26RAUSTRAC CEO may require reporting entity to undertake ML/TF risk assessment etc.

#### 26R AUSTRAC CEO may require reporting entity to undertake ML/TF risk assessment etc. Scope (1) This section applies if the AUSTRAC CEO is satisfied that: (a) a reporting entity does not have an AML/CTF program; or (b) the AML/CTF program of a reporting entity is not up to date; or (c) the AML/CTF program of a reporting entity does not appropriately identify, assess, manage or mitigate the risk of money laundering, financing of terrorism and proliferation financing that the reporting entity may reasonably face in providing its designated services. Requirement (2) The AUSTRAC CEO may, by written notice given to the reporting entity, require the reporting entity to: (a) do one or more of the following: (i) undertake and document an ML/TF risk assessment of the reporting entity; (ii) review and update the ML/TF risk assessment of the reporting entity; (iii) develop and document AML/CTF policies of the reporting entity; (iv) review and update the AML/CTF policies of the reporting entity; and (b) provide a copy of the documentation within: (i) the period specified in the notice; or (ii) if the AUSTRAC CEO allows a longer period—that longer period. (3) A person commits an offence if: (a) the person is subject to a requirement under subsection (2); and (b) the person engages in conduct; and (c) the person’s conduct breaches the requirement. Penalty: Imprisonment for 6 months or 30 penalty units, or both. Civil penalty (4) A reporting entity must comply with a requirement under subsection (2). (5) Subsection (4) is a civil penalty provision.