Scope
(1) This section applies if the AUSTRAC CEO has reasonable grounds to suspect that a reporting entity has not taken, or is not taking, appropriate action to:
(a) identify; and
(b) mitigate; and
(c) manage;
the risk the reporting entity may reasonably face that the provision by the reporting entity of designated services at or through a permanent establishment of the entity in Australia might (whether inadvertently or otherwise) involve or facilitate:
(d) money laundering; or
Requirement
(2) The AUSTRAC CEO may, by written notice given to the reporting entity, require the reporting entity to:
(a) appoint an external auditor; and
(b) arrange for the external auditor to carry out an external audit of the reporting entity's capacity and endeavours to:
(i) identify; and
(ii) mitigate; and
(iii) manage;
the risk the reporting entity may reasonably face that the provision by the reporting entity of designated services at or through a permanent establishment of the reporting entity in Australia might (whether inadvertently or otherwise) involve or facilitate:
(iv) money laundering; or
(v) financing of terrorism; and
(c) arrange for the external auditor to give the reporting entity a written report (the audit report ) setting out the results of the audit; and
(d) give the AUSTRAC CEO a copy of the audit report within:
(i) the period specified in the notice; or
(ii) if the AUSTRAC CEO allows a longer period--that longer period.
(3) The notice must specify:
(a) the matters to be covered by the audit; and
(b) the form of the audit report and the kinds of details it is to contain.
(4) The matters that may be specified under paragraph (3)(a) may include either or both of the following:
(a) an assessment of the risk the reporting entity may reasonably face that the provision by the reporting entity of designated services at or through a permanent establishment of the reporting entity in Australia might (whether inadvertently or otherwise) involve or facilitate:
(i) money laundering; or
(ii) financing of terrorism;
(b) an assessment of what the reporting entity will need to do, or continue to do, to:
(i) identify; and
(ii) mitigate; and
(iii) manage;
the risk the reporting entity may reasonably face that the provision by the reporting entity of designated services at or through a permanent establishment of the reporting entity in Australia might (whether inadvertently or otherwise) involve or facilitate:
(iv) money laundering; or
(5) Subsection (4) does not limit paragraph (3)(a).
Eligibility for appointment as an external auditor
(6) An individual is not eligible to be appointed an external auditor by a reporting entity if:
(a) the individual is an officer, employee or agent of the reporting entity; or
(b) both:
(i) the reporting entity belongs to a designated business group; and
(ii) the individual is an officer, employee or agent of another member of the designated business group.
(7) A person commits an offence if:
(a) the person is subject to a requirement under subsection (2); and
(b) the person engages in conduct; and
(c) the person's conduct breaches the requirement.
Penalty: Imprisonment for 6 months or 30 penalty units, or both.
Civil penalty
(8) A reporting entity must comply with a requirement under subsection (2).
(9) Subsection (8) is a civil penalty provision.