What every shareholder must know about Afterpay's fast approaching AUSTRAC audit

Will Afterpay pass or fail its audit on client ID verification and transaction monitoring?

a woman

You’re reading a free article with opinions that may differ from The Motley Fool’s Premium Investing Services. Become a Motley Fool member today to get instant access to our top analyst recommendations, in-depth research, investing resources, and more. Learn More

Afterpay Touch Group Ltd (ASX: APT) this morning reported that the AML/ CTF regulator AUSTRAC has appointed Mr Neil Jeans of Melbourne-based firm Initialism to audit Afterpay's compliance with its AML/ CTF obligations contained under the AML/CTF Act 2006 and general financial services laws. 

Previously Afterpay has advised that it has established a specialist sub-committee to report to its board on the management of the external audit process with I imagine an underlying goal of passing the audit with just a few minor recommendations or qualifications. 

I've previously covered how if Afterpay has any sense it will have already engaged a law firm and consultants such as PWC to basically complete a confidential audit of its existing processes and then build a comprehensive plan, policies and procedures for  to basically plug any gaps or potential audit findings. 

Of course engaging leading consultants and lawyers for a few months is likely to be an expensive process, but definitely not material for a company with more than $300 million sitting on its balance sheets. 

Aside from the client ID issue, essentially what Afterpay needs to do to pass the audit is demonstrate it has an actionable AML/ CTF Program in place to maintain compliance with the relevant laws. This will involve written policies and procedures to box tick on a daily or regular basis for example. 

It will also likely include a risk control self assessment document that identifies key AML/ CTF risks faced by the business and gives them an inherent risk rating (i.e. 5 high 1 low), then applies the control in place to mitigate the risk, and delivers a residual risk rating after the control is applied. 

For example an inherent risk for Afterpay may be the risk it fails to properly identify clients (likely to be 5 as a high risk) the control would be its electronic verification procedures and the residual risk would then be something like 2 depending on the strength of the control. 

Another risk could be its failure to report a suspicious transaction over $10,000, the control could be its systems that decline that much credit, and the residual risk rating would then be 1 or very low. 

In terms of suspicious transaction monitoring and reporting Afterpay will probably have to dump all daily transaction data into a spreadsheet or similar before applying filters to it to search for any sort of transactions that could be considered suspicious.

For example if a retailer only ever sold the same item for $500 20 days in a row this could be considered 'suspicious" in terms of money laundering or terrorism financing and reportable to AUSTRAC. 

Building these kind of dummy-proof systems to use for AUSTRAC reporting entities in the remittance, accounting, financial services, legal, gaming and real estate space is bread and butter for consultants like PWC and Afterpay should be able to implement them relatively easily with some staff hires and the like. 

Client ID matters

However, when the interim audit report is handed in on September 24 all eyes will be on the auditor's verdict on Afterpay's compliance with its client ID verification obligations.

Afterpay is likely to be judged a low risk provider as it's just providing consumer credit and luckily then it will have lower standards applied in meeting its AML/CTD obligations.

For example an OTC or electronic money transfer FX business would be judged high risk and have higher obligations (including receipt of verified ID by a third party such as a JP, Dr, lawyer) as an obvious target for criminals looking to launder money, or to make electronic payments abroad to buy drugs.

A high-risk classified business like this is required to photocopy the original ID of any user (if you walk into an FX exchange in Sydney you need to have a driving license, etc, photocopied), but Afterpay has lower standards applied as it's almost impossible to launder money under its business model.

This is lucky for Afterpay as you would not want to be the temp employed to go back and photocopy all of its 4 million users' original IDs. 

In all seriousness though we can see how if Afterpay is ordered to take retrospective actions in terms of its client ID verification procedures it could be costly for it, or a potentially worse scenario is if the auditor finds its existing processes don't meet its obligations as a 'low-risk' service provider under the AML/ CTF laws. 

In either of these scenarios it would then be up to AUSTRAC to decide what penalties or sanctions to impose.

If Afterpay's management team follow the playbook in passing these kind of audits by engaging consultants, etc, it should not have much to worry about.

However, if it takes a gung-ho or ill-informed approach then of course there could be trouble ahead. 

Motley Fool contributor Tom Richardson owns shares of AFTERPAY T FPO.

You can find Tom on Twitter @tommyr345

The Motley Fool Australia owns shares of AFTERPAY T FPO. We Fools may not all hold the same opinions, but we all believe that considering a diverse range of insights makes us better investors. The Motley Fool has a disclosure policy. This article contains general investment advice only (under AFSL 400691). Authorised by Scott Phillips.

More on Share Market News

Happy miner giving ok sign in front of a mine.
Opinions

Which ASX 200 stock offers 'material upside' amid continuing uncertainty over US tariffs?

Blackwattle Investment has identified one ASX 200 large-cap stock that is thriving on the uncertainty.

Read more »

A man sits in despair at his computer with his hands either side of his head, staring into the screen with a pained and anguished look on his face, in a home office setting.
Share Fallers

Why Bapcor, Boss Energy, Macquarie, and Novonix shares are falling today

These shares are having a tough session on Thursday. But why?

Read more »

A woman sits at her computer with her chin resting on her hand as she contemplates her next potential investment.
Financial Shares

2 rising ASX financial shares with 'meaningful upside' still left: fundie

Financials outperformed every other sector in FY25, but there are still buying opportunities left, say these experts.

Read more »

Two happy excited friends in euphoria mood after winning in a bet with a smartphone in hand.
Share Gainers

Why Fortescue, Lynas, PEXA, and Regis Healthcare shares are charging higher

These shares are having a strong session on Thursday. But why?

Read more »

Stock market crash concept of young man screaming at laptop on the sofa.
Share Fallers

Guess which ASX 200 stock just crashed 31% on slumping sales

The $1.3 billion ASX 200 stock is getting hammered today.

Read more »

A woman walks along the street holding an oversized box wrapped as a gift.
Broker Notes

Fundie reveals why these 3 ASX 200 large-cap shares ripped 35% to 96% in FY25

Blackwattle Investment Partners discusses the performance and outlook for 3 ASX 200 shares in its Large Cap Quality Fund.

Read more »

Five young people sit in a row having fun and interacting with their mobile phones.
Broker Notes

This fund manager just delivered a stellar year and he's bullish on these 5 stocks

With standout returns in both Australian and global equities, Andrew Mitchell shares five high-conviction stocks primed for long-term growth.

Read more »

A woman ponders over what to buy as she looks at the shelves of a supermarket.
Broker Notes

Does Macquarie prefer Woolworths or Coles shares today?

Which supermarket giant was recently named the favourite?

Read more »