3 Challenges Australian FinTechs Face When Implementing an Effective AML Program

Over the past few years, the financial services landscape in Australia has undergone significant change. The emergence of local FinTechs companies and peaks of investor financing showed a national pivot towards offering financial services in the digital space. However, one constant is the emphasis placed on the fight against money laundering and the financing of terrorism (AML/CFT) by the regulators.

Australian law and regulations set out clear requirements regarding a company’s key obligations, in particular what must be in their AML/CTF program. However, when it comes to implementation, there are challenges, which can be grouped into three areas: paper, people and platforms.

Paper

When starting a new business, spending time immersed in documentation seems far from appealing. Nevertheless, it is not only mandated by Australian law, but it is of immense practical value to invest time in this effort early on. It is also the foundation of a FinTech’s relationship with independent reviewers and regulators, providing them with visible evidence that the company understands its responsibilities and acts accordingly. If the documents are not there, the confidence falls immediately. Without it, they have no benchmark against which to assess the conduct of the business.

So what should the “paper” element cover? It goes without saying that there should be documentation for every aspect of the main obligations, which should include the following types of documentation:

  • Policies – Define and codify the obligations that are met.
  • Process – Explain what is done to meet policy requirements in practice, often schematically, including roles and responsibilities, action steps, tools and technologies.
  • Procedures – Indicate how the processes are carried out by the people directly involved.

People

As a business grows, more staff will need to be hired to help form the AML/CTF compliance team. The size of this team and how it is structured will depend on the nature of the business at any given time, and it is common for growth to lead to the creation of teams dedicated to every aspect of AML/CFT.

These teams are usually structured in what is known as the “three lines of defense”. This includes those who manage day-to-day risk as the first line, those who create the AML/CTF program as the “second line” and those who evaluate the results as the “third line”.

Eventually, as this “classic” AML/CTF function model shows, it can become a large and extended department.

Platforms

Technology provides the final key set of practical issues that businesses often face. In any AML/CTF function, however small, multiple platforms are likely to be used at any time to collect, store and process data, including:

  • Customer relationship management (CRM) systems for onboarding, customer data management, customer risk assessments, and ongoing relationship management
  • Identification and verification (ID&V) platforms to capture identification material, now often digital
  • Screening tools for sanctions, PEPs and unwanted media
  • Transaction tracking tools
  • Case Management Systems (CMS) to manage alert investigations
  • Social Network Analysis (SNA) tools to support investigations

Simply having a tool in place is often considered “good enough” in many less mature companies, especially when that tool has a reputation for being widely used in traditional financial services. Presumably, these platforms have a talismanic quality that will ward off regulatory concerns. But in reality, having a platform in place is not enough, even in the early stages of business growth. To effectively fulfill AML/CFT obligations, these platforms must be adapted to the needs of the company.

A Guide to AML for Australian FinTechs

Learn about the key compliance responsibilities that arise from Australia’s AML/CTF regime and how FinTechs should respond using a risk-based approach.

Download the guide


Over the past few years, the financial services landscape in Australia has undergone significant change. The emergence of local FinTechs companies and peaks of investor financing showed a national pivot towards offering financial services in the digital space. However, one constant is the emphasis placed on the fight against money laundering and the financing of terrorism (AML/CFT) by the regulators.

Australian law and regulations set out clear requirements regarding a company’s key obligations, in particular what must be in their AML/CTF program. However, when it comes to implementation, there are challenges, which can be grouped into three areas: paper, people and platforms.

Paper

When starting a new business, spending time immersed in documentation seems far from appealing. Nevertheless, it is not only mandated by Australian law, but it is of immense practical value to invest time in this effort early on. It is also the foundation of a FinTech’s relationship with independent reviewers and regulators, providing them with visible evidence that the company understands its responsibilities and acts accordingly. If the documents are not there, the confidence falls immediately. Without it, they have no benchmark against which to assess the conduct of the business.

So what should the “paper” element cover? It goes without saying that there should be documentation for every aspect of the main obligations, which should include the following types of documentation:

  • Policies – Define and codify the obligations that are met.
  • Process – Explain what is done to meet policy requirements in practice, often schematically, including roles and responsibilities, action steps, tools and technologies.
  • Procedures – Indicate how the processes are carried out by the people directly involved.

People

As a business grows, more staff will need to be hired to help form the AML/CTF compliance team. The size of this team and how it is structured will depend on the nature of the business at any given time, and it is common for growth to lead to the creation of teams dedicated to every aspect of AML/CFT.

These teams are usually structured in what is known as the “three lines of defense”. This includes those who manage day-to-day risk as the first line, those who create the AML/CTF program as the “second line” and those who evaluate the results as the “third line”.

Eventually, as this “classic” AML/CTF function model shows, it can become a large and extended department.

Platforms

Technology provides the final key set of practical issues that businesses often face. In any AML/CTF function, however small, multiple platforms are likely to be used at any time to collect, store and process data, including:

  • Customer relationship management (CRM) systems for onboarding, customer data management, customer risk assessments, and ongoing relationship management
  • Identification and verification (ID&V) platforms to capture identification material, now often digital
  • Screening tools for sanctions, PEPs and unwanted media
  • Transaction tracking tools
  • Case Management Systems (CMS) to manage alert investigations
  • Social Network Analysis (SNA) tools to support investigations

Simply having a tool in place is often considered “good enough” in many less mature companies, especially when that tool has a reputation for being widely used in traditional financial services. Presumably, these platforms have a talismanic quality that will ward off regulatory concerns. But in reality, having a platform in place is not enough, even in the early stages of business growth. To effectively fulfill AML/CFT obligations, these platforms must be adapted to the needs of the company.

[cta_card title=”A Guide to AML for Australian FinTechs” cta_img=”” category=”” bodytext=”Uncover the core compliance responsibilities that arise from Australia’s AML/CTF regime and how FinTechs should respond using a risk-based approach.” cta_text=”Download the guide” cta_url=”https://complyadvantage.com/insights/aml-guide-for-australian-fintechs/”]

Originally published September 15, 2022, updated September 15, 2022

Ryan H. Bowman