Submission No. 7- Australian Transaction Reports and Analysis Centre


Parliamentary Joint Committee on the Australian Security Intelligence Organisation

Review of the Australian Security Intelligence Organization Legislation Amendment Bill 1999
Submissions

Submission No. 7- Australian Transaction Reports and Analysis Centre

AUSTRAC PO Box 5516W West Chatswood NSW 2057 Ph: (02) 9950 0055 Fax: (02) 9950 0073

Dear Secretary

Review of the Australian Security Intelligence Organization Legislation Amendment Bill 1999 SUBMISSION TO THE PARLIAMENTARY JOINT COMMITTEE ON THE AUSTRALIAN SECURITY INTELLIGENCE ORGANIZATION REVIEW OF THE AUSTRALIAN SECURITY INTELLIGENCE ORGANIZATION LEGLISATION AMENDMENT BILL 1999.

BACKGROUND

1.1 The Australian Transaction Reports and Analysis Centre (AUSTRAC) is a federal agency established under the Financial Transaction Reports Act 1988 ("FTR Act"). One object of the FTR Act is to facilitate the administration and enforcement of the laws of the Commonwealth and of the Territories. To achieve this object, AUSTRAC:
    collects Financial Transaction Reports information ("FTR information");
    • analyses FTR information; and
    • where appropriate, disseminates FTR information to law enforcement and revenue authorities.

1.2 AUSTRAC is one of Australia's primary anti-money laundering and anti-tax evasion agencies, and has the following three roles:

 
    • anti-money laundering regulator of the Australian financial system;
    • on-line financial intelligence unit for law enforcement and revenue agencies; and
    • analyst of FTR information.

1.3 The FTR information collected by AUSTRAC is used in two primary ways:

 
    • to identify unusual patterns or networks of financial transaction which may be indicative of money laundering or other criminal activities. This is done in two ways. First Suspect Transaction Reports lodged by cash dealers are disseminated to law enforcement agencies for investigation. Often, AUSTRAC supplements these reports before dissemination by adding other relevant intelligence from AUSTRAC's database of FTR information. Secondly, analysis is done by AUSTRAC using computer programs which monitor activity on the AUSTRAC database; and
    • The information is stored in AUSTRAC's database in Sydney and is available immediately (subject to privacy and security considerations set out in relevant Memoranda of Understanding between the Director of AUSTRAC and the CEO of each agency) to law enforcement and revenue agencies via encrypted data lines.

.

ISSUES TO BE CONSIDERED BY THE INQUIRY 2.1 The Parliamentary Joint Committee on the Australian Security Intelligence Organisation (ASIO) has been asked by the Attorney General to review and report on the Australian Security Intelligence Organisation Leglisation Amendment Bill by the 8th May 1999. It is understood that there are no formal terms of reference for the review and that the Committee will be considering the purpose of the Bill and the likely effects of its provisions. As the Bill includes amendments to the FTR Act the Committee has invited AUSTRAC to make a written submission to the review explaining the origins, purpose and effect of the relevant amendments.
        • AUSTRAC is not in a position to make a submission in relation to the origin of the Bill. However, AUSTRAC can comment on its involvement in the development of administrative arrangements between AUSTRAC and the Director-General of ASIO ("Director-General") and the Inspector-General of Intelligence and Security ("Inspector-General") as well as consultation processes with the finance sector and privacy and civil liberties organisations undertaken by AUSTRAC in relation to the proposed amendments to the FTR Act.
        • In September 1997 AUSTRAC was approached on a confidential basis by the Attorney General's Department concerning proposed amendments to the FTR Act which we were advised was part of a package of amending leglisation relating to ASIO. AUSTRAC was advised that the proposed amendment to the FTR Act would give the Director of AUSTRAC ("Director") a discretion to give FTR information to the Director-General in connection with the Director-General's duties, on the same basis upon which the Director has discretion to provide information to law enforcement and revenue agencies.

PURPOSE

3.1 AUSTRAC is aware from its involvement with its counterpart agencies overseas that, in a number of countries, financial transaction information is used by both national security and law enforcement agencies as an important indicator of criminal activities related to national security such as terrorism and espionage. For example, AUSTRAC has been advised that in a number of well-known terrorism incidents, substantial funds were sent to banks in the victim country to pay for the materials etc. used in subsequent acts of terrorism. AUSTRAC understands that financial transaction reports information could be used by ASIO as an intelligence source in relation to assessments where there are already some suspicions about a particular person in relation to a matter of national security. AUSTRAC understands that such information might also be an important source of intelligence and investigative leads in any subsequent police investigations relating to criminal offences.

4. CURRENT ACCESS TO FTR INFORMATION

    • Presently, the following agencies may have access to FTR information at the Director's discretion
    • Australian Customs Service
    • Australian Federal Police
    • National Crime Authority
    • Australian Securities & Investments Commission
    • All state and terrority Police forces (7)
    • Australian Bureau of Criminal Intelligence
    • NSW Crime Commission
    • Independent Commission Against Corruption (New South Wales)
    • Police Integrity Commission
    • Criminal Justice Commission (Queensland)
    • All revenue authorities of each state and terrority (8)

4.2 In addition, the FTR Act gives the Commissioner of Taxation access to FTR information. It is to be noted that although the Commissioner of Taxation is statutorily entitled to access to FTR information, access by the Commissioner is subject to the MOU between the Director and the Commissioner.

4.3 AUSTRAC has a Memorandum of Understanding (MOU) with each of the above agencies in which access controls and arrangements are set out in some detail. A copy of a typical MOU is attached. (Attachment A).

4.4 It is to be noted that the above agencies, which presently have access to the FTR information, vary considerably in their needs. To this end, although the statutory regime provides for access to FTR information at the Director's discretion, the arrangements regarding the precise terms and conditions upon which information is accessed are set out in the MOU with each agency. The MOU cover issues such as:
    • the geographic area for which reports will given eg. most staff in State agencies have access only to reports relating to that State whilst Federal agencies have access to reports on an Australia wide basis;
    • the designated areas of a particular organisation which have access e.g. Drug Squad, Fraud Squad, and Bureau of Criminal Intelligence;
    • the types of reports which particular officers may be allowed access to, eg Suspect Transaction Reports can only be seen by a limited number of officers;
    • arrangements for logging of access; and
    • privacy and security arrangements.

 

5. EFFECT OF THE AMENDMENTS ON AUSTRAC'S OPERATIONS

5.1 AUSTRAC cannot comment on the effects of the amendments other than in relation to its impact upon AUSTRAC.

5.2 In this regard, AUSTRAC does not anticipate that ASIO would be seeking access to FTR information frequently. However, the arrangements which have been tentatively agreed to between the Director and the Director-General and the Inspector-General to ensure proper usage and controls would add to AUSTRAC's administrative workload in a much more significant way than would the addition of another law enforcement partner agency because of the comprehensive nature of the measures which are proposed, the details of which are also set out under. (see part 6).

6. PROPOSED ACCESS BY ASIO TO FTR INFORMATION

    • In late 1997 discussions commenced between senior officers of AUSTRAC and ASIO. The first point to be emphasised is that AUSTRAC had a firm view that, should government determine to amend the FTR Act as proposed, ASIO's access to FTR information should be granted on the same basis as law enforcement agencies, that is to say, be at the Director's discretion.
    • As to how that discretion might be exercised, the starting point was to consider how access should be given, noting the differences between ASIO's operations and those of law enforcement agencies. In the course of discussions preliminary agreement was reached as to certain limitations to be placed upon ASIO's access to information. The effect is to ensure very tight controls over the means by which information can be accessed and the way it can be used.
    • The main differences between the arrangements under which it is proposed ASIO would be given access to FTR information and the basis upon which law enforcement agencies are given access are as follows:
    • it was agreed that ASIO officers be given an ability to search FTR information in relation to particular persons and not to be able to conduct any form of macro searches without the approval of the Director;
    • in the case of ASIO, the Inspector-General will have a very strong oversight role. In contrast, law enforcement agencies have on-line access in their own premises.
    • Access will not be provided on ASIO's premises but will be made on AUSTRAC's premises.

.

MOU between AUSTRAC and ASIO

6.4 A draft MOU has been negotiated between the Director and the Director-General, which includes strict provisions for control of the use of FTR information (Attachment B). It addresses privacy and security requirements. The main terms of the draft MOU are set out under:

    • FTR information can only be used by ASIO as a means of "progressing or furthering specific assessments";
    • the Director has agreed to provide ASIO with on-line access to the AUSTRAC database. However, under the terms of the MOU on-line access will not be available at ASIO premises but will be conducted by authorised ASIO officers conducting searches on the AUSTRAC database on AUSTRAC premises;
    • in the event that the Director-General forms a view that it would be desirable for operational purposes for ASIO to have on-line access to the ASIO premises, the Director-General will request the Director to consider granting such access. If the Director agrees to extending on-line searching capabilities to ASIO premises a new MOU will be entered into, such MOU to contain appropriate provisions to deal with these changes;
    • on-line access will allow authorised ASIO officers to conduct searches of FTR information by searching on name, address, account number or identification document number using AUSTRAC's enquiry system;
    • on-line access to the AUSTRAC database will be provided to officers requiring such access in the course of their duties nominated by any ASIO officer listed in Schedule 2 to the MOU (a Notifying Officer);
    • the Director will authorise a number of officers specified in Schedule 1 of the MOU to have access to the classes of FTR information specified in the schedule (authorised on-line access officers)
    • AUSTRAC will provide on-line access to authorised on on-line access officers within 24 hours of receiving written notification from a notifying officer
    • ASIO will notify AUSTRAC in writing within seven days where an officer ceases to undertake relevant duties. The officer's access code will be cancelled immediately after the notification has been received by AUSTRAC
    • on a monthly basis officers who have not accessed AUSTRAC database for six months and those officers granted access more than three months previously who have not accessed the AUSTRAC database will have their access cancelled.
    • AUSTRAC will provide ASIO with an "on-line usage statistical report on a quarterly basis". The Director-General will ensure that a copy of each on-line user's statistical report is provided to the Inspector-General for use in connection with the performance of the Inspector-General's functions and monitoring ASIO's compliance with the Attorney-General's Guidelines, the FTR Act and the MOU.
    • under the general arrangement ASIO will not have access to the macro-search tools usually available to AUSTRAC partner agencies. However, if from time to time ASIO requires access to FTR information on parameters wider than those available through on-line access, the Director has discretion to approve on a case by case basis wider searches of the AUSTRAC database within limited parameters. However, the Director may decline such a request at the Director's discretion. The Director will notify the Inspector-General of any such wider searching for the purpose of assisting the Inspector-General in carrying out his duties.
    • in such cases the Director when considering such requests will make a determination having regard to the presence and adequacy of a statement from a Notifying Officer advising the request for information is relevant to an official assessment.

Privacy

6.5 Issues regarding "Privacy" are set out in clauses 17 to 23 of the MOU as follows:
    • information accessed by ASIO in accordance with the MOU is to be regarded by ASIO as "Personal Information" and subject to the Attorney General's Guidelines for treatment of Personal Information.
    • an officer of ASIO who has possession and control of FTR information shall not use that information except for the purposes for which the information was collected.
    • bulk downloads of FTR information to computer disk, magnetic tape or like medium is not allowed. Furthermore, FTR information accessed by ASIO officers can not be used for data matching purposes unless specifically authorised by the Director. However, this does not preclude routine comparison by ASIO of FTR information against its own existing database eg. to confirm identities or the downloading of information onto ASIO internal worksheets.
    • FTR information may be used only for the purposes for which it is obtained.
    • an ASIO officer may only divulge or communicate information to a limited number of persons. It is to be noted that the proposed statutory requirement is much more stringent than that which applies to law enforcement and revenue agencies. The proposed subsection 27AA (4) provides that ASIO officers obtaining FTR information shall not divulge or communication except to:

(i) a police officer for the purposes or in connection with the performance of that officer's duties in relation to ASIO;

(ii) an IGIS officer for the purposes of or in connection with the performance of that officer's duties in relation to ASIO;

(iii) another ASIO officer for the purpose of or in connection with, the performance of that officer's duties.
    • ASIO is not permitted to divulge or communicate FTR information to:

(a) any domestic agency not listed in clause 25 of the draft MOU; or

(b) any foreign agency.
    • where FTR information is accessed by ASIO and the Director-General is satisfied that the information is not or is no longer required for the purposes of performance of the function or exercise of the powers under the Australian Security Intelligence Organization Act 1979, the Director-General shall cause the FTR information to be destroyed as soon as practicable.
    • Access by ASIO's officers to the AUSTRAC database will be subject to access controls to protect both ASIO and AUSTRAC. The controls will consist of:
        • a unique computer Access Code (User Identifier) provided by AUSTRAC to officers; and
(b) a unique User Password
    • access to the AUSTRAC database will require both an Access Code and User Password.
    • AUSTRAC will maintain a computer access log which provides a record for each FTR report accessed by each User Identifier. The detailed information contained in the computer access log will be available to the Director or senior officers of AUSTRAC nominated by the Director, and the Director-General or senior officer of ASIO nominated by the Director-General. Where a computer access log is provided to ASIO, the Director may also provide a copy to the Inspector-General.
    • the Director-General will ensure that FTR information obtained from the AUSTRAC database is protected by such security safeguards as is reasonable in the circumstances against:

(a) loss, unauthorised access, unauthorised disclosure; and

(b) modification or other misuse.

.

Accountability and Feedback

6.6 Accountability and feedback are dealt with in the draft MOU as follows:
    • ASIO is required to maintain an audit trail in respect of FTR information distributed within ASIO. Where FTR information is disseminated by ASIO to the Australian Federal Police or a State or Terrority police service, ASIO will maintain a record of that dissemination;
    • records will be available for inspection by the Inspector-General for the purpose of monitoring ASIO's compliance with the FTR Act in respect of access to and distribution of FTR information, the Attorney General's Guidelines and the MOU.
    • the Director-General acknowledges that:

(a) the Director will liaise with the Inspector-General as to ASIO's compliance with the FTR Act and the MOU;

(b) it is a condition of the continuation of the MOU that the Inspector- General provides to the Attorney General for dissemination to the Director an annual compliance statement confirming ASIO's compliance with the Attorney General's Guidelines, the FTR and the MOU. The first compliance statement is to be provided on the first occasion after the MOU becomes operative when the Inspector-General provides an annual report to the Attorney-General. Further, the Director-General agrees to facilitate the liaison arrangement referred to in paragraph (a).

.

Suspect Transaction Reports

6.7 Suspect Transaction Reports are treated differently to other FTR information because of the element of judgement involved on the part of a cash dealer in deciding to lodge such a report with the Director. For that reason, special arrangements have been developed to deal with their usage by all receiving agencies. The draft MOU provides as follows:
    • Suspect Transaction Reports may be accessed by ASIO for official purposes using AUSTRAC's basic enquiry system TES II. Such reports are available only for intelligence purposes. The special nature of such reports and the need to protect the identity of persons furnishing such a report is required to be recognised at all times. The information of such reports can only be used for internal analysis and to direct ASIO officers to the collection or intelligence by other means (eg. by use of appropriate powers etc.);
    • a Suspect Transaction Report, a copy of such report or a document purporting to set out information in such report are not admissible in evidence in any legal proceedings other than in a prosecution for certain offences under the FTR Act. Evidence is not admissible as to whether a Suspect Transaction Report was prepared whether a copy of a report or a document purporting to set out information contained in such report was given or received by the Director, or whether particular information was contained in a report. Disclosure of Suspect Transaction Reports must not be made to prosecuting counsel or in briefs of evidence, without prior consultation with the Director.

6.8 As with other FTR information, such reports can only be accessed by searching on a particular name or names. There will be no capability to search and obtain these reports en masse, except if a particular reason to do so is established. The relevant provisions of the MOU will come into play.

General

6.9 In addition, the following general provisions are contained in the draft MOU:
    • any changes to the MOU, except for changes to the Schedules will require the execution of a new MOU.
    • the MOU will remain in effect until replaced by a new MOU on the same subject matter or terminated. The MOU may be terminated at any time by written notice by the Director or the Director-General.
        • The draft MOU between AUSTRAC and ASIO has been subject to continuing discussions. The draft that is attached is presently being considered by ASIO and AUSTRAC expects that the arrangements will be settled in the near future, subject to further comments by the Director-General and any views expressed by this Committee.

Role of Inspector-General

6.11 In addition to the constraints placed upon ASIO in the use of FTR information as outlined above, the draft Bill provides for an oversighting role to be undertaken by the Inspector-General. Under the terms of the draft Bill the Inspector-General will monitor compliance by ASIO with;
    • the FTR Act
    • the Attorney-General's Guidelines in relation to performance by ASIO of its function so far as the Guidelines relates to the access and use of FTR information, and ;
    • the MOU between the Director and the Director-General of ASIO on ASIO access to use of FTR information.
6.12 Discussions on the arrangements have been held with both the current Inspector-General and his predecessor. A draft MOU has been prepared between the Director and the Inspector-General to deal with certain matters in relation to the Inspector-General's functions in oversighting ASIO's use of FTR information. A copy of the draft MOU is attached for the Committee's information.(Attachment C). The major terms of the MOU are as follows:
    • the Inspector-General will review "On-line Usage Statistical Reports" in relation to ASIO authorised on-line access officers to monitor on-line access to FTR information. (It is to be noted that these reports give the number of times each ASIO on-line access officer has logged onto the AUSTRAC database and the number and type of searches conducted by each officer);
    • where the Director-General of ASIO makes a request in writing to the Director for access to information on parameters wider than those available through on-line access and the Director agrees to such a request, the Director will notify the Inspector-General of any wider searches for the purposes of carrying out the Inspector-General's duties;
    • the Inspector-General agrees to provide to the Attorney-General for dissemination to the Director, an annual compliance statement in relation to ASIO's compliance with the Attorney-General's Guidelines, the FTR Act and the MOU between the Director and the Director-General on ASIO's access to and use of FTR information.
    • an ASIO officer may divulge or communicate FTR information to an IGIS officer for the purposes of or in connection with the performance of that IGIS officer's duties in relation to ASIO.
    • an IGIS officer who obtains FTR information under the proposed Section 27 AA of the FTR Act may not divulge or communicate the information except:

(a) to another IGIS officer, for the purposes of or in connection with the

performance of that IGIS officer's duties in relation to ASIO or

employees of ASIO; or

(b). in a manner that does not identify a person to whom the information

relates, in a report under Division 4 Part 2 of the IGIS Act in relation to

ASIO or employees of ASIO

    • the Director will provide the Inspector-General with an "On-line Usage Statistical Report" in relation to ASIO authorised on-line access officers, on a quarterly basis or more often if requested to do so by the Inspector-General.
    • AUSTRAC will maintain a computer access log, which provides a record of each FTR report access by each user identifier. The detailed information contained in the computer access log may be made available by the Director to the Director-General or senior officers of ASIO nominated by the Director-General. When such computer access log is provided to the Director-General a copy of the log may be also given to the Inspector-General.
    • any variation to the MOU will require execution of a new MOU signed by the Director and Inspector-General.

6.9 Continued access by the ASIO will be dependent upon the Inspector-General giving ASIO a "clean bill of health" each year. Discussions between the Director and the Inspector-General are continuing to finalise the MOU. We would welcome any comments by this Committee.

 
      CONSULTATION WITH REPRESENTATIVES OF THE FINANCIAL SECTOR, PRIVACY AND CIVIL LIBERTIES GROUPS

7.1 When AUSTRAC was advised that there was a proposal to allow access to FTR information to ASIO the Director sought approval from the Attorney-General to consult on a confidential basis with some key interested parties within the financial sector, privacy and civil liberties groups. AUSTRAC was advised on the 4th September 1997 that approval had been given to do this. AUSTRAC arranged for special meetings of the AUSTRAC Privacy Committee, (APC) and its Provider Advisory Group (PAG) to be convened.

.

7.2 By way of background, the PAG is a consultative body comprising financial sector representatives and AUSTRAC staff, which, meets regularly to discuss issues regarding implementation of the FTR Act.

7.3 A special PAG meeting was convened on the 25th September 1997 and was attended by representatives from the following organisations:

    • Australian Bankers' Association
    • Australian Finance Conference
    • Colonial State Bank Limited
    • Commonwealth Bank
    • Credit Union Services Corporation of Australia Limited (CUSCAL)
    • National Australia Bank
    • Reserve Bank
    • St. George Bank
    • Chase Manhattan Bank
    • Westpac Bank
    • AUSTRAC
7.4 In addition, invited representatives of the Australian Association of Permanent Building Society and the ANZ Bank, who did not attend the meeting, were consulted on a bilateral basis.
        • On the same day, a special meeting of the APC was also convened. By way of background, the APC is a body which, is made up of privacy and civil liberties groups, law enforcement and revenue agencies and AUSTRAC. The APC was set up to consult with the Director on the privacy and civil liberties implication of the FTR Act and the use of FTR information by law enforcement and revenue agencies. It was established following a recommendation by the Senate Standing Committee and Legal and Constitutional Affairs, in its November 1993 report, "Checking The Cash".
7.6 The organisations represented at the special meeting of the APC on 25th September 1997 were:
    • Victorian Council of Civil Liberties
    • Privacy Commissioner
    • Electronic Money Information Centre
    • Australian Taxation Office
    • National Crime Authority
    • Australian Federal Police
    • AUSTRAC
    • Prior to both meetings the name of the possible "new user" of FTR information had not been advised to the attendees. They had simply been told that there was a proposed "new user" about which we wished to consult with them on a confidential basis. At the beginning of each meeting, AUSTRAC advised that it had been advised by the Attorney-General's Department that there was a proposal which was being considered by the Government to give ASIO access to FTR information. Further, approval had been given by the Attorney-General to discuss the proposal with them on a confidential basis and that their comments would be forwarded to the Attorney-General's Department for consideration.

Provider Advisory Group (PAG)

7.8 The PAG did not oppose access by ASIO to FTR information as a matter of principle but advised three main areas of concern:

(a) they questioned whether ASIO required access to undertake its activities. They asked whether there were not already existing avenues for ASIO to obtain financial information, for example through the Australian Federal Police. AUSTRAC responded, that it understood FTR information was being sought in relation to ASIO's assessment process and that this occurs prior to any referral to the Australian Federal Police, when appropriate, regarding the investigation of possible criminal offences.

(b) they advocated that there should be strict controls on the access and usage of FTR information. AUSTRAC advised that these issues would be covered in an MOU between the Director and the Director-General and the arrangement would be oversighted by the Inspector-General.

(c) they also raised the issue of protection of cash dealer and, in particular, front line teller staff who might instigate a Suspect Transaction Report. In response, AUSTRAC indicated that we had anticipated their concerns and that our discussions with ASIO had included discussions for any follow up contacts in relation to Suspect Transaction Reports to be made through AUSTRAC. They were very comfortable with this approach and said that they prefer to have some sort of "firewall" between them and ASIO.

7.9 As PAG members had not been advised of the identity of the proposed new user prior to the meeting, they sought approval to discuss the proposal with a limited number of key senior persons. The attendees indicated that were perhaps one or two people in their organisations who should be consulted and assured these people could be trusted to deal with the matter confidentially. AUSTRAC indicated that the Attorney-General had given the Director approval to consult and AUSTRAC agreed that they could consult with key people on a confidential basis. No further advice was received as a result of this.

AUSTRAC Privacy Committee (APC)

7.10 Generally, the APC were not so amenable to the proposal as the PAG members. The representatives of privacy and civil liberties groups were seriously concerned about the extension of the FTR Act to ASIO. Their concerns related to the extension of the FTR Act regime beyond its original use for law enforcement and revenue purposes as well as concerns that a national security agency such as ASIO would be given access to such confidential financial information. They were concerned to ensure that, if access was to be granted, FTR information must not be used in any kind of "fishing expedition" against members of the public.

    • The following specific comments were made:
    • whether ASIO should be given access at all. This concern was expressed as being an example of "function creep" in terms of the originally intended use of FTR information. They said that they believed that access to FTR information by ASIO would introduce a whole new concept and perceptions in relation to the use of FTR information. They indicated that use of FTR information by ASIO might also affect the goodwill of civil liberties and privacy groups towards the leglisation that had been achieved to date.
    • they were very concerned to make sure that ASIO had made its case adequately to Government as to why it should have access directly rather than rely upon the Australian Federal Police to make enquiries on its behalf. They said they would like to see the proposal that the agency had put forward. AUSTRAC indicated that we did not believe the group would be allowed to see the Department's submission to the Attorney-General but that it might be possible to obtain a distillation of ASIO's case.
    • they questioned whether other countries gave access to financial intelligence information to similar organisations in relation to national security matters. AUSTRAC responded that it understood that in other countries such as the United States of America and the United Kingdom, relevant agencies have access to this kind of information for national security purposes.
    • they also raised a question whether ASIO was moving into a more mainstream law enforcement role. The concern was expressed that there appeared to be a move by ASIO from national security work to other areas - they queried whether it was taking on some kind of anti-money laundering brief. AUSTRAC indicated that, insofar as we were aware, this is not the case; ASIO was seeking use of FTR information in relation to its national security work. (It should be noted that the US's CIA now has a money laundering brief and is becoming more active in this work).

    7.12 They also raised a number of issues which they considered to be important in the event that Government determines to proceed with the proposal to provide a statutory framework which would allow access by ASIO to FTR information. These cover a number of significant concerns which we could not answer in our preliminary meeting which involved more detail examination of the proposed security and privacy arrangements which ASIO would be required to put in place presuming it was given the go ahead. The issues raised include:
    • no special Suspect Transaction Report guidelines should be issued to cash dealers which would indicate that financial institutions staff would be obliged to look for particular features which might be indicative of terrorism or other national security related activity. For example, they were concerned that cash dealer staff would be required to lodge Suspect Transaction Reports in respect of "Middle Eastern looking people" or in relation to some other group in the community. AUSTRAC responded that we didn't believe that there would be any special need for new guidelines. It should be noted that one of the tasks which the APC will be undertaking in the next 12 months is to review AUSTRAC's existing Suspect Transaction Report Guidelines to consider privacy concerns;
    • AUSTRAC's printed material should be amended to include advice to the public that FTR information could be provided to a national security organisation;
    • they were concerned about the kind of access that ASIO might have to FTR information. AUSTRAC responded that in discussions to date ASIO would only be allowed to conduct searches on name, address and account information and would not be allowed to undertake any macro analytical searching. For example, ASIO would not be allowed to conduct searches on particular ethnic groups or "ethnic sounding" names. This response gave them some comfort, although concerns were expressed about 'usage creep' if provisions were not made clear in relation to limitations and usage. AUSTRAC indicated to them that if the matter did progress we would be looking to ensure that both the Attorney General and Cabinet included in their decisions that access should be limited so as to avoid any future unauthorised 'creep';
    • there were also concerns in relation to the effects this access would have on ASIO's information gathering practices and how it could be prevented from collecting new "information for information's sake" and building up large amounts about individuals. AUSTRAC responded that the draft MOU contains controls on the way in which ASIO collected and stored data and there were obligations in respect to destruction of data. They said that they would like to be advised further in relation to this.
    • they were concerned to ensure that the monitoring of access as outlined would properly occur. In relation to the Inspector-General's oversight role, they were keen to ensure that the detail of the oversighting would be strong enough to address security and privacy concerns.
    • they were also concerned as to the kind of remedy which would occur in relation to ASIO in the event of a breach of the Memorandum of Understanding ( and therefore indirectly the Cabinet decision which underpins the terms of the MOU). They wanted to know whether access would be cut off, or whether it would be suspended or whether individual breaches would be overlooked. AUSTRAC advised that this would be a matter for the Director and Inspector-General to consider and, if need be, direction would be sought from government.
    • they also thought it would be important that there be feedback as to where the information was used and if it was worthwhile to continue access. Suggestions included inserting "sunset" clauses or other review mechanisms. AUSTRAC indicated that the FTR Act is to be reviewed shortly and this would provide a mechanism. However they wanted this point specifically raised.

7.13 Finally, again the members of the APC were concerned about the fact that the identity of the proposed new user had been kept confidential prior to this meeting and sought approval to consult with senior members of their organisations. This was agreed, as it was in accordance with the terms of the approval to consult which had been given by the Attorney-General. Little further material was provided as a result of this.

7.14 At the conclusion of each meeting AUSTRAC requested that any written comments be forwarded to AUSTRAC by the 30th September 1997 and undertook that all comments would be forwarded to the Attorney General's Department for inclusion in the submission to the Attorney General.

7.15 Details of the special meetings of the PAG and APC held on the 25th September 1997 received by AUSTRAC were forwarded to the Attorney General's Department on that same day. (Attachment D).

7.16 Subsequently written comments were received from the Privacy Commissioner's Office, the Victorian Council of Civil Liberties and the Australian Taxation Office. These written responses were forwarded to the Attorney General's Department on the 1st October 1997. (Attachment E ).Written comments were not received from any PAG members.

7.17 On the 10th October 1997 AUSTRAC wrote to all of the attendees of both meetings to thank them for attending the special meeting on the 25th September and advising that all comments had been forwarded to the Attorney-General's Department for consideration.

Further Consultations

7.18 On the 25th November 1997, AUSTRAC wrote to the members of the PAG to thank them for their consultation on this issue and advising them that the amending leglisation, which had been due to be tabled during the Spring Sittings of Parliament, had been delayed. Further, it was now likely that the leglisation would be tabled for the Autumn Sittings of the next year (1998) and they would be advised as information became available.

7.19 An APC meeting was convened at AUSTRAC offices in Sydney on the 12th March 1998. Included on that meeting's agenda was an update on the 'new user' to the effect that the proposal had been delayed. Further, AUSTRAC advised that the Privacy Commissioner had requested that a sunset clause be inserted in the leglisation and that this proposal had been forwarded to the Attorney-General's Department for consideration.

7.20 A further meeting of the APC was held at AUSTRAC's office on the 8th December 1998. An update on the ASIO issue was given, to the effect that the Election that delayed Parliamentary consideration of the matter and this would probably now be dealt with in the Autumn Session of 1999.

7.21 On the 22nd March 1999 AUSTRAC was advised by the Attorney-General's Department that the Australian Security Intelligence Organization Leglisation Amendment Bill would be introduced into the Parliament in that week. AUSTRAC were subsequently advised that the Bill had been dealt with by the House of Representatives on the 25th March 1999. On the 26th March 1999 AUSTRAC received copies of the Hansard, the Second Reading Speech to the Bill and a media release from the Attorney-General. The media release stated that certain amendments were proposed to the ASIO leglisation including a proposal to give access to records of financial transactions held by AUSTRAC.
        • On the 29th March 1999, a meeting of the APC was held. The Director addressed the meeting and gave an update on the situation as she understood it. The points made to the meeting included:
    • the threshold issue, whether ASIO should or should not have access to FTR information, was not a matter for AUSTRAC but an issue for the Government.
    • in a number of other countries, similar agencies have such access for use in relation to issues such as terrorism.
    • although AUSTRAC obviously has no experience in the information processes of ASIO, it understands well how law enforcement agencies use FTR information and the appropriate limitation to put on such access. In accordance with advice from government, AUSTRAC would seek to ensure that FTR information is used in relation to particular persons and not in "fishing expeditions".
    • following approval from the Director-General, the Director provided to the APC, copies of both draft MOUs between AUSTRAC and ASIO, and AUSTRAC and IGIS.
    • comments from APC members on the draft MOUs were sought. It is presumed that a number of bodies represented on the APC will make submissions to the Committee.
        • At the meeting, a letter dated 29 March 1999 from the Financial Services Consumer Policy Centre was tabled. That letter expressed concern about the proposed access. The letter called for a round table conference of all stakeholders. It was noted that the threshold issue (whether ASIO should be given access) was not a matter for AUSTRAC. That should be taken up with government directly. However, AUSTRAC is keen to take advice on the practical issues of implementation if the proposal proceeded. In relation to the call for a round table discussion, the Director offered to facilitate discussions. No further request has been received in this regard.

.

8. CONCLUSIONS

        • AUSTRAC does not have a view as to whether ASIO should be given access to FTR information. However, in the event that it is decided to give ASIO statutory access to FTR information AUSTRAC believes that such access should be subject to stringent controls and oversight.
        • In the first instance, AUSTRAC believes that any access by ASIO to FTR information should be on the same basis as that for law enforcement and revenue agencies access this information, that is, at the Director's discretion.
        • In relation to determining how such access would be given AUSTRAC believes that it has been very important to consult with members of AUSTRAC's consultative bodies, the PAG and the APC and that the Attorney-General gave the Director approval to do so. AUSTRAC has consulted with these groups and forwarded their comments to the Attorney-General's Department for consideration. AUSTRAC is most appreciative of the Attorney-General's support in seeking to hold these confidential discussions.
        • This has allowed PAG and APC's comments to be taken into consideration in the development of the draft Memoranda of Understanding between the Director and the Director-General and between the Director and the Inspector-General.
        • The draft MOUs with the Director-General and Inspector-General contain stringent provisions on control and access to FTR information and a very strong oversight role by the Inspector-General to ensure appropriate access and use of FTR information by ASIO. AUSTRAC believes that the measures contained in the MOUs are appropriate and address the concerns of both AUSTRAC and its PAG and APC insofar as these relate to administrative arrangements.
The Australian Transaction Reports and Analysis Centre (AUSTRAC) 23 April 1999