered that doing so would be useless was justifiable (53.2%). Businesses with a mixture of automated and manual monitoring procedures were most likely to disagree or strongly disagree with this statement (74.6%). Figure 18 shows respondents’ views as to the justifiability of failing to report where reporting was perceived to be of no use, according to the transaction monitoring procedures which are used.

Figure 18: Justifiability of failing to report a suspicious transaction when reporting is perceived to be of no use, by transaction monitoring procedures (%)

figure 18

Source: AIC AML/CTF Australian businesses survey [computer file]

A statistically significant, but weak, relationship was also found between views concerning the justifiability of failing to report where this could alienate customers and the type of transaction monitoring procedures used (χ2=46.6, df=10, p≤0.001, Cramér’s V=0.08). Respondents without any transaction monitoring procedures were more likely than other businesses to agree or strongly agree that not reporting in these circumstances was justifiable.

Over-reporting—survey results

With respect to attitudes towards over-reporting of suspicious transactions, respondents were asked to indicate whether they believed reporting more suspicious transactions to AUSTRAC than strictly necessary was justifiable in the following circumstances:

  • when the business was not sure what the transaction involved (‘unsure of transaction’);
  • when there was heightened staff awareness/understanding of AML issues (‘staff awareness’);
  • when electronic/automated transaction monitoring made reporting easy (‘electronic monitoring’);
  • to avoid the imposition of penalties for failing to comply (‘avoid penalties’); and
  • to ensure the business’ level of reporting was comparable with that of other businesses in the same sector (‘report volumes’).

The views of respondents on over-reporting in these circumstances are shown in Figure 19, with results grouped in three categories of general agreement, neutrality and general disagreement.

Figure 19: Justifiability of reporting more transactions than necessary, by circumstances (%)

figure 19

Source: AIC AML/CTF Australian businesses survey [computer file]

A majority of respondents agreed or strongly agreed (70.4%) that over-reporting was justifiable where the business was unsure of what a transaction involved. A total of 58.3 percent of businesses also agreed or strongly agreed that over-reporting in order to avoid penalties for non-compliance was justifiable and 46 percent agreed or strongly agreed that it was justifiable to ensure that the business’ level of reporting was comparable with that of other businesses in the same sector.

The results concerning over-reporting in circumstances in which the business was unsure of the nature of the transaction were significantly associated with the business sector from which respondents came (χ2=42.6, df=16, p≤0.0001). A Cramér’s V of 0.08 indicated that there was a weak level of association between respondents’ views as to over-reporting in these circumstances and the business sector they occupied. Businesses classified as ‘other’ (78.2%), those from the managed funds and superannuation sector (74.3%), and the foreign exchange sector (73.6%) were most likely to agree or strongly agree that over-reporting was justifiable in these circumstances. Those from the securities and derivatives (62.1%) and cash delivery services (59.1%) sectors were least likely to agree that this was justifiable.

The business sector of the respondent was also significantly associated with their response to over-reporting to avoid penalties for non-compliance (χ2=57.64 df=32, p≤0.004, Cramér’s V=0.07). Businesses from the banking and cash delivery sectors were the least likely to consider that over-reporting would be justifiable in order to avoid fines for non-compliance, while businesses classified as ‘other’ were the most likely to agree that over-reporting in these circumstances would be justifiable.

Banking businesses were also the least likely to agree that over-reporting would be justifiable in order to ensure that the bank’s level of reporting would be comparable with that of other banks. Those from the foreign exchange and cash delivery sectors were most likely to agree that over-reporting in these circumstances would be justifiable. A statistically significant relationship was found between the business sector respondents occupied and their view on over-reporting in order to ensure that their level of reporting would be comparable with that of comparable businesses in the same sector (χ2=102.3, df=16, p≤0.0001). A Cramér’s V of 0.13 indicated that there was a weak level of association between these views and the business sector they occupied.

Statistically significant, but weak relationships were also found between business sector and views as to the justifiability of over-reporting where automated transaction monitoring makes reporting easier (χ2=149.8 df=16, p≤0.0001, Cramér’s V=0.16) and as a consequence of heightened staff awareness (χ2=68.8 df=16, p≤0.0001, Cramér’s V=0.10). Businesses that provided foreign exchange services were the most likely to agree that over-reporting would be justifiable where automated transaction monitoring made reporting easy, while banking sector businesses were the least likely to agree with this statement. Alternative remittance businesses were the most likely to consider that over-reporting was justifiable because of heightened staff awareness.

An analysis was also undertaken of the views of respondents as to over-reporting and their use of AML/CTF software. Statistically significant, but weak, relationships were found between the use of AML/CTF software and responses:

  • to over reporting in order to avoid penalties for non-compliance (χ2=20.7 df=4, p≤0.0001, Cramér’s V=0.08);
  • to ensure comparable reporting numbers (χ2=32.7 df=2, p≤0.001, Cramér’s V=0.10);
  • when staff have a heightened awareness (χ2=8.6 df=2, p≤0.013, Cramér’s V=0.05); and
  • where software makes reporting easy (χ2=38.5 df=2, p≤0.0001, Cramér’s V=0.1).

Businesses that used AML/CTF software were less likely than those businesses without AML/CTF software to agree or strongly agree that over-reporting would be justifiable in order to avoid penalties, to ensure comparable reporting numbers with other businesses in the same sector, or because of heightened staff awareness. Businesses with AML/CTF software (28.7%) were more likely than businesses without software (19.8%) to disagree or strongly disagree that over-reporting would be justifiable where software made it easy to report. It seems, therefore, that there are a number of circumstances in which businesses from certain sectors would be willing to engage in both under-reporting and over-reporting of suspicious transactions to AUSTRAC, based largely on commercial reasons.

Views of interviewees regarding risk management

Although only a small number of individuals agreed to participate in follow-up interviews, a number of relevant issues were raised that help understand how reporting entities undertake risk management in connection with AML/CTF compliance. Some interviewees, for example, reported limiting the types of products, services, or transactions that they might otherwise offer, primarily in order to reduce risks of financial loss to their businesses but with the subsidiary aim of reducing risks of any involvement in any illicit financial transactions. The private mortgage lender who participated in an interview indicated that risks of loss were minimised by limiting loans made to non-Australian residents for residential properties. The lender would not lend any funds for ‘off the plan’ property purchases to any borrowers and would only lend up to 70 percent of the value of a property. The business aimed to safeguard itself against risks that may be associated with non-resident borrowers by conducting enhanced due diligence on those clients. The enhanced due diligence procedures the mortgage lender conducted included investigating whether the client had Foreign Investment Review Board approval, documenting their reasons for being in Australia, using their identification and profile to verify the client’s legitimacy and witnessing evidence of the funds available to them in Australia. Generally, these clients would need to have status as a permanent or temporary resident in order to borrow funds.

Other interviewees described risk management activities that were supplementary to customer identification and transaction monitoring. The interviewee from the mutual banking business indicated that its risk management procedures had been revised following the introduction of the AML/CTF Act 2006 (Cth). The risk management system at the time of interview included the development of a risk management framework, the creation of a staff library for AML/CTF documents, random file auditing conducted every two months and tracking risks within a database system. The program required all supervisors and managers to undergo risk checks each month and the top 10 risks were then reported to the board. A key aspect of the risk management system was the establishment of an internal fraud unit, consisting of the compliance officer, an information technology officer and the finance manager, which was deliberately established as a hierarchical system for examining reports of suspicious transactions.

The mutual banking business also performed police records checks with the Australian Federal Police and a bankruptcy check via the Australian Prudential Regulation Authority and ASIC disqualification registers, prior to employing new staff members. All staff members made an AML/CTF declaration as part of their annual performance review and were required to declare any convictions recorded against them in the previous 12 month period. Staff members were also trained annually with AUSTRAC materials and any sites with a poor compliance performance in the auditing process received additional training. The business also sought to educate customers on the risks associated with their personal accounts.

By contrast, the two money exchange and remittance businesses interviewed did not carry out substantial changes to the ways in which they identified customers and handled business records following the commencement of reporting obligations. The businesses had an identification database, although this predated the AML/CTF Act 2006 (Cth) requirements. All customers were identified, usually with a passport, and the business did not undertake additional identification procedures beyond this unless the transaction was in excess of $10,000. In these cases, the forms for a large cash transaction were also completed within four or five days. The owner considered the KYC principles to be sufficient for a small business in its current location.

Two interviewees reported considering specific risk-management procedures for terrorism financing separately to the procedures employed for money laundering. The mutual bank used its transaction monitoring software to do a monthly search of its customer database against names of the Department of Foreign Affairs and Trade (DFAT) watch list. The issues associated with this list, such as duplicated names or alternate spellings, meant that the business did not follow up any partial matches and only examined any complete matches between their customers and the list. The private mortgage lender, by comparison, did not use the DFAT or Attorney-General’s proscribed persons lists at all. The company secretary was confident that any persons on those lists would not apply for a loan in their own name and he doubted that he would be able to deduce whether a customer was applying for a loan on behalf of an individual on those lists.