To facilitate the operation of the IPTMA business, IPTMA Subscribers (Subscribers) agree to give certain consents, and need to ensure that each end user of its services (Customer) also gives the relevant consents. In essence, the service requires information about each customer (whether they are a sender or recipient of funds) to be disclosed to facilitating entities of the transaction.
The IPTMA business is intended to provide comfort to the financial institutions (ADI) that actually provide accounts and international settlement services to Subscribers that appropriate due diligence has been applied to each transaction to effectively manage KYC/ML/TF risk and ensure compliance with sanctions laws. Indirectly, the business is also intended to provide comfort to the international correspondent banks of the ADI. It is also intended to provide visibility of who the end payees and beneficiaries are. Access will be made available through a secure online portal or other ‘self service’ facility.
The Privacy Act 1988 (Privacy Act) imposes obligations as to the use and disclosure of personal information about natural persons (that is, individuals). In general, the holder of information can disclose it to another entity if the disclosure relates to the purpose of collection and would be expected by the individual, or with consent.
The entity that collects information (if based in Australia) will have its own privacy obligations to manage. Under Australian Privacy Principle (APP) 5, the entity may have an obligation to provide a ‘collection statement’ to the affected individual. For disclosures outside Australia, the discloser must have taken reasonable steps to ensure that the recipient will comply with the APPs. In most circumstances, the discloser will be liable for any subsequent action that would contravene the APPs if done in Australia. This effect can be avoided by expressly informing the individual at the time of collection that steps will be taken to ensure that their information will be protected in accordance with the APPs, and the individual subsequently agreeing to this.
At the time that a Customer presents at an IPTMA Subscriber, they should be informed at least:
(a) that collection and disclosure of their information may be required under the AML/CTF Act;
(b) that their personal information will be disclosed to IPTMA and given contact information for IPTMA;
(c) that their personal information may be disclosed to financial institutions in the destination country of their payment;
(d) that their personal information may be disclosed to the ADI that provides services to the Subscriber or to the ADI facilitating the transaction;
(e) the purpose of these disclosures is to reduce the compliance burden and manage risks for the ADIs. The name and contact details of the ADI and a statement that disclosure may occur to foreign banks that provide services to the ADI, requesting that the information be handled in accordance with the APPs;
(f) information provided to an ADI will be to their compliance, or relevant, department and will not be used by the ADI for sales purposes;
(g) suspicious activity will be reported to the appropriate authorities.
IPTMA will not use private information for marketing or cold calling. IPTMA undertakes to ensure the information provided to facilitating entities will not be used for marketing purposes.