Tara (00:51):
Thank you so much for tuning in. Today is a different type of episode because we have a special guest. So we had Tracey from EasyAML come to speak to the Art of Estate Planning Group in our monthly power hour about the anti-monery laundering and counter-terrorism tranche two regime, which captures professionals.
(01:19):
So we specifically focus this presentation on estate planning lawyers and helping them wrap their head around what they need to do if they're even caught by the rules and what needs to happen by one July 2026 in order to comply with the regime. So you can actually check out the show notes to watch the full presentation, but if you're listening to the audio, you'll still get a lot out of it. One of the things that we spent a fair bit of time talking about and showing on the screen in the presentation is about whether you provide a designated service. And I think for estate planning lawyers, this is really the crucial issue because estate planning lawyers, most of our work is actually not meant to be caught by the AML regime, but there will be some aspects which will drag you into the regime. And even though you only need to comply with the AML regime for services that are a designated service, once you register for compliance, you will then be subject to the much broader compliance regime.
(02:35):
So needing particular offices in your firm to be appointed and responsible, doing the auditing and keeping the policies. So the crucial question for you as an estate planning lawyer is, are you going to provide designated services? And if the answer to that is no, then you can sidestep the whole regime. If you have resigned to providing designated services, then you're all in. But if you are only currently providing one or two services that are a designated service, I think you really do need to ask yourself, are you going to sign up for the regime or not? So to have a look at whether you're providing a designated service, I would really encourage you to go and have a look at the Anti-Money Laundering Encounter Terrorism Financing Act. And if you Google that from Austrac, you will actually see they've put together a sort of consolidated legislation resource for you to incorporate the bill in and have a look at table six in section six.
(03:43):
It is, I think, very important for us all to actually look at the legislation, at least look at that table six, so you can really wrap your head around the scope of what is a designated service or not. I have done my own analysis and I want to just sort of list out the word that I think is not a designated service that commonly arises in estate planning firms. So I think we could be pretty confident that these are not going to be designated services. So preparing a basic will, preparing a testamentary trust will, preparing your letter of wishes, and enduring powers of attorney for individuals like people, not companies or trusts. Put that to the side. Preparing binding death benefit nominations, advice about succession strategies for a discretionary trust, a deed of variation that does not relate to either the beneficiaries or changing the control roles in a trust, receiving and holding funds on trust for payment of your legal fees, holding documents in safe custody, and also anything happening where you have a grant, so granted probate or letters of administration or other grant.
(05:03):
So property transfer pursuant to a will, to a beneficiary under the will where there's a grant, actually obtaining the grant, acting as an executor where a grant has been obtained, preparing a deed of family arrangement where there's a court order, a FIRB application under a will where a grant has been obtained, and also a property transfer as a result of a joint tenancy survivorship, because what you actually need for there to be a designated service is a transaction and something like a transfer to a surviving joint tenant is actually not a transaction. It operates pursuant to the law. The list that I've put together of services that I think are designated services, it's quite clear that preparing a corporate power of attorney or an entity power of attorney. So for a company, trust or self-managed super fund is establishing a trust other than a testamentary trust, registering a company, establishing a self-managed super fund, changing the trustee or the appoint or principal guardian, share transfers that result in a change of control of beneficial ownership or at the direction of another, also changing directors.
(06:25):
Now, those share transfers and change of directors are not just automatically designated services. Go have a look at the table because you'll see and in the legislation, because you will see that there are additional requirements, but at least that puts up the red flag to say we need to investigate this further to check if it's a designated service or not. Preparing a deed of gift, doing a gift and loan back arrangement, FIRB applications where there's no grant of probate, property transfers under a deed of family arrangement without a court order, and yeah, any other property transfer unless it's exempt. For me, I've got a list of things that I don't know if they're designated services or not. We've had some indication from the AUSTRAC guidance that they haven't resolved this either. So I'm putting this in the unresolved for now and I'm unsure for now category.
(07:19):
So this taking steps to sever a joint tenancy, preparing a deed of succession for the control roles of a discretionary trust, I don't know, preparing a deed of variation that relates to the control roles in a discretionary trust, converting to tenants in common, to joint tenancy, preparing shareholders agreement, partnership, unit holders agreement, under an insurance funded by sell. I don't know. I think not, but perhaps holding estate funds on trust, pending distribution to beneficiaries, opening bank account and applying for a tax file number for a testamentary trust. I think those will not be designated services, but I haven't conclusively reached a position yet. So I hope that just gives you an idea of the scope of it. We're talking a lot about this in the TT Precedents Club. We've got a list that we're working off. I'm also doing more work for the TT Precedents Club to try to get more clarity on this, but I do think you need to address this if you are operating any of those services and you just need to take a position if you're not going to subject your firm to the AML regime that just be really clear that you are limiting the scope.
(08:38):
So I do think for any of those services that are designated services like setting up entities, trust succession, corporate entity, power of attorneys, have a look at how that work contributed to your annual billings and see if it's worth the burden and cost of complying, or if it is easier just to accept that you're no longer going to do that and you've got a good referral partner that you can set up to send those out too. So those are the things that I would encourage you to think about. Also, we're just going to keep an eye out from the Law Societies and Law Institutes about the ethics of this. We had a lot of questions in the webinar about what happens if you have to lodge a suspicious matter report. Can you continue acting? How do you disengage if you think that you have a conflict or it's no longer in line with your duties and the solicitor's rules to continue acting?
(09:42):
We're not really diving into that in this presentation by Tracey. That is a topic for a separate discussion. We're particularly hoping for more guidance from the State Law Society and Institute's ethics boards. So it's very much a watch this space, but I do hope that this presentation at least gives you an overview of what you need to do. Are you going to be caught by the AML rules and helping you wrap your head around what you need to do by one July? Thank you so much for listening. Enjoy Tracey's presentation.
Tracey (10:21):
Welcome everybody. Thank you for having me. Today, as we said, we're going to delve into the trench to AML CTF legislation and compliance requirement. And I know that all of this is probably seeming very complex at the moment, but I promise there are ways to make it quite easy to manage. And I'll give you a quick look at some of them as we go along. We're going to start though by looking at why does this happening, then we'll look at who it affects and what's expected of you. I'm sure that everyone understands what money laundering and terrorism financing are. AUSTRAC have published a lot of terrific information, including these key facts. But what is tranche two? The simplest explanation is that it's a second round of AML CTF legislation to be implemented in Australia. Trench one was implemented 20 years ago. That's when all the banks and casinos started having to being given $10,000 in cash.
(11:14):
These trench fund entities have a lot of other AML obligations, and according to AUSTAC, they make hundreds of thousands of reports a year. Trench two brings more industries into that regime, so things like real estate, financing lawyers, and accountants, and requires them to comply with different obligations. However, before we get into those obligations, I do think it's real important to pause on why these reforms matter. I believe that it can also help you feel more comfortable about something that feels like a really big imposition on your time and energy, and a lot of people aren't too happy about it. The thing is, money laundering isn't just about money. It's about the crimes that sit behind it. Things like drugs, child exploitation, human trafficking, scams, corruption, real people suffer when dirty money flows freely. Trans two businesses can be used and therefore misused by criminals to buy property, facilitate high value transactions, to move funds and obscure transactions via complex structures.
(12:13):
These industries are often used to move and hide those funds because they're trusted and reliable and legitimate. So this means easinesses need to be part of the frontline in disrupting the cycle. And importantly, the reforms aren't just about ticking compliance boxes, although obviously you are required to make sure you meet your requirements. It's really about protecting the trust and commercial transactions, protecting your clients, protecting businesses from being exploited. And ultimately, it's about protecting our communities. Also, these laws or the lack of them affect how Australia is viewed internationally. If we're seen as a weak link, we'll be a target for global climate networks. Ooh, don't twister. We'd rip losing credibility with other countries. In fact, at our last review, the international organisation who oversee these matters, they're called the Financial Action Task Force, or FATF people call them. They noted that Australia was already becoming a hub for money laundering.
(13:13):
So they notified our government that Australia would be placed on their audit list if Tranch2 wasn't implemented, and this would've had a serious detrimental effect on our GDP because other countries would be reluctant to trade with us. Other countries that this has happened to 7.5% downturn in their GDP, so it could have been quite serious. So accordingly, to fulfil our obligations and more importantly, to try and stamp out criminal behaviour by stopping the flow of illicit money, the federal government passed laws to commence on the 1st of July, 2026, to ensure that trans two businesses form part of Australia's efforts to reduce money laundering. So that's why this conversation today is so important. It's not just about new rules, it's about the role that we all play in something much bigger. Okay, let's look at how we go about playing our role. The first thing you're going to need to understand is designated services.
(14:08):
These are services that companies offer to clients that Austrac have deemed to be at risk of being used for money laundering activities. So it's not a profession that's captured, but the services that are provided. There are quite a few different types of services, but at a high level, they are for our commandcing and real estate agent friends assisting in real estate transactions. That's a designated service. So they're all captured if you do anything to assist in real estate. For lawyers, accountants, and financial planners, there's quite a bit to unpack because you may fall into one of the business transactions, financial management, or corporate services categories. And in a moment, we're going to look at specifically from the viewpoint of what estate planners generally do. It's important to understand, because you're an accountant or a lawyer, you're not automatically captured. It does depend on whether you offer a designated service.
(15:06):
Please do also note that if you provide any designated services, even just once, they automatically become a reporting entity and will be required to enrol with Austrac and comply with all regulations. And I know for some of you, this might be considering whether you'll continue to offer those services. So let's take a look at some of them in more detail. It's probable that quite a bit of the work you do will be considered a designated service after the 3rd of July, but there's also a lot that isn't. I must also preface this conversation with a note that I cannot provide you with any definitive answers regarding whether the work you do is or is not captured by Austrac's rules. For this, you will need to consult with your industry body or Austrac themselves. One important ruling to note is that any service that is provided as part of a court order is exempt.
(16:02):
Another two non-designated services that I haven't put on this list are receiving and holding funds on trust for payment of your on legal fees. That's not a designated service. Even though you're using the trust account, it's not. And storage of documents in safe custody is also another one that is not a designated service. Setting up companies and trusts are pretty obvious designated services. Complex structures are a great way to hide the flow of money. Some less obvious ones are transferring shares or preparing a deed of gift. Now, these can be part of money laundering because the further criminals can move money or what they've bought with the money from its original dirty source, the cleaner the funds become. So it's common for money to flow through many avenues before being withdrawn as clean funds. The jury is still out on some other services that you may offer, and we do hope to get more information from Austrac because we get to the commencement of the regime.
(17:04):
So some of the things I wasn't able to put on either list, preparing a deed of succession for a trustee appointed principal guardian of a trust, I suspect that's a yes. Preparing it a variation that relates to the control roles of a trust. I suspect that also would be a yes. Preparing a shareholders, partnership, unit holders agreement. Now, that one I suspect might not be. Preparing a buy-sell deed. Probably not. Holding estate funds in trust pending distribution to beneficiaries. I don't think that will be, but haven't seen anything definite. And opening a bank account and applying for a tax file number for a testamentary trust. That one is probable. So keep your eyes out for further information in coming months, but the thing to think about is really, is it a transaction, number one? And number two, is it furthering something that might be used for money laundering?
(18:04):
If it's just something that's influencing, so the customer can still make their own decisions, you're just giving them a bit of information. It's not the same as actually assisting them. Okay. If you're still with us, I'm going to presume you provide at least one of the designated services on the pink list, and this means that you'll need to enrol with Austrac. If you provide a designated service, this is mandatory. If you're still unsure whether you're required to enrol and have been unable to obtain confirmation from Austrac either way, then it's probably wise to enrol anyway. Enrollment opens from the 31st of March via the Austrac website. Anytime between then and June, July, you can do it. Highly recommend don't do it in the first week. There's about 80 to 90,000 businesses expected to sign up. Quite likely it'll crash, so give it at a moment.
(18:57):
All right. Let me walk you through what information we'll need to provide when you enrol. Please note, you are expected to keep a record of your enrollment and keep all those enrollment details up to date with AusTrak at all times. So first, they want to know your business and registration details, so your legal trading name, ACN ABN, business structure, directors, shareholders, et cetera. Second, you'll need to provide information about your business operations and activities, and this includes your industry and the designated services you provide and number of employees. So when it comes to the designated services you provide, it's more the categories rather than specifically I prepare contract at the sale of property or whatever it might be. Third, you need to confirm your Australian presence and location. So this is confirmation that you conduct your business or activities in Australia. And then the next is your registered office and place of business details of your websites.
(19:57):
Fourth, your Australian presence. So just the fact that you do work in Australia. And then the final one is the primary business phone number and email and nomination and details of your compliance officer. On that point, the compliance officer has a critical role. They oversee the operation of the entity's AML CTF policies and ensure regulatory compliance. They manage risk assessments, oversee reporting obligations, and maintain compliance programmes. Austrac has specific requirements for who can fill this position. Your compliance officer must be employed or engaged at a management level and have decision-making powers. They must be resident in Australia if services are provided here and be a fit and proper person. So you'll need to conduct appropriate due diligence on them. They don't have to be an employee. You can outsource this role. However, if you do outsource, you must consider potential conflicts of interest. If they're acting as an example for many different businesses, then that may be really difficult for them to do unless all those businesses are of the same type.
(21:09):
So that's one where they could be a conflict of injured. But the single most important thing you need to understand regarding outsourcing the compliance officer is that the business owner, director, or management remain responsible for ensuring the business meets Austrac standards. Accountability cannot be outsourced, but the compliance officer is just one part of a firm's governance structure. AUTRAC require every reporting entity to clearly identify its governance structure so that there's accountability for AML CTF compliance. In simple terms, AUSTRAC want to know who is responsible, who makes this, and who is accountable if something goes wrong. This is why the rules require you to identify a governing body who provides ultimate oversight. They approve the AML CTF programme and set the tone from the top. They're accountable for ensuring the business meets its obligations. And there's the senior manager or managers who are responsible for implementing the programme, ensuring AML CTF is embedded into business operations.
(22:11):
They allocate resources, tools, and staff support, and they act on issues escalated by the compliance officer. And lastly, the AML CTF compliance officer who has day-to-day responsibility for compliance maintains the programme, conducts risk assessments and reviews. They oversee the due diligence that you do for your customers and monitor, report, and train, and they act as the key point of contact with Austrac. Now, usually these roles will be filled by different people within a business. However, in smaller businesses and obviously sole practitioners, it is possible and probable that one person will hold all three roles and wear all three hats. But even if those roles are performed by one person, Austrac still expects them to be formally identified. What matters is that they're clearly defined, responsibilities are documented and there's no ambiguity about who to what. Okay. We've made it to step two in your enrollment process.
(23:11):
Although it's important to note that this step can actually be done before you enrol with Austrac if you want. This step is about the AML CTF programme. The programme is the core document that defines how your business will manage its AML CTF obligations going forward. In a nutshell, it's your policies and procedures for AML CTF compliance. Your programme must be approved by senior management, and it documents amongst other things, the money laundering and terrorism financing risks specific to your unique business, who is responsible for managing compliance, how you'll identify and manage potential risks, what training processes staff will be required to follow, and where you'll keep all your records. To create your programme, you need to address three key components. First, your governance structure, the who fulfils those roles that we just discussed. The second, your risk assessment, which I'm going to show you in detail in a sec.
(24:08):
And the third, the documentation of the policies. So some of the policies that you'll be looking to consider are how you plan to identify changes in refactors, how you will monitor transactions and how you will ensure that your staff are properly trained. To create policies and procedures that are appropriate for your business, you'll conduct a risk assessment. This risk assessment looks at the nature, size, and complexity of your business, its services, and your client base. You'll want to have a good understanding of the business's history in these areas, and if you don't, now is the time to start gathering some intel. For bigger firms, this stage may be the most difficult to get right. It's the one stage that the smaller firms have an advantage in because they are aware of all of the transactions they're handling. For bigger firms, it's important to speak with operations about processes, seek information about client types and the transactions that you're conducting.
(25:12):
So there are five key areas that you'll be required to identify the inherent risks and then assess the level of that risk. And you may well ask what is an inherent risk. Well, these are the risks that you may reasonably face before you apply any policies, procedures, systems, or controls to mitigate and manage those risks. So when conducting your risk assessment, you'll consider whether your business has any weaknesses open to exploitation. And if so, you'll want to assess their potential impact on your business. So the sections that you'll look at, first one is how you onboard your clients. So what's the process when a client engages your service? How do you receive these instructions? How do you communicate with your customers? What are the processes that you're following? Second, what kinds of clients do you deal with? Consider, are they individuals or do you deal with lots of companies?
(26:09):
Or in you guys, you're probably looking at loads of trusts and complex structures. We also need to look at where they're resident or where the companies are incorporated. Is it generally in Australia or do you deal with a lot of overseas entities? Third, consider whether you typically deal with third parties or intermediaries with minimal or no direct contact with the actual customer, or do you deal with high net worth individuals most of the time? Or what about politically exposed persons? These guys are known as peps, and I'll talk about them a bit more later. Fourth, how do you deliver your services? Consider the way in which you communicate with your customers. Is it face-to-face? Do you always meet them or is it generally remote? Fifth, payments. How do you receive payments from your clients? Do you ever receive cash or cryptocurrency? Do you ever have clients who offer to pay higher fees for a faster service?
(27:06):
This is a very big red flag. This assessment that you do will go on to inform all of the business's compliance requirements. The higher the business's risk profile, the greater the day-to-day requirements. Next, it'll be time to create the policies and procedures required to mitigate the risks that you just identified. As I said earlier, these policies and procedures are known as the programme. Austrac expects that your programme will be tailored to and detail all of your business' unique AML CTF policies. When documenting your policies, you should ensure that they meet four key criteria. First, they need to be targeted. Your policies must be specifically focused on the risks your business may reasonably face, which are determined by correctly completing your risk assessment. Second, they must be proportionate. The strength of your policies must match your risk level with consideration given to the scale of each particular type of risk that you identified.
(28:06):
Third, your policies need to be ongoing. Business risks may change over time, so you need to ensure that your policies support regular reviews. And fourth, they must be effective. You need to ensure that your policies work in practise and have a process to revise them if the reviews identify that the policies actually aren't effective. The first stage involves entering the details of all staff members with particular emphasis on the compliance officer, of course. You're also able to track the history of any changes in personnel and clearly define the responsibilities of each role. The next step is a comprehensive risk assessment. The final component is the creation of the detailed policies and procedures document. Once you have your programme set up, it's time for training. Every staff member who could be exposed to money laundering or terrorism financing risks must receive regular AML CTF training and before being involved in the provision of a designated service.
(29:05):
Staff need to understand what their AML CTF obligations are, how your policies apply to their role, and what to do if they identify a red flag. Also, it's important to know this isn't a one-off exercise. Training needs to be ongoing and refreshed as risks, roles, or laws change. MLCTF training should cover four essential areas, the particular types of risks your business phases and their potential impact, the real consequences of non-compliance, both for the individual and the business, your business's specific, AMLCTF obligations, and your business's actual AML CTF policies and procedures that staff are required to follow your daily work. And then top it off, the business is required to maintain a comprehensive training register, documenting every training session, what it was about, who it was to, when it was done, On all that stuff. So as a business, you need to source appropriate training, make sure every staff member has undertaken the required training, be on top of Austrac updates going forward.
(30:10):
Remember to put staff through refreshers and create a system to recall all of this for reporting. When the regime commences on the 1st of July, you'll start undertaking customer due diligence. Now, this is where things might get complicated. Although the entire business been preparing with the implementation of the programme and training, et cetera, customer due diligence is only required when you provide a designated service. I know some companies that have decided to implement the requirements across the business to streamline things and others that only want to do due diligence where required. It really is a business decision. Neither would be wrong and something for you to consider in these next few months. Customer due diligence or CDD, as you'll hear it called, is the cornerstone of the AML compliance regime. It's the day-to-day stuff. This differs to processes you undertake today in a couple of ways.
(31:05):
So for those of you that are doing VOI under ANAC rules, ANEC require two documents. CDD technically only requires one. If you are doing property transactions, then it's wise to get the two so that you cover off ARNIC and Austrac at the same time. Another way that it differs from current processes is that it's about truly knowing your customers as well as the nature and complexity of their transactions. So you need to understand the transaction why they're doing it. Also, it must be done before providing designated services as well as throughout your entire business relationship. Now that bit there must be done. You don't have to continuously get their verification of identity, but you do have to continuously be understanding the nature and complexity of their transaction. But otherwise, from a day-to-day basis, it's really not any more onerous than the work you currently do identifying your clients.
(32:11):
CDD is made up of KYC, which is know your client and KYB, know your business client. And we'll look at the requirements of both in a sec. But the question that I tend to get asked by a lot of professionals offering the types of services that you guys offer is what are the expectations for current customers? Austrac are aware how much of a burden they might have created if they were to impose a requirement to conduct customer due diligence on your entire customer base. So they have created an exemption on the basis that you have an established business relationship with the customer prior to the 1st of July. Now, this doesn't mean you did some work for them a little while back, but that was completed and now you're doing something else. This is for those customers with whom your relationship is ongoing. So think providing a registered business office or acting as a trustee.
(33:06):
For these ongoing customers, there's no need to complete customer due diligence unless A, there's a requirement to file a suspicious matter report about that customer. And we'll talk about suspicious matter reports in a bit. Or your business relationship changes and this results in the customer's money laundering or terrorism financing risk being medium or high. The concern here would be regarding point A. It might be possible that conducting CDD on an ongoing customer would bring to light information that would require a suspicious matter report to be launched. How would you know? We suggest that it might be wise to begin a process of going through your records and just considering each client's risk with the information you currently hold. Where you're a hundred percent comfortable that there's little risk of them being involved in money laundering or terrorism financing, then you can let them be. But if there's any concern, it might be wise to them into the new regime early on to protect yourself and your business.
(34:08):
Okay. Let's look at KYC. Know your customer or know your client. It is about understanding your client's risk profile. It includes collecting identification information and making sure that you identify whether your client is acting on behalf of another person who would be possibly the beneficial owner and identifying that person. There's verifying the information that's collected, so you need to use this reliable and established independent sources such as government databases. It's gathering additional context such as the nature of the client's business or the reason they're seeking of services. As I said before, understanding their transaction is part of know your customer. And then once you've got all of that information, you'll assign a risk rating and it's based on all of those plus other things like where they're based, the transaction size, client profile, et cetera. Then there's the ongoing monitoring. So this includes keeping that client information up to date, rechecking if circumstances change, and understanding any changes that might happen throughout your transaction in what the customer said they were doing.
(35:16):
The other part of customer due diligence is KYB. Where KYCMOD might involve a driver's licence and a passport check, KWB, know your business would require ASIC searches. It could require company constitutions, trust documentation and verification of directors and shareholders. The aim is to understand who ultimately has control of your customer. You must identify these beneficial owners of your customers and assess the risk they pose. A beneficial owner is an individual who ultimately owns or controls an entity such as a company, trust or partnership. Owns, in this case, means owning 25% or more of the entity. This can be directly such as through shareholdings or indirectly, such as through another company's ownership or through a bank or broker. Controls in this case means having the power to make decisions about the entity's finances and operations. They may exert control through trusts, agreements, arrangements, understandings, policies, or just practises.
(36:19):
So again, a beneficial owner is an individual who ultimately owns or controls an entity. You may find yourself having to drill down into ownership structures to get to the bottom of it all. And do note, a customer may have more than one beneficial owner. Your obligations around beneficial owners include determining who your customer's beneficial owners are and verifying their identity with the KYC processes, assessing the level of money laundering, terrorism, financing risk your customer's beneficial owners post to your business or organisation, and keeping records of how you identified each of them. And if this wasn't enough, there's the Peps and Sanctions checks. So sanctions and restrictions that the Australian government or the United Nations Security Council impose on activities relating to countries, goods and services, people or entities. Sanctions, checks require you to be aware of which countries, regions, and groups may pose a high risk of money laundering or terrorism financing.
(37:16):
Countries and regions may be considered high risk for things like being a non-cooperative jurisdiction, which is what Australia was threatened with if we didn't implement this regime, being subject to sanctions like Russia, following the invasion of Ukraine, being known tax savings, or being known to provide support to terrorist organisations. Customers who reside in any of these places or are incorporated in any of them, and money flowing to or from these places require careful monitoring. You'll need risk-based systems and controls in place for these customers and transactions. When dealing with high-risk counts and regions, you'll need to apply enhanced customer due diligence, which involves carrying out extra checks on a customer's identification and collecting additional information from them. We take the risk into account when monitoring the transactions and possibly make suspicious matter reports. And then there's politically exposed persons, otherwise known as PEPs. A PEP is an individual who holds a prominent public position or role in government body or international organisation, either in Australia or overseas.
(38:23):
Immediate family members and/or associates of these individuals are also considered PEPs. PEPs often have power over government spending and budgets, procurement processes, development approvals, and grants. Examples of PEPs include heads of state, government ministers, high ranking judges, central bank governors is on list. It's quite a lot. Because PEPs hold positions of power and influence, they can be a target for corruption and bribery tents, and ultimately for money laundering or terrorism financing activities. And that's why it's important to use AML CTF measures to identify, mitigate, and manage any potential risks. However, you should remember that being a PEP doesn't automatically mean someone's involved in criminal activities. In fact, it most likely is not the case. Upon completion of a CDD process, it may become necessary to report to Austrac. So the suspicious matter reports, these are crucial components of Australia's A&R CTF strategy. They're filed by designated service providers when they identify or suspect transactions that may be linked to illicit activities.
(39:30):
The keyword here is suspicion. You're not expected to be the police and work out what's going on. Just ask appropriate questions. And if you don't get acceptable answers, lodge a report. What appropriate questions you may ask. Well, that's why our track require you to undertake training so you know what to look out for. But here's a quick example. You have a retired client who's set up a family trust and has used it to buy a couple of small investment properties. Then one day he comes in and he wants your help to buy a $30 million factory. He doesn't gel with his previous transaction history, and you need to ask what brought on this change and where the money was coming from. He may have a perfect good answer and provide evidence of what, but if he gets caging, doesn't want to provide evidence, well, then you'd report that as suspicious.
(40:15):
SMRs must be submitted within specific timeframes to ensure timely action by Austrac. Adhering to these deadlines is essential for effective anti-money laundering and counter-terrorism financing efforts. SMRs related to terrorism financing must be filed within 24 hours of forming a suspicion. Should get three days for any other suspicious matter reports. One more thing that I thought it was important that we talk about, you're going to need to wrap your heads around the impact of legal professional privilege and the Privacy Act with this new regime. Both have an impact on the new requirements. Until now, the Privacy Act requirements really only impacted business with a $3 million turnover, but it's now specifically affecting anybody who provides a designated service. The Privacy Act does not prevent reporting entities from collecting, using, and disclosing personal information, including sensitive information that's required to comply with obligations under the AML CTF Act and rules.
(41:15):
But in order to meet your privacy obligations while complying with your A&L obligations, you must limit your collection of personal information to what is reasonably necessary to comply with your obligations and other functions and activities of your organisation. And obviously all of that is built into the EZNML platform. When it comes to legal professional privilege, it is commonly agreed that information such as the client's identity is typically not protected by LPP, as is the case with trust account records and information about the source of client funds. However, I won't go into any of the other aspects as I'm not qualified to provide legal advice. The Law Society have provided some comprehensive information in the AML CTF hub. One last thing I'd like to talk about to give you peace of mind. AUSTRAC have made it very, very clear. They have no intention of going after businesses who are genuinely making an effort.
(42:11):
They're targeting businesses assisting in money laundering or willfully not complying with the obligations. If you enrol, set up your programme, train your staff and genuinely put transactions through due diligence. You're doing the right thing and everything will be fine. There really is nothing to worry about. So that brings us to the wonderful world, to the end of our journey through the wonderful world of AML CTF. I know it's a lot. Your head's probably spinning, but honestly, I don't think. I know. People that I have already put through this programme who have set up easy AML, they have set up, got this risk assessment done, their programme done, and their training done, the equivalent of about a day's work. So that's what you need to do between now and the 1st of July. And then on a day-to-day basis, that just little change to your VOI, current processes, understanding your client's transaction, keeping your eye out for red flags, and then if one arises, making sure that you're taking notes and that you're reporting where needed.
