In its submission to the Attorney-General’s Department’s consultation on modernising Australia’s anti-money laundering and counter-terrorism financing (AML/CTF) regime, the Financial Advice Association Australia (FAAA) said financial advice businesses are open to unnecessary cyber risks through onerous customer due diligence (CDD) requirements.
One of FAAA’s key recommendations reads: “Simplify the ongoing CDD obligations to only require re-verification of customer identification in certain circumstances — e.g. a re-verification ‘trigger event’ occurs, change of customer details or circumstances, a transaction occurs where the source of wealth/source of funds (SOW/SOF) of the incoming money has not yet been verified.”
FAAA explained that Australian Financial Services Licensees (AFSLs) and authorised representatives providing financial advice are item 54 designated entities under the AML/CTF Act, meaning they do not have the same legal requirements as product providers. However, product providers use advisers to comply with their CDD verification, re-verification, and ongoing CDD obligations, racking up costs for advice firms.
“This results in product providers placing additional AML/CTF requirements on financial planners/advisers that are more excessive than the legal requirements for item 54 reporting entities,” FAAA said in its submission.
It added: “As product providers have ongoing CDD requirements, financial planners/advisers are regularly requested to undertake ongoing CDD of their clients under the third-party reliance provisions, even though item 54 reporting entities are exempt from ongoing CDD. This is an extra cost to businesses and clients that cannot be recovered.”
FAAA said feedback from members indicated the additional requirements placed on them by product providers have caused significant concern for advisers and their clients.
“Most financial planners/advisers have long-term clients. However, some product providers request customer identification to be re-verified every six months even if the customer identification or circumstances have not changed, the source of wealth/ source of funds have previously been checked, and no trigger event has occurred,” the submission said.
“Product providers are demanding client photo identification to be held by both the item 54 entity and the product provider. Product providers appear to have introduced requirements that well exceed the obligations in the act, which over-complicates the AML/CTF regime for reporting entities and clients.”
FAAA argued that these “unnecessary requests for re-verification” create an increased cyber security risk, while also causing concern among clients about multiple entities holding their personal data.
“Feedback from FAAA members highlights that consumers are extremely concerned about their exposure to cyber security risks and privacy issues because their personal data and identification documentation is held on file by multiple financial services entities for AML/CTF purposes (e.g. their financial planner/adviser and each product provider),” it said.
“Financial planners/advisers do not feel comfortable holding verified copies of their client’s personal identification documentation for the same reasons. It is unclear if there are protections under privacy laws that permit clients to request for certain information to be no longer retained on file.”
Based on the consultation paper, the FAAA submission said, it is unclear how the proposals to modernise the AML/CTF regime would work with the changes to the privacy laws released earlier this year.
“While customer identification is vital, the holding of customer information and identification increases the cyber security risk and poses privacy issues for customers and businesses,” FAAA said.
“As evidenced through recent high-profile cases, cyber attacks and data breaches are increasing in their occurrence and severity.”
