Some thoughts on AUSTRAC’s approach:
- “AUSTRAC will work constructively with you as you manage your money laundering and terrorism financing risks during this disruptive period. This includes considering your circumstances when applying the AML/CTF laws.” So keep good records and / or consult with AUSTRAC or get legal advice before you do anything radical.
- The alternative processes to verify customer identity are applicable before the provision of the designated services. So no change to the current law; no special circumstances to allow KYC to be completed after the commencement of the provision of the designated services.
- These alternative processes are already in the Rules and in some, but not most, AML/CTF Programs Part B.
- Rule 4.15.1 - alternative proof of identity. Useful but note the devil in the detail including: inability to establish identity using normal Rule 4 processes; risk assessment needed; risks around self-attestation; must apply “appropriate” levels of ongoing customer due diligence to mitigate ML/TF risks.
- Rules 4.9.3(3) & 4.9.5(3) - basically the use of non certified copies. Useful but need to consider all the elements of the respective Rules and the risks.
- Disclosure certificates - very much misunderstood. Many, if not most, Programs do not allow for the use of disclosure certificates. So Programs will need to be amended post a risk assessment. Also, Rule 30 outlines when and how disclosure certificates can be used. It is not a simple process.
- From our experience most AML/CTF Programs do not cover these KYC methods so will require amendment. AUSTRAC state “In these circumstances, we expect that you keep a record of any changes in policies and procedures made due to the COVID-19 pandemic.” We agree with that statement.
- Note that in both examples the reporting entity has “recently updated their AML/CTF program and processes to allow a more flexible approach when managing situations arising from the COVID-19 pandemic.” Foresightful.
- The over-arching KYC requirement for each customer type is “having appropriate risk-based systems and controls that are designed to enable the reporting entity to be reasonably satisfied” … that the individual / company / trust etc. is the individual / company / trust etc. claims he / she / it claims to be.
This is not legal advice. If you need legal or consulting advice on your specific circumstances please get in touch.