Answered by Rosie Jervis
Please be aware that whilst you can outsource certain AML/CTF processes to an outsourced entity the compliance obligations under the AML/CTF Act and the reputational risk arising from non-compliance remains with you, as the reporting entity.
AUSTRAC cautions that whilst reporting entities can outsource responsibility, they cannot outsource ‘accountability’.
For this reason, AUSTRAC expects businesses to proactively monitor and test outsourcing provider’s AML/CTF systems in order to ensure that they are meeting their obligations.
In order to manage this risk and ensure that you are meeting your AML/CTF obligations, we recommend that you:
- Consider the impact any outsourcing may have on your ability to meet your AML/CTF obligations before entering into any outsourcing arrangements;
- Ensure the roles and responsibilities of each party are clearly documented in a formal agreement.
- Ensure that the outsourced provider has effective AML/CTF measures in place and that they are consistent with your own AML/CTF Compliance Program.
- Specifically communicate your compliance requirements and procedures (as they appear in your compliance program) in addition to sharing a copy of relevant documents with the outsourced provider.
- Follow up with the outsourced provider after implementation of the Compliance Program to ensure that the requirements are being consistently met.
- Maintain oversight of AML/CTF compliance by the outsourced provider by way of proactive monitoring and checks (i.e. due diligence checks and audits, inspections, file reviews etc).