How Effective is Your AML/CTF Program?

By Categories: AML/CTFPublished On: 17 June 2022

Estimated read time: 2-3 minutes
Start rating: *****
Topics: Anti money laundering and counter-terrorism funding (AML/CTF)


How recently did your organisation review its anti-money laundering and counter-terrorism funding compliance measures? Would they stand up to the scrutiny of AUSTRAC or APRA? In this article, we look at what you need to do now to ensure your company is protected from the steadily increasing threat of financial crime.

In recent months, a number of high-profile cases, including NAB, Crown Resorts, and Westpac have brought money laundering and financial crime out of the shadows and onto the front pages of news sites in Australia and overseas.

These failures have already led to increased scrutiny of companies’ anti-money laundering and counter-terrorism funding (AML/CTF) programs by AUSTRAC and APRA, with widely publicised enforcement activity serving as a warning to others. And if you think that such wrongdoing occurring unchecked for so long sends a signal that gaps in Australia’s compliance net could be exploited for a little longer, the fierce shareholder backlashes infringing companies have faced indicate otherwise.

Here’s what companies need to do now to protect themselves, their customers and their reputations from the threat of illegally moved funds.

Review and update AML/CTF program

AML/CTF programs are vital in identifying, disrupting and preventing money laundering and terrorism financing (ML/TF).

One of the keys to Australia’s AML/CTF regime is that each reporting entity must have its own unique AML/CTF program, to address the specific risks faced by the organisation. In other words, there is there is no one-size-fits-all program. This gives the reporting entity the flexibility to decide how to meet its obligations and, importantly, the responsiveness to develop stronger and/or additional controls when necessary.

Although independent program reviews are required under AML/CTF rules every 2-3 years, these should not be the only time your organisation reviews or adjusts its AML/CTF program. Ideally, your organisation should have measures in place to identify and respond to new risks and threats as soon as they arise.

A good example of this can be seen in the case of NAB, which has entered an Enforceable Undertaking with AUSTRAC to address its AML/CTF compliance issues. While AUSTRAC acknowledged that NAB had already undertaken “significant work identifying and implementing improvements to its programs”, the regulator believed that measures came too late to adequately protect consumers. Speaking about the EU, NAB CEO Ross McEwan said: “We recognise it has taken us longer to fix the concerns raised than it should have. We welcome AUSTRAC’s acknowledgement that NAB has undertaken significant work to date – and we accept that there is more to do.”

Other entities that have had to make corporate disclosures regarding being under investigation for potential non-compliance with their AML/CTF obligations include Bank of Queensland, SkyCity, and The Star Entertainment Group.

Revisit AML/CTF training

A risk awareness training program is central to a reporting entity’s effort to protect its business from being used to facilitate money laundering or terrorism financing.

Now is the perfect time to make sure your employees are up to date with their training.

A good training program will include:

  • the obligations of the reporting entity under the AML/CTF Act and Rules
  • the consequences of non‑compliance with the AML/CTF Act and Rules
  • the type of ML/TF risk that the reporting entity might face and the potential consequences of such risk; and
  • those processes and procedures provided for by the reporting entity’s AML/CTF program that are relevant to the work carried out by the employee.

It is certainly worth considering widening your training net beyond those in positions assessed as being highly exposed to ML/TF risk. And the scope and robustness of each company representative’s training program should take into consideration the nature of their role – whether frontline, team leader, risk and compliance, or executive and board.

For example, in the case of Crown Resorts, the NSW Independent Liquor and Gaming Authority determined that the group was unsuitable to hold a gaming licence for its new Sydney casino due to “poor corporate governance” and “deficient risk-management structures” identified at its other venues.

Specifically, the inquiry revealed that crucial compliance training was not provided to staff within the Crown group. A former chairman and other board members admitted they had received no training in anti-money laundering before or during their tenure on the board.

Ensure clear accountability

There are numerous benefits to be gained from having clearly defined individual accountabilities within your organisation, including faster decision-making and problem resolution, and greater care and diligence at a directorial level.

When it comes to protecting against ML/CT activity, it is vital that all employees understand who is ultimately accountable for failures of process. To be effective, accountability frameworks need to be transparent, regularly updated and consistently monitored. If failures occur, it is important that the accountability framework is followed and action is taken promptly; if employees perceive that senior staff can ‘get away’ with wrongdoing, this could breed an unhealthy culture.

Maintaining a clear accountability framework is also crucial for managing potential reputational issues. This was brought into sharp focus for Westpac in 2019 when its shareholders heckled and boo-ed its board and executives during the annual general meeting, after chargers were brought against the bank for 23 million breaches of AML/CTF laws.

When Commonwealth Bank’s AML scandal contributed to the resignation of CEO Ian Narev in 2017, Reserve Bank of Australia Governor, Philip Lowe, told a House of Representatives Standing Committee on Economics hearing that shortcomings should lead to accountability both through enforcement activity and internally within organisations.

Whether looked at from the perspective of regulatory compliance or corporate governance, being seen to prevent financial crime is good business.


As always, we’re here to help; if there is any training that you or your team needs, feel free to reach out and we will be happy to assist.

Share