Customer Identification Guidance

Introduction

As part of your AML/CTF obligations, it is a requirement to collect and verify customer KYC information to ensure customers are who they claim to be. This involves using reliable and independent documentation, electronic data, or both to verify information about the customer and beneficial owner. Verification must be based on these reliable sources to confirm the identities of customers, beneficial owners, controlling persons, and signatories.

This section outlines examples of documents and electronic data for verification purposes and how their reliability and independence are assessed. References to individuals encompass both customers and beneficial owners.

Learn More

Reliable and Independent Documentation

To verify customer identification, you must use reliable and independent documentation, such as original primary photographic and non-photographic identification documents, or original secondary identification documents. Other documents may be used depending on the risk level of money laundering or terrorism financing associated with the customer, transaction, and service.

Documents must be current, except passports, which can be used up to two years after expiry.

Documents and data are considered independent if issued by impartial sources like government authorities. In some cases independence might not be compromised if documents are provided by the customer rather than directly from the issuing body.

Generally the ‘reliable and independent documentation' that you can use to verify customer identification information includes:
• 1 x original primary photographic identification document; or
• 2 x original primary non-photographic identification documents; or
• 1 x original primary non-photographic document & 1 x original secondary identification document.

Learn More

Original Primary Photographic Identification

An original primary photographic identification document can be:
• a driver’s licence or permit from Australia or overseas, including a digital driver’s licence
• an Australian passport
• a government proof of age card issued in Australia
• a foreign passport issued by a foreign government or the United Nations
• international travel documents issued by a foreign government or the United Nations
• a national identity card issued by a foreign government or the United Nations.

If a travel document or identity card is in a foreign language, the customer must provide an accredited English translation if the person verifying the documents doesn’t understand the foreign language used.

Learn More

Original Primary Non-Photographic Identification

An original primary non-photographic identification document can be:
• an Australian birth certificate, birth extract or citizenship certificate
• a foreign birth certificate or citizenship certificate
• a government issued concession card, such as a pensioner concession card, a health care card, or a seniors health care card.

If a foreign birth certificate or citizenship certificate is in a foreign language, the customer must provide an accredited English translation if the person verifying the documents doesn’t understand the foreign language used.

Learn More

Original Secondary Identification

An original secondary identification document can be:
• a notice from the Australian Taxation Office or other government agency, such as Centrelink, that contains the person’s name and residential address, issued in the past 12 months
• a municipal council rates notice or a utilities bill (such as a water, gas or electricity bill) that contains the person’s name and residential address, issued in the past three months
• for a person aged under 18, a letter from a school principal issued in the past three months that details the person’s name, residential address and when they attended the school, or a student card if available.

Learn More

Reliable and Independent Electronic Data

To determine whether electronic data is reliable and independent, you must consider if the data is accurate, secure, up-to-date, comprehensive (e.g., number of listings and collection period), verified from a reliable and independent source, maintained by a government body under legislation, and capable of additional authentication.

One method for verifying individual customer and beneficial owner identification using electronic data is the Document Verification Service (DVS). Managed by the Department of Home Affairs, the DVS is a secure online system that matches government-issued identity documents directly with the issuing government organisation, allowing real-time verification that the document is current and not lost or stolen.

Learn More

Certification of ID Documents

All KYC documentation should be properly certified to be accepted. Certification ensures the documents have been verified by the certifier as true and correct copies of the originals. The certification should include: confirmation it was performed within a pre-defined time period (such as 12 months); performed by an authorised person; a statement certifying the document as a true copy of the original; the certifier’s full name, date of certification, signature, qualification/position, and registration number (if applicable).

Learn More

Introduction

Often only in exceptional circumstances, a disclosure certificate might be used to verify certain KYC information when it cannot be reasonably obtained or verified through standard procedures. This can occur if the information is necessary under the AML/CTF program, and despite following all relevant procedures, verification has not been possible. Approval from the AML Compliance Officer is normally required for the use of a disclosure certificate and the use of a disclosure certificate must be appropriate to the level of ML/TF risk the customer presents.

Learn More

Disclosure Certificate Requirements

Disclosure certificates may be accepted if certified by an appropriate officer to the customer, such as a director, trustee, partner, chairman, secretary, treasurer, AML/CTF Compliance Officer, solicitor, accountant, authorised representative, or equivalent officer.

Disclosure certificates will contain information such as the following:
• the KYC information required to be collected for the entity;
• the full name and full residential address of each beneficial owner of the customer;
• the full name of the appropriate officer;
• the date of certification by the appropriate officer; and
• a certification by the appropriate officer that the information contained in the disclosure certificate is true, accurate and complete; to the best of their knowledge and belief.

Learn More

Introduction

As a reporting entity, you must implement customer identification procedures (KYC) as outlined in Part B of your AML/CTF program.

These procedures should be tailored to the money laundering/terrorism financing risk posed by different customer types.

Before offering any designated services, verify the identity of individual customers and ensure non-individual customers (such as companies, associations, or trusts) are legitimate entities, knowing their beneficial owners.

Part B must detail how you collect and verify KYC information, identify politically exposed persons (PEPs), address discrepancies, and use risk-based systems to determine the need for additional information.

You must complete most identification procedures before providing services, with some flexibility for identifying beneficial owners and PEPs either before or shortly after service provision.

Being thorough with KYC helps detect unusual or suspicious activities, reducing the risk of exploitation for money laundering or terrorism financing.

Learn More

Applicable Customer Identification Procedures (ACIP)

ACIP involves collecting and verifying customer identification information through KYC procedures, identifying and verifying beneficial owners, determining if customers or their beneficial owners are politically exposed persons (PEPs), and gathering information on the purpose and nature of the business relationship.

Your ACIP must consider:
• The nature, size, and complexity of your business
• The purpose of your business relationships
• The type of ML/TF risk you might face
• Customer types, including beneficial owners and PEPs
• Customers’ sources of funds and wealth
• Control structures of non-individual customers
• Types of designated services provided
• How services are delivered
• Foreign jurisdictions involved

For higher-risk customers, more information must be collected and verified to ensure accurate identification and effective ML/TF risk management.

Your systems and controls should:
• Address the identified ML/TF risks
• Include procedures for collecting and verifying information about a customer's agent

Your staff and agents must understand and comply with ACIP, which should be monitored regularly. Generally, ACIP must be completed before providing a designated service. If customers cannot meet ACIP requirements, the service must not be provided. Failing to perform ACIP properly can significantly impact the management of ML/TF risks and overall AML/CTF compliance.

Learn More

Introduction

Understanding the ultimate control of your customers is crucial in detecting, disrupting, and preventing money laundering and terrorism financing, as well as protecting your business from other criminal activities.

All reporting entities must identify the beneficial owners of their customers and assess the associated risks.

A beneficial owner is an individual who owns 25% or more of an entity, either directly or indirectly, or controls its financial and operational decisions through various means.

Obligations include identifying beneficial owners, assessing their risk levels, verifying their identities, and maintaining records of these processes.

Learn More

Beneficial Owner Procedures

Your AML/CTF program must detail how you meet obligations related to beneficial owners, including documenting the processes for determining beneficial owners, collecting and verifying their information, and the measures used for verification.

It should specify the independent documentation or electronic data used for verification, methods for updating beneficial ownership information, and managing risks over time.

The program must also address the use of disclosure certificates and the identification of alternative individuals when beneficial owners cannot be identified.

Procedures must be tailored to your business's specific risk level, and employees must adhere to these procedures for identifying and collecting beneficial owner information.

Learn More

Beneficial Owner Determination

Determining the beneficial owners of your customers is crucial, especially for non-individual customers such as companies, trusts, or associations, which often have complex ownership structures.

Understanding the business or organisational structure of your customer is essential, as it may involve several ownership layers.

Typically, you can obtain this information directly from the customer, but additional research might be necessary for complex structures.

Useful documents for this research include a company's certificate of incorporation and annual statement from ASIC, trust deeds, partnership agreements, and constitutions of incorporated associations or registered cooperatives.

Identifying the beneficial owners must occur before or as soon as possible after providing the designated service.

Learn More

Beneficial Owner Exceptions

You don’t need to identify beneficial owners for a customer that is:
• a company that has been verified under the simplified company verification procedure – see more about this and customer identification procedures.
• a trust which has been verified under the simplified trustee verification procedure – see more about this and customer identification procedures.
• an Australian Government body.
• a foreign-listed public company, or a majority-owned subsidiary of one, that comes under beneficial ownership disclosure requirements in its own country if they are comparable to Australia’s.

You may however need to collect & verify KYC information on beneficial owners if they hold other relationships with the customer, such as being a signatory.

Learn More

Introduction

A PEP (Politically Exposed Person) is an individual holding a prominent public role in a government body or international organisation, either in Australia or abroad, including their immediate family and close associates. Due to their influential positions, such as heads of state, government ministers, senior judges, high-ranking military officers, and executives of international organisations, PEPs are susceptible to corruption, bribery, and potential involvement in money laundering or terrorism financing.

As part of your AML/CTF program, it is essential to identify PEPs and implement measures to mitigate and manage associated risks. This includes outlining how you identify PEPs and the steps you take when engaging with them, acknowledging that being a PEP does not inherently imply involvement in criminal activities.

Learn More

Types of PEPs

The AML/CTF Act identifies three types of PEPs.

Domestic PEP – someone who holds a prominent public position or role in an Australian government body.

Foreign PEP – someone who holds a prominent public position or role with a government body in a country other than Australia. This would include foreign PEPs working or residing in Australia.

International organisation PEP – someone who holds a prominent public position or role in an international organisation, such as the United Nations (UN), the World Trade Organisation (WTO) or the North Atlantic Treaty Organisation (NATO).

Learn More

PEP Procedures

You must have risk-based procedures to identify whether a customer or beneficial owner is a Politically Exposed Person (PEP) before providing a designated service, or as soon as possible afterwards.

This involves asking customers directly, checking their background online, and using third-party databases.

Specialist PEP databases can be useful but are not always comprehensive or reliable. PEPs, due to their prominent public functions, can conceal proceeds of crime using various methods, and not all PEPs have the same level of risk.

Foreign PEPs are always high-risk, while domestic and international organisation PEPs vary. 

Your AML/CTF risk assessment and due diligence processes, including transaction monitoring, should establish normal financial behavior for customers to spot unusual or suspicious activity. Enhanced scrutiny is required for PEPs from high-risk locations or those making unusual transactions. Regularly review and update your AML/CTF program to address evolving ML/TF risks, including those related to PEPs.

Learn More

PEP Identification and Verification

Customer identification and verification procedures differ for medium or low-risk PEPs and high-risk PEPs, including foreign PEPs.

For medium or low-risk PEPs, such as domestic or international organisation PEPs, apply the standard procedures used for individuals.

For high-risk PEPs, including foreign PEPs, implement enhanced customer due diligence (ECDD), which may include obtaining senior management approval before initiating or continuing a business relationship, establishing the source of the customer's and beneficial owners' wealth and funds, and/or complying with other ECDD requirements like verifying information and analysing transactions.

High-risk PEPs require close transaction monitoring, and any suspicious transactions linked to corruption or criminal activity must be reported to AUSTRAC through a suspicious matter report (SMR). If an existing customer becomes a PEP, update their status, conduct ECDD, and adjust transaction monitoring processes to reflect the new risk level.

Learn More

Prescribed Requirements

Prescribed Requirements for Individuals, Sole Traders, Signatories & Beneficial Owners / Controlling Person entail collecting specific information such as the full name, date of birth, and residential address of the person.

Additionally, for sole traders, details such as the full business name, and ABN issued to the sole trader must be collected.

Verification procedures involve confirming the individual’s full name and, date of birth or residential address.

Learn More

Additional Risk Based Requirements

Additional risk-based requirements for individuals, sole traders, signatories, and beneficial owners / controlling persons could include collecting and verifying information such as the individual’s occupation, country(ies) of citizenship, town & country of birth, postal address, other names the individual is known by, and source of wealth.

For sole traders, additional considerations involve assessing the nature of the sole trader’s business, principal customer type(s), and the location of those customers.

These risk-based requirements are determined by each businesses approach to their ML/TF risks.

Learn More

Introduction

For non-individual customers, you must collect sufficient information to ensure the customer actually exists. For instance, if the customer is an Australian company, you need to collect and verify details such as the full name of the company, its registration status with the Australian Securities & Investments Commission (ASIC) as a public or proprietary company, and its Australian Company Number (ACN) or Australian Registered Body Number (ARBN). Verification of this information can be done using reliable and independent documents, electronic data, or a combination of both.

Learn More

Simplified Verification Procedures for Companies

The simplified company verification procedure applies if you confirm the company is one of the following:
• a domestic company listed on an Australian stock exchange,
• a majority-owned subsidiary of such a company, or
• licensed and regulated by a Commonwealth, state, or territory government regulator.

Verification can be done using documents obtained from:
• Searching the relevant domestic stock exchange.
• A public document issued by the company (e.g., an annual report).
• Searching the Australian Securities and Investments Commission (ASIC) database.
• Searching the license or other records of the relevant regulator.

Learn More

Simplified Verification Procedures for Trusts

The simplified trust verification procedure only applies if you can confirm the trust is one of the following:
• a managed investment scheme registered by ASIC.
• an unregistered managed investment scheme that only has wholesale clients and does not make small scale offerings.
• a trust registered with and regulated by an Commonwealth Government regulator
• a government superannuation fund established under legislation.

Confirming that your customer fits one of the above criteria is sufficient verification.

Learn More

Prescribed Requirements

The information you need to collect and verify for non-individual customers varies based on the customer type. Chapter 4 of the AML/CTF Rules provides detailed requirements for the specific information that must be collected and verified for different types of non-individual customers.

The required information may include:
• The full name of the entity
• The full address of the entity’s registered office and principal place of business
• The ACN and/or ABN issued to the entity
• The registration type of the entity
• The full names of key persons of the entity, such as directors, secretaries, treasurers, and beneficiaries

This is not an exhaustive list. For comprehensive details, refer to Chapter 4 of the AML/CTF Rules.

Learn More

Additional Risk Based Requirements

Additional risk-based requirements for non-individuals could include collecting and verifying information such as the date upon which the entity was registered, the nature of the customer's main business activity, and/or the entities principal customer type(s) and the location of those customers.

These risk-based requirements are determined by each businesses approach to their ML/TF risks.

Learn More