Money laundering is a major concern for governments around the world. If your business operates or serves customers in multiple countries, it’s critical to ensure you meet the AML and KYC requirements of each jurisdiction.
Below, we take a closer look at how KYC works in Australia by digging into the Australian AML/CTF Act and its requirements, as well as specific recommendations you can use to ensure you stay compliant with Australian regulations.
What is KYC?
Know Your Customer (KYC) refers to the processes that a business — often a financial institution — takes to verify an individual’s identity and determine whether or not that individual is legally allowed to open an account, use its services, or otherwise be a customer.
Criminals may attempt to open accounts with financial institutions using fake, stolen, or synthetic identities to launder illicitly obtained funds. Because KYC makes this step, among others, more difficult for criminals, it’s an integral part of anti-money laundering efforts around the world. This includes Australia, where it’s estimated that organized crime and money laundering costs the country $60.1 billion (AUD) each year.
KYC in Australia
In Australia, AML and KYC are regulated by the Australian Transaction Reports and Analysis Centre (AUSTRAC), a government agency comparable to FinCEN in the United States. AUSTRAC is responsible for ensuring required institutions comply with the Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Act.
AML/CTF Act requirements
The law, first passed in 2006 and since enhanced multiple times, requires regulated businesses that provide designated services to meet six key requirements:
- Enroll and register with AUSTRAC
- Develop and maintain an internal AML/CTF program
- Conduct customer due diligence (CDD), including identity verification
- Conduct ongoing due diligence
- Report suspicious activity and transactions
- Maintain activity and transaction records
It’s important to note that the AML/CTF Act requires all regulated businesses to complete CDD and KYC before providing a designated service to a customer.
Reliable and independent
AUSTRAC does not specify how businesses must verify a customer’s identity, other than suggesting that the exercise can include collecting documents, electronic data, or a mix of both. AUSTRAC does state, however, that businesses are responsible for ensuring that the data or documentation collected for verification is “reliable and independent.”
Reliable and independent documentation includes:
- An original primary photographic identification document, such as a driver’s license, passport, or government-issued proof of age card.
- An original primary non-photographic identification document, such as a birth certificate, citizenship certificate, Pensioner Concession Card, Health Care Card, or a Commonwealth Seniors Health Card.
- An original secondary identification document, such as a notice from the Australian Taxation Office or other government agency, current student card, or utility bill dated within the last 90 days that shows the individual's name and address.
Reliable and independent electronic data must be:
- Accurate
- Secure
- Up-to-date
- Comprehensive
- Verified from a reliable, independent source
- Maintained by a government body under legislation
- Able to be additionally authenticated
What are designated services in Australia?
Designated services are specific services that carry a high risk of being used for money laundering. Any business offering these services to its customers must comply with AML and KYC requirements.
As outlined in Section 6 of the AML/CTF Act, gambling services, bullion trading services, and many common financial services are considered designated services, which include, but are not limited to, any business that:
- Takes deposits
- Issues checks or debit cards
- Accepts electronic fund transfers
- Provides remittance services
- Exchanges foreign or digital currency
- Provides loans
- Handles investments
- Issues life insurance policies
- Issues traveler’s checks, money orders, or postal orders
- Issues stored value cards
- Prepares payroll for other businesses
With this in mind, Australian KYC requirements apply to most financial institutions, including banks, fintech companies, credit unions, lenders, insurers, broker/dealers, cryptocurrency exchanges, casinos, trusts, and financial planners.
KYC in Australia for individuals
When the customer is an individual, regulated businesses must collect and verify, at a minimum, the individual’s full legal name and either their date of birth or residential address.
Regulated businesses in Australia are required to take a risk-based approach to AML and KYC whereby the customer’s risk profile dictates what and how much information is collected and verified, as well as what forms of verification are needed. A customer deemed to be at a greater risk of money laundering should be subject to a more stringent identity verification process.
KYC in Australia for entities
When the customer is an entity, such as a business or a trust, the rules are a little different. In these cases, AUSTRAC notes that a regulated business must “collect information so that you are reasonably satisfied the customer actually exists.”
For corporate customers, this includes collecting and verifying the company’s full name and Australian Company Number (ACN) or Australian Registered Body Number (ARBN). Regulated businesses must also determine whether it is registered with Australian Securities & Investments Commission (ASIC) as a public or proprietary company.
The company’s beneficial owners must also be identified. This includes any individual that owns 25% or more of the entity, directly or indirectly, as well as anyone who has control over the entity’s finances, business decisions, or operations. AUSTRAC further defines control via “trusts, agreements, arrangements, understandings, policies, or practices.”
Types of KYC verification
The AML/CTF Act gives businesses flexibility to design the verification processes that best align with their risk profile.
Most typically, it will include some combination of government ID verification, document verification, and database verification. Other methods, such as selfie verification, and video KYC can also be included.
Document Verification Service (DVS)
Businesses that collect Australian individuals’ or beneficial owners’ government-issued IDs or documents can verify the authenticity of those documents through the Document Verification Service (DVS).
The DVS is maintained by the Australian Department of Home Affairs, which acts as an issuing database. The service compares information from the collected ID or document against the original record to determine whether or not there is a match. AUSTRAC notes that the system is an effective means of identifying forged, stolen, or out-of-date documents.
Documents that can be verified using the DVS include:
- Birth certificates
- Centrelink concession cards
- Certificates of registration by descent
- Change of name certificates
- Citizenship certificates
- Driver’s licenses
- ImmiCards
- Marriage certificates
- Medicare cards
- Passports
- Visas
- Death certificates
- Aviation and Maritime security identification cards
- Address details from the Australian Electoral Commission (AEC)
KYC solutions with Persona
Here at Persona, we understand the importance of complying with KYC regulations — whether your business operates in Australia, the United States, or anywhere else in the world.
That’s why we’ve designed our Verifications solution to be fully customizable. Build the KYC process that makes sense for you, based on the jurisdictions you operate within and the unique realities of your business. Leverage government ID verification, document verification, database verification, selfie verification, and other common methods.
Enrich your understanding of customer risk with Reports, which integrates with multiple authoritative and issuing database sources across 40+ countries, including the Document Verification Service (DVS) in Australia, for maximum coverage. Quickly and easily check customers against watchlists, checklists, sanctions lists, PEP databases, adverse media, and more.
Interested in learning more? Learn how Lime leveraged Persona’s suite of identity tools to comply with KYC regulations in each jurisdiction it operates in — including Australia. Start for free or get a demo today.
