Become a Creator today!Start creating today - Share your story with the world!
Start for free
00:00:00
00:00:01
The Future of Tranche 2
35 Plays1 month ago
Arctic Intelligence CEO Anthony Quinn joins the Future of the Financial Crime Podcast to discuss the Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Amendment Bill in Australia and critical decisions that newly regulated businesses will have to consider when building their financial crime compliance programs.
Also, don't miss an opportunity to submit a response to the consultation on the new AML Rules.
The Future of the Financial Crime Podcast is a production of Arctic Intelligence, an award-winning Regulatory Technology (RegTech) business that transforms financial crime risk assessments to help protect your business.
Recommended
Transcript
Introduction and Legislative Overview
00:00:00
Speaker
In this episode, we look at the amendments to the AMLCTF Act here in Australia. At the end of November, the anti-money laundering and counter-terrorism financing amendment bill passed through the Australian parliament. One big feature is the capture of the trans2 businesses. Many more professions and businesses will need to take a serious look at developing a serious financial crime compliance program.
00:00:21
Speaker
This amendment expands the Australian Transaction Reporting and Analysis Centers, or OSTRACs, reporting entities from 14,000 to something like 90,000 entities. To help us with this conversation is Arctic Intelligence CEO Anthony Quinn, who joined the podcast just one day after OSTRAC released a consultation paper on the new AML rules.
00:00:40
Speaker
For those who are looking to submit a response, you have until the 14th of February, 2025.
Guest Introduction and AML Discussion
00:00:45
Speaker
Enjoy the podcast.
00:00:48
Speaker
this is a future of financial crime ah production of arctic intelligence ah podcast takes a global perspective on financial crime complaints Basically, training and awareness is probably the first thing. You know, really educating, you know, boards, senior management, you know, operations teams around, you know, what is the AML law? What does it require a regulated entity to do?
00:01:15
Speaker
Welcome to the Future of Financial Crime. My name is Kwame Susher. I am your host, and we have a very special guest with us today. We have Anthony Quinn, CEO of Arctic Intelligence, really the the brainchild behind this podcast itself. Welcome to the podcast, Anthony. So today we're going to have, I think it's going to be an interesting conversation because it's been a long time waiting. the I guess the update to the AML CTF act that finally captures all of those non-financial institutions. and yeah How do you feel about that, Anthony?
Impact on Non-Financial Institutions
00:01:44
Speaker
I think it's great and because it basically closes a gap that's been long overdue, but obviously it's been a long time coming and there's a long road ahead. Yeah, sure. So for anyone listening who is you know not in Australia, maybe you haven't really done business in Australia and you want to have a better understanding of the regulatory framework. Anthony, I thought it would be good if you could just sort of lay down from your experience and your perspective, you know, what what is a regulatory sort of landscape like in Australia for, I guess, that financial crime space? so
00:02:16
Speaker
yeah Thanks, Gromit. For those that don't know, the AML CTF Act in Australia was first put into effect in 2006, mainly applies to three sectors, so financial services, and which obviously covers a broad number of different types of institutions like banks and credit unions and fintechs and wealth and asset managers and planners and and non-bank lenders and a bunch of ah a bunch of others. It also covers gaming operators, so physical gaming venues like um casinos, hotels, clubs and clubs, as well as um online sports betting in online casinos and as well as bullion dealers. And when when the rules were
00:03:01
Speaker
first passed in Australia back in 2006.
Details of the AML-CTF Amendment Act 2024
00:03:04
Speaker
The government at the time had made a commitment to basically expand the laws and that that kind of whole first wave was called Tranche 1 and Tranche 2 was reportedly supposed to follow a goal in its heels in 2007 to essentially broaden the the number of regulated entities and to ah to a whole other range of different industry sectors, ah which are broadly a gatekeeper profession, such as lawyers and conveyances, you real estate agents, accountants, and trust and company service providers. So that that was all kind of due to to happen in 2007, and I guess fast forward a very long time, pretty much 18 years.
00:03:47
Speaker
The Australian government recently, as much as so two weeks ago, passed the AML-CTF Amendment Act 2024, which actually very narrowly passed through the Senate, but absolutely quite comfortably passed through the House of Representatives not not long after. So basically the the law has come into effect. It's now got Royal Assent and basically it's now sitting with OSTRAC It's the 13th of December today and yesterday on the 12th of December they issued a consultation paper. So it's very hot off the press and lots of people like myself are still kind of going through it to really kind of understand the details. But but the way that that works is the you've got the act
00:04:36
Speaker
And then Austrat basically define a set of rules, which really are kind of the practical kind of implementation of the Act in kind of practical terms. So they've issued that yesterday. There's a couple of rounds of consultation planned. The first consultation period closes on the 14th of February.
00:05:00
Speaker
um and It covers and like what they're calling the Exposure Draft 1, so it covers off a number of different subject topics, things like reporting groups, AML programs, customer due diligence, compliance officers, correspondent banking, a number of other things like compliance reporting and disclosure towards track and cross-border movements of funds. and Then there's a second Exposure Draft, which presumably will just take place you know not long after the first consultation period is finished, probably around mid-fair to probably end of April is my guess. And then basically following that, we would expect that those rules would be kind of passed in their final format out after that consultation process is closed and any kind of material changes that are required or requested or negotiated or whatever.
00:05:54
Speaker
or will end up as our kind of final rules. And from that that point on, basically the those new sectors that are offering those designated services, and that is broader than just the gatekeeper professions.
Compliance Challenges for New Sectors
00:06:10
Speaker
It also covers dealers in precious metals and also virtual asset service providers. that They will have to um basically start to comply for the very first time and they're there's going to be, you know, estimates of around 90,000 new businesses that will be regulated. And while that's important, we can come back to that because, you know, that cohort is essentially being regulated for the very first time. And so they have like a pretty steep learning curve about yeah what's involved in an AML program, how to do risk assessments, how to kind of train and train staff.
00:06:48
Speaker
and so on. so um But the other thing that is probably worth covering off is that there are quite a lot of changes in the rules that impact the Trant 1 sectors. So there's going to need to be a kind of ah ah big refresh of the AML program of about 17,500 currently regulated entities as well. And so whilst the focus tends to be on the newly regulated businesses, there's actually a lot of um change that's coming to to the the existing there those existing businesses.
00:07:24
Speaker
Yeah. And I guess that's a really important point because I do know every year upon year, every conference or gathering go to where we have a speaker from Australia. The statement is always that, you know, the SMRs that are being submitted, the suspicious matter reports are variable, are not always of the highest quality. And so there's always a sense that it was sort of work in progress anyways. Yeah. I mean, I think, um,
00:07:46
Speaker
It is quite surprising when you talk to some regulated businesses that have been regulated for a very, very long time since 2006, the level of maturity of their AML programs or their you know risk assessments or other kind of components that they're required to or have already been required to comply with for yeah well over a decade coming up to nearly two decades. um yeah they There is a lot of um variability in terms of the levels of quality and maturity that we see out there. So it's obviously a bit of a learning curve for those new regulators, but there's still significant room for improvement over a loss of existing reporting entities as well.
00:08:34
Speaker
Yeah, sure. So one other thing I found interesting, what you said is, yes, it's been 18 years, almost 20 years since I guess people were expecting this sort of second tranche of the legislation to come through. But I guess Australian businesses and those in the Asia Pacific would have had an example to look to. And New Zealand is an example of someone who had done tranche to a little bit earlier. But I guess some clever businesses in Australia were probably be looking to what maybe their counterparts were doing in New Zealand.
00:09:04
Speaker
yeah and I think i think and if I just sort cast my mind back to when I first started getting involved in the AML space, which was back in 2006 before the law even came into effect, it kind of was like um the land of the blind, the one-eyed man was king. like nobody There was really not that much um kind of depth of experience, including myself and many others that were basically tasked with yeah designing, implementing and maintaining and of an AML program. I was working in the banking sector for Macquarie Bank and for ah four and a half years. basically and you know It's a steep learning curve that those businesses have to go on. you know like
00:09:46
Speaker
First of all, doing an impact assessment, you know understanding yeah what services are actually caught, understanding even just some basic things around yeah kind of inventories of products or legal entities or things like that. And then there's a whole kind of like change transformation program around doing a risk assessment, understanding really how your business can be vulnerable to exploitation by organised criminals through you know the products and services that the business offers, the the specific kind of characteristics of those products and services, the the types of customers that a particular business deals with, you know whether they're foreign politically exposed persons or the type of industry sectors that they operate in or just the type of business legal entity that they deal with, types of channels that they have. So I think it's very important to be able to do an impact assessment and a risk assessment to really understand yeah what are the potential risks um for each and every every business.
00:10:51
Speaker
and then trying to understand well what controls do I need to implement to mitigate and manage those risks. So obviously there's a lot of controls around yeah customer due diligence, collecting and verifying information around different customer types, and things like you know training of staff, um exception handling processes, yeah regulatory reporting,
00:11:15
Speaker
you know transaction monitoring and record keeping and a whole bunch of requirements um that those newly regulated businesses are going to have to kind of come to grips with. But I think the difference back in 2006 and now is that know we actually have got a lot of experience. like there's a lot of like I think when I first looked for kind of um AML jobs to kind of hire people into our program and looked on SEEK, there's probably like two jobs, if that. Now there'll be hundreds of jobs at any given time. um So I think the the the number of people that have got experience
00:11:54
Speaker
in the ML space through working through yeah it either overseas for small businesses or in or in Australia for those currently regulated entities. I think there's ah there's a much bigger bench. um Whether there's enough of a bench of kind of qualified practitioners um is very questionable. With 90,000 new businesses being regulated for the very first time and 17,500 existing regulated businesses, you know there is going to be quite significant um pressure on you know
00:12:31
Speaker
hiring the right people with the right experience. Like every single one of those businesses has to appoint an AML compliance officer. They must be resident in Australia. They must be past a fit and proper persons test. um So that's going to be a pretty big challenge. And I think there's it's going to be a lot of um kind of, I guess, managed services where you know, they're kind of outsourced providers that are essentially kind of acting on a retainer kind of model to take care of a number of different kind of compliance obligations on behalf of those regulated entities. And that in itself presents a number of have considerations, you know, who who are you outsourcing it to? If that is the case, what are their kind of skills and backgrounds? What's their capacity to support?
00:13:21
Speaker
the clients, you know how are you're actually going to contract that, because you really can't outsource the the actual obligations. You might be able to outsource the work, but you need to have good and controls over any third-party providers that you might be using, whether they're technology providers, consulting providers, or but whatever. so I think there's just a huge resource is one kind of common theme, and I think the other thing that's significantly different is obviously the emergence and establishment of RecTech. I think back in 2006, there wasn't really that much maturity in terms of electronic ID verification. It certainly wasn't the norm back then, and yeah doing like scanning for
00:14:10
Speaker
you know pep and company that's a pep and sanctions screening and the trade surveillance and transaction monitoring systems and risk management risk assessment systems like what we do arctic you know those things weren't one even conceived of back back in the day and now a lot of existing regulated entities and newly regulated entities have got the opportunity to really leverage that technology to be able to, I guess, implement and maintain their compliance obligations in a more effective, streamlined, cost
Industry Growth and Compliance Preparation
00:14:46
Speaker
-effective way. So I think they're just a couple of the big considerations, the differences between then and now really.
00:14:56
Speaker
You know, perfect. And you know, the three key things that really strike me for what you just said is that you talked about the growth of the industry, um more and more professionals than they were from the beginning. You know, you've got reg tech as these sort of tech-based solutions to help you do your job better, faster, more efficiently. And then you've just got I guess a greater understanding of the industry but of course we're talking about I guess the the industry that's already regulated and you've obviously pointed out that we have a new industry that has not been regulated before new industries and may now and don't have that maturity test yet so I guess based on your experience of seeing the growth of legislation and the response to the growth in legislation
00:15:34
Speaker
What are some of the teething problems you imagine some of these newly regulated entities might have when it comes to complying and reporting totra i mean the i mean the first thing is actually just to to kind of like understand that this is actually happening or happened and about to happen in terms of like finalisation of rules and, you know, compliance kind of periods will be set in terms of like assisted compliance periods, you know, once these rules come into effect. And I think that is quite an important point one because often people's natural inclination is either to leave things right to the last minute um and anybody that's been through this process before understands that they you just can't afford to do that.
00:16:17
Speaker
Just given the volume of things that need to fall into place, you know, finding the right, you know, especially for sort of smaller businesses, you know, finding the right resources, the right teams, being able to invest in the right technology, make the right kind of decisions. You know, there's a whole change management process around the way that people collect and verify information about their customers.
00:16:40
Speaker
will need to change the types of tools that they are not currently using that they will need to use, such as yeah scanning for PEP and sanctions, screening, and they can't really leave it to the last minute um because yeah there's just too much to do. And I think you know even before these regulations come in,
00:17:05
Speaker
to effect and the rules are solidified, there is a lot of work that can be done to get prepared. So, you know, obviously, basically training and awareness is probably the first thing, you know, really educating boards, senior management operations teams around, you know, what is the AML law? What does it require a regulated entity to do?
00:17:32
Speaker
You know, what are some of the meet the main kind of pillars behind the legislation? What's the purpose behind the legislation? What are the outcomes it's seeking to achieve? And obviously some of the timeframes and ah really just looking at doing a business impact assessment.
00:17:50
Speaker
So understanding what products are offered that are going to be caught, understanding i guess any existing processes and how how well they kind of how well they align with future requirements, um yeah what changes are necessary. So it's basically going to be a whole change management process on entire industries and so I think education and training and awareness is probably the first first thing to do so that you know executive teams and boards actually really have a proper appreciation of
00:18:30
Speaker
what is actually going to be expected of them and their organisations to comply with these laws. So that would be the first thing. I think really doing an impact assessment, looking at how these rules, even if they come into effect in the way that they they are, yeah what what is going to be the impact on and on a particular business from a systems, a people process and perspective.
00:18:57
Speaker
And I guess what would be interesting to know as well from that perspective is, you know you mentioned resources, which would be a challenge for some of the smaller businesses. And I think it'd be important to anyone listening who happens to be part of the new regulated group. is that Alistairq is very good at communicating what they want usually and they usually have their own industry risk assessments posted on their website for people to see and a list of potential topologies and from what I understand they're not shy about communicating with who they want to communicate with when they think something isn't quite going the right way.
00:19:34
Speaker
Yeah, i mean I mean, you've got to commend Ostrac in terms of, yeah you know, like like the amount of um guidance that they issue and they're out their outbound engagement with industry is phenomenal. Like they're literally running road shows by industry. They run lots of different initiatives even, for example, like a RegTech initiative for providers, um so vendors like ourselves, also for consultants. so they
00:20:09
Speaker
they've you know They're very good at setting the expectations of businesses and what's required of them. and i and I think that they will continue to do that. and I think they are obviously resourcing up themselves to be able to provide that support to those industry sectors. So there's a lot of and free resources on the Oztrack website. There's videos introductory videos around AML. and There's obviously like industry sectoral risks and typology reports that they issue.
00:20:42
Speaker
And they often run kind of in-person events and online events and and often speak out other kind of industry forums like ACAMS and the Financial Integrity Hub. They were there at an event I was at. I think that that that industry education and awareness and being kind of approachable is actually really a credit to them. And I think and that will really help those regulated businesses to kind of get up the curve quicker.
00:21:10
Speaker
I guess any general advice for newly regulated entities or anyone who is eyeing Australia as a potential place to come and do business, that they should be thinking of very generally.
00:21:23
Speaker
I mean, just generally, I think the like the spread of businesses that are about to be newly regulated is very, very diverse. Obviously you have got a diverse number of industry sectors that are going to be covered. You know, gatekeeper professions, you know, virtual asset service providers, trust upcoming service providers and and and the like, you know. And the other thing is that those businesses are very diverse in terms of their size.
00:21:52
Speaker
So if you actually look at the, I guess the bell curve of the um some of those, like the legal profession or the accounting profession or the real estate profession, there is a lot of um very small operators, many, many sole traders. And obviously they have a day job to do, which is providing accounting services, legal services or setting houses or what what have you. And so,
00:22:19
Speaker
There's only limited expectation that they can have around being kind of overnight and ML experts. So I think there is a very diverse mix of sizes. And so I think where they can leverage through either like a franchisee, franchise or kind of relationship or through industry associations or through I guess kind of collective kind of outsourcing or other things. Yeah, there are ah opportunities for for for that to to occur kind of at more scale rather than kind of individual.
00:22:57
Speaker
So I know of a couple of outsourced service providers that are looking at providing these services as a bundled suite of services. So those types of things I think are worth investigating for sure. But yeah, I think the industry bodies will be equal to the task as well. I understand the accounting and the legal professional bodies are gearing up to support their members.
00:23:27
Speaker
um There's other providers, you know consultants and yeah tech companies that are wanting to to help those regulatory agencies to meet their obligations in a way that is have proportionate and commensurate with their size and their risk, basically. People will certainly have lots of fun Christmas reading, that is for certain.
00:23:48
Speaker
and ah Absolutely. And I think just sort of party was obviously is a bit of a, you know, the the consultation process finishes on the 14th of Feb, the first one. So, you know, there's a lot of people that will be digesting the regulations and understanding what the impacts are and and basically what, what bits of feedback that they want to give towards track in terms of trying to shape those, those rules.
00:24:14
Speaker
um and so That dialogue will continue for a number of months to come. and and yeah so I think we are at the beginning of of another of long um journey, but yeah I think there's a lot of support out there for for businesses. There are subjects of these laws for the very first time.
00:24:34
Speaker
Yeah, perfect. Well, I think Zoom is giving us a 10 minute warning, so we'll wrap this up. Well, thank you so much for being on the podcast, Anthony. And um for those... Thank you for having me. Yeah. And then for those listening, yeah, I hope you enjoy. And and I think we suggested at the beginning, Anthony, might be another installment um when we're when able to digest the information and when, I guess, things are a bit more final. Yeah, I think that'll be a great audio. This has been a production of Arctic Intelligence.
00:25:04
Speaker
And The Music is a production by Royalty Free Music.