You Remain Responsible
Your business remains legally liable for any breach, even under outsourcing arrangements.
Outsourcing
Outsourcing AML/CTF. What You Need to Know
AUSTRAC guidance on outsourcing AML/CTF functions. Learn how to manage risks when using third-party providers for compliance.
Can you outsource AML compliance?
According to AUSTRAC, businesses may outsource AML/CTF functions for a range of reasons, such as accessing specialist knowledge and expertise, and managing the cost of compliance.
However, if you outsource AML/CTF functions, you remain responsible for complying with your obligations. Your business will generally remain legally liable for any breach β and will incur any penalties that arise.
Key points on outsourcing
Access Specialist Expertise
Outsourcing can provide access to specialist AML/CTF knowledge and expertise.
Manage Compliance Costs
Third-party providers can help manage the cost of compliance.
Ongoing Oversight Required
You must maintain adequate oversight and monitoring of outsourced providers.
Risks to Manage
ML/TF Risk
Where outsourcing creates additional vulnerabilities in your business that criminals could exploit.
Compliance Risk
Where you may fail to meet AML/CTF obligations due to poor due diligence, implementation or monitoring of outsourcing arrangements.
AUSTRAC Warning: Failure to address these risks when implementing an outsourcing arrangement could lead to systemic and serious non-compliance with your AML/CTF obligations.
Provider Due Diligence
β
Ensure providers tailor services to your business's unique ML/TF risks
β
Verify they have the expertise and resources to carry out AML/CTF functions on your behalf
β
Confirm they understand legal restrictions on information sharing under the AML/CTF Act
β
Establish adequate oversight and monitoring during the course of the arrangement
β
Avoid using template or global programs that are not Australia-specific
Frequently asked questions
Can I outsource AML/CTF functions?
Yes. Businesses may outsource functions relating to AML/CTF compliance for reasons such as accessing specialist knowledge and managing compliance costs.
Who is responsible if something goes wrong?
You remain responsible. According to AUSTRAC, your business will generally remain legally liable for any breach of AML/CTF obligations, even under outsourcing arrangements, and will incur any penalties.
What are the risks of outsourcing?
Key risks include ML/TF risk (where outsourcing creates vulnerabilities criminals could exploit) and compliance risk (where you fail to meet obligations due to poor implementation or monitoring).
What should I look for in a provider?
Ensure providers tailor services to your unique ML/TF risks, have expertise and resources, understand legal restrictions on information sharing, and can be adequately monitored.
Related resources
ARCaml β CDD as a Service
Outsource your customer due diligence to specialists who understand AUSTRAC requirements.