Newsletter - December 2011

After a recent series of announcements from the Office of Australia's Minister for Home Affairs on organised crime, money laundering, bribery and corruption, you could be forgiven for thinking that Australia's laws in these areas are on the verge of vigorous external scrutiny (see below). You'd be right. In early June 2012, experts from Japan and Canada-Australia's Lead Examiners under the Organisation for Economic Co-operation and Development (OECD) Convention Combating Bribery of Foreign Public Officials in International Business Transactions (the Convention)-are due to visit Australia for the purpose of preparing their Phase 3 Report on Australia's performance under the Convention. In addition, in 2013 the Financial Action Task Force on Money Laundering (FATF) will undertake its fourth review of Australia's compliance with the FATF's 40 Recommendations and nine Special Recommendations for tackling money laundering.

The Phase 3 Report will assess Australia's progress in addressing weaknesses identified in its Phase 2 assessment, any issues raised by changes to Australia's domestic legislation or institutional framework, Australia's enforcement efforts and results, as well as issues that affect the OECD more broadly.

In its Follow-Up Report on the Implementation of the Phase 2 Recommendations (29 August 2008) and its original 2006 Phase 2 Report, the OECD Working Group on Bribery (WGB) had identified problems with the definition of and public understanding of the defence of "facilitation payments". The WGB also directed that Australia "continue compiling statistics on the offence of money laundering, including the level of sanctions and the confiscation of proceeds of crime," and "provide [cash dealers] with guidance on identifying suspicious transactions that may be linked to foreign bribery offences".

In light of the revelations arising from the Securency bribery scandal-in which the Reserve Bank failed to alert authorities that its subsidiary, Note Printing Australia, was implicated in the bribery of foreign officials-and Australia's imminent assessment for its efforts to combat bribery and money laundering, it is unsurprising that two recent announcements directly addressed the concerns raised by the WGB in its earlier reports.

In the first, made on 8 November 2011, Australia's anti-money laundering and counter-terrorism financing regulator and specialist financial intelligence unit (AUSTRAC) released its first National Threat Assessment (NTA) on money laundering, outlining the threats faced by business and government from money laundering.

In the second, made on 15 November 2011, the Federal Government announced possible changes to Australia's laws concerning foreign and domestic bribery. The changes, if adopted, will strengthen anti-bribery legislation in Australia and bring it into line with UK anti-bribery legislation.

The Consultation into Foreign and Domestic Bribery Legislation

The public consultation announced by the Minister for Home Affairs on the possible amendments to the Criminal Code Act 1995 (Cth) covers four issues:

• Facilitation payments - possible removal of the defence to bribery of a foreign public official, where the payment was a facilitation payment.
• Value of benefit - possible changes to Section 70.2(2)(b) of the Criminal Code that would permit a court to consider the value of the benefit in determining whether the benefit was not legitimately due to a person in a particular situation.
• Identity of bribe target - possible removal of the need to prove that a person intended to bribe a particular public official.
• Harmonisation of domestic offences - the possible removal of the requirement of dishonesty from Sections 141 and 142 of the Criminal Code, which criminalise domestic bribery, to bring these laws into line with the crimes for foreign bribery.

It is worth looking at Australia's foreign bribery laws, before reviewing the consequences of these proposed amendments.

Australia's Foreign Bribery Laws

Under federal Australian law, domestic bribery and foreign bribery offences are contained in the Criminal Code. Under the Criminal Code, bribery occurs when someone provides or offers to provide a benefit to a person where that benefit is not legitimately due and where it is given or offered with the intention of influencing a public official in the exercise of their duties.

The bribe must be provided or offered with the intention of obtaining business or a business advantage. That intention need not be expressed and the benefit given can be monetary or non-monetary.

The bribe may be made to the public official directly or indirectly, for example, through an agent, relative or business partner of the public official or person within the private sector.

A bribe is not criminal where it

• Is lawful conduct in the jurisdiction in which it was made according to the written law in that jurisdiction.
• It is a facilitation payment.

Under the Criminal Code, "facilitation payments" are benefits of a minor nature provided or offered in return for "routine government actions". The definition is narrow and requires that payments be documented in detail.

Consequences of the Proposed Amendments

Of the proposed ammendments to the Criminal Code, the most significant is the proposal to remove the defence of facilitation payments.

While some Australian companies may perceive the removal of a facilitation payments defence as a possible threat to their competitiveness when conducting business overseas, the defence is not itself without compliance difficulties. Critically, companies seeking to rely on the facilitation payments defence need to consider that

• The defence only applies if the company, which has made a facilitation payment, has kept a record of the facilitation payment (which may in itself create exposure for the company).
• The defence will not protect that company from foreign laws that may prohibit the same transaction.
• The Australian Government may assist foreign governments in their prosecution of facilitation payments.
• A company making a facilitation payment may be precluded from obtaining Australian Government support and finance, and may be unable to rely upon civil remedies to enforce any contract that has been obtained by means of a facilitation payment.

In addition, the making of one or more facilitation payments may cause a company reputational damage and may expose it to further demands for bribes in the future.

The facilitation payment defence does not exist in the laws of many of Australia's trading partners. For example, the UK Bribery Act 2010, which came into effect on 1 July 2011, does not contain this defence. This means that companies carrying on business in the United Kingdom are prohibited from making or offering facilitation payments anywhere in the world.

AUSTRAC's Assessment of Money Laundering Threats In Australia

In its commentary on Australia's achievements in addressing money laundering, the WGB's 2006 Phase 2 Report took note of Australia's plans to reform its money laundering regime and to implement the 40 Recommendations of the Financial Action Taskforce. In large part, these reforms were enacted in the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth).

The Australian Government intends to enact a further round of legislation to tackle money laundering. Public consultation on a second tranche of reforms concluded in April 2011 and the Commonwealth Government is currently considering how to implement the submissions made during that process. Specific details for further rounds of public consultation have not yet been released.

In its 2010-11 Annual Report, the Commonwealth Director of Public Prosecutions, the body charged with compiling statistics on money laundering crime in Australia, records 39 summary charges and 69 indictable charges for money laundering offences. The AUSTRAC NTA has pooled information from a number of agencies involved in combating money laundering to identify the types of money laundering threats faced by the following significant money laundering channels. These are

• The banking system
• Money transfer business and alternative remittance services
• The gaming sector
• High value goods
• Professionals
• Legal entity structures
• Cash intensive businesses
• Electronic payment systems and new payment methods
• Cross-border movement of cash and bearer negotiable instruments
• International trade
• Investment vehicles.

The NTA provides information, particularly through the examples and case studies it cites, on the types of activities that should arouse the suspicions of persons engaged in legitimate businesses in any of the sectors it covers. For example, the NTA cites legal professionals' reports of unusual requests to pass funds through their trust accounts, and the use of investment vehicles such as shares, insurance products and superannuation funds to channel criminal wealth that has already been laundered, using more vulnerable parts of the economy such as the gambling sector.

Conclusion

Australia's anti-bribery and money laundering landscape has changed considerably since the OECD's Phase 2 review in 2006. It is likely that it will continue to do so. In light of the possible reforms to Australian bribery and corruption laws outlined above, companies should consider reviewing their policies and compliance programs. Companies operating in any of the "significant money laundering channels" identified in AUSTRAC's NTA should consider the NTA's guidance on the sorts of threats that they may face from money laundering.

The Minister has invited submissions on the proposed reforms to Australia's anti-bribery and corruption legislation by 15 December 2011. Submissions may be sent to foreign.bribery@ag.gov.au.

The consultation paper is available at www.ag.gov.au/foreignbribery.

The money laundering threat assessment is available here.

Useful Links

The FATF's mutual evaluation of Australia

The FATF's 40 Recommendations and nine Special Recommendations

Anti-Money Laundering Second Tranche of Reforms

Commonwealth Director of Public Prosecutions, Annual Report 2010-11

Minister for Home Affairs Press Releases

Comprehensive Approach to Organised Crime Delivers Results

Public Comment Sought on Foreign Bribery Laws

First National Threat Assessment on Money Laundering Threats and Responses

As the regulatory landscape evolves and changes in response to the global economic crisis, and governments clamp down on tax evasion, terrorist funding, and money laundering, businesses increasingly refer to compliance as a "burden". This is especially true for the financial services and insurance sectors, which have seen the greatest acceleration in change in recent years.

In addition, business and its demands are constantly changing: mergers and acquisitions are disruptive to organisational structures and processes, internationalisation requires the right balance between centralised governance and consistent localisation, and uncertain markets demand permanent re-prioritisation of focus. This leads to a complex problem that drives costs, puts customer satisfaction at risk, and makes risk management and regulatory compliance ever more difficult.

To be able to keep up, financial institutions strive to evaluate how to understand new requirements, how their processes are affected, and how they can adapt to changes in regulation and in their own organisation.

Generally, more regulation means more reporting requirements and increased transparency. What this demands is a robust IT system that can produce accurate, reliable reports in real time, instantly. Being able to produce such reports can, of course, be seen to be an onerous burden. But equally, the ability to produce key information about a business can also be seen as a real opportunity for management at the decision-making level, and equally, such transparency can be seen by third parties such as auditors, suppliers, and clients as a real demonstration of a businesses' integrity.

The Challenge

Most financial institutions operate across several jurisdictions. Even small businesses will generally operate from a number of sites. The problem is that each country or office is likely to have a legacy reporting system that may only be sufficient for the requirements of the country in which it is based. With the ever-increasing reach of some jurisdictions through legislation such as the Dodd-Frank Act, which impacts on any business with operations in the United States, businesses need to be able to pull together information from a number of countries that must then be distilled into a company-wide report. Greg MacSweeney, writing on Wall Street & Technology expects the Dodd-Frank Act to be a major obstacle for Chief Information Officers (CIOs) in 2011 and beyond.

In order to analyse risks and to audit compliance, organisations need to collect, aggregate and contextualise a myriad of data. If this is done ad hoc and separately for each single risk or compliance request, the effort of gathering the right information is likely to be onerous while the quality of the information might still be poor.

One option would be to use a single platform with a data warehouse where all data can be collected. Although many institutions already have such a system in place, in a lot of cases their data warehouse systems are outdated, so the data sources are not automated and do not offer real time data view. Moreover, there might exist a number of capture systems, making reconciliation of data very difficult.

In addition, what many organisations accept as their "current landscape" is quite often nothing but a mirage from the past. A recent study from Nucleus Research found that IT decision-makers rely on information that is, on average, 14 months old and only 55% accurate. This creates a severe data quality issue for any risk or compliance-related analysis. In contrast, organisations that can truly trust their data can make decisions with much greater confidence.

Most businesses and institutions will find that they need to make an initial investment in IT so compliant data collection processes and systems can be implemented. IT is often a separate afterthought rather than an integral part of a compliance program, so to put it at the hub of the process requires a real adjustment in most companies.

Tackling the Challenge

A key element of most compliance programs is an integrated IT portfolio, designed with the business's regulatory requirements in mind. This can serve as a single source of facts, with a proven positive impact on the data quality regarding consistency, completeness, and timeliness.

On the human side, there also needs to be an appropriate and very responsible handling of IT. Management and relevant staff members have to understand the strategic application of IT in order to establish best practice. IT as a main part of governance, risk management, and compliance must include processes and standards that minimise risk. Staff members must also be sensitive to the situation and aware that they have to be able to prove at any time how they arrived at their figures; simply producing the numbers is not enough.

IT is much more than a support system. It can actively drive compliance and bridge the gap between risk management and compliance. Audits and analyses on the current state of the system are easier to produce, more reliable, and available on demand. They prove that the current landscape is compliant (or not) and that the risk level is within given margins (or not).

While it is good to make checks on systems after they are implemented, it is better to ensure any restrictions or requirements are taken into account at the planning stage. This shifts the intelligence upstream to the time of design, which avoids extra effort downstream.

Making the Most of the Investment

An integrated IT portfolio serves as a single system of reference and provides information on demand instead of going into timely and exhaustive ad-hoc data collection initiatives to gather the data needed. Additionally, such an integrated IT portfolio allows for the combination of information from across the enterprise and as such avoids data silos that are a main cause for the bad data quality most organisations have to deal with.

A good technological solution can ensure that management has immediate and accurate access to reports that form not just the cornerstone of a regulatory compliance program, but have the added advantage of improving decision-making.

In addition, it is worth considering how else the data can be used to enable improvements in services to clients. Being able to provide data to an auditor is not dissimilar from being able to provide data and information to a client; an increased ability to produce information on demand is a revenue opportunity.

Finally, it also demonstrates to the outside world that the business has taken careful steps to ensure compliance. The business can clearly reflect its integrity through an optimised IT compliance management system.

Risk Mitigation and Compliance Actions

Once risk is analysed and compliance gaps are evaluated, it is important to take the right actions to mitigate risks. Ideally, these actions are planned and tracked within the same system that holds all the information for analysis to ensure a complete feedback loop.

Any gaps that are identified through the analysis must be taken care of, which again impacts the landscape and will prompt a check in the following year. Doing all this within a single system helps to relate actions to the affected assets, as well as tracing successes, thus reducing the effort of an audit.

An integrated IT portfolio provides the necessary IT planning and portfolio management capabilities to ensure that the compliance actions planned have the desired impact, and that their execution has led to the expected result.