by Paul Quealey
Since its introduction in 2006, the requirements of incorporating Anti-Money Laundering and Counter Terrorism Finance (AML/CTF) procedures into businesses and industries have expanded year on year.

Initially focused on banks and financing institutions, the requirements for effective AML/CTF frameworks and procedures have now expanded into licensed venues (casinos, clubs and pubs), solicitors, accountants and remittance service providers.

With recent high-profile cases of failures in managing these requirements to AUSTRAC’s expectations (e.g. TAB Corp, Crown Casino, Star Casino, etc), AUSTRAC has flagged the likelihood of additional reviews and investigations. Surprisingly, oversight doesn’t seem to be a requirement of AUSTRAC alone.

Case Study: Licensed & Registered Club

Recently, a licensed venue client of Lambourne Partners was requested by their financial institution to provide the club’s most recent independent AML/CTF audit review report. With the club’s AML/CTF policy requiring that such reviews are completed every 3 years – as is surely common with many small and medium registered clubs – the club itself had not completed such a review since the AML/CTF frameworks were implemented.

Lambourne Partners was engaged to complete the required review, with the bank freezing the club’s bank accounts until the provision of the report (note: it was agreed with the bank to unfreeze the accounts while the audit was completed, however, a 2 week timeframe was given to provide the final report to the bank before the accounts were frozen again).

While the audit was completed, and the report provided to the bank prior to the report due date, the findings from the review are likely to be common across those with strict AML/CTF requirements. A summary of the key findings included:

Framework and Policy

The club had a documented framework and policy. However, the policy was developed based upon the various templates provided at the time of implementation. The policy had not been subject to regular review or update, and as such key changes in requirements had not been incorporated into the framework and completed (particularly training, client identification, reporting and monitoring requirements).

A key foundation to the framework is the completion of a risk assessment, which had not been subject to any review and update. It is critical that the risk assessment consider AML/CTF transactions which could occur, quantify risk and likelihood, and document treatments and actions to be taken.

Training and Awareness

As continually communicated by AUSTRAC, one of the most important areas of AML/CTF is the provision of regular and tailored training. This training is required to cover directors and staff alike. In this case, the club’s directors had not fulfilled the AML/CTF training requirements, including transition provisions for current and new directors. Additionally, the club was relying upon training provided by a third party to staff, however this was limited to one identified service offering of the club only, and not all services offered by the club.

AUSTRAC expects training provided to employees who carry out roles that are identified to pose a risk of ML/TF to ensure they understand their responsibilities to the organisation and society at large, the implications of non-compliance, the types of incidents they may encounter, and procedures to follow when suspicious activity is identified.

Employee and Client Identification and Screening

Since June 2021, a registered club must prohibit the provision of designated services if client identification procedures have not been completed. Such requirements had not been considered within the framework, and potentially insufficient controls in place to ensure requirements are met.

Additionally, best practice requires proper pre-employment screening procedures, with regular reviews, for all staff involved in designated services. While the club in question completed employee screening, the level of screening was considered inferior to best practice expectations.

Continual Transaction Monitoring

The club had well defined monitoring, and subsequent reporting, for transactions over the reporting limit of $10,000. However, the requirements around continual monitoring necessitate more than just fulfilling external reporting requirements. This monitoring should be designed to assist in identifying where customers are attempting to circumvent the reporting threshold, or “clean” money while not being identified as suspicious. Known examples include transaction splitting, unusual approaches to other customers, or patterns of transactions that don’t seem to have a legitimate purpose.

AUSTRAC requires these monitoring systems to trigger where an individual’s actions don’t breach the requirements, but are suspicious and could be relating to AML or CTF, and this then requires further customer due diligence, investigation, and potential reporting to AUSTRAC.

As part of our audit, we provided a detailed report to the club’s Management and the Board, which included the results of our assessment of the AML/CTF requirements and benchmarking against the club’s own policy, AUSTRAC requirements, and the club’s NSW Gambling Code. The report also included suggestions for improvement and strengthening of the framework and AML/CTF procedures.

How We Can Help Your Club

While a compliance obligation may not be seen as adding a great level of value to an organisation, the completion of regular independent reviews and audits of these compliance frameworks helps ensure that clubs are:

  • Fulfilling their policy requirements
  • Reducing the impacts on the club should it be subject to an AUSTRAC review
  • Ensuring key legislative requirements and changes are adequately considered, updated into frameworks, and effectively implemented across the club.

If your AML/CTF framework has not been subject to an independent audit in the past three years, or you would like to discuss your potential legislative requirements relating to AML/CTF, please contact Paul Quealey below or by calling 02 4969 6600.

  • Hidden
    DD slash MM slash YYYY
  • Hidden
  • This field is for validation purposes and should be left unchanged.