Privacy commissioner: Businesses be wary of new anti-money laundering laws

Privacy commissioner Karen Curtis has urged businesses to consider the privacy of consumers when collecting personal information under the Anti-Money Laundering/Counter-Terrorism Financing Act 2006 (AML/CTF), amendments which came into effect yesterday.

Referred to as a ‘dirty money’ crack down by newly-appointed Minister for Home Affairs Bob Debus, the AML/CTF Act requires businesses in the financial, bullion and gambling sectors such as banks, casinos and TABs to implement an anti-money laundering/counter-terrorism financing program which will be upheld by the Australian transaction Reports Analysis Centre (AUSTRAC).

"Australia established its anti-money laundering system in 1988," Debus said. "But with globalisation and advanced technology, transnational crime syndicates and global terror networks now have new opportunities by which they can exploit legitimate businesses to conceal dirty money."

However, privacy commissioner Karen Curtis fears businesses may invade the privacy of ordinary citizens: “While it is of course important for businesses to collect the required information from customers to meet AML/CTF Act requirements, they should be careful not to over-collect, as this may breach their customers’ privacy rights.”

“Most importantly, businesses should adopt a sound risk-based approach to ensure that all information collected for AML/CTF Act reporting obligations is strictly necessary, and they should not try to apply an ‘arbitrary standard’ to their collection processes,” said Curtis.

For example, in certain circumstances a business may only need to verify the customer’s basic details, such as name, address and date of birth.

Curtis also reminded those small businesses with obligations under AML/CTF that they will now have requirements under the Privacy Act.

“Small businesses that fall under the AML/CTF requirements also need to be mindful of their obligations under the Privacy Act, which covers the collection, storage, use, disclosure and disposal of their customer’s personal information,” she said.

Just last month, reports surfaced that the UK government’s HM Revenue and Customs department, responsible for collecting the bulk of tax revenue as well as paying Tax Credits and Child Benefits, lost two CDs containing confidential information including banking details of over 25 million child benefit recipients.

According to AUSTRAC, the implementation of the Act has been ongoing for over two years allowing the industry lead time to make changes to IT, risk management, customer identification and other business systems.