Commonwealth: Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 (Cth)

Anti‑Money Laundering and Counter‑Terrorism Financing Amendment Act 2024 No. 110, 2024 An Act to amend the Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 and repeal the Financial Transaction Reports Act 1988, and for related purposes Contents 1 Short title 2 Commencement 3 Schedules Schedule 1—AML/CTF programs and business groups Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 Schedule 2—Customer due diligence Part 1—Main amendments Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 Part 2—Consequential amendments Banking Act 1959 Commonwealth Electoral Act 1918 Schedule 3—Regulating additional high‑risk services Part 1—Real estate Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 Part 2—Dealers in precious metals and stones Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 Part 3—Professional services Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 Part 4—Transitional provisions Schedule 4—Legal professional privilege Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 Schedule 5—Tipping off offence and disclosure of AUSTRAC information to foreign countries or agencies Part 1—Main amendments Division 1—Tipping off offence Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 Division 2—Disclosure of AUSTRAC information to foreign countries or agencies Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 Part 2—Contingent amendments Intelligence Services Legislation Amendment Act 2024 Schedule 6—Services relating to virtual assets Part 1—Main amendments Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 Part 2—Contingent amendments Proceeds of Crime Act 2002 Schedule 7—Definition of bearer negotiable instrument Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 Schedule 8—Transfers of value and international value transfer services Part 1—Transfers of value Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 Part 2—International value transfer services Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 Schedule 9—Powers and definitions Part 1—Examination power Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 Part 2—Information gathering power Division 1—Main amendments Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 Division 2—Consequential amendments Freedom of Information Act 1982 Part 3—Definitions Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 Part 4—Contingent amendment Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 Schedule 10—Exemptions Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 Schedule 11—Repeal of the Financial Transaction Reports Act 1988 Part 1—Repeals Financial Transaction Reports Act 1988 Part 2—Consequential amendments Division 1—Amendment of the Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 Division 2—Amendments of other Acts Australian Securities and Investments Commission Act 2001 Commonwealth Electoral Act 1918 Criminal Code Act 1995 Freedom of Information Act 1982 Proceeds of Crime Act 2002 Surveillance Devices Act 2004 Part 3—Transitional provisions Schedule 12—Transitional rules Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 No. 110, 2024 An Act to amend the Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 and repeal the Financial Transaction Reports Act 1988, and for related purposes [Assented to 10 December 2024] The Parliament of Australia enacts: 1 Short title This Act is the Anti‑Money Laundering and Counter‑Terrorism Financing Amendment Act 2024. 2 Commencement (1) Each provision of this Act specified in column 1 of the table commences, or is taken to have commenced, in accordance with column 2 of the table. Any other statement in column 2 has effect according to its terms. Commencement information Column 1 Column 2 Column 3 Provisions Commencement Date/Details 1. Sections 1 to 3 and anything in this Act not elsewhere covered by this table The day this Act receives the Royal Assent. 10 December 2024 2. Schedules 1, 2 and 3 31 March 2026. 31 March 2026 3. Schedule 4 1 July 2026. 1 July 2026 3A. Schedule 5, item 1 31 March 2026. 31 March 2026 3B. Schedule 5, item 2 31 March 2025. 31 March 2025 4. Schedule 5, Part 1, Division 2 31 March 2026. 31 March 2026 5. Schedule 5, Part 2 The later of: (a) the commencement of the provisions covered by table item 3B; and (b) immediately after the commencement of item 94 of Schedule 1 to the Intelligence Services Legislation Amendment Act 2024. However, the provisions do not commence at all if the event mentioned in paragraph (b) does not occur. 6. Schedule 6, Part 1 31 March 2026. 31 March 2026 7. Schedule 6, Part 2 The later of: 31 March 2026 (a) the commencement of the provisions covered by table item 6; and (paragraph (a) applies) (b) immediately after the commencement of Schedule 2 to the Crimes and Other Legislation Amendment (Omnibus No. 1) Act 2024. However, the provisions do not commence at all if the event mentioned in paragraph (b) does not occur. 8. Schedule 7 1 July 2026. 1 July 2026 9. Schedule 8 31 March 2026. 31 March 2026 10. Schedule 9, Parts 1 to 3 The 28th day after this Act receives the Royal Assent. 7 January 2025 11. Schedule 9, Part 4 The later of: (a) the commencement of the provisions covered by table item 10; and (b) immediately after the commencement of item 94 of Schedule 1 to the Intelligence Services Legislation Amendment Act 2024. However, the provisions do not commence at all if the provisions covered by table item 3B commence before the event mentioned in paragraph (b) occurs. 12. Schedule 10 31 March 2026. 31 March 2026 13. Schedules 11 and 12 The 28th day after this Act receives the Royal Assent. 7 January 2025 Note: This table relates only to the provisions of this Act as originally enacted. It will not be amended to deal with any later amendments of this Act. (2) Any information in column 3 of the table is not part of this Act. Information may be inserted in this column, or information in it may be edited, in any published version of this Act. 3 Schedules Legislation that is specified in a Schedule to this Act is amended or repealed as set out in the applicable items in the Schedule concerned, and any other item in a Schedule to this Act has effect according to its terms. Schedule 1—AML/CTF programs and business groups Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 1 Section 4 Omit: • A reporting entity is a financial institution, or other person, who provides designated services. (Designated services are listed in section 6.) substitute: • A reporting entity is a person who provides designated services. (Designated services are listed in section 6.). Lead entities of certain business groups (known as reporting groups) are also reporting entities. • A reporting entity must have and comply with an AML/CTF program. 2 Section 4 Omit: • Reporting entities must have and comply with anti‑money laundering and counter‑terrorism financing programs. 3 Section 5 Insert: AML/CTF compliance officer for a reporting entity means the individual designated as the AML/CTF compliance officer for the reporting entity under subsection 26J(1). AML/CTF policies of a reporting entity: (a) means the policies, procedures, systems and controls of the reporting entity developed under section 26F; and (b) if the policies, procedures, systems and controls of the reporting entity are updated—includes the policies, procedures, systems and controls as updated. AML/CTF program: see section 26B. 4 Section 5 (definition of anti‑money laundering and counter‑terrorism financing program) Repeal the definition. 5 Section 5 Insert: business group: see subsection 10A(3). control has the meaning given by section 11. 6 Section 5 (definition of control test) Repeal the definition. 7 Section 5 (definition of designated business group) Repeal the definition. 8 Section 5 Insert: governing body of a reporting entity means: (a) if the reporting entity is an individual—the individual; or (b) otherwise—the individual, or group of individuals, with primary responsibility for the governance and executive decisions of the reporting entity. 9 Section 5 (definition of joint anti‑money laundering and counter‑terrorism financing program) Repeal the definition. 10 Section 5 Insert: lead entity of a reporting group: see subsection 10A(5). member of a reporting group or a business group: see subsection 10A(4). ML/TF risk assessment of a reporting entity: (a) means the risk assessment undertaken by the reporting entity under section 26C; and (b) if the assessment is updated under section 26D—includes the risk assessment as updated. 11 Section 5 (definition of money laundering and terrorism financing risk assessment) Repeal the definition. 12 Section 5 Insert: proliferation financing means conduct that amounts to: (a) an offence against the Charter of the United Nations Act 1945, or regulations made under that Act, that is prescribed by regulations made under this Act for the purposes of this paragraph; or (b) an offence against the Autonomous Sanctions Act 2011, or a contravention of regulations made under that Act, that involves sanctions addressing the proliferation of weapons of mass destruction; or (c) an offence against the Autonomous Sanctions Act 2011, or a contravention of regulations made under that Act, that is prescribed by regulations made under this Act for the purposes of this paragraph; or (d) the provision of assets (including funds) or financial services, or other dealing with assets, in contravention of a law of the Commonwealth that: (i) implements an international agreement, convention or treaty relating to the proliferation of weapons of mass destruction; and (ii) is prescribed by the regulations for the purposes of this paragraph; or (e) an offence against a law of a State or Territory that corresponds to an offence referred to in paragraph (a), (b), (c) or (d); or (f) an offence against a law of a foreign country or a part of a foreign country that corresponds to an offence referred to in paragraph (a), (b), (c), (d) or (e); or (g) an offence against a law of the Commonwealth, a State or a Territory that is prescribed by the regulations for the purposes of this paragraph. 13 Section 5 (definition of reporting entity) Repeal the definition, substitute: reporting entity means: (a) a person who provides a designated service; or (b) the lead entity of a reporting group. 14 Section 5 Insert: reporting group: see subsection 10A(1). senior manager of a reporting entity means an individual who makes, or participates in making, decisions that affect the whole, or a substantial part, of the business of the reporting entity. 15 Section 5 (definition of shell bank) Omit "section 15", substitute "section 94A". 16 Section 5 (definition of special anti‑money laundering and counter‑terrorism financing program) Repeal the definition. 17 Section 5 (definition of standard anti‑money laundering and counter‑terrorism financing program) Repeal the definition. 18 After subsection 6(6) Insert: Designated services provided within business groups (6A) Despite anything in this section, a service is not a designated service if: (a) any of the following apply: (i) a member of a business group provides the service to another member of the business group; (ii) the service is of a kind described in item 48 of table 1 and the guarantor and borrower are members of the same business group; (iii) the service is of a kind described in item 49 of table 1 and the guarantor and borrower are members of the same business group; (iv) the service is of a kind specified in the AML/CTF Rules; and (b) the service is not of a kind specified in the AML/CTF Rules; and (c) the requirements (if any) specified in the AML/CTF Rules are met. Note 1: Item 48 of table 1 covers guaranteeing a loan, where the guarantee is given in the course of carrying on a business of guaranteeing loans. Note 2: Item 49 of table 1 covers making a payment, in the capacity of guarantor of a loan, to the lender, where the guarantee was given in the course of carrying on a business of guaranteeing loans. 19 Section 11 Repeal the section, substitute: 10A Key terms relating to reporting groups Reporting group (1) A reporting group is: (a) a business group, where: (i) at least one person in the group provides a designated service; and (ii) each member of the group satisfies such conditions (if any) as are specified in the AML/CTF Rules; and (iii) the group is not of a kind that, under the AML/CTF Rules, is ineligible to be a reporting group to which this paragraph applies; and (iv) the conditions (if any) relating to changes in membership, dissolution, administration or operation of the group that are specified in the AML/CTF Rules are satisfied; or (b) a group of 2 or more persons, where: (i) each member of the group has elected, in writing, to be a member of the group, and the election is in force; and (ii) each election was made in accordance with the AML/CTF Rules; and (iii) no member of the group is a member of another group to which this paragraph applies; and (iv) each member of the group satisfies such conditions (if any) as are specified in the AML/CTF Rules; and (v) the group is not of a kind that, under the AML/CTF Rules, is ineligible to be a reporting group; and (vi) the conditions (if any) relating to changes in membership, dissolution, administration or operation of the group that are specified in the AML/CTF Rules are satisfied. (1A) Subject to subsection (2A), a person may be a member of a group to which paragraph (1)(b) applies even if the person is a member of a group to which paragraph (1)(a) applies. (1B) The requirement in subparagraph (1)(b)(i) to make a written election does not apply in relation to a member of a group in the circumstances specified in the AML/CTF Rules. (2) Subparagraph (1)(b)(iii) does not apply in the circumstances specified in the AML/CTF Rules. (2A) If a person is a member of more than one reporting group, the AML/CTF Rules may specify circumstances in which that person is taken, for the purposes of this Act, to be a member of only one of those reporting groups. Business groups (3) A business group is a group of 2 or more persons, where either of the following paragraphs applies: (a) one person in the group controls each other person in the group; (b) the group meets the requirements (if any) specified in the AML/CTF Rules. Members of reporting groups and business groups (4) Each person in a reporting group or a business group is a member of that group. Lead entity of a reporting group (5) The lead entity of a reporting group means the person in the group that is specified in the AML/CTF Rules as the lead entity for the reporting group. Note: The lead entity of a reporting group is a reporting entity, see the definition of reporting entity in section 5. 11 Meaning of control (1) Control, of a body corporate, is: (a) having the capacity to cast, or control the casting of, more than one half of the maximum number of votes that might be cast at a general meeting of the body corporate; or (b) directly or indirectly holding more than one half of the issued share capital of the body corporate (not including any part of the issued share capital that carries no right to participate beyond a specified amount in a distribution of either profits or capital, and not including mutual capital instruments within the meaning of section 167AD of the Corporations Act 2001); or (c) having the capacity to control the composition of the body corporate's board or governing body; or (d) having the capacity to determine the outcome of decisions about the body corporate's financial and operating policies, taking into account: (i) the practical influence that can be exerted (rather than the rights that can be enforced); and (ii) any practice or pattern of behaviour affecting the body corporate's financial or operating policies (whether or not it involves a breach of an agreement or a breach of trust). (2) Control, of a person other than a body corporate, is: (a) having the capacity to control the composition of the person's board or governing body (if any); or (b) having the capacity to determine the outcome of decisions about the person's financial and operating policies, taking into account: (i) the practical influence that can be exerted (rather than the rights that can be enforced); and (ii) any practice or pattern of behaviour affecting the person's financial or operating policies (whether or not it involves a breach of an agreement or a breach of trust). 20 Subparagraph 14(2)(b)(i) Omit "passes the control test in relation to", substitute "controls". 21 Subparagraph 14(3)(b)(i) Omit "passes the control test in relation to", substitute "controls". 22 Section 15 Repeal the section. 23 Subsection 21(3) Omit "regulations" (wherever occurring), substitute "AML/CTF Rules". 24 After Part 1 Insert: Part 1A—AML/CTF programs Division 1—Introduction 26A Simplified outline The following is a simplified outline of this Part: • A reporting entity must have and comply with an AML/CTF program. An AML/CTF program comprises the reporting entity's ML/TF risk assessment and AML/CTF policies. • The ML/TF risk assessment is an assessment of the risks of money laundering, financing of terrorism and proliferation financing that the reporting entity may reasonably face in providing its designated services. • The AML/CTF policies must appropriately manage and mitigate those risks and ensure the reporting entity complies with this Act and instruments under this Act. • The AML/CTF program must be appropriate to the nature, size and complexity of the reporting entity's business. For a lead entity of a reporting group, it must be appropriate to the nature, size and complexity of the business of each reporting entity in the reporting group. • The governing body of the reporting entity has responsibilities relating to the AML/CTF program, including relating to overseeing and ensuring the reporting entity complies with the AML/CTF policies, this Act and instruments under this Act. • The reporting entity must have an AML/CTF compliance officer. The AML/CTF compliance officer has various functions, including to oversee and coordinate the effective operation of, and compliance with, the AML/CTF policies. 26B What is an AML/CTF program? An AML/CTF program of a reporting entity comprises: (a) the reporting entity's ML/TF risk assessment; and (b) the reporting entity's AML/CTF policies. Division 2—ML/TF risk assessment 26C Reporting entities must undertake an ML/TF risk assessment (1) A reporting entity must undertake an assessment (an ML/TF risk assessment) that identifies and assesses the risks of money laundering, financing of terrorism and proliferation financing that the reporting entity may reasonably face in providing its designated services. (2) The steps taken by a reporting entity in relation to undertaking the reporting entity's ML/TF risk assessment must be appropriate to the nature, size and complexity of the reporting entity's business. Note: See also section 26U (business of a lead entity of a reporting group). Additional obligations that apply to reporting entities that provide designated services at or through permanent establishments in Australia (3) If the reporting entity provides designated services at or through a permanent establishment of the reporting entity in Australia, the reporting entity must have regard to the following matters in undertaking an ML/TF risk assessment: (a) the kinds of designated services provided, or proposed to be provided, by the reporting entity, including any new or emerging technologies relating to those services; (b) the kinds of customers to whom the reporting entity's designated services are or will be provided; (c) the delivery channels by which the reporting entity's designated services are or will be provided, including any new or emerging technologies relating to those delivery channels; (d) the countries with which the reporting entity deals, or will deal, in providing its designated services; (e) information communicated either directly or indirectly by AUSTRAC to the reporting entity that identifies or assesses the risks associated with the reporting entity's provision of its designated services; (f) the matters (if any) specified in the AML/CTF Rules. (4) Subsection (3) does not limit subsection (1). 26D Reporting entities must review and update ML/TF risk assessment Review of ML/TF risk assessment (1) A reporting entity must review its ML/TF risk assessment for the purpose of identifying and assessing any new or changed risks of money laundering, financing of terrorism and proliferation financing that the reporting entity may reasonably face in providing its designated services: (a) if any of the following occur: (i) there is a significant change to any of the matters mentioned in subsection 26C(3); (ii) AUSTRAC communicates to the reporting entity information that identifies or assesses risks associated with the reporting entity's provision of its designated services; (iii) circumstances specified in the AML/CTF Rules; and (b) in any event—at least once every 3 years. (2) The review must be undertaken: (a) for a significant change that is within the control of the reporting entity—before the significant change occurs; or (b) for a significant change that is not within the control of the reporting entity—as soon as practicable after the significant change occurs; or (c) for information communicated for the purposes of subparagraph (1)(a)(ii)—as soon as practicable after the information is communicated to the reporting entity; or (d) for circumstances specified in the AML/CTF Rules—at the time, or within the period, specified in the AML/CTF Rules. (3) The review must be appropriate to the nature, size and complexity of the reporting entity's business. Note: See also section 26U (business of a lead entity of a reporting group). Updating ML/TF risk assessment (4) A reporting entity must update its ML/TF risk assessment to address any issues identified by a review: (a) for a significant change that is within the control of the reporting entity—before the significant change occurs; or (b) in any other case—as soon as practicable after the review is completed. 26E Reporting entities must have up‑to‑date ML/TF risk assessment before providing designated services (1) A reporting entity must not commence to provide a designated service to a customer if the reporting entity does not comply with section 26C or 26D in relation to the designated service. (2) Subsection (1) is a civil penalty provision. (3) A reporting entity that contravenes subsection (1) commits a separate contravention of that subsection in respect of each designated service that the reporting entity provides to a customer at or through a permanent establishment of the reporting entity in Australia. (4) A reporting entity that contravenes subsection (1) commits a separate contravention of that subsection on each day that the reporting entity provides designated services at or through a permanent establishment of the reporting entity in a foreign country. Division 3—AML/CTF policies 26F Reporting entities must develop and maintain AML/CTF policies (1) A reporting entity must develop and maintain policies, procedures, systems and controls (AML/CTF policies) that: (a) appropriately manage and mitigate the risks of money laundering, financing of terrorism and proliferation financing that the reporting entity may reasonably face in providing its designated services; and (b) ensure the reporting entity complies with the obligations imposed by this Act, the regulations and the AML/CTF Rules on the reporting entity; and (c) are appropriate to the nature, size and complexity of the reporting entity's business; and (d) comply with any requirements specified in the AML/CTF Rules. Note: See also section 26U (business of a lead entity of a reporting group). Additional obligations that apply to reporting entities that provide designated services at or through permanent establishments in Australia (2) Subsections (3) and (4) apply if the reporting entity provides a designated service at or through a permanent establishment of the reporting entity in Australia. (3) Without limiting paragraph (1)(a), the AML/CTF policies of a reporting entity must deal with the following: (a) identifying significant changes to any of the matters mentioned in subsection 26C(3); (b) carrying out customer due diligence in accordance with Part 2; (c) reviewing and updating the AML/CTF policies in the following circumstances: (i) in response to a review of the reporting entity's ML/TF risk assessment under section 26D; (ii) circumstances specified in the AML/CTF Rules; (d) reviewing the AML/CTF policies of the reporting entity at the intervals or with the frequency specified in the AML/CTF Rules (and in any event at least once every 3 years); (e) any other matters specified in the AML/CTF Rules. (4) Without limiting paragraph (1)(b), the AML/CTF policies of a reporting entity must deal with the following: (a) if the reporting entity is not an individual—ensuring its governing body is sufficiently informed of the risks of money laundering, financing of terrorism and proliferation financing that the reporting entity may reasonably face in providing its designated services; (b) designating an AML/CTF compliance officer for the reporting entity; (c) designating one or more senior managers of the reporting entity as responsible for approving: (i) the AML/CTF policies of the reporting entity; and (ii) the ML/TF risk assessment of the reporting entity; (d) undertaking due diligence in relation to persons who are, or will be, employed or otherwise engaged by the reporting entity and who perform, or will perform, functions relevant to the reporting entity's obligations under this Act; (e) providing training to persons who are employed or otherwise engaged by the reporting entity and who perform, or will perform, functions relevant to the reporting entity's obligations under this Act in relation to: (i) the risk of money laundering, financing of terrorism and proliferation financing that the reporting entity may reasonably face in providing its designated services; and (ii) the obligations imposed by this Act, the regulations and the AML/CTF Rules on the reporting entity; (f) the conduct of independent evaluations of the reporting entity's AML/CTF program, including the frequency with which such evaluations must be conducted, which must: (i) be appropriate to the nature, size and complexity of the reporting entity's business; and (ii) be at least once every 3 years; (g) any other matters specified in the AML/CTF Rules. Note: See also section 26U (business of a lead entity of a reporting group). Additional obligations that apply to lead entities of reporting groups (5) Without limiting paragraph (1)(a), if a reporting entity is the lead entity of a reporting group, the AML/CTF policies of the reporting entity must deal with the following: (a) ensuring the appropriate sharing of information between members of the reporting group for the following purposes: (i) carrying out customer due diligence under Part 2; (ii) appropriately identifying, assessing, managing and mitigating the risks of money laundering, financing of terrorism and proliferation financing that each reporting entity that is a member of the reporting group may reasonably face in providing its designated services; (b) any other matters specified in the AML/CTF Rules. (6) Without limiting paragraph (1)(b), if a reporting entity is the lead entity of a reporting group, the AML/CTF policies of the reporting entity must deal with the following: (a) ensuring the sharing of information between members of the reporting group that is necessary for the members of the reporting group who are reporting entities to comply with: (i) their obligations imposed by this Act, the regulations and the AML/CTF Rules; and (ii) the AML/CTF policies of the lead entity; (b) if any member of the reporting group discharges an obligation imposed on another member of the reporting group by this Act, the regulations or the AML/CTF Rules: (i) which members of the reporting group may discharge which obligations of which other member; and (ii) ensuring that each member of the reporting group that is a reporting entity makes, or has access to, records to demonstrate any discharge by another member of the reporting group of any such obligations imposed on the reporting entity; (c) ensuring the confidentiality and appropriate use of any information shared between members of the reporting group, including to prevent any contravention of subsection 123(1) by any member of the reporting group; (d) any other matters specified in the AML/CTF Rules. Note: For other rules about how this Part applies in relation to reporting groups, see sections 26U and 236B. AML/CTF Rules (7) The AML/CTF Rules may do either or both of the following: (a) specify requirements that must be complied with in relation to a matter mentioned in subsection (3), (4), (5) or (6); (b) set out circumstances in which the AML/CTF policies of a reporting entity are taken to comply with a matter mentioned in those subsections. Reporting entities must develop and maintain AML/CTF policies before providing designated services (8) A reporting entity must not commence to provide a designated service to a customer if the reporting entity does not comply with subsection (1). Civil penalty (8A) Subsection (8) is a civil penalty provision. (9) A reporting entity that contravenes subsection (8) commits a separate contravention of that subsection in respect of each designated service that the reporting entity provides to a customer at or through a permanent establishment of the reporting entity in Australia. (10) A reporting entity that contravenes subsection (8) commits a separate contravention of that subsection on each day that the reporting entity provides designated services at or through a permanent establishment of the reporting entity in a foreign country. Exception (11) Despite subsection (1), a reporting entity is not required to develop or maintain policies, procedures, systems and controls that specifically deal with the risk of proliferation financing if: (a) the reporting entity reasonably assesses, under section 26C or 26D, the risk of proliferation financing that the reporting entity may reasonably face as low; and (b) the reporting entity reasonably assesses that its risk of proliferation financing can be appropriately managed and mitigated by its policies, procedures, systems and controls that manage and mitigate the risks of money laundering or financing of terrorism. (12) A person who wishes to rely on subsection (11) bears a legal burden in relation to that matter. 26G Reporting entities must comply with AML/CTF policies (1) A reporting entity must comply with the AML/CTF policies of the reporting entity. (2) If: (a) a reporting entity is a member of a reporting group; and (b) the reporting entity is not the lead entity of the reporting group; the reporting entity must also comply with the AML/CTF policies of the lead entity of the reporting group that apply to the reporting entity. Note: The lead entity of the reporting group must comply with its own AML/CTF policies under subsection (1). (3) Subsections (1) and (2) are civil penalty provisions. Division 4—AML/CTF responsibilities of governing bodies 26H AML/CTF responsibilities of governing bodies (1) The governing body of a reporting entity must: (a) exercise appropriate ongoing oversight of: (i) the reporting entity's identification and assessment of risk for the purposes of its ML/TF risk assessment; and (ii) the reporting entity's compliance with its AML/CTF policies, the Act, the regulations and the AML/CTF Rules; and (b) take reasonable steps to ensure that the reporting entity: (i) is appropriately identifying, assessing, managing and mitigating the risks of money laundering, financing of terrorism and proliferation financing that the reporting entity may reasonably face in providing its designated services; and (ii) is otherwise complying with its AML/CTF policies, the Act, the regulations and the AML/CTF Rules. (2) A reporting entity contravenes this subsection if the governing body of the reporting entity contravenes subsection (1). (3) Subsection (2) is a civil penalty provision. Division 5—AML/CTF compliance officers 26J Reporting entities must designate an individual as the AML/CTF compliance officer for the reporting entity (1) The reporting entity must designate an individual as the compliance officer (the AML/CTF compliance officer) for the reporting entity. AML/CTF compliance officers must have sufficient authority etc. (2) A reporting entity must ensure that the individual designated as the AML/CTF compliance officer for the reporting entity: (a) is a person employed or otherwise engaged by the reporting entity at management level; and (b) has sufficient authority, independence and access to resources and information to ensure the individual can perform the functions of an AML/CTF compliance officer effectively. AML/CTF compliance officers must meet certain requirements (3) An individual is not eligible to be designated as the AML/CTF compliance officer for a reporting entity unless the individual: (a) if the reporting entity provides its designated services at or through a permanent establishment of the reporting entity in Australia—is a resident of Australia; and (b) is a fit and proper person; and (c) meets the requirements (if any) specified in the AML/CTF Rules. (4) The AML/CTF Rules may specify matters to which a reporting entity must have regard in determining whether an individual is a fit and proper person for the purposes of paragraph (3)(b). Civil penalties (5) Subsection (2) is a civil penalty provision. (6) A reporting entity contravenes this subsection if: (a) the reporting entity designates an individual as its AML/CTF compliance officer; and (b) the individual is not eligible under subsection (3) to be designated as the AML/CTF compliance officer for the reporting entity. (7) Subsection (6) is a civil penalty provision. 26K Reporting entities must have an AML/CTF compliance officer (1) If: (a) a reporting entity commences to provide a designated service; and (b) an individual is not designated as the AML/CTF compliance officer for the reporting entity; the reporting entity must, no later than 28 days after the day on which the reporting entity commences to provide the designated service, designate an individual as the AML/CTF compliance officer for the reporting entity. (2) If: (a) a reporting entity commences to provide a designated service; and (b) the individual designated as the AML/CTF compliance officer for the reporting entity ceases to be eligible under subsection 26J(3) to be so designated; the reporting entity must, no later than 28 days after the day on which the individual ceases to be eligible, designate another individual as the AML/CTF compliance officer for the reporting entity. (3) If: (a) a reporting entity is required under subsection (1) or (2) to designate an individual as the AML/CTF compliance officer for the reporting entity by a particular time; and (b) the reporting entity does not do so by that time; then the obligation to comply with the requirement continues until: (c) the reporting entity designates an individual as the AML/CTF compliance officer for the reporting entity; or (d) the reporting entity ceases to be a reporting entity; whichever occurs first. (4) A reporting entity that contravenes subsection (1) or (2) by failing to designate an individual as the AML/CTF compliance officer for the reporting entity by a particular time (the deadline) is taken to commit a separate contravention of that subsection on each day that occurs during the period: (a) beginning on the day on which the deadline occurs; and (b) ending on the day on which the reporting entity's obligation to comply with the requirement ends (see subsection (3)). (5) To avoid doubt, a reporting entity does not contravene subsection (1) or (2) more than once on any particular day, even if the reporting entity commences to provide a designated service more than once on a particular day or during a particular period. (6) Subsections (1) and (2) are civil penalty provisions. 26L AML/CTF compliance officer's functions The functions of the AML/CTF compliance officer for a reporting entity are: (a) to oversee and coordinate the reporting entity's day‑to‑day compliance with this Act, the regulations and the AML/CTF Rules; and (b) to oversee and coordinate the effective operation of and compliance with the reporting entity's AML/CTF policies; and (c) to communicate, on behalf of the reporting entity, with AUSTRAC; and (d) to do anything incidental to or conducive to the performance of any of the above functions; and (e) any other functions specified in the AML/CTF Rules. 26M Reporting entities must notify AUSTRAC of entity's AML/CTF compliance officer (1) A reporting entity must notify AUSTRAC of the individual who is designated as the reporting entity's AML/CTF compliance officer within 14 days after the individual is designated as the AML/CTF compliance officer for the reporting entity. (2) A notice under subsection (1): (a) must be in the approved form; and (b) must contain such information, and be accompanied by such documents, as is required by the approved form. (3) Subsection (1) is a civil penalty provision. Division 6—AML/CTF program documentation and approvals 26N AML/CTF program documentation (1) A reporting entity must document the following, within the period (if any) specified in the AML/CTF Rules: (a) its AML/CTF program; (b) any other matter relating to the AML/CTF program of the reporting entity specified in the AML/CTF Rules. (2) A reporting entity must comply with subsection (1). (3) Subsection (2) is a civil penalty provision. (4) If a reporting entity is the responsible entity of a registered scheme (within the meaning of the Corporations Act 2001), the reporting entity's AML/CTF program may be documented in the same document as the registered scheme's compliance plan under that Act. 26P AML/CTF program approvals (1) A reporting entity's ML/TF risk assessment and AML/CTF policies, including any updates to either, must be approved by a senior manager of the reporting entity. (2) Any updates to a reporting entity's ML/TF risk assessment must be notified, in writing, to the governing body of the reporting entity as soon as practicable after the update is made. (3) A reporting entity must comply with a requirement under this section. (4) Subsection (3) is a civil penalty provision. 26Q Requests for AML/CTF documentation (1) The AUSTRAC CEO may, by written notice, request a reporting entity to produce one or more of the documents required by subsection 26N(1) within the period specified in the notice. (2) A reporting entity must comply with a notice given under subsection (1). (3) Subsection (2) is a civil penalty provision. Division 7—Other matters 26R AUSTRAC CEO may require reporting entity to undertake ML/TF risk assessment etc. Scope (1) This section applies if the AUSTRAC CEO is satisfied that: (a) a reporting entity does not have an AML/CTF program; or (b) the AML/CTF program of a reporting entity is not up to date; or (c) the AML/CTF program of a reporting entity does not appropriately identify, assess, manage or mitigate the risk of money laundering, financing of terrorism and proliferation financing that the reporting entity may reasonably face in providing its designated services. Requirement (2) The AUSTRAC CEO may, by written notice given to the reporting entity, require the reporting entity to: (a) do one or more of the following: (i) undertake and document an ML/TF risk assessment of the reporting entity; (ii) review and update the ML/TF risk assessment of the reporting entity; (iii) develop and document AML/CTF policies of the reporting entity; (iv) review and update the AML/CTF policies of the reporting entity; and (b) provide a copy of the documentation within: (i) the period specified in the notice; or (ii) if the AUSTRAC CEO allows a longer period—that longer period. (3) A person commits an offence if: (a) the person is subject to a requirement under subsection (2); and (b) the person engages in conduct; and (c) the person's conduct breaches the requirement. Penalty: Imprisonment for 6 months or 30 penalty units, or both. Civil penalty (4) A reporting entity must comply with a requirement under subsection (2). (5) Subsection (4) is a civil penalty provision. 26S Registered remittance affiliates of a registered remittance network provider (1) A reporting entity that is a registered remittance network provider must make available an AML/CTF program to its registered remittance affiliates. (2) Subsection (1) is a civil penalty provision. (3) To avoid doubt, subsection (1) does not prevent any of the registered remittance affiliates from: (a) undertaking a risk assessment for the remittance affiliate; or (b) developing AML/CTF policies for the remittance affiliate. (4) If a senior manager of a remittance affiliate of a registered remittance network provider approves the registered remittance network provider's: (a) ML/TF risk assessment; and (b) AML/CTF policies; the remittance affiliate is taken to have complied with the remittance affiliate's obligations under section 26C and 26F in respect of the remittance affiliate's designated services to which the registered remittance network provider's AML/CTF program applies. 26T Application of Part to holders of Australian financial services licences (1) This section applies if all of the designated services provided by a reporting entity are covered by item 54 of table 1 in section 6. Note: Item 54 of table 1 in section 6 covers a holder of an Australian financial services licence who arranges for a person to receive a designated service. (2) Paragraph 26F(1)(a) applies in relation to the reporting entity as if it instead required policies, procedures, systems and controls that: (a) relate to undertaking initial customer due diligence in accordance with section 28; and (b) are appropriate to the risks of money laundering, financing of terrorism and proliferation financing that the reporting entity may reasonably face in providing its designated services. (3) The following provisions of this Part do not apply to the reporting entity: (a) paragraphs 26F(1)(b) and (3)(a) to (d) and subsection 26F(4); (b) section 26H; (c) subsection 26P(2); (d) Division 5. 26U Business of a lead entity of a reporting group In applying this Part in relation to a reporting entity that is the lead entity of a reporting group, a reference to the nature, size and complexity of the reporting entity's business is taken to be a reference to the nature, size and complexity of the business of the lead entity and each other reporting entity that is a member of the reporting group. Note: For other rules about how this Part applies in relation to a lead entity of a reporting group, see section 236B. 26V General exemptions (1) This Part does not apply to a designated service that is of a kind specified in the AML/CTF Rules. (2) The AML/CTF Rules may provide that a specified provision of this Part does not apply to a designated service that is of a kind specified in the AML/CTF Rules. (3) This Part does not apply to a designated service that is provided in circumstances specified in the AML/CTF Rules. (4) The AML/CTF Rules may provide that a specified provision of this Part does not apply to a designated service that is provided in circumstances specified in the AML/CTF Rules. 25 Subsection 35F(5) Repeal the subsection. 26 Paragraph 38(d) Omit "money laundering or financing of terrorism", substitute "money laundering, financing of terrorism or proliferation financing". 27 Subsection 39(5) Repeal the subsection. 28 Subsections 47(6) and (7) Repeal the subsections. 29 Section 51A Omit: • Providers of designated services must be entered on the Reporting Entities Roll. substitute: • Reporting entities must be entered on the Reporting Entities Roll. 30 Part 7 Repeal the Part. 31 After section 94 Insert: 94A Shell banks (1) A shell bank is a corporation that: (a) is incorporated in a foreign country; and (b) is authorised to carry on banking business in its country of incorporation; and (c) does not have a physical presence in its country of incorporation; and (d) is not an affiliate of another corporation that: (i) is incorporated in a particular country; and (ii) is authorised to carry on banking business in its country of incorporation; and (iii) has a physical presence in its country of incorporation. When a corporation has a physical presence in a country (2) For the purposes of determining what is a shell bank, a corporation has a physical presence in a country if, and only if: (a) the corporation carries on banking business at a place in that country; and (b) at least one full‑time employee of the corporation performs banking‑related duties at that place. When a corporation is affiliated with another corporation (3) For the purposes of determining what is a shell bank, a corporation is affiliated with another corporation if, and only if: (a) the corporation is a subsidiary of the other corporation; or (b) at least one individual controls both corporations; or (c) under the regulations, both corporations are taken to be under common control. 32 Section 104 Omit: • A reporting entity must retain a copy of its anti‑money laundering and counter‑terrorism financing program. substitute: • A reporting entity must retain records relating to its AML/CTF program. 33 Subsection 108(4) Repeal the subsection. 34 Subsection 114B(4) Repeal the subsection. 35 Division 5 of Part 10 Repeal the Division, substitute: Division 5—AML/CTF program record‑keeping requirements 116 Retention of records relating to Part 1A (1) A reporting entity must keep records that: (a) are reasonably necessary to demonstrate compliance with the reporting entity's obligations under Part 1A; and (b) are in the English language, or in a form in which the records are readily accessible and readily convertible into writing in the English language. (2) Subsection (1) is a civil penalty provision. (3) A person who is or was a reporting entity must retain the records referred to in subsection (1) throughout the period: (a) beginning at the time the record was made; and (b) ending 7 years after the record is no longer relevant to the reporting entity's compliance with its obligations under Part 1A. (4) Subsection (3) is a civil penalty provision. 35A Paragraph 123(1)(a) Repeal the paragraph, substitute: (a) the person is or has been: (i) a reporting entity; or (ii) an officer, employee or agent of a reporting entity; or (iii) a member of a reporting group; or (iv) an officer, employee or agent of a member of a reporting group; or (v) required by a notice under subsection 49(1) to give information or produce documents; or (vi) required by notice under subsection 49B(2) to give information or produce documents; and 36 Paragraph 124(2)(a) After "section", insert "26R,". 37 Paragraph 124(2)(a) Omit ", 162 or 165", substitute "or 162". 38 Subsection 161(1) Repeal the subsection, substitute: (1) This section applies if the AUSTRAC CEO has reasonable grounds to suspect that a reporting entity has not taken, or is not taking, appropriate action to identify, assess, manage or mitigate the risks of money laundering, financing of terrorism and proliferation financing that the reporting entity may reasonably face in providing its designated services at or through a permanent establishment of the reporting entity in Australia. 39 Paragraph 161(2)(b) Repeal the paragraph, substitute: (b) arrange for the external auditor to carry out an external audit of the reporting entity's capacity and endeavours to identify, assess, manage or mitigate the risks of money laundering, financing of terrorism and proliferation financing that the reporting entity may reasonably face in providing its designated services at or through a permanent establishment of the reporting entity in Australia; and 40 Subsection 161(4) Repeal the subsection, substitute: (4) The matters that may be specified under paragraph (3)(a) may include either or both of the following: (a) an assessment of the risks of money laundering, financing of terrorism and proliferation financing that the reporting entity may reasonably face in providing its designated services at or through a permanent establishment of the reporting entity in Australia; (b) an assessment of what the reporting entity will need to do, or continue to do, to appropriately identify, assess, manage or mitigate the risks of money laundering, financing of terrorism and proliferation financing that the reporting entity may reasonably face in providing its designated services at or through a permanent establishment of the reporting entity in Australia. 41 Subparagraph 161(6)(b)(i) Omit "belongs to a designated business group", substitute "is a member of a reporting group". 42 Subparagraph 161(6)(b)(ii) Omit "designated business group", substitute "reporting group". 43 Subparagraph 162(6)(b)(i) Omit "belongs to a designated business group", substitute "is a member of a reporting group". 44 Subparagraph 162(6)(b)(ii) Omit "designated business group", substitute "reporting group". 45 Division 8 of Part 13 Repeal the Division. 46 Subsection 184(4) (before paragraph (b) of the definition of designated infringement notice provision) Insert: (aa) subsection 26K(1) or (2) (which deal with reporting entities' obligation to designate an AML/CTF compliance officer); (ab) subsection 26M(1) (which deals with notifications about AML/CTF compliance officers); (ac) subsection 26N(2) (which deals with AML/CTF program documentation); (ad) subsection 26P(3) (which deals with AML/CTF program approvals); (ae) subsection 26Q(2) (which deals with requests for AML/CTF program documentation); 47 Subsection 184(4) (paragraph (g) of the definition of designated infringement notice provision) Repeal the paragraph, substitute: (g) subsection 116(1) or (3) (which deal with retaining records relating to AML/CTF programs); 48 Paragraphs 207(3)(a) and (b) Omit "designated business group", substitute "reporting group". 49 Section 234 After: • In proceedings for a contravention of this Act or the regulations, it is a defence if the defendant proves that the defendant took reasonable precautions, and exercised due diligence, to avoid the contravention. insert: • There is a defence to a contravention of certain civil penalty provisions relating to the law of a foreign country preventing compliance. • Provision is made in relation to how this Act applies to reporting groups. 50 After section 236 Insert: 236A Defence of law of foreign country preventing compliance (1) A reporting entity does not contravene a civil penalty provision in Part 1A or 2 if: (a) the reporting entity provides a designated service at or through a permanent establishment in a foreign country; and (b) a law of the foreign country that applies in the place where the permanent establishment is located prevents the reporting entity from complying with that civil penalty provision; and (c) before the conduct alleged to constitute the contravention occurs, the reporting entity has given written notice, in the approved form, to the AUSTRAC CEO of those facts; and (d) at the time the conduct alleged to constitute the contravention occurs, the reporting entity is taking reasonable steps to ensure that the reporting entity is appropriately identifying, assessing, managing and mitigating any additional risk of money laundering, terrorism financing or proliferation financing associated with being prevented from complying with that civil penalty provision. (2) A person who wishes to rely on subsection (1) bears a legal burden in relation to that matter. 236B Application of this Act in relation to reporting groups Designated services of reporting group taken to be provided by lead entity for certain purposes (1) Subsection (2) applies if a reporting entity (the ordinary member) that is a member of a reporting group but is not the lead entity of the reporting group proposes to provide, commences to provide, or provides, a designated service. (2) For the purposes of Parts 1A, 2, 3A and 10, and Division 9 of Part 15, the lead entity is also taken to have proposed to provide, commenced to provide, or provided, as the case requires, the designated service in the same circumstances as those in which the service is proposed to be provided, is commenced to have been provided, or is provided, by the ordinary member. Note: In relation to the application of Part 1A to reporting groups, see also section 26U (business of a lead entity of a reporting group). (3) For the purposes of subsection (2), the same circumstances include: (a) that a permanent establishment of the ordinary member is taken to be a permanent establishment of the lead entity; and (b) that the lead entity is taken to provide the designated service in the same capacity as the ordinary member; and (c) that the lead entity is taken to have received any information communicated either directly or indirectly by AUSTRAC to the ordinary member that identifies or assesses the risks associated with the ordinary member's provision of the designated service; and (d) a circumstance specified by the AML/CTF Rules. (4) Subsection (3) does not limit subsection (2). Discharge of obligations by members of a reporting group (5) If: (a) a reporting entity is a member of a reporting group; and (b) an obligation is imposed on the reporting entity by a provision of this Act, the regulations or the AML/CTF Rules; and (c) such other conditions (if any) as are specified in the AML/CTF Rules are satisfied; and (d) the obligation is not of a kind, or does not arise in circumstances, specified in the AML/CTF Rules; the obligation may be discharged by any other member of the reporting group. Note: The member who discharges the obligation need not be a reporting entity. Contraventions of civil penalty provisions by members of reporting groups (6) A civil penalty provision that would otherwise be contravened only by a reporting entity that is: (a) a member of a reporting group; and (b) not the lead entity of the reporting group; is taken to have been contravened by both the reporting entity and the lead entity. Schedule 2—Customer due diligence Part 1—Main amendments Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 1 Section 4 Omit: • A reporting entity must carry out a procedure to verify a customer's identity before providing a designated service to the customer. However, in special cases, the procedure may be carried out after the provision of the designated service. substitute: • A reporting entity must undertake initial customer due diligence before providing a designated service to the customer. However, in special cases, initial customer due diligence may be carried out after the provision of the designated service. 2 Section 4 Omit: • Certain pre‑commencement customers are subject to modified identification procedures. substitute: • Certain pre‑commencement customers are subject to modified customer due diligence. 3 Section 4 Omit: • Certain low‑risk services are subject to modified identification procedures. substitute: • Simplified customer due diligence may be undertaken in certain low risk circumstances as part of initial and ongoing customer due diligence. 4 Section 5 (definition of applicable customer identification procedure) Repeal the definition. 5 Section 5 Insert: beneficial owner of a person (other than an individual) means an individual who: (a) ultimately owns (either directly or indirectly) 25% or more of the person; or (b) controls (directly or indirectly) the person. business relationship means a relationship between a reporting entity and a customer involving the provision of a designated service or designated services that has, or could reasonably be expected to have, an element of duration. child: without limiting who is a child of another person for the purposes of this Act, each of the following is the child of a person: (a) a stepchild or an adopted child of the person; (b) someone who would be the stepchild of the person except that the person is not legally married to the person's partner; (c) someone who is a child of the person within the meaning of the Family Law Act 1975. de facto partner has the same meaning as in the Acts Interpretation Act 1901. domestic politically exposed person means: (a) an individual who holds an office or position (whether or not in or for the Commonwealth) specified in the AML/CTF Rules; or (b) an individual who is a member of the legislature of the Commonwealth or of a State or Territory; or (c) a family member of an individual covered by paragraph (a) or (b); or (d) an individual who is known (having regard to information that is public or readily available) to have: (i) joint beneficial ownership of a body corporate or legal arrangement with an individual covered by paragraph (a) or (b); or (ii) sole beneficial ownership of a body corporate or legal arrangement on behalf or for the benefit of an individual covered by paragraph (a) or (b); or (iii) any other close business relations with an individual covered by paragraph (a) or (b). family member of an individual who is covered by: (a) paragraph (a) or (b) of the definition of domestic politically exposed person in this section; or (b) paragraph (a) of the definition of foreign politically exposed person in this section; or (c) paragraph (a) of the definition of international organisation politically exposed person in this section; includes: (d) a spouse, de facto partner, or other person who is equivalent to a spouse or de facto partner under any applicable law of a foreign country, of the individual; and (e) a child of the individual; and (f) a spouse or de facto partner, or other person who is equivalent to a spouse or de facto partner under any applicable law of a foreign country, of a child of the individual; and (g) a parent of the individual. foreign politically exposed person means: (a) an individual who holds a prominent office or position or public function in or for the legislature, executive or judiciary of a foreign country, including an individual who holds any of the following offices or positions: (i) head of state or head of government; (ii) member of the executive council of government; (iii) member of a legislature; (iv) minister, deputy minister or equivalent office or position; (v) judge of a supreme court, constitutional court or other court of general jurisdiction or last resort; (vi) ambassador, high commissioner or charge d'affaires; (vii) high ranking military officer; (viii) head or board member of a government body; (ix) head or board member of a state‑owned company or a state‑owned bank; (x) member of a governing body of a political party represented in a legislature; (xi) an office or position prescribed in the AML/CTF Rules; or (b) a family member of an individual covered by paragraph (a); or (c) an individual who is known (having regard to information that is public or readily available) to have: (i) joint beneficial ownership of a body corporate or legal arrangement with an individual covered by paragraph (a); or (ii) sole beneficial ownership of a body corporate or legal arrangement on behalf or for the benefit of an individual covered by paragraph (a); or (iii) any other close business relations with an individual covered by paragraph (a). Note: Foreign country has an extended meaning—see the definition of foreign country in this section. international organisation politically exposed person means: (a) an individual who is entrusted with a prominent public function, position or office of a public