Who Can Conduct an AML/CTF Independent Review in Australia

Introduction

Reporting entities in Australia must navigate strict obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act). A critical component of this framework is the requirement under Rules 8.6 and 9.6 of the Anti-Money Laundering and Counter-Terrorism Financing Rules 2007 (Cth) (AML/CTF Rules) to conduct an independent review of Part A of the AML/CTF program.  This is to ensure that the program effectively manages money laundering and terrorism financing (ML/TF) risks through a robust risk assessment. This impartial assessment, mandated by the Australian Transaction Reports and Analysis Centre (AUSTRAC), is a key part of effective AML/CTF compliance and avoiding significant penalties.

Selecting the right professional to conduct the review is a vital decision for business owners and directors seeking to safeguard their operations. While the AML/CTF Rules (Cth) allow for various internal or external reviewers, engaging specialised legal experts offers a distinct advantage in interpreting complex regulatory requirements. This guide explores the criteria for independence and explains why a lawyer-led approach provides the robust oversight necessary to protect your business from evolving financial crime threats.

Interactive Tool: Check If Your AML/CTF Reviewer Is Independent & Eligible

Core Requirements for an AML/CTF Reviewer in Australia

The Mandate for Independence & Expertise

When selecting a person to conduct an independent review, two core principles are non-negotiable: independence and expertise.

Under Rule 8.6.1 and Rule 9.6.1 of the AML/CTF Rules (Cth), a reporting entity must ensure that Part A of its AML/CTF program undergoes an AML/CTF independent review. The AML/CTF Rules (Cth) require that the review be conducted by a person who is independent of the design, implementation, and maintenance of the AML/CTF program. In practical terms, this requires a reviewer who is sufficiently independent to provide an objective assessment of the program. Independence is therefore a legal requirement, not just best practice.

In addition to independence, the reviewer must possess sufficient expertise to properly assess:

• Compliance with the AML/CTF Act (Cth) and AML/CTF Rules (Cth).
• The adequacy of the ML/TF risk assessment (as required under Part A).
• Whether controls are appropriate, having regard to the reporting entity’s risk profile.

While the AML/CTF Rules (Cth) do not prescribe formal qualifications, AUSTRAC expects the reviewer to have sufficient knowledge of:

• The AML/CTF Act (Cth) and the associated AML/CTF Rules (Cth).
• How to interpret and apply these legal obligations to your organisation’s specific context.
• A comprehensive grasp of the ML/TF risks relevant to your industry and business model.

When assessing a potential reviewer’s suitability, you may also consider whether they belong to a professional body that requires adherence to relevant professional standards. This can provide additional assurance of their qualifications and commitment to objectivity.

Reviewer Disqualifications Under the AML/CTF Rules

The requirement for “independence” acts as a functional disqualification test. To maintain the integrity of the independent review, Rules 8.6.1 and 9.6.1 of the AML/CTF Rules (Cth) disqualify individuals or firms from conducting the assessment if they have had prior involvement with the program. A person will not satisfy the independence requirement if they were involved in:

• Designing, implementing, or maintaining Part A of your AML/CTF program.
• Developing your ML/TF risk assessment or any related internal controls.
• Performing any of the specific functions or measures that are being reviewed as part of the assessment.

Additionally, AUSTRAC also recommends considering if the person is someone who can be influenced by people involved in the ask assessment or development of the program. The core principle is that the reviewer cannot assess their own work.

Internal vs. External Independent Reviews

Using an Internal Reviewer

Reporting entities have the option to appoint an internal employee to conduct the independent review of their AML/CTF program. However, this is only permissible if the individual meets strict independence criteria to ensure an impartial assessment.

Specifically, the internal reviewer must not have been involved in the development, implementation and/or maintenance of the AML/CTF program.

This means that, in most cases, the AML/CTF compliance officer appointed under Rule 8.5.1 of the AML/CTF Rules (Cth) or members of the compliance team are not suitable candidates, since they are involved in maintaining the program.

A viable internal reviewer is typically someone from a separate department with no compliance responsibilities.

For instance, a larger organisation could appoint an internal auditor who has sufficient knowledge of AML/CTF law but is separate from the compliance function.

Conversely, for smaller businesses with limited staff, finding a genuinely independent employee can be challenging.

Why Businesses Choose an External Reviewer

Many businesses, particularly those with limited internal resources or potential conflicts of interest, prefer to engage an external party to conduct an independent review.

This approach offers several distinct advantages that provide additional assurance to management, boards, and AUSTRAC.

Key motivations for choosing an external reviewer include:

• Guaranteed Impartiality: An external reviewer, such as a lawyer, accountant, or specialist consultant, is free from internal influences and can provide a truly objective assessment of your policies and procedures.
• Specialised Expertise: External professionals often possess deep, specialised knowledge of the AML/CTF Act (Cth) and associated rules, bringing a high level of technical competence to the review.
• Broader Industry Perspective: Having worked with numerous businesses, external reviewers understand industry best practices and can offer valuable insights that an internal employee might not possess.
• Resource and Capacity Issues: Many organisations do not have internal staff with the necessary time, expertise, or capacity to dedicate to a thorough AML/CTF program review.
• Enhanced Stakeholder Confidence: An independent review report from a reputable external firm can provide greater assurance to regulators, financial partners, and other stakeholders that your compliance framework is robust.

Selecting the Right External Partner

Assessing Technical Competence & Industry Knowledge

When selecting an external partner to conduct an independent review, it is crucial to assess their technical competence and specific industry knowledge. The reviewer must have a strong understanding of your business operations and the unique ML/TF risks your sector faces. This expertise ensures the review is relevant and effectively evaluates your compliance with the AML/CTF Act (Cth).

AUSTRAC has expressed concerns about advisors who rely on generic, template-based approaches. A simple “tick-the-box” solution is unlikely to satisfy your obligations, as it may not accurately reflect the specific financing risks of your business. Furthermore, some businesses have found that template risk assessments provided by consultants often:

• Contain controls that are not actually in use.
• Are ineffective in practice.

An effective reviewer will move beyond generic templates to provide a tailored assessment. Consequently, they should:

• Understand known money laundering techniques relevant to your industry.
• Ensure your AML/CTF program and risk assessment are customised to your operational reality.

Key Questions for a Potential Reviewer

To gauge the depth and rigour of a potential reviewer’s process, it is essential to ask detailed questions about their methodology. The answers will help you determine if their approach aligns with regulatory expectations and the complexity of your business. Ultimately, a thorough methodology is key to a meaningful independent review that provides genuine value.

Consider asking the following questions to understand their approach:

• Tailoring and Customisation: Is the AML/CTF program and ML/TF risk assessment you provide tailored specifically to my business, or do you use a generic template?
• In-Depth Analysis: Does your process involve a site visit or other detailed inquiries to understand our operations and risks firsthand?
• Risk Assessment Process: Can you explain the methodology used for the risk assessment, and how you use both qualitative and quantitative data to determine risk ratings?
• Implementation and Effectiveness: How do you assess whether our AML/CTF program has been properly implemented, and what steps do you take to evaluate its effectiveness in practice?
• Scope of Testing: What is your process for transaction testing, and what sample sizes do you typically use to verify that our policies and procedures are being followed?
• Reporting: What specific outcomes, findings, and recommendations can we expect to see in the final independent review report?

Accountants & the Independence Conflict

A common question is whether a business’s regular accountant can conduct the independent review. An accountant can perform the review, provided they meet the strict independence criteria mandated by the AML/CTF Rules (Cth). 

A conflict arises if the accountant was involved in the creation or maintenance of the systems they are now tasked with assessing. For instance, if your accounting firm helped develop your internal financial controls or advised on your risk assessment, they would not be considered independent enough to conduct the review. However, if their services have been limited to standard accounting and tax advice, and they possess the necessary AML/CTF expertise, they could be a suitable choice. 

The Lawyer-Led Advantage in AML/CTF Independent Reviews

Deeper Regulatory Insight: Lawyers vs. General Auditors

When conducting an independent review, the distinction between a legal expert and a general auditor is significant.

Auditors and consultants typically focus on the technical aspects of an audit, testing the operational effectiveness of existing processes. Their primary role is to verify that procedures are being followed as documented.

Lawyers, however, are trained to interpret and apply complex legislation like the AML/CTF Act (Cth). They analyse your operations against the specific statutory requirements and associated rules and regulations, providing legally sound and defensible solutions.

This deeper regulatory insight is crucial for ensuring your AML/CTF program is:

• Procedurally correct.
• Legally robust, especially when compliance is under scrutiny by AUSTRAC.

The Strategic Benefit of Legal Professional Privilege

Engaging a law firm to conduct an independent review offers a unique strategic advantage known as legal professional privilege. This legal principle protects confidential communications between a lawyer and their client made for the purpose of giving or receiving legal advice.

This protection is generally not available when you engage an accountant, auditor, or general consultant.

Legal professional privilege creates a secure environment for open and honest discussions about potential weaknesses or gaps in your AML/CTF program. It allows your business to address sensitive findings from the review report without the risk of those communications being disclosed to regulators and third parties in future proceedings.

Conclusion

Selecting a truly independent and expert reviewer is a critical obligation for all reporting entities under the AML/CTF Act (Cth). While businesses can choose between internal and external reviewers, engaging a legal expert provides unparalleled advantages in navigating complex AML/CTF regulations and protecting your operations.

To ensure your business benefits from a legally robust assessment and the protection of legal professional privilege, contact Click Legal’s AML/CTF independent review lawyers today. Our experienced AML/CTF lawyers provide bespoke independent review services that deliver the specialised expertise and assurance your business needs to meet its AML/CTF compliance obligations with confidence.

Frequently Asked Questions