Flawed advice behind Afterpay KYC breaches
Investors yesterday responded bullishly to the findings of an independent audit of Afterpay's compliance with anti-money laundering laws even though the financial crimes regulator is yet to respond to the report. The report, prepared by AML auditor Neil Jeans, found that the buy now pay later provider's AML systems did not comply with Australian laws for at least three years because the company had relied on errant legal advice. However, the absence of any findings that criminals had used Afterpay's platform to wash ill-gotten funds triggered a sharp rally in the share price. Afterpay scrip closed up A$2.15 or 7 per cent to $32.64. Jeans found that Afterpay had not begun to verify the identity of customers using its buy now pay later product until November 2016 when it started to collect the birth dates of applicants. More sophisticated customer verification that was required under the AML/CTF laws was not undertaken until May 2018 - more than three years after the company launched in Australia. Thomson Reuters' Asia Pacific manager of financial intelligence, Nathan Lynch, estimates there were at least 400,000 Know Your Customer breaches. But the number could be higher given that Afterpay claimed in financial accounts lodged with the ASX in February 2018 that it had amassed a customer base of 1.5 million. Jeans said in a letter to the company published on the ASX that KYC issues had been caused by "incorrect" legal advice given to management by a top tier legal firm. "The initial legal advice concluded that Afterpay's business model resulted in the provision of the AML/CTF Designated Service - factoring receivables from merchants," Jeans wrote in his letter to Afterpay. "I am of the opinion this initial legal advice was incorrect," he said. Jeans concluded that the initial legal advice provided to Afterpay did not reflect Afterpay's business model because its designated service under the AML/CTF Act was one of making loans to consumers in order to purchase goods from merchants. "Despite Afterpay having a compliance-focused culture, the consequence of being provided with incorrect legal advice has resulted in historic non-compliance with the AML/CTF Act and Rules," Jeans told Afterpay. Jeans made six recommendations to the board for maintaining and improving the company's compliance systems including further engagement with Austrac over its historical breaches. "Afterpay should engage with Austrac about its historic approach to consumer identity verification which was outside of the safe harbour set out in the AML/CTF Rules," he said in the letter. Given that Jeans found that Afterpay's compliance culture was robust and its failures were the result of flawed external advice, Austrac's response to the company's breaches is likely to set a benchmark for how the enforcement agency will treat technical non-compliance by other financial