Chapter 2The regulatory environment and background to the inquiry
2.1This chapter examines the regulatory environment under which The PerthMint (The Mint) operates, with reference to Commonwealth legislation and requirements, and considers other relevant inquiries.
Relevant Commonwealth laws
2.2As highlighted in Chapter 1, as a Western Australian Government trading enterprise (GTE), Gold Corporation (Gold Corp) is governed by a range of state legislation.
2.3Relevant matters which fall within the remit of Federal parliamentary oversight relate primarily to anti-money laundering/counter-terrorism financing (AML/CTF) regime compliance, national measurement, privacy and modern slavery requirements. This chapter therefore examines the operation of GoldCorp over recent years, with reference to Commonwealth legislation.
Anti-money laundering and counter-terrorism financing
2.4The Attorney-General's Department explained that the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) 'provides the means to help deter, detect and disrupt money laundering and terrorism financing. It also provides financial intelligence to revenue and law enforcement agencies'. Further, the AML/CTF Act takes a 'risk-based approach to regulation', with details of how general principles and obligations are carried out set out in the Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument2007 (No. 1) (AML/CTF Rules).
2.5These laws help Australia 'comply with the international standards in relation to anti-money laundering, counterterrorism financing and counterproliferation financing'.
2.6The AML/CTF Act imposes six obligations on regulated businesses, with specific systems, controls and processes implemented by individual organisations on the basis of their individual risks, including:
customer due diligence—including verification of customer identification, the 'know your customer' requirement;
ongoing customer due diligence—including transaction monitoring and enhanced customer due diligence;
reporting—according to cash thresholds ($5000 and over for bullion transactions), suspicious transactions, annual compliance reports, and cross border movements of monetary instruments;
developing and maintaining an AML/CTF Program—including risk identification, and risk mitigation and management systems and controls such as staff training and a nominated anti-money-laundering officer;
record keeping—certain records which can assist with identification of financial crime, or which are relevant to compliance with the AML/CTF regime; and
enrolment and registration with the Australian Transaction Reports and Analysis Centre (AUSTRAC)—for regulated entities providing a designated service (such as bullion services), with additional checks for remittance service providers and digital currency exchange providers.
2.7Under the AML/CTF Act, regulated businesses—including Gold Corp—must have developed and implemented an AML/CTF Program with the 'primary purpose of identifying, mitigating and managing the money laundering or terrorism financing risk that the reporting entity may face'. Gold Corp has a joint program that applies to all regulated entities within its designated business group.
2.8As specified by the AML/CTF Act and Rules, the program is made up of:
Part A—which 'must have the primary purpose of identifying, mitigating and managing money laundering and terrorism financing risks', be approved by the entity's governing body and senior management and subject to their ongoing oversight. Specific elements include:
appointing an AML/CTF compliance officer at the management level;
an employee due diligence program to identify and screen any employees who may put a regulated entity's business or organisation at risk of money laundering and terrorism financing;
an AML/CTF risk awareness training program for employees;
ongoing customer due diligence and enhanced customer due diligence systems to ensure information collected about a customer or beneficial owner is reviewed and kept up to date, and to determine whether extra information should be collected and verified; and/or
transaction monitoring systems and controls for the purpose of identifying suspicious matters that must be reported to AUSTRAC.
Part B—which 'covers the regulated entity's customer due diligence procedures and must include':
information collected and verified to make sure that customers, and their agents, are who they claim to be;
information collected and verified about beneficial owners;
how a regulated entity determines if its customer or the beneficial owner is a 'politically exposed person'; and
how a regulated entity decides when it should collect additional information about a customer.
2.9Mr Bradley Brown from AUSTRAC stated that the AML/CTF regime is aimed at establishing a framework to mitigate and manage risks, advising:
The regime is set up not to stop absolutely every crime that occurs, but for the reporting entities to have in place the systems and processes to identify particular suspicious activity that is then actually obtained by AUSTRAC and leveraged by our partner law enforcement agencies.
2.10As discussed in Chapter 1, the regime is currently under review, with the second-stage consultations having closed on 13 June 2024.
Obligations for The Perth Mint
2.11In addition to the general obligations outlined above, The Perth Mint has specific obligations under the AML/CTF Act, relating to the buying and selling of bullion, remittance services and custodial or deposit services.
2.12AUSTRAC confirmed that for 'purchases and sales of bullion valued at less than $5,000, bullion dealers are not required to carry out applicable customer identification procedures'. However, if required by the entity's risk-based system and controls, customer identity information is required for ongoing customer due diligence. There is a $10 000 threshold for reporting of certain transactions of physical currency, international funds transfer instruction reports and suspicious matters reports.
2.13Mr Brown confirmed some of The Mint's other obligations:
Those obligations require that that business must enrol with AUSTRAC and must implement an anti-money laundering and counterterrorism financing program which identifies, manages and mitigates the risk of that business being exposed to money laundering, terrorism financing and other serious crime. They must identify customers and then conduct ongoing customer due diligence over the customers that they have. They are required to report certain transactions to AUSTRAC. Those transactions being any reportable cash transaction of $10,000 or more. If they're involved in the transfer of funds into and out of Australia, they need to report international funds transfers. They are also required to report suspicious matters to AUSTRAC, where, in the course of the operation of their business, they identify matters of concern in relation to transactions. And they need to keep records of those various different components.
Investigation, regulation and enforcement
Australian Transaction Reports and Analysis Centre
2.14As the regulator, AUSTRAC has a three-fold role involving education, regulation and supervision, and enforcement, as well as the role of a financial intelligence unit. In relation to its role as anti-money-laundering regulator, AUSTRAC told the committee 'we approach that on a risk basis, so we’ll absolutely engage with businesses and industry sectors where we have concerns that those requirements in terms of their obligations are not being met'.
2.15Breaches of regulatory obligations are a civil rather than criminal matter. AUSTRAC advised the committee that 'criminal investigations for money laundering are the responsibility of the Australian Federal Police (AFP) and state and territory police'.
2.16AUSTRAC has a range of measures which it can use, commensurate with its level of concern, including supervisory engagement (such as infringement notices, remedial directions, and compliance assessment reviews). AUSTRAC noted that 'where the AUSTRAC CEO has reasonable grounds to suspect that a reporting entity has contravened, is contravening, or is proposing to contravene the provisions of the AML/CTF Act, the CEO may require the reporting entity to appoint an external auditor'. Other regulatory actions include enforceable undertakings, and civil—and in some cases criminal—penalty investigations which are prosecuted by the Commonwealth Director of Public Prosecutions.
2.17As well as regulating individual entities, 'AUSTRAC conducts an ongoing program of risk assessments to identify and assess the ML/TF [money laundering and terrorism financing] risks for Australia. These risk assessments assist reporting entities and partner agencies to develop and prioritise policy and operational responses to combat ML/TF'. Unclassified versions of these risk assessments are made available publicly to help entities understand their risks and plan their responses.
2.18In relation to its financial intelligence role, AUSTRAC advised:
As Australia's FIU [financial intelligence unit], AUSTRAC provides financial transaction data and actionable financial intelligence to law enforcement, national security, human services and revenue agencies (AUSTRAC's partner agencies), as well as international counterparts. Partner agencies use this information to assist them to detect, prevent and disrupt money laundering and terrorism financing (ML/TF) and other serious crime.
2.19AUSTRAC works with partners, including on Serious Financial Crime Taskforce and the AFP, to 'contribute to the national intelligence picture and investigations by government partners'. This includes both financial transaction data, risk analysis, and current and emerging threat intelligence. Partners then use this information to target tax crime and 'detect, prevent and disrupt money laundering and terrorism financing (ML/TF) and other serious crime'.
Australian Federal Police
2.20The AFP 'is responsible for investigating serious and complex fraud, and has a Command dedicated to detecting, preventing and deterring fraud, bribery and corruption crimes', including organised crime and money laundering. AFPstrategy works to remove profit from crime and prevent further reinvestment in criminal enterprise.
2.21The AFP works with international partners, including the Five Eyes Law Enforcement Group's Money Laundering Communities of Practice, as well as domestic partners, including through the Criminal Assets Confiscation Taskforce, the Serious Financial Crime Taskforce, and the AFP-led 'Taskforce AVARUS'.
Serious Financial Crime Taskforce
2.22The Serious Financial Crime Taskforce was established in 2015 and examines the most serious forms of financial crime. The taskforce membership includes:
Australian Taxation Office—chairs the taskforce to 'ensure compliance with Australia's tax laws by resident taxpayers';
AFP;
Australian Criminal Intelligence Commission—support members and partners by 'collecting intelligence on money-laundering, serious and organised crime, superannuation and investment fraud, sophisticated tax evasion, Commonwealth fraud and criminal wealth';
Attorney-General's Department;
AUSTRAC—supports members and partners by obtaining 'information from regulated businesses, develop actionable intelligence and provide that intelligence to our partners';
Australian Securities and Investments Commission;
Commonwealth Director of Public Prosecutions—prosecute offences in relation to tax avoidance and tax evasion;
Department of Home Affairs (including operations and Australian Border Force); and
Services Australia.
National measurement laws
2.23The National Measurement Act 1960 and National Trade Measurement Regulations2009 (and related instruments) establish uniform Australian legal units of measurement, with trade measurement laws ensuring Australian consumers get what they pay for. These laws regulate transactions where price is determined by measurement. The National Measurement Institute administers these laws, maintains Australia's primary measurement standards, and regulates measuring instruments.
2.24The Perth Mint sells gold by weight and as such it must comply with trade measurement laws, noting these laws do not cover other factors such as metal purity.
Privacy
2.25The Privacy Act 1988 applies to reporting entities such as The Perth Mint, and Australian Government agencies who collect personal data. The act regulates the 'collection, use, disclosure, quality and security of personal information'.
2.26In 2021 Gold Corp undertook work to enhance its privacy frameworks, including in relation to data collected and shared as part of its gold operations, addressing overseas transfers of data and transfer to third parties, direct marketing activities and in relation to people under 18 years.
2.27Gold Corp also noted that due to the Employee Records Exemption in the Privacy Act 1988 it 'had previously chosen not to address employees in any Privacy Policy'; however, it noted that it had, in fact, identified a need to address employee data 'handled for a purpose not directly related to the employment relationships (employee benefits such as discounted health insurance, flu jabs, etc.)'. Consequently, it updated its human resources policies to address privacy requirements.
2.28AUSTRAC and other partners are custodians of financial data from reporting entities, as well as other financial intelligence data, both in raw form and actionable intelligence, including through AUSTRAC's online database.
Modern Slavery
2.29Gold Corp has voluntarily chosen to make a Modern Slavery Statement under the Modern Slavery Act 2018. The Modern Slavery Act 2018, which commenced in 2019, established a reporting requirement for large businesses and other entities. It aims to help businesses 'identify and address their modern slavery risks, and maintain responsible and transparent supply chains'.
2.30Gold Corp has made four statements covering 2020 to 2023. The statements detail the modern slavery risks and mitigation activities undertaken by GoldCorp and were developed 'as a sign of [Gold Corp's] strong and ongoing commitment to the principles it describes'. The statements also help to address the London Bullion Market Association (LBMA) and Organisation for Economic Co-operation and Development requirements for responsible sourcing of gold and related due diligence.
Other relevant requirements
London Bullion Market Association
2.31The LBMA is an independent association which provides leadership and governance of the global precious metals industry through ensuring metal quality (including through the Good Delivery List), maintaining the global precious metals code, and enforcement of the ethical sourcing of metals.
2.32The Perth Mint is a full member of the association and as such has committed to meeting the Global Precious Metals Code which sets out the standards and best practice expected from market participants to ensure market integrity. It remains on the gold Good Delivery List of Acceptable Refiners, with, at time of writing, the most recent independent audit conducted for the year ending 30June 2022.
2.33In its role as regulator, the LBMA will invoke its Incident Review Process 'in response to a particular stimulus of a reputational nature. Information can come from a variety of sources (trade associations, law enforcement agencies, market intelligence, etc.) and the LBMA will seek corroboration wherever possible as part of the process'. The LBMA notes that there are potentially serious outcomes for refiners and members who do not meet appropriate standards. 'Discipline could include Membership revocation, suspension subject to resolution or being transferred to the Former List with immediate effect'.
Financial Action Task Force
2.34The Financial Action Task Force (FATF) is a global, inter-governmental body that sets the international standards on anti-money laundering and counter‑terrorism financing. Through the international standards, the FATF promotes effective implementation of legal, regulatory and operational measures to combat money laundering, terrorist financing and other threats to the integrity of the international financial system.
2.35Australia's AML/CTF framework is built on FATF standards and requirements. Australia's engagement with the FATF is led by the Attorney-General's Department.
2.36Australia has been a member of FATF since 1990. As at March 2024, the FATF reported that Australia is 'compliant with 18 Recommendations, largely compliant with another 12 Recommendations, but remains partially compliant with 6Recommendations and non-compliant with 4'—an improvement over the October 2023 report. Areas of non‑compliance include customer due diligence and regulation and supervision relating to designated non-financial businesses and professions, including dealers in precious metals (amongst others), but noting that bullion dealers are already covered by the AML/CTF Act.
2.37Australia is in an 'enhanced follow-up process' with the FATF, with full mutual evaluation and re-rating due to occur between 2025 and 2027.
Background to current inquiry
2.38The timeline of relevant events that led to the establishment of this inquiry in June 2023 was set out in detail in the committee's interim report.
2.39The committee notes that a number of governance and compliance matters have been highlighted by several reviews and audits of Gold Corp over recent years. In summary, these concerns have related to:
inadequate risk assessment processes, particularly in relation to employment, suppliers and procurement;
the inadequacy of information technology management systems;
inadequate compliance with AML/CTF reporting and registration, customer due diligence and recordkeeping requirements, including the AUSTRAC compliance review;
non-compliance with United States (US) international gold and silver storage operation registration; and
governance and risk processes associated with supply chains and higher than agreed silver content of gold bullion.
2.40Of particular note, key issues that led to the increased focus on The Perth Mint operations—and ultimately this inquiry—include the adverse findings against The Perth Mint made by the WA Office of the Auditor General (OAG) and AUSTRAC. These were described in detail in the committee's interim report.
2.41In summary, in 2020 the OAG undertook an AML/CTF compliance framework audit of eight entities, including The Perth Mint, and found that compliance areas were deemed 'inadequate' across four unnamed agencies. At that time, the WA Auditor General found there were 'risks that were emerging in the organisation beyond its core business, as well as related to its core business, around growing compliance obligations'. In 2021 the WA Auditor General noted increasing concerns with risks 'relating to the entity getting adventurous' and that scrutiny of The Perth Mint would be increased.
2.42AUSTRAC also increased its interactions with The Perth Mint during this period. In April 2020, AUSTRAC broadly advised the Australian financial sector of increasing risks of criminal exploitation during the COVID-19 pandemic, and the need for entities to monitor these new and emerging threats.
2.43In early 2021, AUSTRAC began an assessment of The Mint's compliance with AML/CTF obligations, which was then broadened in December 2021 due to preliminary findings of concern. Findings led to the appointment of an external auditor, and ultimately an agreed Enforceable Undertaking made by The Perth Mint in December 2023.
Box 2.1 Enforceable Undertaking The Enforceable Undertaking, described in detail in the committee's December 2023 interim report, was agreed between Gold Corp and AUSTRAC on 23November 2023 in response to AUSTRAC's investigations into Gold Corp's compliance with its AML/CTF risk requirements. AUSTRAC noted the undertaking would 'ensure that Gold Corporation commits sufficient resources to adequately implement its remediation program promptly, or risk further enforcement action'. The Enforceable Undertaking noted that on 16 June 2022, AUSTRAC issued a Compliance Assessment Report which identified the following compliance issues of the Gold Corp: (a)Failure to carry out Applicable Customer Identification Procedures (ACIP) on customers; (b)Failure to consider the money laundering and terrorism financing (ML/TF) risk posed by its customers; (c)Failure to include whether a customer or beneficial owner is a Politically Exposed Person(s) in its AML/CTF Program; (d)Failure to adequately monitor its customers regarding ML/TF risks, by not meeting all Ongoing Customer Due Diligence requirements of the Rules, including by failing to include an appropriate transaction monitoring program; (e)Failure to comply with multiple sections of Part A of its Joint AML/CTF Program; (f)Failure to include in Part B of its Joint AML/CTF Program risk‑based systems and controls to determine when any other additional Know Your Customer information will be collected and verified in respect of a customer; (g)Providing a designated service without applying in writing to the AUSTRAC CEO within 28 days after commencement; (h)Providing a registrable designated service while not registered as an independent remittance dealer; and (i)Failure to report international funds transfer instructions (IFTIs) to the AUSTRAC CEO. The Enforceable Undertaking laid out a Remediation Program with three streams: (a)Customer Process Uplift; (b)Customer Data Remediation; and (c)Customer Lifecycle Technology and Data Uplift. Specifically, as part of the Enforceable Undertaking, Gold Corp has made the following undertakings: 27 Gold Corporation undertakes to appoint an individual who is: (a) authorised under section 164 the AML/CTF Act; and (b) agreed to by the AUSTRAC CEO in writing - 28 Gold Corporation undertakes to engage the Authorised External Auditor to complete a report on the Remediation Program every sixmonths from the date of this Enforceable Undertaking, and continuing until each work stream of the Remediation Program has been completed. Gold Corporation undertakes to provide this report to AUSTRAC within 20 business days of the end of each six‑month period. … 30 Gold Corporation undertakes to engage the Authorised External Auditor on the basis that: (a) the Authorised External Auditor will notify the AUSTRAC CEO in writing within seven (7) days of identifying any breach of the Remediation Program including the nature of the breach; (b) AUSTRAC will have access to and correspond with the Authorised External Auditor at any time and in any manner which it deems appropriate for the purposes of monitoring or ensuring compliance with this Enforceable Undertaking during its currency. |
2.44These issues are explored further in Chapter 3, with the committee's views in Chapter 4.
Relevant inquiries
2.45Several relevant inquiries have been conducted into matters relating to the AML/CTF regime and The Perth Mint, as follows. A number of internal and confidential reviews have also been undertaken. As the results of these reviews are not publicly available, they have not been included below.
Office of the Auditor General (WA) Compliance frameworks review (2022)
2.46In October 2022, the WA Auditor General investigated matters relating to compliance frameworks for AML/CTF obligations, given then 'recent high‑profile matters exposing significant control deficiencies in the banking and gambling sectors'.
2.47The review looked at eight WA Government entities, including Gold Corp, to determine whether they had sound arrangements in place to comply with the AML/CTF Act and Rules. While not disclosing the results of individual entities, the Auditor General found:
… entities' AML/CTF compliance programs were mostly adequately designed, but there are some significant areas that require improvement including:
money-laundering/terrorist-financing risk assessments
ongoing customer due diligence procedures
employee training
transaction reporting procedures.
2.48'Inadequate' compliance was found in at least one of the eight entities in the areas of ML/TF risk assessment, ongoing customer due diligence procedures, training and mandatory reporting procedures. The Auditor General also noted that 'two entities had not fully resolved past deficiencies raised by independent reviews or directions from AUSTRAC'.
2.49The Office of the Auditor General received some engagement from AUSTRAC in relation to the AML/CTF regime and how it operates and minor suggestions relating to the report.
Senate inquiry into the adequacy and efficacy of Australia's AML/CTF regime (2022)
2.50In March 2022, the Senate Legal and Constitutional Affairs References Committee reported on its inquiry into the adequacy and efficacy of Australia's AML/CTF regime.
2.51The committee's final report made four recommendations that the Australian Government:
accelerate industry consultation on expanding the regime to 'tranche-two entities';
consider the regulatory impact, technological innovation, and existing obligation
consider the regime's interaction with legal professional privilege
pursue a beneficial ownership register.
WA Government Gold Corp Review
2.52In September 2022, the Hon Bill Johnston MLA, then-WA Minister for Mines and Petroleum, announced a 'root‑and-branch' review of Gold Corp. The review was initially announced as reporting in December 2022. However, the Minister clarified that the review was due to report by December 2023.
2.53It was thought that the review would likely consider governance and compliance issues, including in relation to US regulatory compliance. The review appears also to have included an ownership options analysis on 'the options available to reduce the risk exposure, identifying the cost, benefits and risks associated with the options and identifying a preferred option'.
2.54The West Australian Government has stated that the review outcome will be made public, although the report would not be due to commercial sensitivities.At the time of writing the outcomes of the review had not been reported.
2.55Chapter 3 considers matters raised in evidence in relation to The Perth Mint, and their impacts.