Alex is Sprintlaw’s co-founder and principal lawyer. Alex previously worked at a top-tier firm as a lawyer specialising in technology and media contracts, and founded a digital agency which he sold in 2015.
Contents
- What Are The AML/CTF Laws?
- Are Mortgage Brokers And Finance Businesses Affected By AML Laws?
- Why The AML Changes Matter For Finance Businesses
- Privacy Notices, Credit Disclosures And Customer Consents
- Referral Agreements
- Onboarding Terms And Client Agreements
- Data-Sharing And Third-Party Provider Clauses
- Record Keeping And Internal Processes
- Staff, Contractors And Offshore Support
- What Documents Should Finance Businesses Review?
- What Should Mortgage Brokers And Finance Businesses Do Now?
- How Sprintlaw Can Help
Australia’s Anti-Money Laundering and Counter-Terrorism Financing laws are changing, and mortgage brokers, lenders, aggregators and finance-related businesses should be paying attention.
Some finance businesses may already have AML/CTF obligations, while others may be affected through lender requirements, aggregator processes, customer verification systems, referral arrangements or third-party data-sharing practices.
For mortgage brokers and finance businesses, the key issue is often not just whether an AML policy is required. It is whether the legal documents around the customer journey properly support identity verification, privacy disclosures, credit consents, referrals, record keeping and data sharing.
This article explains which documents may need to be reviewed and what finance businesses should consider before the new AML/CTF changes take full effect.
What Are The AML/CTF Laws?
AML/CTF laws are designed to help prevent money laundering and terrorism financing. In practice, they require certain businesses to understand who their customers are, assess risk, keep records and report suspicious matters where required.
For finance businesses, this can be especially important because loans, payments, transactions and financial products can be misused to move or disguise money. Even where a mortgage broker or finance business is not directly holding customer funds, it may still play an important role in collecting customer information, referring clients, sharing documents with lenders or coordinating finance applications.
The rules are service-specific. This means a business should look closely at what it actually does, rather than assuming it is captured or excluded simply because it is a broker, lender, aggregator or finance consultant.
Are Mortgage Brokers And Finance Businesses Affected By AML Laws?
It depends on the services the business provides.
Some finance businesses may already have AML/CTF obligations, particularly where they provide regulated financial services, lending services or other designated services. Other businesses may be affected indirectly through lender requirements, aggregator policies, referral processes or third-party verification systems.
For example, a lender may require more detailed identity verification before assessing an application. An aggregator may require brokers to follow updated onboarding procedures. A referral partner may need clearer consent to share customer information. A finance business using third-party verification software may need to update its privacy documents and data-processing arrangements.
Because AML/CTF obligations depend on the specific services being provided, a mortgage broker, lender, aggregator or finance business should get advice on whether it is directly regulated, indirectly affected through commercial arrangements, or both.
A practical starting point is to review each service the business provides, decide whether it is in scope, out of scope or needs further advice, and record the reasoning.
Why The AML Changes Matter For Finance Businesses
Finance businesses already collect a significant amount of customer information, including identity documents, income details, bank statements, credit information, tax records and property information.
AML/CTF processes may add further checks, such as identity verification, beneficial ownership information, screening results or questions about the purpose of a transaction.
This creates two main issues.
First, the business needs a clear process. Staff should know what information to collect, when checks are required, who reviews unusual matters and what records need to be kept.
Second, the business needs the right legal documents. Customers should understand why information is being collected, who it may be shared with, and what happens if they do not provide it.
Privacy Notices, Credit Disclosures And Customer Consents
Finance businesses already collect a significant amount of customer information, including identity documents, income details, bank statements, credit information, tax records and property information. AML/CTF processes may add further checks, such as identity verification, beneficial ownership information, screening results or questions about the purpose of a transaction.
This means privacy and credit documents should be reviewed carefully. A customer should understand what information is being collected, why it is needed, who it may be shared with, and what happens if they do not provide it.
For mortgage brokers, this may involve reviewing privacy notices, credit guides, application forms, customer consents and disclosure documents. These documents should reflect how information actually moves between the customer, broker, aggregator, lender, credit reporting body, verification provider and any other third-party platform used in the process.
Clear wording is especially important where information is being used for identity verification, fraud prevention, AML/CTF compliance, credit assessment, lender requirements or record keeping.
Referral Agreements
Referral arrangements are common in the finance industry. Brokers may receive referrals from accountants, real estate agents, conveyancers, buyer’s agents or other business partners, and may also refer clients to lenders, insurers or other finance providers.
Referral agreements should be reviewed if referral partners share customer information, assist with onboarding, or introduce customers before verification checks are complete.
A good referral agreement should explain what information can be shared, when customer consent is required, who is responsible for obtaining that consent, and whether either party has compliance steps to complete before a referral progresses.
This helps avoid informal information-sharing practices that may create privacy, consent or compliance gaps.
Onboarding Terms And Client Agreements
Your onboarding terms or client agreement should support the way your finance business actually works.
If you need to verify identity, request further information, share information with lenders or pause an application while checks are completed, your documents should say so.
This is particularly important for businesses that advertise fast approvals or quick turnaround times. If compliance checks may delay an application, your terms should help manage that expectation.
For example, a customer with a company, trust, overseas income or complex source of funds may require additional checks before an application can move forward. Your terms should allow you to request that information and explain that services may be delayed or stopped if required information is not provided.
Data-Sharing And Third-Party Provider Clauses
Data sharing is central to the finance industry. A mortgage broker or finance business may share customer information with lenders, aggregators, credit reporting bodies, identity verification providers, CRM systems, document collection tools, compliance platforms, insurers, referral partners and support staff.
AML/CTF changes may make it even more important to ensure these arrangements are properly documented.
Customer-facing documents should explain who information may be shared with and why. Partner and supplier agreements should deal with confidentiality, permitted use, data security, access controls, breach notification, subcontracting, retention and deletion.
This is especially important where offshore support, cloud software or external verification tools are used. Using a third-party platform can be helpful, but it does not remove the need to understand how customer data is handled.
Record Keeping And Internal Processes
AML/CTF compliance also depends on good records.
For finance businesses, records may sit across broker platforms, lender portals, aggregator systems, email inboxes, CRMs, cloud storage and document collection tools. That can create risk if there is no clear process for where information is stored, who can access it and how long it is kept.
Affected businesses should consider whether their internal policies explain when checks are required, who performs them, when matters are escalated, what records are kept and how staff should handle unusual or inconsistent information.
This does not need to be overly complicated, but it should be clear enough for staff to follow consistently.
Staff, Contractors And Offshore Support
Many finance businesses use contractors, loan processors, virtual assistants, offshore support teams or external administrators to help collect and process customer information.
If these people handle customer data or assist with onboarding, their agreements may need to be reviewed.
Staff and contractor agreements may need to include obligations around confidentiality, secure handling of identity documents, compliance with internal procedures, data security, escalation of unusual matters and deletion or return of information when the relationship ends.
This is especially important where offshore support is used. The business should understand whether customer data is being accessed overseas and whether its privacy documents and contractor agreements properly address that arrangement.
What Documents Should Finance Businesses Review?
The exact documents will depend on the business model, but mortgage brokers and finance businesses should consider reviewing their customer-facing, partner-facing and internal documents together.
This may include privacy policies, collection notices, credit guides, credit disclosures, customer consents, onboarding terms, client agreements, referral agreements, data-sharing clauses, third-party provider contracts, contractor agreements and internal AML/CTF policies.
The goal is not to create more paperwork for the sake of it. The goal is to make sure the documents match the way information actually moves through the business.
If your onboarding process collects customer identity information, your privacy notice should explain it. If your referral partners send customer details, your referral agreement should support it. If your broker platform shares information with lenders and verification providers, your customer consents and data-sharing clauses should cover it.
What Should Mortgage Brokers And Finance Businesses Do Now?
The first step is to work out whether your business provides any services that are directly captured by the AML/CTF regime. If you are unsure, get advice on your specific service lines.
From there, map the customer journey. Look at what information you collect, who collects it, where it is stored, who it is shared with, and what happens if further verification is required.
Then review the documents that support that journey. In particular, check whether your privacy notices, credit disclosures, referral agreements, onboarding terms and data-sharing clauses accurately reflect your current and future processes.
You should also think about internal readiness. If your business is affected, legal document updates are only one part of AML compliance. You may also need to enrol with AUSTRAC where required, appoint a compliance lead, conduct a risk assessment, implement an AML/CTF program, train staff, keep records and report suspicious matters where required.
For higher-risk or more complex finance businesses, specialist AML/CTF compliance advice may also be needed.
FAQs
Do Mortgage Brokers Need To Comply With AML Laws?
It depends on the services the business provides. Some finance businesses may already have AML/CTF obligations, while others may be affected indirectly through lenders, aggregators, referral partners or third-party verification requirements. The rules are service-specific, so it is important to review your actual business activities.
Why Do AML Laws Affect Privacy Documents?
AML checks often involve collecting and sharing sensitive customer information, including identity documents and verification results. If your business collects new information or shares it with new parties, your privacy policy and collection notices may need to be updated.
Should Referral Agreements Be Updated?
They may need to be reviewed if referral partners share customer information, assist with onboarding, or refer customers before identity or compliance checks are complete. A referral agreement should clearly explain each party’s role and how customer information can be handled.
Are Legal Document Updates Enough For AML Compliance?
No. Legal document updates are only one part of AML readiness. Affected businesses may also need risk assessments, AML/CTF programs, staff training, escalation procedures, reporting processes and record-keeping systems.
What Documents Should A Mortgage Broker Review?
A mortgage broker may need to review its privacy policy, collection notices, credit disclosures, customer consents, onboarding terms, referral agreements, data-sharing clauses, contractor agreements and internal compliance policies.
How Sprintlaw Can Help
Sprintlaw can help mortgage brokers and finance businesses review and update the legal documents that support AML/CTF readiness.
For businesses that need a full AML/CTF program, risk assessment or specialist operational compliance advice, you may also need help from an AML/CTF compliance specialist. Sprintlaw can help make sure your legal documents align with the process you adopt.
Need help reviewing your finance documents before the AML/CTF changes take effect? You can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no-obligations chat.
Alex SoloCo-Founder
