Skip to main content

AUSTRAC’s 2021 Compliance Report

AUSTRAC’s Compliance Report is evolving each year and is increasingly quantitative in relation to the inputs and responses required and is one key input for AUSTRAC in determining its supervisory priorities and areas of focus. This article outlines the key steps that reporting entities can take to ensure accuracy and completeness in reporting, and to maximise the impact of the AUSTRAC Compliance Report as an opportunity to raise awareness and assess how effectively the Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) framework is operating.

Summary of key changes:

  • Increased scrutiny on how reporting entities manage their business, customers, customer risk and AML/CTF Programs, including questions on a reporting entity’s perspective on adequacy/quality
  • Increasing focus on Independent Review requirements, approach and frequency
  • Targeted questions, additional disclosures and data required to support Compliance Report submissions (aligned with the inclusion of more quantitative questions)
  • Emphasis on attesting to documented AML/CTF policies, procedures, processes and outputs.

Submission of AUSTRAC’s Compliance Report (due by 31 March each year) is a key regulatory obligation for reporting entities under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act). The Compliance Report provides AUSTRAC with insights into your organisation, your industry sub-sector and in some cases may trigger further supervisory enquiry. There has been increased incidence of this in recent years, stemming, at least in part, from information provided in the Compliance Report – this seems to be a combination of data/information that is out of alignment with peers or regulatory expectations; which contradicts statements or information provided by the reporting entity through other means; or which is proven inaccurate by AUSTRAC’s supervisory inspections. 

While the Compliance Report may only provide a point in time, static view of your organisation, reporting entities should be mindful that there is no expiration on the information provided and should ensure the appropriate governance and assurance processes are in place to support the responses provided. Where you identify errors in previous reporting, it is recommended that this be documented and discussed with AUSTRAC as part of your next regulatory interaction. 

Organisations should consider the following in advance of submitting their Compliance Report:

  • Documenting your evidence base – what source systems were used to capture the required data? If challenged, how would you justify a particular response i.e., what document, system, process or control would you point to?
  • Ensure an appropriate level of governance – do senior management and the Board have the right level of awareness and oversight across both the AML/CTF Program and Compliance Report?
  • Assess your controls – is your AML/CTF Program and associated policies, procedures, systems, and controls fit for purpose? Are the existing controls addressing your organisation’s ML/TF risks?
  • Review the level of assurance – are your current assurance procedures providing valuable and meaningful insights over the operation of key systems and controls? Are you confident in the responses you are providing to the regulator?
  • See it as an opportunity – could you use the compliance report to enhance the strength of your AML/CTF program, as an early warning signal of areas potentially requiring further review/investigation, or simply to promote increased awareness and understanding across your organisation, right up to the Board.
  • Risk-based approach – have you developed your assurance and monitoring to provide adequate coverage over higher risk areas?

At a minimum, completion of the AUSTRAC Compliance Report is a regulatory obligation, but organisations should also treat this as an opportunity to reflect on the existing AML/CTF Program and identify areas where additional focus and resources may be required.