Professional Documents
Culture Documents
{1d0a4b81-aa28-40f3-8a1e-9919f1ada3e5}_AML___Financial_Crimes_Congress_Insights_Whitepaper_Campaign_2023_LexisNexis_23AUCRP84
{1d0a4b81-aa28-40f3-8a1e-9919f1ada3e5}_AML___Financial_Crimes_Congress_Insights_Whitepaper_Campaign_2023_LexisNexis_23AUCRP84
Compliance Roadmap
Leveraging ISO 37301
Australia
For many, the journey of complying with AML/CTF requirements comes with a
sense of uncertainty. Even if the main regulations are being adhered to, some of
the less prominent ones might have been overlooked. Moreover, the introduction
of intricate and occasionally conflicting cross-jurisdictional regulations only adds
to the complexity. Given these factors, it’s hardly surprising that many compliance
professionals find themselves inundated and questioning whether they are on the
correct course.
The Single rulebook Anti-Money Laundering Act of 2020 The Money Laundering and Terrorist Public consultation on proposed
Financing (Amendment) (No. 2) changes to AML/CTF regulations
Regulations 2022
6AMLD Financial Crimes Enforcement Network Economic Crime (Transparency and Russia Sanctions Act 2022
(FinCEN) Final Rule for Beneficial Enforcement) Act 2022
Ownership Reporting
3-year AML campaign AML/CTF/CPF Action Plan Corruption, Drug Trafficking and Other Anti-Money Laundering and Counter-
Serious Crimes (Confiscation of Benefits) Terrorist Financing (Amendment)
(Amendment) Bill 2023 Ordinance 2022
Administrative Measures for Financial Amendments to the Foreign Exchange Financial Services and Markets Act 2022 Guideline on Anti-Money Laundering
Institutions on Customer Due and Foreign Trade Act 1949 and Counter-Financing of Terrorism
Diligence Investigations and Keeping
of Customer Identity Information
and Transaction Records
Mandatory obligations generate the most obvious regulatory and compliance risks.
These are the concrete legal requirements created by laws, regulations and contract
provisions. However, mandatory obligations are only part of an organisation’s
compliance risk profile. Voluntary obligations (the softer obligations created by an
organisation’s values and social commitments) also create compliance risks.
Like any risk, regulatory and compliance risks must be reassessed periodically,
especially in the face of significant changes. These triggers for change can be
incredibly broad.
The level of control provided by a CMS program empowers senior officers to Organisations implementing an ISO-compliant CMS must begin by establishing a
fine-tune risk management activities to suit the organisation’s risk appetite. compliance register to catalogue all mandatory and voluntary obligations to provide
a comprehensive picture of its obligation status. For instance, in the context of AML/
A CMS has three primary elements: CTF, the compliance register could contain obligations related to AML/CTF Governance,
» Oversight of the program either by the board or someone with delegated Registration with AML/CTF Authorities, Due Diligence, Suspicious Matter & Reporting,
responsibility for its success and effectiveness. among other aspects.
» The compliance program itself. Central to every CMS is an obligations
Having created and populated the register, the organisation must conduct a risk
register which catalogues the mandatory and voluntary obligations of assessment. Risk professionals should gauge the risk associated with each entry in the
the organisation. register with the goal of creating the data required to set the organisation’s risk appetite
» Regular review and audit. This ensures continual enhancement as the and propose effective controls. To complete its assessment of the organisation’s
external compliance landscape evolves and as the organisation’s compliance context, the organisation must document any specific compliance
personality transforms expectations of external parties including partners and holding companies.
Having documented the organisational context, the organisation must create and
document a matrix of controls for ensuring ongoing compliance with the obligations
Because of the benefits of a comprehensive and scalable CMS, capital partners in the register. The control matrix comprises policies, functions, processes, roles and
and issuers of large contracts increasingly require organisations to provide tools that achieve prescribed standards, including governance, planning, performance
evidence of an ISO 37301 compliant CMS as a prerequisite of doing business. evaluation and improvement.
Aligning to ISO 37301 Unlike its predecessor, ISO 37301 requires organisations to promote whistleblowing.
ISO 37301 is an international standard that assists organisations to establish, Organisations must include formal systems that enable staff to report their concerns
develop, implement, maintain and improve an effective CMS. First released in easily, that protect reporters from retaliation, and that ensure the confidentiality
2021, the standard builds upon the principles documented in its predecessor, ISO of reports.
19600. The Compliance Management Standard is a Type A standard, meaning
regulators and independent experts can certify an organisation’s CMS as being A well-designed CMS, aligned to the international compliance standard, will scale
compliant with the standard’s requirements. alongside the organisation through the continuous improvement systems discussed
earlier. This implies that a comprehensive CMS implemented in 2023 should continue to
Certification carries numerous potential benefits. For example, organisations effectively mitigate regulatory risks even in 2033 and beyond.
may use certification to demonstrate their competence to clients and improve
This compliance register also covers the role of the regulator as well
as exemptions to the obligations, where applicable, and circumstances
when the exemptions may or may not apply to the organisation.
With LexisNexis content know-how at the core, our compliance registers, alerts, and information-driven solutions make compliance
uncomplicated for GRC professionals across the globe.
» Find relevant obligations faster with jargon-free registers that are aligned to your business processes.
» Stay up to date with near-real time alerts delivered straight to your inbox when you may be impacted by regulatory change.
» Explore your compliance obligations under a particular regulator, or a particular compliance source, with SourceData.
» Engage with the wider compliance community and LexisNexis experts through the Community Portal, our self-support platform.
» Access comprehensive, current LexisNexis content that meets your unique needs, with eight core modules relevant to all
businesses, and over 90 industry-specific modules.
Authored by leading legal and industry experts, and supported by flexible technology that works the way you do, LexisNexis
Regulatory Compliance gives you peace of mind while saving time, and money.
LexisNexis, LexisNexis Regulatory Compliance and the Knowledge Burst logo are registered trademarks of RELX Inc.
© 2023 RELX Trading Australia Pty Limited trading as LexisNexis. All rights reserved.
NA082023MV