AfterPay: Post External Audit What Next?

Crime and Punishment, or more accurately non-compliance and potential punishment. What will happen to AfterPay post the External Auditor's report and recommendations? AUSTRAC is on the horns of a dilemma: does it punish AfterPay for "historic non compliance" (although historical might have been a better adjective Mr External Auditor) with the AML Act; or does it accept AfterPay's redemption and pledge of future good behaviour? I think the latter. This is notwithstanding the External Auditor's finding that AfterPay breached the AML Act (s 81) by failing to have an AML Program for approximately 16 months post commencement of providing designated services and also by failing to apply the correct applicable customer identification procedures (KYC) for a longer period of time.

If the same approach regarding alleged breaches of s 81 - having an AML/CTF Program that is being applied to WBC is applied to AfterPay it would be facing charges of "AML/CTF Program failures - unquantifiable and significant contraventions of s 81" (AUSTRAC v WBC Concise Statement of Claim page 4). After-all, there is evidence of AfterPay providing designated services without having an AML/CTF Program. Note AUSTRAC's pleading in WBC that "Westpac contravenes s 81 of the Act on each occasion it provides a designated service where it does not have a compliant Part A Program in place."

However, as the External Auditor has opined that AfterPay is now compliant with the Act with both its AML Program and related processes, what purpose would be served from bringing civil proceedings against AfterPay? It could be argued none, save as a deterrent to future non compliance by similar organisations. Remember that AUSTRAC is not able to impose a fine directly via the infringement notice provisions for most of these type of historical breaches so it would need to bring formal civil proceedings akin to Tabcorp, CBA, and WBC. Also, of the three External Audits to date (aside AfterPay and PayPal) only one resulted in further enforcement action which was an enforceable undertaking (EU). An EU would seem superfluous in this case as AfterPay is, or is nearly, compliant with the Act.

Then again, I stand to be corrected.

The issue of the "incorrect" legal advice is fascinating. As a lawyer, we always strive to provide the correct advice. Then again, lawyers advise on the law, and on the facts as given to them by the client. Over the years I have seen plenty of legal advice around the AML Act, especially in the area of designated services, which could be considered deficient mainly because some of the definitions contained in the AML Act are boarder than most lawyers might thing, for example "property" and "loan". Advice around a product could mean that either a business is caught by the AML Act (becoming a reporting entity) or it is not caught by the AML Act but with other consequence (tax, responsible lending etc.).

Professional liability insurers for the legal profession have a phrase "don't dabble". It could be that AfterPay may have been on the wrong side of a credit / financial services lawyer dabbling in AML Act advice. Although that is not what the firm in question has stated in a rare comment from a law firm regarding a client matter.

Legal advice does not absolve a reporting entity from its AML Act obligations but may a mitigating factor. AfterPay's potential professional negligence action against the "top tier" Australian law firm, if it actually eventuates, may very well be the first in Australia arising from advice on the AML Act. Given the size of the potential damages no doubt the risk team form the top tier firm will be on the next flight to London to discuss the issues with their top-up insurers as the damages could be in the millions or the action could be successfully defended. For us with a keen interest in professional advice and its outcomes let us hope that this one actually makes it to trial and to judgment.

Remember also, that legal advice is given on the question and facts provided by the client. I have seen plenty of advic

Paddy Oliver leads the team at AML Experts. Paddy has extensive experience as a lawyer and compliance management consultant. Importantly for you, he is an experienced Independent Reviewer and Auditor. That means AML Experts is your one-stop-shop for AML Act and AUSTRAC compliance. Paddy can be contacted here.

Recent AML Insights

Browse our blog for the latest opinion and resources for business leaders.

Independent Audit Guidance

Guidance for AML/CFT Programme Audits has been released by the New Zealand Department of Internal Affairs. Whilst not applicable in Australia it is informative with regard to Independent Reviews under AML/CTF Rule 8.6 (or 9.6) subject to the key differences between the two countries respective AML regimes. Guidance download here. Some of the key points: …

Independent Audit Guidance Read More »

PayPal Notice to Appoint Auditor

AML/CTF Program Governance Raises Its Head Again Like the AfterPay Notice to Appoint an External Auditor, the Notice issued to PayPal takes a little deciphering, especially around the AML/CTF Rule numbers. I understand why the Notices are written in this way as they are for the reporting entity (and the External Auditor): however, only stating …

PayPal Notice to Appoint Auditor Read More »

AML Program Governance Seminar | Under the Bonnet of the AML Act

Do you want to know more about AML/CTF Program Governance? AML Experts are hosting a seminar on AML/CTF Program governance as part of the Under the Bonnet of the AML Act series. https://www.eventbrite.com.au/e/under-the-bonnet-of-the-aml-act-amlctf-program-governance-registration-66141953363 Governance of an AML/CTF Program has always been important but with AUSTRAC’s greater focus on this area how effective is your AML/CTF …

AML Program Governance Seminar | Under the Bonnet of the AML Act Read More »

Email SubscriptionSubscribe now to receive breaking news and helpful information on AML/CTF.
Scroll to Top