AUSTRAC has accepted an Enforceable Undertaking (EU) from PayPal’s Australian arm, with the financial crimes investigations agency to confirm whether the online payments provider is now compliant with local Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) laws.

The issuing of the EU (a written commitment by a business setting out how they will comply with Australia’s AML/CTF Act) was triggered after a late-2020 investigation by AUSTRAC identified issues with PayPal Australia’s systems, controls and governance for reporting international funds transfer instructions (IFTI).

AUSTRAC notes that the IFTI breaches were self-identified and reported by PayPal to the regulator in 2020.

Regulated financial services businesses in Australia are required by law to regularly submit IFTIs to AUSTRAC. A critical measure to track and police instances of money laundering and terrorism financing, IFTIs provide details on transaction payers, payees, and institutions involved in a transaction, as well as transaction dates and currencies involved.

The focus of the latest investigation is on remediating IFTI PayPal Australia’s reporting, with AUSTRAC chief executive Nicole Rose noting that the EU “aims to ensure PayPal’s ongoing compliance with their AML/CTF obligations”.

Reporting of IFTIs “is a core obligation” for regulated entities, with AUSTRAC stressing that reporting agencies must have “appropriate end-to-end reconciliation, assurance and oversight processes to ensure all reports are submitted to AUSTRAC within the required timeframes”.

The investigations agency notes that PayPal “has already undertaken significant work, including an independent audit, to strengthen its AML/CTF program and has committed to providing AUSTRAC with independent assurance of the suitability and sustainability of this work as it progresses to business as usual”.

“AUSTRAC acknowledges that PPAU (PayPal Australia) has co-operated with the investigation and separate regulatory activities respectively, including by answering information requests, producing documents, engaging with an external audit process and responding to recommendations from the Audit Report and working with AUSTRAC to remediate the IFTI matters”, AUSTRAC said in its EU submission.

Rose added: “Every business with obligations under the AML/CTF Act must have robust systems in place to ensure they meet their AML/CTF requirements and play their part in protecting Australia’s financial system from criminal exploitation.”

“AUSTRAC will continue to work with PayPal to ensure that the changes and enhancements made to PayPal’s AML/CTF program are appropriate and sustainable and that the complex and technical work undertaken by PayPal has met its objectives in the real-time operational environment.”

It is not the first time PayPal Australia has come under the eye of the financial crimes investigations unit, with the paytech issuing an EU back in 2009 after AUSTRAC raised concerns that it lacked adequate systems controls to assess and manage money laundering and terrorism financing risk.

PayPal is a leading global platform for online payments, including cross-border transactions. According to a BigCommerce report, in 2021 PayPal accounted for 41 per cent of all online transactions.

Last year, ING Bank (Australia) and National Australia Bank (NAB) issued EUs to AUSTRAC following concerns around potential breaches of Australia’s AML/CTF Act.

Past AUSTRAC action has led to serious financial penalties against major Australian financial services businesses, including, in 2020, civil action against Westpac resulting in a $1.3 billion penalty for the bank. Fellow big four bank CBA was also handed a $700 million fine for similar AML/CTF Act breaches.