HUMAN RIGHTS AND EQUAL OPPORTUNITY COMMISSION
Comments on the Anti-Money Laundering and Terrorism Financing Bill 2006 and draft consolidated AML/TF Rules 2006
1. Summary of the Commission’s concerns about the AML/CTF Bill 2006
The Commission is concerned that the AML/CTF Bill 2006 (the bill) doesn’t do enough to ensure financial institutions adopt non-discriminatory criteria in determining the ‘money laundering/ terrorism financing risk’ (ML/TF risk) of providing a designated service to a customer.
If institutions use discriminatory criteria to identify ML/TF risk, some customers may be discriminated against on the basis of their religion, race or national or ethnic origin in the collection of additional ‘know your customer information’ (KYC information) and verification material. In some instances such conduct may constitute unlawful discrimination under the Racial Discrimination Act 1975 (RDA) or state or territory discrimination legislation.
However, the bill exempts institutions from liability under discrimination laws for conduct done in good faith and in compliance or purported compliance with the AML/TF regime (clause 195A). We think that given the real risk of discrimination in the collection of additional KYC information and verification material, institutions should not have a general exemption from discrimination laws for conduct taken to comply with the AML/TF regime.
2. The draft Risk consolidated AML/CTF Rules 2006 (the rules) adopt a risk based approach to customer identification and ongoing customer due diligence programs
The rules require financial institutions to adopt ‘appropriate risk based systems and controls’ as part of their customer and agent identification programs,1 and ongoing customer due diligence programs.2 In general, appropriate risk based systems and controls will depend on the ML/TF risk of providing a designated service to a particular customer.
2.1 Collecting and verifying customer identification information before providing a designated service
The general schema is that institutions are required to collect and verify a minimum amount of KYC information before providing a designated service to that person.
Institutions then have discretion whether to collect additional KYC information and verification material. Institutions must exercise their discretion to collect additional KYC information and verification material on the basis of the ML/TF risk relevant to providing a designated service to that person.
2.2 Ongoing customer due diligence
2.2.1 Collecting additional KYC information and updating and verifying existing KYC information
Institutions also have discretion to:
for ongoing customer due diligence purposes.3
- collect additional KYC information; and
- determine in what circumstances existing KYC information should be updated or verified,
2.2.2 Transaction monitoring programs
Institutions must also maintain a ‘transaction monitoring program’ for the purpose of identifying, according to ML/TF risk, ‘suspicious transactions’.4
2.3 Determining the ML/TF risk
ML/TF risk is defined in the rules as the:
risk that a reporting entity may reasonably face that the provision by the reporting entity of designated services might (whether inadvertently or otherwise) involve or facilitate money laundering or financing of terrorism.5
In identifying its ML/TF risk, institutions must consider:
- its customer types, including any politically exposed persons;
- the types of designated services it provides;
- the methods by which it delivers designated services;
- the foreign jurisdictions with which it deals; and
- the provision of designated services by any permanent establishments of the reporting entity in a foreign country.6
2.4 Financial institutions may use a person’s attributes as a short hand way of identifying the customer risk aspect of the ML/TF risk
The Commission is concerned that institutions will use a person’s religion, race or national or ethnic origin or other such attributes as a proxy for determining the customer risk aspect of the ML/TF risk.
The likely effect of institutions adopting discriminatory customer risk profiles will be that people of a particular religion, race or national or ethnic origin will, because of those attributes:
- be required to divulge a significantly greater amount of sensitive information7 about themselves to institutions, which may be shared between agents and related entities;
- be required to go to correspondingly greater lengths to verify that additional information; and
- potentially have their transactions subject to greater surveillance and scrutiny.
We think that such practices could, where they are not based on an objective risk, constitute discrimination in breach of the RDA and relevant state and territory discrimination legislation.
3. Financial institutions are protected from liability for anything done in good faith and in compliance or purported compliance with the bill, regulations or rules
Clause 195A protects institutions from liability in relation to anything done, or omitted to be done, in good faith by a person, officer, employee or agent acting in the course of their office, employment or agency, or person acting pursuant to a clause 34 authorisation:
in fulfilment, or purported fulfilment, of a requirement under the bill to provide or cease to provide a designated service; and
in compliance, or purported compliance, with any other requirement under the bill, regulations or rules.
3.1 Clause 195A is very broad: it operates to protect financial institutions for acts otherwise unlawful under the RDA and state and federal discrimination laws
Clause 195A is drafted very broadly. The protection extends to conduct done in good faith and in compliance or purported compliance with the bill, regulations or rules. This includes such conduct that may otherwise be unlawful under the RDA and state and territory discrimination laws.
We consider that clause 195A is problematic, for the reasons set out below.
3.2 Why is protecting financial institutions from liability under discrimination law problematic?
(a) No onus on financial institutions to avoid non-discriminatory means in determining ML/TF risk
We appreciate that calculating the ML/TF risk will be a very difficult and complex task for financial institutions. However, by exempting financial institutions from liability under discrimination laws the bill does not provide institutions with any incentive to prevent stereotyped assumptions and perceptions creeping into in the process of determining the customer risk aspect of ML/TF risk. The bill puts very little onus on institutions to find non-discriminatory ways of identifying the customer risk aspect of ML/TF risk.
Given the real risk of discrimination occurring as a result of institutions adopting discriminatory customer risk profiles, we consider that clause 195A should not extend to federal or state or territory discrimination laws.
(b) Clause 195A puts Australia in breach of its international human rights obligation to provide an effective remedy to discrimination
In our view, clause 195A puts Australia in breach of its obligations to provide an effective remedy for discrimination on the basis of religion, race and national or ethnic origin under:
article 2(2) of the International Convention on Civil and Political Rights;8 and
article 6 of the International Convention on the Elimination of all Forms of Racial Discrimination.9
(c) Clause 195A is also inconsistent with Security Council Resolution 1624 (2005)
Clause 195A also appears to be inconsistent with Security Council Resolution 1624 (2005) which requires states to ensure that its counter terrorism measures are consistent with international human rights law.10
(d) Potential further alienation of Australia’s Arab and Muslim Communities
The protection of financial institutions from discriminatory laws will in our view increase a perception within some in Australia’s Arab and Muslim communities that they are being unfairly targeted by counter terrorism measures.11
4. For the reasons outlined, we think clause 195A should be amended
4.1 Recommendation 1
Clause 195A should not extend to federal and state and territory discrimination laws.
4.2 Recommendation 2
If recommendation 1 is not adopted, at the very least, clause 195A should be narrowed to only apply to acts done in direct compliance with the bill, regulations or rules.
Human Rights and Equal Opportunity Commission
 Customers: clause 2.2 (individuals); clause 2.3 (companies); clause 2.4 (trustees); clause 2.5 (partners); clause 2.6 (associations); clause 2.7 (registered co-operatives) and clause 2.8 (government entities); Agents: clause 3.2 (natural persons) and clause 3.3 (non-natural persons)
 clause 6.2 (KYC information); clause 6.3 (transaction monitoring program) and clause 6.4 (enhanced customer due diligence program)
 clause 6.2
 within the meaning of clause 39 of the bill
 clause 1.3.1
 clause 1.2.2
 within the meaning of section 6 of the Privacy Act 1988
  ATS 23
  ATS 40
 UN Doc S/Res/1624 (2005)
 see Ismε – Listen: National Consultations on eliminating prejudice against Arab and Muslim Australians (2004), pp 67-9