ING+Bank by ashrafp


									13 April 2006

Assistant Secretary
Criminal Law Branch
Attorney-General's Department
Robert Garran Offices
National Circuit

Dear Assistant Secretary,

     Submission on the Exposure Draft of the Anti-Money Laundering and Counter-Terrorism
                                Financing Bill 2005 (the ‘Bill’)

ING Bank welcomes the opportunity to provide comment on the above Bill.

ING Bank (Australia) Ltd is an authorised deposit-taking institution that has been operating since it
obtained its banking licence in 1994. ING Bank is part of the global ING Group, one of the world’s largest
financial institutions offering banking, insurance and asset management to more than 60 million clients in
over 50 countries.

ING Bank recognises the importance of an Anti-Money Laundering (AML) regime to counter money
laundering and terrorist financing. It strongly supports the Government's commitment to introducing an
enhanced AML regime that meets Australia's international obligations and has welcomed the opportunity
to be involved in the formulation of that regime.

ING Bank has been actively involved with the consultation process being lead by Senator the Hon Chris
Ellison, the Attorney General’s Department and AUSTRAC. To date there has been a very high level of
activity and engagement from financial institutions such as ING Bank, and there are a number of matters
that ING Bank believes the Attorney General’s Department should consider and take into account when
revising the Bill.

ING Bank offers a range of mortgage products sold predominantly through third parties, and a range of
savings products through its direct banking arm, ING DIRECT.

In this paper, we:

        1. provide information on ING Bank and its products;
        2. discuss the consultation period and timing;
        3. outline the use of third parties in the identification of customers, and the associated
           challenges in the mortgage industry;
        4. discuss the use of electronic verification and its importance in the new AML/CTF regime;
        5. discuss the implementation timetable;
        6. outline the requirement for a risk based approach;
        7. outline the importance of customer education under the new AML/CTF regime; and
        8. provide comments on specific components of the Bill.

1. ING Bank and its Products

ING Bank’s Mortgage Products

ING Bank offers a range of competitively priced mortgage products sold mainly via intermediaries such as
Mortgage Brokers and Mortgage Managers. As at 31 December 2005, ING Bank had a retail mortgage
portfolio of $20.9 billion, with approximately 150,000 customers.

ING DIRECT’s Savings Products

Six years ago ING DIRECT created a new savings ‘category’ for consumers in Australia, offering the first
savings product on the market with high interest and no bank fees – the “Savings Maximiser”. Today
there are over 1 million ING DIRECT Savings Maximiser customers and approximately $16 billion in
deposits. ING DIRECT continues to grow, attracting an average of 1,000 new customers every day.

Customers have been attracted to the Savings Maximiser’s high variable interest rate, no minimum
balance or deposit, no fixed term and guarantee of no bank fees with customers accessing their funds via
the Internet, telephone or mail. ING DIRECT does not have a branch network. The product’s simplicity
and operating infrastructure has enabled ING DIRECT to pay its customers a high variable rate of interest
without charging bank fees. In fact, customers have shared in more than $2 billion in fee free interest
since ING DIRECT launched the Savings Maximiser product.

Since the launch of Savings Maximiser, a number of Banks within Australia have launched similar
products, displaying a growing recognition by the financial services industry of the Australian consumer’s
requirements for simple banking products offering high returns and no fees.

ING DIRECT also offers a business product – the ‘Business Optimiser’ which was launched in April 2004.
Similar to the Savings Maximiser in structure and functionality, this product is offered to a variety of
businesses such as companies, partnerships and trusts, and has approximately 23,000 customers and $2
billion in deposits.

2. Consultation Period and Timing

The release of the Bill and three Sample Rules in December 2005 was welcomed by ING Bank.
It is not known how many Rules are to be released by AUSTRAC, however the Bill has references to over
30 Rules. To date, ING Bank has seen only 4 of these Rules (some of which remain confidential and
have not been widely released). The Rules are a key component of the AML/CTF package, particularly
because they will contain the operational detail. Without the full package of draft legislative instruments,
financial institutions cannot analyse the full impact of the Bill and the practicalities of implementation, and
hence are unable to give fully informed and comprehensive comments.

In particular, ING Bank is experiencing challenges in providing meaningful commentary on the Bill for key
areas such as (but not limited to) the use of third parties for identification, on-going customer monitoring
and identification of non-natural persons. Some specific examples include:

-   Since there is no draft Rule on ongoing customer monitoring, ING Bank is unable to assess how on-
    going monitoring of customers will fit into the organisation’s overall AML/CTF Program. Although we
    can use experience from other comparable jurisdictions in our assessment, we cannot provide
    commentary to the Government on how initial customer due diligence and ongoing due diligence will
    work together in preventing and detecting money laundering within Australia.

-   There is no draft Rule on the use of third parties for identification, or clarification as to those third
    parties that can be accredited under Part 2, Section 34(d) to carry out the identification procedures on
    the Reporting Entities behalf. This has particular relevance in relation to third parties within the
    mortgage industry that currently perform identification procedures for many financial institutions.

-   The draft Rule for risk triggers was only released, on a limited basis, on 30 March 2006. Due to the
    short period of time between the release of this Rule and the deadline for submissions, ING Bank is
    unable to provide comprehensive commentary to the Government on the procedures surrounding the
    identification of certain pre-commencement customers.

-   There is no draft Rule on the identification of non-natural persons. Focus, to date, in the Working
    Groups with AUSTRAC has been on the identification of natural persons, and subsequently ING Bank
    is unable to provide commentary to the Government on the impact of the Bill on procedures to identify
    non-natural persons such as companies, partnerships and trusts.

There is a concern that since financial institutions are unable to completely assess the complete AML
legislative package prior to 13 April 2006, issues may be overlooked or not properly resolved, resulting in
implementation difficulties, ongoing operational problems and unnecessarily high costs to industry. It may
also compromise the overall effectiveness of the legislative package.

On Friday 7 April, Senator Ellison announced that an additional 3 week consultation period will be granted
in June 2006, following the re-drafting of the Bill and the complete package of Rules released by
AUSTRAC. ING Bank welcomes this initiative, which will allow the financial services industry the ability to
analyse the impact of the whole legislative package. ING Bank also supports that this formal consultation
will occur through the existing AML Industry Working Groups, rather than the recently established Focus
Group, which does not necessarily represent the view of the whole financial services industry. However,
in light of the extent and complexity of the issues raised to date, we have reservations as to whether a 3
week consultation period will be sufficient.

We note also that it has been suggested that the Bill will be introduced to Parliament in the Spring
Session. This timeframe will allow AUSTRAC and the Government only around 3 to 4 months to consider
industry submissions, consult with industry in relation to those submissions, consider the issues raised
and possible solutions, redraft the Bill (if necessary) and have it approved by key Government
stakeholders. Given the complexity of the issues and the number of interested parties, this process is
likely to take some time. We are concerned that a 3 to 4 month period between the deadline for
submissions and the introduction of the Bill to Parliament may be inadequate.

Whilst ING Bank appreciates that prompt action needs to be taken so that Australia is compliant with the
FATF 40 Recommendations on Money Laundering and 9 Special Recommendations on Terrorist
Financing (the "FATF Recommendations"), finalising the Bill without adequate and informed
consultation on the full package will be counterproductive. Accordingly, we request that Government
continues to consult with industry on the entire package for as long as required and only introduces the
Bill into Parliament once a complete and workable package has been developed.

3. Use of Third Parties in Identification

The Bill refers to certain third parties that may be authorised by a reporting entity (such as ING Bank) to
carry out identification procedures on the reporting entity’s behalf. ING Bank currently uses three types of
third parties in its mortgage business – Mortgage Brokers, Mortgage Aggregators, Mortgage Brokers and
Mortgage Managers (defined in Appendix A), who may themselves be Reporting Entities (depending on
the services they offer to customers). Generally, the Bill makes the use of intermediaries, particularly
those involved in the mortgage industry, difficult to manage without significant cost, changes to processes
and administrative burden to both ING Bank and third parties within the mortgage industry.

Specific issues arising from the Bill include:

-   ING Bank currently has approximately 1,500 Mortgage Aggregators, approximately 15,000 Mortgage
    Brokers, and 21 Mortgage Managers. For each of the Mortgage Aggregators and Mortgage
    Managers, ING Bank will be required to conduct initial and ongoing due diligence.

-   All third party agents will need to be classified as either a Reporting Entity (due to these entities
    providing at least one of the 64 designated services) or be appointed an external agent in order to be
    able to conduct identification on ING Bank's behalf. This will require ING Bank to have different
    programs for different third parties, resulting in a significant compliance effort.

-   ING Bank will be responsible for ensuring all external agents (both primary and sub-agents) receive
    ongoing awareness and training regarding AML and CTF, ING Bank’s specific identification
    requirements, and the consequences of non-compliance. Since it is normal business practice for

       external agents such as Mortgage Brokers to act for a number of Reporting Entities, this will involve
       an excessive amount of duplication of requirements on these external agents.

-      If the Mortgage Broker or Mortgage Manager is classified as a Reporting Entity, the prohibition on its
       ability to share information on suspicious behaviour will reduce the lender's ability to fully investigate
       suspicious matters (including those which might be reported as a money laundering offence but which
       also need to be investigated for another type of offence like, for example, fraud). Where the lender
       already has the same suspicion as the Mortgage Broker or Manager, the fact that they could not
       share that information could lead to unnecessary duplication of effort and duplication of reports to

A proposed solution is to have a mortgage industry body accredit its members, for AML/CTF compliance
as an external agent. The industry body would ensure that this standard accreditation framework covers
the requirements under the Bill for external agents that will be relied upon by Reporting Entities.
Subsequently, those Reporting Entities will need to satisfy themselves that the accreditation framework
covers their specific AML requirements.

The issues and possible solutions are explained further in Appendix A.

4. Electronic Verification

Generally, banking services are provided to customers through face-to-face contact, the use of third
parties, over the Internet and by telephone. However, of all channels, Internet banking is continuing to
gain momentum across the financial services industry, with most banks recognising non face-to-face
distribution channels as an important and growing medium for their customers to conduct their banking.
This is reflected by the growing number of Internet banking products being offered by banks within
Australia. Not only is the channel efficient and low cost, it also allows banks to service remote and less
mobile customers.

With no branch network, ING Bank’s primary distribution network for its savings products is electronic:
approximately 70% of ING DIRECT “Savings Maximiser” customers use the Internet to conduct their
banking, with the remainder of customers using telephone banking.

ING Bank strongly supports the Government’s commitment for a regulatory regime that allows non face-
to-face verification procedures, and in particular electronic verification. ING Bank's related companies in
the United Kingdom have successfully adopted electronic verification techniques that meet the AML
legislative requirements in those jurisdictions. In the UK, approximately 80% of ING DIRECT’s new
customers are verified using electronic verification.

It should be noted that electronic verification is widely used and accepted by financial institutions and
regulators across the UK and the US. The importance of electronic verification is again reinforced by the
Joint Money Laundering Steering Group in its final guidance to financial institutions in the UK, where it is
accepted as a robust method of verifying customers.1

During the consultation period, ING Bank has had the opportunity to provide information to the Attorney
General’s Department and AUSTRAC on potential electronic verification solutions that can be used in
Australia. These solutions were based on ING Bank’s international experience (including that used in the
UK, as mentioned above). As our experience has shown, these solutions are as robust as (if not more
robust than) face-to-face procedures. In December 2005, an Adviser from the Criminal Justice Division in
the Attorney General’s Department spent half a day in the ING DIRECT UK office, to understand how
electronic verification works in practice.

ING Bank welcomes any further questions or requests for information from the Government on electronic
verification initiatives.

    Joint Money Laundering Steering Group – Guidance for the UK Financial Sector (January 2006), Part 1, Section 5.
5. Implementation Period

The impact of the AML/CTF legislation will be far reaching within all financial institutions, and the level of
change required in their processes, procedures and technology will be significant (especially those
currently outside the FTRA regime).

As a consequence, ING Bank considers it will require a minimum implementation period of 2 years,
commencing from the release of the whole package (including a full set of Rules). To prescribe an
unrealistic timeframe will result in implementation difficulties and ongoing operational problems, and will
hinder financial institutions in developing an effective and sustainable AML Program.

6. Risk Based Approach

ING Bank supports a risk based framework, and we envisage that this framework will comprise an
approach that would take into consideration the risks associated with products, customers, source of
funds, and the control framework within the relevant financial service provider.

This is consistent with the Financial Action Task Force 40 Recommendations which state that “financial
institutions should apply each of the CDD [customer due diligence] measures on a risk sensitive basis
depending on the type of customer, business relationship or transaction.2”

ING Bank supports the initiatives the Attorney General’s Department and AUSTRAC have recently
undertaken, in making the Rules more risk based, and reducing the prescription that existed in the earlier
releases of the draft Rules. We believe a risk-based framework will allow for more appropriate AML
processes to be adopted by organisations, as it allows them to take into account their risk profile and
dedicate those resources to the higher risks.

Australia should not strive to go beyond the FATF Recommendations or the experience of comparable
jurisdictions, such as the UK. To do so would place us at a competitive disadvantage in international
markets. The UK experience is salutary where a large degree of rework occurred to achieve the risk
based approach, and ING Bank encourages the Government to refer to these experiences in comparable

7. Education of Customers

Due to the increased “know your customer” requirements, it is imperative that customers understand why
the information requirements have increased after the new AML/CTF regime commences. It is only with
support from the Government in educating customers on these new requirements that financial
institutions can help minimise the imminent impact on customers when requesting additional information.

In the AML Working Group meetings, the Government has said that it will provide an education program
for the general public on the new regime and the increased requirements for customers. ING Bank
welcomes this commitment from the Government.

8. Specific Comments on Sections of the Bill

In Appendix B, ING Bank has included comments on specific components of the Bill and, where
appropriate, practical solutions to the issues raised.

ING Bank welcomes the opportunity to provide input on the anti-money laundering reforms. Jennifer
Armstrong, Operational Risk Manager can provide further information, or we are available to meet with

    Financial Action Task Force, 40 Recommendations Recommendation 5
you to discuss the matters raised in this submission if required. (Telephone: (02) 9028 4370, e-mail:

Yours sincerely

Mark Mullington
Executive Director, Risk Management
ING Bank (Australia) Limited

ABN 24 000 893 292

140 Sussex Street

GPO Box 2299

Appendix A: Issues relating to the use of Third Parties in the Mortgage Industry

Whilst the Government has recognised the need for reporting entities to rely on third parties under
Section 34 of the Bill, the aim of Appendix A is to highlight to the Government:

-      some of the third party relationships that currently exist within the Mortgage Industry,
-      the complexities of these third party relationships, and
-      the impact of the Bill on these relationships.

ING Bank is concerned that the Bill, as currently drafted, may result in:

-      some market participants within the Mortgage Industry facing unexpected and significant regulatory
       requirements which are not commensurate with the AML/CTF risk;
-      a significant increase in responsibilities placed upon external agents which will render the conduct of
       business within the Mortgage Industry unduly expensive and impractical; and
-      uncertainty within the Mortgage Industry as to who is an external agent, a sub-agent or a Reporting

At the outset, ING Bank also wishes to note that the Rule under Section 34(1)(d) (which foreshadows
third parties accredited under the Rules who can carry out customer identification procedures) has not
been released. As a result, we have been unable to consider accredited third parties. We would
appreciate the opportunity to make submissions on this issue once further relevant material has been

Mortgage Brokers and Mortgage Aggregators

Mortgage Brokers introduce borrowers to lenders (such as ING Bank) and for this service receive a
commission or brokerage fee. Mortgage Brokers usually offer loans from a number of lenders and will
generally identify the customer on behalf of the lender using the current 100-point check. Mortgage
Brokers do not use their own capital and will only assist the borrower until the loan is settled. In an
Australian Prudential Regulation Authority (APRA) report published in 2003, APRA found that 56 (25%) of
Australian deposit-taking institutions used brokers to originate loans, with 25 planning on using brokers in
the next year and 38% of those currently using brokers intending to increase their usage. The report also
found that brokers have written over $86.6 billion in loans for these institutions.3 The figure today, three
years later would be much higher.

Mortgage Brokers may operate individually as a small business (for example, with one or only a small
number of Mortgage Brokers), or they may be part of a larger aggregator group such as Aussie Home
Loans or Wizard Financial Solutions. Some brokers may hold an Australian Financial Services Licence
("AFSL") or be an authorised representative of an AFSL holder (as defined in Chapter 7 of the
Corporations Act), however many will not.

A Mortgage Aggregator acts as an intermediary between lenders and Mortgage Brokers. A Mortgage
Aggregator will enter into contracts with a number of lenders to whom it can introduce prospective
borrowers ("panel lenders"). A Mortgage Aggregator will also enter into contracts with a number of
Mortgage Brokers and/or Mortgage Broking Firms, authorising them to introduce prospective borrowers to
the Mortgage Aggregator's panel of lenders. Where the Mortgage Aggregator enters into a contract with
a Mortgage Broking Firm, that Mortgage Broking Firm may in turn enter into contracts with a number of
other Mortgage Broking Firms or Mortgage Brokers. Therefore, there may be a series of agreements
between Mortgage Broking Firms. However, there will ultimately be an agreement between a Mortgage
Broking Firm and a Mortgage Broker which authorises the Mortgage Broker to introduce prospective
borrowers to panel lenders. Under such an arrangement, the lender and Mortgage Broker will not enter

    APRAs “Report on Broker – Originated Lending,” January 2003
into an agreement with each other and there may be a number of entities in the chain between the
Mortgage Broker and the lender. This is illustrated in the diagram below:

               Lender                                Lender                                 Lender


      Mortgage                                      Mortgage                             Mortgage
     Broking Firm                                  Broking Firm                         Broking Firm

Mortgage    Mortgage     Mortgage       Mortgage      Mortgage    Mortgage       Mortgage      Mortgage   Mortgage
 Broker      Broker       Broker         Broker        Broker      Broker         Broker        Broker     Broker

We note that this diagram assumes that there is only one Mortgage Broking Firm in the chain, although
(as indicated above) there may be more than one. ING Bank currently has approximately 1,500 Mortgage
Aggregators and approximately 15,000 Mortgage Brokers. Each broker company may act for anywhere
between 5 and 20 different lenders.

Mortgage Brokers provide many benefits to consumers. In recent years we have seen customers benefit
from being able to compare different mortgage products through one source and receiving products that
match their needs. We have also seen increased competition due to the role of Mortgage Brokers, which
has lead to reduced fees and interest rates for all Australians. As a result, the Government should ensure
that the Bill minimises, to the greatest extent possible, any adverse impact on this channel.

Issues Identified

Some Mortgage Aggregators and Mortgage Brokers offer other services in addition to mortgage broking
and, if these are designated services under the Bill, these organisations will be Reporting Entities.
However, some Mortgage Aggregators and Mortgage Brokers will not be Reporting Entities and will need
to be appointed as an external agent of each lender in order to identify customers on behalf of those


If a Mortgage Broker is not a reporting entity, it would need to be appointed as an external agent of the
lender in order to conduct customer identification procedures on the lender's behalf. Section 12, which
defines an external agent, allows the primary agent of the reporting entity to appoint a sub-agent to
conduct identification procedures on behalf of the reporting entity. There is no provision for a sub-agent to
appoint a further sub-agent to carry out identification procedures on behalf of the reporting entity.
Consequently, a lender can not appoint a Mortgage Broker as an external agent via the Mortgage
Aggregator, as the Mortgage Broker is more than one step removed from the lender in the chain of
contracts relating to the mortgage.
However, it is not as easy to appoint a Mortgage Broker as an external agent where there is more than
one link in the "chain" between the broker and lender, as is frequently the case in mortgage
arrangements. The only way for the lender to appoint brokers which are further down the chain as
external agents is:

           (a) by appointing the person in the chain immediately prior to the Mortgage Broker as a
               primary agent and have that person appoint the Mortgage Broker as a sub-agent; or

           (b)   by appointing the Mortgage Broker direct.

Either scenario will significantly increase the number of external agents that need to be appointed as
lenders can no longer deal just with the Mortgage Aggregator. This places a very onerous obligation on
the lender (which is compounded by the requirement to conduct due diligence on each individual agent)
and results in unnecessary inconvenience and cost. Furthermore, it achieves no reduction in the risk of
money laundering that could not similarly be achieved if Section 12 allowed sub-agents to appoint further

We submit that Section 12 should be amended to allow sub-agents to appoint other sub-agents to ensure
the Bill takes into consideration the chain of intermediaries in a typical mortgage transaction.

Additionally, we propose that Mortgage Brokers which are not themselves Reporting Entities but which
are accredited according to an industry standard (for example, a standard imposed by the Mortgage
Industry Association of Australia) should be persons accredited by the Rules for the purpose of Section
34(1)(d). This would allow them to be authorised under that section to conduct customer identification
procedures on behalf of a reporting entity without being appointed an external agent.

Due diligence

Under the Bill, all third parties who provide services for a reporting entity will be the subject of ongoing
due diligence by that Reporting Entity, including initial and ongoing training and awareness requirements.
Where the third party acts for a number of Reporting Entities (as Mortgage Brokers generally do), this will
impose a significant burden on that third party as it will need to undergo the due diligence, training and
awareness for each reporting entity. This is also likely to lead to significant unnecessary duplication of
effort with no discernible reduction to the money laundering risk.

The due diligence obligations that will arise in respect of Mortgage Brokers will also place a similarly
onerous obligation on lenders, as they need to conduct due diligence and meet the training and
awareness requirements in respect of each of those third parties. This is particularly so given the large
number of Mortgage Brokers (in ING Bank's case, over 15,000) that will need to be appointed and for
which due diligence will need to be conducted. Again, this will lead to significant unnecessary duplication
of effort with no discernible reduction to the money laundering risk.

Where the third party is a Reporting Entity, in our view, the present approach is inconsistent with a risk-
based approach. As a consequence, it leads to unnecessary expense and inconvenience. In addition, in
our view, the current requirements go beyond the FATF Recommendations. In particular, FATF
Recommendation 9 requires that a financial institution "satisfies itself that the third party is regulated and
supervised for, and has measures in place to comply with CDD requirements". In our view, the Bill should
be amended so that where the third party is a Reporting Entity, another Reporting Entity should be able to
rely on that third party without either prior written authorisation or conducting due diligence unless in a
particular case there is a higher level or risk which indicates otherwise.

Where the third party is not itself a Reporting Entity, a different solution is needed to allow a Reporting
Entity to satisfy itself that it is complying with its customer identification requirements without having to
undergo an onerous due diligence procedure in respect of each third party. One solution is for
participants in the mortgage industry to be accredited for the purposes of Section 34 (as suggested
above) and for the accreditation framework to include appropriate anti-money laundering training and
awareness requirements. Alternatively, if the participants in the mortgage industry were not accredited
for the purposes of Section 34, they could nevertheless be subject to an appropriate accreditation

framework under which AML/CTF training and awareness was promoted within the mortgage industry.
Consistent with a risk-based approach, Reporting Entities should be able to rely upon the fact that a
Mortgage Broker was accredited (whether for the purposes of Section 34 or otherwise) as evidence that it
was an appropriate entity to conduct customer identification without the need for extra due diligence,
provided that:

-   they had satisfied themselves that the accreditation framework covered their specific AML/CTF
    requirements; and
-   there were not any special circumstances to warrant extra due diligence on a particular Mortgage

Again, this approach is consistent with FATF Recommendation 9, which requires a financial institution to
satisfy itself that the third party is regulated and supervised for, and has measures in place to comply
with, the relevant customer due diligence requirements.

The appropriate accreditation program for Mortgage Industry participants could be conducted and
maintained by an organisation such as the Mortgage Industry Association of Australia.


If the third party is a sub-agent of the Reporting Entity (as many Mortgage Brokers will be), Section
12(3)(c)(iii) prevents that sub-agent from notifying the primary agent of any information obtained in the
course of carrying out an identification procedure on the Reporting Entity's behalf. Because the sub-
agent would mostly be dealing with the primary agent, and not the Reporting Entity itself, it is appropriate
that the sub-agent should be able to disclose information to the primary agent, in addition to AUSTRAC
and the Reporting Entity. Allowing free communication between the Reporting Entity, primary agent and
sub-agent increases the likelihood that these entities can effectively work together to investigate
suspicious matters.

The Bill should also be amended to allow a third party authorised under Section 34 to conduct
identification procedures and to disclose information about a suspicion to the Reporting Entity or to other
entities in the chain.

If the third party is itself a Reporting Entity, Section 95 effectively prevents it from notifying the Reporting
Entity about suspicions reported to AUSTRAC, which means that a broker that is a Reporting Entity could
not inform a lender about any suspicions it had identified. This is undesirable given that knowledge of
these suspicions would enable the lender to more effectively manage the risks posed by that customer in
its future dealings with that customer. Furthermore, the lender and broker could work together more
effectively to produce an accurate and useful report to AUSTRAC if they were both allowed to know about
the suspicion.

Finally, so that unnecessary duplication is avoided, if information about a suspicion is disclosed to the
Reporting Entity by a third party who is a Reporting Entity, only one of those Reporting Entities should
need to report that suspicion to AUSTRAC.

Record Keeping

Section 88 requires that a person acting under Section 34 provide the Reporting Entity with copies of
identification records within 5 business days. This results in significant duplication of processes between
the Reporting Entity and the third party, increased paperwork, increased cost of collecting and storing
information and environmental impact. It does not take account of the risk of information security failure
in the exchange of documentation through traditional methods such as the post.

Additionally, the short time frame of 5 days raises certain issues, including the following:

-   Risk of losing information including the possibility of the Reporting Entity not receiving identification
    procedures or that information being intercepted or received by an unauthorised person is a genuine
    risk and consideration,

-      Cost of collecting identification procedures and the probability of having more than one party store the
       information; and
-      Impact to storage spaces, both physically and electronically increases costs for Reporting Entities.

This requirement requires much more stringent record keeping than anticipated by the FATF
Recommendations. FATF Recommendation 9 relevantly states that financial institutions relying upon a
third party to conduct identification procedures should: (a) take adequate steps to satisfy themselves that
copies of relevant documentation will be made available from the third party upon request without delay;
and (b) satisfy itself that the third party has measures in place to comply with the requirement in
Recommendation 10, that copies of the relevant documentation will be kept for at least five years after the
business relationship has ended.

We submit that it should not be necessary for the Reporting Entity itself to retain copies of any documents
used by a third party (irrespective of whether that third party is itself a Reporting Entity, an external agent
or a person specified by the Rules for the purpose of Section 34) to identify the customer provided that
the third party retains such copies for the appropriate time period4 and the Reporting Entity is able to
access those copies. This is in accordance with a risk-based approach, in that it would be up to the
Reporting Entity to decide if they require the information up front or at a later date depending on the risk
of the customer, service and transaction. It is also consistent with FATF Recommendation 9.

    The appropriate time period has not yet been defined in the Draft Bill.
Mortgage Managers

Description of the channel

Mortgage Managers are vital players in the Australian mortgage industry and have particularly grown in
prominence since the introduction and increased use of mortgage-backed securities in the local market.
Mortgage Managers are also being utilised by banks as another means of introducing business and
offering loans to consumers.

The services that each Mortgage Manager offers to lenders and other reporting entities and customers
differ. The difference between a Mortgage Manager and a Mortgage Broker is that Mortgage Managers
will also manage the customer before, during and after settlement and generally until the loan is
discharged. Often the loans that a Mortgage Manager offers will be ‘white labelled’ under the Mortgage
Manager’s own brand. Some of the activities Mortgage Managers undertake include:

-   Accrediting Mortgage Brokers to introduce customers and identify customers through performing the
    100 point check
-   Managing the application process
-   Performing credit assessment according to the lender’s credit policies including reviewing property
-   Engaging legal advisers for settlement of mortgages
-   Performing transactions according to customer’s request including additional repayments, redraws,
    changing loan details according to the lender’s policy and through the lender’s systems
-   Arrears management and collections

As shown above, Mortgage Managers undertake a number of activities on behalf of the lender (the
reporting entity). However it should also be noted that in many cases Mortgage Managers are not large
businesses and they leverage off the infrastructure of the lender and must apply the policies and
procedures of the lender.

Issues Identified

Definitions and Designated Services: Sections 5 and 6

One of the initial issues identified during review of the Bill was the ambiguity around certain designated
services and whether they are intended to capture Mortgage Managers as reporting entities. The
designated services in question are:

-   (3) in the capacity of account provider for an account, allowing a transaction to be conducted in
    relation to the account

It is unclear whether some Mortgage Managers could, or do, fall within this designated service.

-   (6) making a loan, where the loan is made in the course carrying on a business

For this designated service, there is even more ambiguity. The term “making a loan” is not common
terminology used in the mortgage industry. It is unclear whether only the lender is “making” the loan (as
credit provider) or whether it could be said that the Mortgage Manager is “making” the loan in providing
the services that it provides (for example, managing the application process).

-   (14) providing a chequebook, or a similar facility, that enables the holder of an account to draw a
    cheque on the account

Many loans now provide the borrower with a chequebook facility, and in the case of a loan managed by a
Mortgage Manager, the chequebook may be given to the customer by the Mortgage Manager, although
the cheque facility itself (including the chequebook) is issued (as that term is used in Chapter 7 of the
Corporations Act) by the lender. Whilst the Mortgage Manager orders and provides the customer with the
chequebook, any cheques drawn would be debited from the balance of the loan account held with the
lender. It is unclear whether the Mortgage Manager would be "providing a chequebook" in these

-      (18) issuing a debit card that enables the holder of the account to debit the account

As with chequebooks, borrowers are also often issued with a debit card that allows them to access funds
attached to the loan. Again, whilst the Mortgage Manager orders and provides the customer with the debit
card, the card itself is issued (as that term is used in Chapter 7 of the Corporations Act) by the lender.

"Issue" is not relevantly defined in the Bill, although in the case of a security or derivative, it includes
"granting or otherwise make available". In light of the breadth of that definition, it is unclear whether it
could be said that a Mortgage Manager, in making the debit card available, is providing a designated


It is desirable for entities to have certainty as to whether they are a reporting entity and the extent to
which they provide designated services. Accordingly, further refinement of these and other designated
services is required so that entities can clearly establish if they are providing the designated service.
Failure to do this may lead to entities who are not intended to be reporting entities falling within a
designated service and incurring significant, and unnecessary, compliance costs.

If Mortgage Managers are Reporting Entities

If Mortgage Managers are Reporting Entities under the Bill, this could lead to significant duplication of
AML tasks between the lender and the Mortgage Manager. Under the current Bill, there could be two
parties undertaking the many requirements of the Bill and Rules, such as ongoing customer monitoring,
additional “know your client” tasks, enhanced due diligence, reporting to AUSTRAC and record keeping,
namely the lender and the Mortgage Manager. This duplication is costly and unnecessary and should be
eliminated. In addition:

1.           Secrecy

Section 95 currently prevents Reporting Entities from sharing information about suspicions. As a result, if
a Mortgage Manager is a Reporting Entity, it is prevented from sharing such information with the lender,
which inhibits the ability of both to investigate and report suspicious matters. Our submissions in relation
to section 95 on page 10 above, which we made in the context of Mortgage Brokers, applies equally to
Mortgage Managers.

2.           Record Keeping

For the reasons set out at page 10 above (in the context of Mortgage Brokers), where a Mortgage
Manager is conducting identification for a lender (whether as agent or as a reporting entity), it should not
be necessary for the lender to retain copies of any documents used by the Mortgage Manager to identify
the customer (provided that the Mortgage Manager retains such copies for the appropriate time period5
and the reporting entity is able to access those copies). As discussed above, this is in accordance with a
risk-based approach and consistent with FATF Recommendation 9.

3.           Mortgage Manager not able to be an external agent if a reporting entity

Sections 12(2)(d) and 12(3)(d) of the Bill prevent a third party from being appointed an external agent if it
is a Reporting Entity. If Mortgage Managers are Reporting Entities under the Bill, they cannot be
appointed as an external agent of lenders. This is the case even if the services provided by the Mortgage
Managers to the lender are not, themselves, designated services. For example, a Mortgage Manager

    The appropriate time period has not yet been defined in the Draft Bill.
may be a reporting entity because of a particular activity it carries out that is unrelated to the activities that
it carries out in connection with lenders. We submit that an amendment is needed to allow a third party in
these circumstances to be appointed as an external agent of the lender where the services provided by
that third party to the reporting entity are not designated services.

4.      Due Diligence

Our comments set out at page 9, relating to Mortgage Brokers, also apply.

Appendix B: General Issues and Recommendations

The following paper outlines issues relating to specific sections of the Anti Money Laundering / Counter-
Terrorism Financing Bill 2005, including recommendations based on ING Bank’s impact assessment of
the Bill. ING Bank supports the introduction of the Bill and its objectives, however wishes to outline some
issues that have been identified which may make practical implementation of the Bill costly and difficult to
manage on an ongoing basis.

Part 1: Introduction

Section 2: Commencement


The financial services industry requires an implementation time frame that allows for changes to
information technology systems, processes, procedures, and training and awareness to staff and third
parties. In addition, the development of an effective and robust AML Program will require considerable
resources for development, testing and implementation. All of these changes will require significant time
and resources.


ING Bank estimates that it will require a period of at least 2 years from the date the entire package (Act,
Regulations and Rules) is released to implement all requirements of the Bill effectively. In addition, any
new Rules released either during the transition period or after the commencement of the Bill should allow
appropriate time for implementation by the Industry. The Government may wish to consider a staggered
approach to implementation.

Section 5: Definitions

ING Bank has identified the need for clarification of some of the definitions outlined in the Bill.


There is no definition for the term agent, in the context of the “applicable agent identification procedure.”
This should be defined in order for financial institutions to ensure they are meeting the identification
processes required in the Bill.


The term “agent” should be defined in the Bill or in the associated regulations (which have not yet been


The term “politically exposed person” is not defined and refers to the AML/CTF Rules which financial
institutions are yet to receive. It is expected that many larger institutions will rely on commercially
available lists that will involve a significant cost and implementation time frame in order to merge the lists
with all account systems. The delay in the issuing of a Rule or definition for PEP’s will only increase the
time it will take for institutions to develop and implement a solution for identifying or managing PEP’s.


ING DIRECT recommends that a combination of the following definitions be included in the Bill.
The Financial Actions Task Forces defines a politically exposed person as:

“Individuals who are or have been entrusted with prominent public functions in a foreign country, for
example Heads of State or of government, senior politicians, senior government, judicial or military
officials, senior executives of state owned corporations, important political party officials. Business
relationships with family members or close associates of PEPs involve reputational risks similar to those
with PEPs themselves. The definition is not intended to cover middle ranking or more junior individuals in
the foregoing categories.”

ING Group (the parent of ING Bank) has rolled out anti-money laundering measures through its Financial
Economic Crime policy. ING Group defines a politically exposed person as:

“Individuals who are or have been entrusted with prominent public functions including heads of state,
government senior politicians, senior government, judicial or military officials, senior executives of publicly
owned corporations and important political party officials.”


A number of terms used in the Bill are terms that are used and defined in legislation that has a significant
impact on financial services. This includes legislation such as Chapter 7 of the Corporations Act. In our
view, it can be confusing for a term to have one meaning under one piece of legislation and then a
different meaning under another.


Accordingly, it would be preferable if, to the extent possible, meanings given to terms in legislation that
has a significant impact on financial services (such as Chapter 7 of the Corporations Act) are given the
same definition in the Bill.

The definition of "control test" makes reference to provisions of the Social Security Act. These provisions
are complex and most financial services organisations are unlikely to be familiar with them. Accordingly,
we recommend that a less complex control test be used.

Section 6: Designated Services

Section 6 of the Bill outlines the designated services.

Refer to Appendix A for designated services relating to third party relationships.

Other issues and recommendations in relation to Section 6 include:


ING Bank is unclear regarding the objective of the inclusion of following designated services:

-   (56) guaranteeing a loan, where the loan guarantee is provided in the course of carrying on a

-   (57) in the capacity of a guarantor of a loan, making a payment to a lender

It is not clear how an individual guarantor can be expected to identify, and undertake customer due
diligence generally on a lender (such as a bank) and a borrower (which could be a major corporate or an
individual), as well as comply with the requirements of the Bill.


The Government should clarify the objective of this designated service or provide an exemption, or
process for an exemption, for those parties not intended to be captured as Reporting Entities.

Part 2: Identification Procedures etc.

ING Bank welcomes the recent initiative by the Attorney General’s Department and AUSTRAC to move to
a more risk-based approach, which allows financial institutions to assess the risks of their own products,
services, customers and delivery channels and apply risk mitigation activities consistent with the level of
risk. To date, ING Bank has seen a revised confidential version of Part 2 of the Bill, a revised Customer
Identification Program Rule and a Risk Triggers rule which generally reflect a risk-based approach.

ING Bank understands that the Attorney General’s Department and AUSTRAC are currently working with
a limited number of financial institutions to apply risk based principles to other areas of the legislation.
Although ING Bank, to date, has not seen the output from this group, ING Bank continues to work with
the Attorney General’s Department and AUSTRAC on the Customer Identification and Verification
Working Group.

ING Bank understands that all new customers, post commencement of the Bill, will be required to be
subject to the reporting entity’s Customer Identification Program. In previous submissions to Government,
ING Bank has highlighted the importance of the regime to be both channel and technology neutral to
ensure that customers are not adversely impacted and that they can continue to obtain low cost banking
services that can be offered in a non face-to-face environment.

ING Bank welcomes the latest version of the Customer Identification Program Rule released to the
Identification and Verification Working Group documenting a risk-based approach for electronic
verification. ING Bank believes that electronic verification is critical to the success of the AML/CTF regime
and recognises the efficiencies gained in comparable jurisdictions such as the United Kingdom and
United States of America through acceptance of this method. ING DIRECT will continue to work with
AUSTRAC in the refinement of this Rule.

Section 27: Identification of pre-commencement customers


The Bill provides for existing customers not be re-identified if a “continuous relationship” is maintained.
The continuity of relationship may be broken by some occurrences, which will be outlined in the Rules,
however no Rules have been released surrounding continuity of relationship.


Any Rules relating to continuity of relationship must involve whole of industry consultation to avoid placing
a significant burden on customers and the industry. All Rules released should reflect a risk-based
approach to allow a greater opportunity to identify actual money laundering and terrorist financing and
should consider the cost of such measures as well as the impact on customers.

Section 30: Special circumstances for identification after provision of the designated


The Bill allows for some customers to be identified after the commencement of the service, namely in
cases where identification would disrupt the normal course of carrying on business, where the service is
offered non face-to-face, and where the service is specified in the AML / CTF Rules. To date, ING Bank
has not received any Rules around this clause (Section 30(1)(c)), and therefore is unable to comment on
what the potential impact will be.


ING Bank requests that the draft Rules referred to in Section 30(1)(c) are released as soon as possible
and that adequate consultation occur with industry in relation to that draft or, alternatively, that the clause
be removed.

In drafting the Rule, AUSTRAC should take into consideration guidance from the United Kingdom’s Joint
Money Laundering Steering Committee, where the guidance states, “Sometimes, in the normal conduct of
business, it is possible that a business relationship with a customer has to commence before verification
of the customer’s identity can be completed. This might be the case, for example in respect of some non
face-to-face business, some investment transactions, or some types of life assurance business. In such
circumstances, firms’ risk management procedures should take into account of these conditions, and
should require controls to be placed over the extent of the relationship entered into, or any funds held
under the relationship, until verification has completed.6”
Section 31: Customer identification post commencement


This section allows the reporting entity 5 business days to carry out the identification after which the
service should cease to be provided. In a non face-to-face environment Reporting Entities may be relying
on documents being sent by mail. In this scenario, the 5 business days allowed in the Bill may not be


The timeframe of 5 business days is not required by the FATF Recommendations. In particular, FATF
Recommendation 5 states that "countries may permit financial institutions to complete the verification as
soon as reasonably practicable following the establishment of the relationship, where the money
laundering risks are effectively managed and where this is essential not to interrupt the normal conduct of

The consequences of identification not being done within the time limit are serious. In particular, the
reporting entity must cease providing the service. Accordingly, we recommend that where the special
circumstances contemplated in section 31 are satisfied, consistent with FATF Recommendations, a
reporting entity should be required to identify the customer as soon as reasonably practicable after it has
commenced to provide the designated service.

Section 32: Re-verification of identity


Clause 31(1) requires customers to be re-identified, or for a reporting entity to conduct additional or
enhanced due diligence should a “risk trigger” occur. The triggers are outlined in the AML/CTF Rules.

The Bill only allows a reporting entity to rely on identification undertaken within the previous 5 days before
the trigger occurs. Hence, if the customer opens the account and 7 days later (for example) initiates a
transaction that triggers a risk, they would have to be re-identified under the Bill. This has the potential for
customers to be constantly re-identified should their transactions be considered unusual. This is
impractical from both a customer and reporting entity’s perspective, and is not commensurate with a risk
based approach.


6 6
      Joint Money Laundering Steering Group – Guidance for the UK Financial Sector (January 2006), Part 1, Paragraph 5.4.7
A reporting entity should be able to determine, based on their AML program and risk based approach, the
timeframe for which re-identification should take place (or any other additional procedures) if a risk is

Conflicting organisations


We are concerned that, as a result of the Bill, an organisation may be faced with conflicting statutory
obligations. For example, under the Consumer Credit Code a debtor is entitled to pay out a credit
contract at any time. Paying out a credit contract will be a designated service. However, it may be that a
reporting entity is obliged under the Bill to cease providing designated services, ie. not allow a debtor to
pay out the credit contract. As a result, if it complies with the AML/CTF Bill, it will contravene the
Consumer Credit Code. We have not conducted an exhaustive statutory review to identify other
conflicting obligations.


In our view, Government should undertake a review to identify conflicting statutory obligations and
address them in the Bill. Whilst provisions such as section 36 may give organisations protection from
prosecution as a result of ceasing to provide a service in certain circumstances, the act or omission may
nevertheless constitute a breach of other legislation. This may have consequences for Reporting Entities
that hold an Australian Financial Services Licence, who have obligations to report certain breaches to

Section 33: Re-verification of identity of an agent etc


Section 33 requires re-verification of the identity of an agent in certain circumstances. However, it is
unclear who is to be identified where the customer was originally identified and an agent of the customer
conducts the transaction that triggered the risk trigger. In particular, it is unclear whether the customer
must be re-identified and the agent identified or only the agent identified.


If a risk trigger occurs, the reporting entity should be required to identify the party who conducted the
transaction and triggered the risk trigger.

Section 34: Identification carried out by another person

Issues surrounding the use of third party agents are outlined in Appendix A.

Part 3: Reporting obligations of Reporting Entities

ING Bank recognises that an effective AML/CTF regime will require institutions to report suspicious
matters, threshold transactions and international funds transfer instructions to AUSTRAC. ING Bank has
reviewed the accompanying draft rule on Suspicious Matters and the matters to be taken into account
when forming a suspicion.

ING Bank believes it would be useful for Reporting Entities to receive certain types of information from
AUSTRAC, based on the reports made. Information that would be useful to financial institutions include:
- new threats and emerging techniques used by money launderers, identified by AUSTRAC and/or law
   enforcement agencies, which can be subsequently used to update money laundering typologies used
   within the organisation for ongoing transaction monitoring;
- whether the information contained in reports lodged by a Financial Institution is sufficient; and
- some success stories or “lessons learned” based on reporting to AUSTRAC suspicious transactions,
   which can be used in staff training and awareness programs.

Some issues regarding the Bill and Rules are raised below.

Section 39: Reports of suspicious matters


Section 39(6) requires the lodgement of suspicious matter reports with AUSTRAC based on “reasonable
grounds for a reporting entity to form a suspicion”, which are outlined in the AML/CTF Rules. There is a
concern that not all information (outlined in the 24 matters contained in the Rule) will be collected or held
by financial institutions, especially for low risk customers, products and services. This is especially
relevant for pre-commencement customers.


ING Bank recommends that a clause or defence be included in the Bill which ensures that Reporting
Entities are not held liable should they fail to identify a suspicious matter, or fail to include all information
in a suspicious matter report due to information not held about the customer.


The draft Rule released on Suspicious Matter Reporting includes information that is required to be
included in any reports made to AUSTRAC. Paragraph 2.6 requires details about the “sources relied upon
to verify the customer’s identity”. All sources listed in the Rule imply that only documentary evidence
would be relied upon to verify identity, and not electronic sources with reliable and independent data. ING
Bank acknowledges that this Rule is still in draft form and assumes that this Rule will be updated in line
with the new Customer Identification Program Rule.


Once all Rules are finalised, the Attorney General’s Department and AUSTRAC should ensure that the
final package of Bill, Rules and Guidance Notes do not contain any inconsistencies.

Part 7: Anti-money laundering and counter-terrorism financing programs

ING Bank recognises the need for Reporting Entities to implement an Anti-Money Laundering and
Counter-Terrorism Financing program to outline how they will address the risk of money laundering and
terrorism financing throughout their organisation. There are, however, some practical implementation
issues that ING Bank has identified and wishes to raise.

Section 74: Anti-Money Laundering / Counter-Terrorism Financing Programs


Paragraph 1 of the draft AML/CTF Program Rules states that Reporting Entities need to identify and
materially mitigate the risk that the provision by the reporting entity of a designated service might involve
or facilitate a transaction that might be connected to the commission of a money laundering offence or a
financing of terrorism offence.

A significant number of submissions have been made in relation to the AML/CTF Program requirements
and in particular the obligation to "materially mitigate". We understand that further work is being
conducted in relation to these matters.


In light of the above, we make no comment on these provisions but would appreciate an opportunity to
make comments once an amended rule or redrafted Bill is released. This is particularly so given that the
AML/CTF Program is a key component of the Bill.


Paragraph 6(b) of the AML Programs Rule requires all customers to be assigned with a risk classification
regardless of the product type. This raises a number of issues for Reporting Entities including:

-   What are the consequences for a reporting entity if a customer is assigned an incorrect risk
-   What if Reporting Entities do not hold sufficient know your customer information in order to assign a
    meaningful classification?
-   What if the customer requests information about the risk classification assigned to them or wishes to
    contest it? It would appear that customers may be able to access this information under the National
    Privacy Principles contained at Schedule 3 to the Privacy Act unless the Bill requires Reporting
    Entities to deny access to it.
-   What if Reporting Entities are accused of discrimination or racial profiling in the assessment of
    customers risk classification? Are there any protections or defences that will be available to
    Reporting Entities?


We recommend that the Government consider the issues raised above including the impact of other
legislation (such as Privacy and Anti-Discrimination). Reporting Entities should not be held liable for any
related issues with assigning risk classifications. The Bill should include a protection from liability in
relation to acts done in good faith for the purpose of complying with the AML/CTF Program requirements.


Paragraph 31 requires Reporting Entities to conduct employee due diligence, including employee
screening. A reporting entity should be able to rely on processes undertaken to meet the requirements of
other regulators such as those relating to Responsible Officers (for which the relevant regulator is
Australian Securities Investment Commission (ASIC)) and the fit and proper prudential standards

released by the Australian Prudential Regulation Authority (APRA). A reporting entity should be able to
decide, based on the risks associated with the employee’s role, the level of screening required.


ING Bank currently undertakes screening including criminal checks for all permanent employees.
However, we believe that AUSTRAC should not prescribe the checks or screening processes, but allow
the reporting entity to decide, on a risk-based approach, what checks or processes are required for
particular positions.


Paragraph 32 requires a reporting entity to discipline employees who fail to comply “with any procedure
established in accordance with its AML/CTF Program”. There is no materiality in this requirement.


AUSTRAC should allow a reporting entity to decide what, if any, actions should be taken to discipline
employees on a risk-based approach, taking into the account matters such as the severity of the
procedure breached and the frequency of the breach.


Paragraph 34 requires a third party due diligence program for all third parties that have “a connection with
a designated service.” As an example, our outsourced information technology providers may have a
“connection” as they provide a system for which our intermediaries can input application information.


There needs to be more clarity around exactly what kind of connection is relevant. It should also be noted
that APRA has requirements surrounding the use of outsourced service providers and critical third parties
for institutions to follow when utilising the services of third party vendors.

Part 11: Secrecy and Access

ING Bank understand the importance of customers not being “tipped off” about a report made to
AUSTRAC on their behaviour. However there are some issues which will have a practical impact should
they not be addressed:

Section 95: Offence of Tipping Off


Section 95(1)(a) states that a Reporting Entity cannot disclose to anyone that they have formed a
suspicion. Under Section 32, however the Reporting Entity may need to re-identify customers if they
have formed a suspicion. In doing so, the Reporting Entity risks tipping the customer off. It should be
accepted that if the customer is knowledgeable of a Reporting Entities obligations under the AML/CTF Bill
(which we can expect sophisticated money launderers to be) Reporting Entities run the risk of penalty
simply by following requirements defined under Section 32.


The tipping off provisions should be clarified to provide that they will not apply if a Reporting Entity is
merely performing an act in order to comply with any legislation.

Beneficial owners

The AML/CTF package released for public comment indicates that beneficial owners will need to be
identified. However, a proposed procedure to identify beneficial owners has not yet been specified. As a
result, we cannot make a submission on this issue at this time. However, we welcome the opportunity to
make a submission on this issue once more information has been released.



The Bill contains a number of protections from liability (such as section 36). However, these protections
only apply to acts done or omitted to be done in good faith and without negligence. "Negligence" is an
extremely broad term and it may be difficult for organisations to demonstrate that an act or omission was
without negligence.


The requirement for an act to be without negligence should be removed from the protections from liability.
This is particularly so given that, but for the protection, an organisation may be exposed to actions for
breach of contract if it ceases providing services.

Consultation on Rules

Under the Bill, AUSTRAC has broad powers including powers to issue Rules and Guidelines. These
Rules and Guidelines are likely to have a significant impact on industry. In our view, if the Rules are to
work efficiently, they should, as far as possible, reflect industry practice. As a result, in our view, it is
important that AUSTRAC engages in meaningful consultation with industry when formulating Rules and

Whilst the Bill requires AUSTRAC to consult with Reporting Entities and take their comments into account
(Section 173), it also provides that AUSTRAC's decision is not invalid if it fails to do those things. In light
of the importance of the Rules, AUSTRAC should be required to release draft Rules for comment, consult
with Reporting Entities on those draft Rules and take those comments into account in finalising the Rules.
If AUSTRAC does not do any of those things, the Rules should not be valid. The model adopted could be
one similar to that in Section 28 of the Payment Systems (Regulation) Act 1998 (Cth). Exemption could
be made for urgent action that it is necessary for AUSTRAC to undertake.

Notwithstanding the significant impact that the Rules and Guidelines may have on industry, there is no
process for any review of AUSTRAC's decision. We suggest that consideration be given to providing for
a process of review of AUSTRAC's decision.


To top