Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 (Cth)

Anti‑Money Laundering and Counter‑Terrorism Financing Amendment Act 2024 No. 110, 2024 An Act to amend the Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 and repeal the Financial Transaction Reports Act 1988, and for related purposes Contents 1 Short title 2 Commencement 3 Schedules Schedule 1—AML/CTF programs and business groups Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 Schedule 2—Customer due diligence Part 1—Main amendments Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 Part 2—Consequential amendments Banking Act 1959 Commonwealth Electoral Act 1918 Schedule 3—Regulating additional high‑risk services Part 1—Real estate Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 Part 2—Dealers in precious metals and stones Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 Part 3—Professional services Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 Part 4—Transitional provisions Schedule 4—Legal professional privilege Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 Schedule 5—Tipping off offence and disclosure of AUSTRAC information to foreign countries or agencies Part 1—Main amendments Division 1—Tipping off offence Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 Division 2—Disclosure of AUSTRAC information to foreign countries or agencies Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 Part 2—Contingent amendments Intelligence Services Legislation Amendment Act 2024 Schedule 6—Services relating to virtual assets Part 1—Main amendments Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 Part 2—Contingent amendments Proceeds of Crime Act 2002 Schedule 7—Definition of bearer negotiable instrument Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 Schedule 8—Transfers of value and international value transfer services Part 1—Transfers of value Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 Part 2—International value transfer services Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 Schedule 9—Powers and definitions Part 1—Examination power Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 Part 2—Information gathering power Division 1—Main amendments Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 Division 2—Consequential amendments Freedom of Information Act 1982 Part 3—Definitions Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 Part 4—Contingent amendment Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 Schedule 10—Exemptions Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 Schedule 11—Repeal of the Financial Transaction Reports Act 1988 Part 1—Repeals Financial Transaction Reports Act 1988 Part 2—Consequential amendments Division 1—Amendment of the Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 Division 2—Amendments of other Acts Australian Securities and Investments Commission Act 2001 Commonwealth Electoral Act 1918 Criminal Code Act 1995 Freedom of Information Act 1982 Proceeds of Crime Act 2002 Surveillance Devices Act 2004 Part 3—Transitional provisions Schedule 12—Transitional rules Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 No. 110, 2024 An Act to amend the Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 and repeal the Financial Transaction Reports Act 1988, and for related purposes [Assented to 10 December 2024] The Parliament of Australia enacts: 1 Short title This Act is the Anti‑Money Laundering and Counter‑Terrorism Financing Amendment Act 2024. 2 Commencement (1) Each provision of this Act specified in column 1 of the table commences, or is taken to have commenced, in accordance with column 2 of the table. Any other statement in column 2 has effect according to its terms. Commencement information Column 1 Column 2 Column 3 Provisions Commencement Date/Details 1. Sections 1 to 3 and anything in this Act not elsewhere covered by this table The day this Act receives the Royal Assent. 10 December 2024 2. Schedules 1, 2 and 3 31 March 2026. 31 March 2026 3. Schedule 4 1 July 2026. 1 July 2026 3A. Schedule 5, item 1 31 March 2026. 31 March 2026 3B. Schedule 5, item 2 31 March 2025. 31 March 2025 4. Schedule 5, Part 1, Division 2 31 March 2026. 31 March 2026 5. Schedule 5, Part 2 The later of: (a) the commencement of the provisions covered by table item 3B; and (b) immediately after the commencement of item 94 of Schedule 1 to the Intelligence Services Legislation Amendment Act 2024. However, the provisions do not commence at all if the event mentioned in paragraph (b) does not occur. 6. Schedule 6, Part 1 31 March 2026. 31 March 2026 7. Schedule 6, Part 2 The later of: 31 March 2026 (a) the commencement of the provisions covered by table item 6; and (paragraph (a) applies) (b) immediately after the commencement of Schedule 2 to the Crimes and Other Legislation Amendment (Omnibus No. 1) Act 2024. However, the provisions do not commence at all if the event mentioned in paragraph (b) does not occur. 8. Schedule 7 1 July 2026. 1 July 2026 9. Schedule 8 31 March 2026. 31 March 2026 10. Schedule 9, Parts 1 to 3 The 28th day after this Act receives the Royal Assent. 7 January 2025 11. Schedule 9, Part 4 The later of: (a) the commencement of the provisions covered by table item 10; and (b) immediately after the commencement of item 94 of Schedule 1 to the Intelligence Services Legislation Amendment Act 2024. However, the provisions do not commence at all if the provisions covered by table item 3B commence before the event mentioned in paragraph (b) occurs. 12. Schedule 10 31 March 2026. 31 March 2026 13. Schedules 11 and 12 The 28th day after this Act receives the Royal Assent. 7 January 2025 Note: This table relates only to the provisions of this Act as originally enacted. It will not be amended to deal with any later amendments of this Act. (2) Any information in column 3 of the table is not part of this Act. Information may be inserted in this column, or information in it may be edited, in any published version of this Act. 3 Schedules Legislation that is specified in a Schedule to this Act is amended or repealed as set out in the applicable items in the Schedule concerned, and any other item in a Schedule to this Act has effect according to its terms. Schedule 1—AML/CTF programs and business groups Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 1 Section 4 Omit: • A reporting entity is a financial institution, or other person, who provides designated services. (Designated services are listed in section 6.) substitute: • A reporting entity is a person who provides designated services. (Designated services are listed in section 6.). Lead entities of certain business groups (known as reporting groups) are also reporting entities. • A reporting entity must have and comply with an AML/CTF program. 2 Section 4 Omit: • Reporting entities must have and comply with anti‑money laundering and counter‑terrorism financing programs. 3 Section 5 Insert: AML/CTF compliance officer for a reporting entity means the individual designated as the AML/CTF compliance officer for the reporting entity under subsection 26J(1). AML/CTF policies of a reporting entity: (a) means the policies, procedures, systems and controls of the reporting entity developed under section 26F; and (b) if the policies, procedures, systems and controls of the reporting entity are updated—includes the policies, procedures, systems and controls as updated. AML/CTF program: see section 26B. 4 Section 5 (definition of anti‑money laundering and counter‑terrorism financing program) Repeal the definition. 5 Section 5 Insert: business group: see subsection 10A(3). control has the meaning given by section 11. 6 Section 5 (definition of control test) Repeal the definition. 7 Section 5 (definition of designated business group) Repeal the definition. 8 Section 5 Insert: governing body of a reporting entity means: (a) if the reporting entity is an individual—the individual; or (b) otherwise—the individual, or group of individuals, with primary responsibility for the governance and executive decisions of the reporting entity. 9 Section 5 (definition of joint anti‑money laundering and counter‑terrorism financing program) Repeal the definition. 10 Section 5 Insert: lead entity of a reporting group: see subsection 10A(5). member of a reporting group or a business group: see subsection 10A(4). ML/TF risk assessment of a reporting entity: (a) means the risk assessment undertaken by the reporting entity under section 26C; and (b) if the assessment is updated under section 26D—includes the risk assessment as updated. 11 Section 5 (definition of money laundering and terrorism financing risk assessment) Repeal the definition. 12 Section 5 Insert: proliferation financing means conduct that amounts to: (a) an offence against the Charter of the United Nations Act 1945, or regulations made under that Act, that is prescribed by regulations made under this Act for the purposes of this paragraph; or (b) an offence against the Autonomous Sanctions Act 2011, or a contravention of regulations made under that Act, that involves sanctions addressing the proliferation of weapons of mass destruction; or (c) an offence against the Autonomous Sanctions Act 2011, or a contravention of regulations made under that Act, that is prescribed by regulations made under this Act for the purposes of this paragraph; or (d) the provision of assets (including funds) or financial services, or other dealing with assets, in contravention of a law of the Commonwealth that: (i) implements an international agreement, convention or treaty relating to the proliferation of weapons of mass destruction; and (ii) is prescribed by the regulations for the purposes of this paragraph; or (e) an offence against a law of a State or Territory that corresponds to an offence referred to in paragraph (a), (b), (c) or (d); or (f) an offence against a law of a foreign country or a part of a foreign country that corresponds to an offence referred to in paragraph (a), (b), (c), (d) or (e); or (g) an offence against a law of the Commonwealth, a State or a Territory that is prescribed by the regulations for the purposes of this paragraph. 13 Section 5 (definition of reporting entity) Repeal the definition, substitute: reporting entity means: (a) a person who provides a designated service; or (b) the lead entity of a reporting group. 14 Section 5 Insert: reporting group: see subsection 10A(1). senior manager of a reporting entity means an individual who makes, or participates in making, decisions that affect the whole, or a substantial part, of the business of the reporting entity. 15 Section 5 (definition of shell bank) Omit "section 15", substitute "section 94A". 16 Section 5 (definition of special anti‑money laundering and counter‑terrorism financing program) Repeal the definition. 17 Section 5 (definition of standard anti‑money laundering and counter‑terrorism financing program) Repeal the definition. 18 After subsection 6(6) Insert: Designated services provided within business groups (6A) Despite anything in this section, a service is not a designated service if: (a) any of the following apply: (i) a member of a business group provides the service to another member of the business group; (ii) the service is of a kind described in item 48 of table 1 and the guarantor and borrower are members of the same business group; (iii) the service is of a kind described in item 49 of table 1 and the guarantor and borrower are members of the same business group; (iv) the service is of a kind specified in the AML/CTF Rules; and (b) the service is not of a kind specified in the AML/CTF Rules; and (c) the requirements (if any) specified in the AML/CTF Rules are met. Note 1: Item 48 of table 1 covers guaranteeing a loan, where the guarantee is given in the course of carrying on a business of guaranteeing loans. Note 2: Item 49 of table 1 covers making a payment, in the capacity of guarantor of a loan, to the lender, where the guarantee was given in the course of carrying on a business of guaranteeing loans. 19 Section 11 Repeal the section, substitute: 10A Key terms relating to reporting groups Reporting group (1) A reporting group is: (a) a business group, where: (i) at least one person in the group provides a designated service; and (ii) each member of the group satisfies such conditions (if any) as are specified in the AML/CTF Rules; and (iii) the group is not of a kind that, under the AML/CTF Rules, is ineligible to be a reporting group to which this paragraph applies; and (iv) the conditions (if any) relating to changes in membership, dissolution, administration or operation of the group that are specified in the AML/CTF Rules are satisfied; or (b) a group of 2 or more persons, where: (i) each member of the group has elected, in writing, to be a member of the group, and the election is in force; and (ii) each election was made in accordance with the AML/CTF Rules; and (iii) no member of the group is a member of another group to which this paragraph applies; and (iv) each member of the group satisfies such conditions (if any) as are specified in the AML/CTF Rules; and (v) the group is not of a kind that, under the AML/CTF Rules, is ineligible to be a reporting group; and (vi) the conditions (if any) relating to changes in membership, dissolution, administration or operation of the group that are specified in the AML/CTF Rules are satisfied. (1A) Subject to subsection (2A), a person may be a member of a group to which paragraph (1)(b) applies even if the person is a member of a group to which paragraph (1)(a) applies. (1B) The requirement in subparagraph (1)(b)(i) to make a written election does not apply in relation to a member of a group in the circumstances specified in the AML/CTF Rules. (2) Subparagraph (1)(b)(iii) does not apply in the circumstances specified in the AML/CTF Rules. (2A) If a person is a member of more than one reporting group, the AML/CTF Rules may specify circumstances in which that person is taken, for the purposes of this Act, to be a member of only one of those reporting groups. Business groups (3) A business group is a group of 2 or more persons, where either of the following paragraphs applies: (a) one person in the group controls each other person in the group; (b) the group meets the requirements (if any) specified in the AML/CTF Rules. Members of reporting groups and business groups (4) Each person in a reporting group or a business group is a member of that group. Lead entity of a reporting group (5) The lead entity of a reporting group means the person in the group that is specified in the AML/CTF Rules as the lead entity for the reporting group. Note: The lead entity of a reporting group is a reporting entity, see the definition of reporting entity in section 5. 11 Meaning of control (1) Control, of a body corporate, is: (a) having the capacity to cast, or control the casting of, more than one half of the maximum number of votes that might be cast at a general meeting of the body corporate; or (b) directly or indirectly holding more than one half of the issued share capital of the body corporate (not including any part of the issued share capital that carries no right to participate beyond a specified amount in a distribution of either profits or capital, and not including mutual capital instruments within the meaning of section 167AD of the Corporations Act 2001); or (c) having the capacity to control the composition of the body corporate's board or governing body; or (d) having the capacity to determine the outcome of decisions about the body corporate's financial and operating policies, taking into account: (i) the practical influence that can be exerted (rather than the rights that can be enforced); and (ii) any practice or pattern of behaviour affecting the body corporate's financial or operating policies (whether or not it involves a breach of an agreement or a breach of trust). (2) Control, of a person other than a body corporate, is: (a) having the capacity to control the composition of the person's board or governing body (if any); or (b) having the capacity to determine the outcome of decisions about the person's financial and operating policies, taking into account: (i) the practical influence that can be exerted (rather than the rights that can be enforced); and (ii) any practice or pattern of behaviour affecting the person's financial or operating policies (whether or not it involves a breach of an agreement or a breach of trust). 20 Subparagraph 14(2)(b)(i) Omit "passes the control test in relation to", substitute "controls". 21 Subparagraph 14(3)(b)(i) Omit "passes the control test in relation to", substitute "controls". 22 Section 15 Repeal the section. 23 Subsection 21(3) Omit "regulations" (wherever occurring), substitute "AML/CTF Rules". 24 After Part 1 Insert: Part 1A—AML/CTF programs Division 1—Introduction 26A Simplified outline The following is a simplified outline of this Part: • A reporting entity must have and comply with an AML/CTF program. An AML/CTF program comprises the reporting entity's ML/TF risk assessment and AML/CTF policies. • The ML/TF risk assessment is an assessment of the risks of money laundering, financing of terrorism and proliferation financing that the reporting entity may reasonably face in providing its designated services. • The AML/CTF policies must appropriately manage and mitigate those risks and ensure the reporting entity complies with this Act and instruments under this Act. • The AML/CTF program must be appropriate to the nature, size and complexity of the reporting entity's business. For a lead entity of a reporting group, it must be appropriate to the nature, size and complexity of the business of each reporting entity in the reporting group. • The governing body of the reporting entity has responsibilities relating to the AML/CTF program, including relating to overseeing and ensuring the reporting entity complies with the AML/CTF policies, this Act and instruments under this Act. • The reporting entity must have an AML/CTF compliance officer. The AML/CTF compliance officer has various functions, including to oversee and coordinate the effective operation of, and compliance with, the AML/CTF policies. 26B What is an AML/CTF program? An AML/CTF program of a reporting entity comprises: (a) the reporting entity's ML/TF risk assessment; and (b) the reporting entity's AML/CTF policies. Division 2—ML/TF risk assessment 26C Reporting entities must undertake an ML/TF risk assessment (1) A reporting entity must undertake an assessment (an ML/TF risk assessment) that identifies and assesses the risks of money laundering, financing of terrorism and proliferation financing that the reporting entity may reasonably face in providing its designated services. (2) The steps taken by a reporting entity in relation to undertaking the reporting entity's ML/TF risk assessment must be appropriate to the nature, size and complexity of the reporting entity's business. Note: See also section 26U (business of a lead entity of a reporting group). Additional obligations that apply to reporting entities that provide designated services at or through permanent establishments in Australia (3) If the reporting entity provides designated services at or through a permanent establishment of the reporting entity in Australia, the reporting entity must have regard to the following matters in undertaking an ML/TF risk assessment: (a) the kinds of designated services provided, or proposed to be provided, by the reporting entity, including any new or emerging technologies relating to those services; (b) the kinds of customers to whom the reporting entity's designated services are or will be provided; (c) the delivery channels by which the reporting entity's designated services are or will be provided, including any new or emerging technologies relating to those delivery channels; (d) the countries with which the reporting entity deals, or will deal, in providing its designated services; (e) information communicated either directly or indirectly by AUSTRAC to the reporting entity that identifies or assesses the risks associated with the reporting entity's provision of its designated services; (f) the matters (if any) specified in the AML/CTF Rules. (4) Subsection (3) does not limit subsection (1). 26D Reporting entities must review and update ML/TF risk assessment Review of ML/TF risk assessment (1) A reporting entity must review its ML/TF risk assessment for the purpose of identifying and assessing any new or changed risks of money laundering, financing of terrorism and proliferation financing that the reporting entity may reasonably face in providing its designated services: (a) if any of the following occur: (i) there is a significant change to any of the matters mentioned in subsection 26C(3); (ii) AUSTRAC communicates to the reporting entity information that identifies or assesses risks associated with the reporting entity's provision of its designated services; (iii) circumstances specified in the AML/CTF Rules; and (b) in any event—at least once every 3 years. (2) The review must be undertaken: (a) for a significant change that is within the control of the reporting entity—before the significant change occurs; or (b) for a significant change that is not within the control of the reporting entity—as soon as practicable after the significant change occurs; or (c) for information communicated for the purposes of subparagraph (1)(a)(ii)—as soon as practicable after the information is communicated to the reporting entity; or (d) for circumstances specified in the AML/CTF Rules—at the time, or within the period, specified in the AML/CTF Rules. (3) The review must be appropriate to the nature, size and complexity of the reporting entity's business. Note: See also section 26U (business of a lead entity of a reporting group). Updating ML/TF risk assessment (4) A reporting entity must update its ML/TF risk assessment to address any issues identified by a review: (a) for a significant change that is within the control of the reporting entity—before the significant change occurs; or (b) in any other case—as soon as practicable after the review is completed. 26E Reporting entities must have up‑to‑date ML/TF risk assessment before providing designated services (1) A reporting entity must not commence to provide a designated service to a customer if the reporting entity does not comply with section 26C or 26D in relation to the designated service. (2) Subsection (1) is a civil penalty provision. (3) A reporting entity that contravenes subsection (1) commits a separate contravention of that subsection in respect of each designated service that the reporting entity provides to a customer at or through a permanent establishment of the reporting entity in Australia. (4) A reporting entity that contravenes subsection (1) commits a separate contravention of that subsection on each day that the reporting entity provides designated services at or through a permanent establishment of the reporting entity in a foreign country. Division 3—AML/CTF policies 26F Reporting entities must develop and maintain AML/CTF policies (1) A reporting entity must develop and maintain policies, procedures, systems and controls (AML/CTF policies) that: (a) appropriately manage and mitigate the risks of money laundering, financing of terrorism and proliferation financing that the reporting entity may reasonably face in providing its designated services; and (b) ensure the reporting entity complies with the obligations imposed by this Act, the regulations and the AML/CTF Rules on the reporting entity; and (c) are appropriate to the nature, size and complexity of the reporting entity's business; and (d) comply with any requirements specified in the AML/CTF Rules. Note: See also section 26U (business of a lead entity of a reporting group). Additional obligations that apply to reporting entities that provide designated services at or through permanent establishments in Australia (2) Subsections (3) and (4) apply if the reporting entity provides a designated service at or through a permanent establishment of the reporting entity in Australia. (3) Without limiting paragraph (1)(a), the AML/CTF policies of a reporting entity must deal with the following: (a) identifying significant changes to any of the matters mentioned in subsection 26C(3); (b) carrying out customer due diligence in accordance with Part 2; (c) reviewing and updating the AML/CTF policies in the following circumstances: (i) in response to a review of the reporting entity's ML/TF risk assessment under section 26D; (ii) circumstances specified in the AML/CTF Rules; (d) reviewing the AML/CTF policies of the reporting entity at the intervals or with the frequency specified in the AML/CTF Rules (and in any event at least once every 3 years); (e) any other matters specified in the AML/CTF Rules. (4) Without limiting paragraph (1)(b), the AML/CTF policies of a reporting entity must deal with the following: (a) if the reporting entity is not an individual—ensuring its governing body is sufficiently informed of the risks of money laundering, financing of terrorism and proliferation financing that the reporting entity may reasonably face in providing its designated services; (b) designating an AML/CTF compliance officer for the reporting entity; (c) designating one or more senior managers of the reporting entity as responsible for approving: (i) the AML/CTF policies of the reporting entity; and (ii) the ML/TF risk assessment of the reporting entity; (d) undertaking due diligence in relation to persons who are, or will be, employed or otherwise engaged by the reporting entity and who perform, or will perform, functions relevant to the reporting entity's obligations under this Act; (e) providing training to persons who are employed or otherwise engaged by the reporting entity and who perform, or will perform, functions relevant to the reporting entity's obligations under this Act in relation to: (i) the risk of money laundering, financing of terrorism and proliferation financing that the reporting entity may reasonably face in providing its designated services; and (ii) the obligations imposed by this Act, the regulations and the AML/CTF Rules on the reporting entity; (f) the conduct of independent evaluations of the reporting entity's AML/CTF program, including the frequency with which such evaluations must be conducted, which must: (i) be appropriate to the nature, size and complexity of the reporting entity's business; and (ii) be at least once every 3 years; (g) any other matters specified in the AML/CTF Rules. Note: See also section 26U (business of a lead entity of a reporting group). Additional obligations that apply to lead entities of reporting groups (5) Without limiting paragraph (1)(a), if a reporting entity is the lead entity of a reporting group, the AML/CTF policies of the reporting entity must deal with the following: (a) ensuring the appropriate sharing of information between members of the reporting group for the following purposes: (i) carrying out customer due diligence under Part 2; (ii) appropriately identifying, assessing, managing and mitigating the risks of money laundering, financing of terrorism and proliferation financing that each reporting entity that is a member of the reporting group may reasonably face in providing its designated services; (b) any other matters specified in the AML/CTF Rules. (6) Without limiting paragraph (1)(b), if a reporting entity is the lead entity of a reporting group, the AML/CTF policies of the reporting entity must deal with the following: (a) ensuring the sharing of information between members of the reporting group that is necessary for the members of the reporting group who are reporting entities to comply with: (i) their obligations imposed by this Act, the regulations and the AML/CTF Rules; and (ii) the AML/CTF policies of the lead entity; (b) if any member of the reporting group discharges an obligation imposed on another member of the reporting group by this Act, the regulations or the AML/CTF Rules: (i) which members of the reporting group may discharge which obligations of which other member; and (ii) ensuring that each member of the reporting group that is a reporting entity makes, or has acces