Crime and Punishment, or more accurately non-compliance and potential punishment. What will happen to AfterPay post the External Auditor's report and recommendations? AUSTRAC is on the horns of a dilemma: does it punish AfterPay for "historic non compliance" (although historical might have been a better adjective Mr External Auditor) with the AML Act; or does it accept AfterPay's redemption and pledge of future good behaviour? I think the latter. This is notwithstanding the External Auditor's finding that AfterPay breached the AML Act (s 81) by failing to have an AML Program for approximately 16 months post commencement of providing designated services and also by failing to apply the correct applicable customer identification procedures (KYC) for a longer period of time.
If the same approach regarding alleged breaches of s 81 - having an AML/CTF Program that is being applied to WBC is applied to AfterPay it would be facing charges of "AML/CTF Program failures - unquantifiable and significant contraventions of s 81" (AUSTRAC v WBC Concise Statement of Claim page 4). After-all, there is evidence of AfterPay providing designated services without having an AML/CTF Program. Note AUSTRAC's pleading in WBC that "Westpac contravenes s 81 of the Act on each occasion it provides a designated service where it does not have a compliant Part A Program in place."
However, as the External Auditor has opined that AfterPay is now compliant with the Act with both its AML Program and related processes, what purpose would be served from bringing civil proceedings against AfterPay? It could be argued none, save as a deterrent to future non compliance by similar organisations. Remember that AUSTRAC is not able to impose a fine directly via the infringement notice provisions for most of these type of historical breaches so it would need to bring formal civil proceedings akin to Tabcorp, CBA, and WBC. Also, of the three External Audits to date (aside AfterPay and PayPal) only one resulted in further enforcement action which was an enforceable undertaking (EU). An EU would seem superfluous in this case as AfterPay is, or is nearly, compliant with the Act.
Then again, I stand to be corrected.
The issue of the "incorrect" legal advice is fascinating. As a lawyer, we always strive to provide the correct advice. Then again, lawyers advise on the law, and on the facts as given to them by the client. Over the years I have seen plenty of legal advice around the AML Act, especially in the area of designated services, which could be considered deficient mainly because some of the definitions contained in the AML Act are boarder than most lawyers might thing, for example "property" and "loan". Advice around a product could mean that either a business is caught by the AML Act (becoming a reporting entity) or it is not caught by the AML Act but with other consequence (tax, responsible lending etc.).
Professional liability insurers for the legal profession have a phrase "don't dabble". It could be that AfterPay may have been on the wrong side of a credit / financial services lawyer dabbling in AML Act advice. Although that is not what the firm in question has stated in a rare comment from a law firm regarding a client matter.
Legal advice does not absolve a reporting entity from its AML Act obligations but may a mitigating factor. AfterPay's potential professional negligence action against the "top tier" Australian law firm, if it actually eventuates, may very well be the first in Australia arising from advice on the AML Act. Given the size of the potential damages no doubt the risk team form the top tier firm will be on the next flight to London to discuss the issues with their top-up insurers as the damages could be in the millions or the action could be successfully defended. For us with a keen interest in professional advice and its outcomes let us hope that this one actually makes it to trial and to judgment.
Remember also, that legal advice is given on the question and facts provided by the client. I have seen plenty of advic