Go to top of page

Privacy impact assessments

Draft privacy guidance relating to Chapter 4 of the AML/CTF Rules

The Privacy Impact Assessment of the amendments to Chapter 4 of the AML/CTF Rules recommended that AUSTRAC issue guidance to industry, which:

  • discusses the amendments that allow reporting entities to collect information ‘about’ a customer rather than ‘from’ the customer
  • explains the interaction with Australian Privacy Principle (APP) 3 (and other APPs generally)
  • highlights the importance of complying with APP 3.6 when collecting information from sources other than the individual concerned.

AUSTRAC welcomes stakeholder comments on the draft guidance. It is noted that once the guidance is finalised it will be incorporated into the AUSTRAC Compliance Guide

Draft guidance - Privacy implications of collecting know your customer (KYC) information from sources other than from the customer (Word 57KB)

Draft guidance - Privacy implications of collecting know your customer (KYC) information from sources other than from the customer (PDF 244KB)

A public consultation period is open from 11 November to 9 December 2016.

How to make a submission

Submissions on the draft guidance should be sent to:

By mail:
Director, Rules
AUSTRAC
PO Box 5516
West Chatswood NSW 1515

By email: aml_ctf_rules@austrac.gov.au

By fax: (03) 8636 0501

Please note that all submissions may be made public except those marked 'confidential'.


Privacy Impact Assessment - Amendments to Chapter 4 of the AML/CTF Rules

In November 2015, AUSTRAC released the draft Privacy Impact Assessment (PIA) – Amendments to Chapter 4 of the Anti-Money Laundering and Counter-Terrorism Financing Rules  in order to seek stakeholder feedback both on the potential privacy impacts of the proposed amendments and the preliminary recommendations. 

Currently, Chapter 4 requires reporting entities to collect and verify customer identification information ‘from’ their customers. The proposed amendments will allow reporting entities the discretion to collect identification information ‘about’ customers rather than directly from the customer.

Public consultation on the draft PIA closed on 9 December 2015.  The submissions, from a number of stakeholder perspectives, provided valuable input into completing the PIA.


Privacy Impact Assessment - Customer due diligence (CDD)

A privacy impact assessment (PIA) has been undertaken in relation to the new CDD requirements. The PIA was conducted in accordance with PIA Guidelines issued by the Office of the Australian Information Commissioner. The new Australian Privacy Principles, which commenced on 12 March 2014, formed the basis for analysis in the PIA.

A number of recommendations in the PIA resulted in changes to the final form of the AML/CTF Rules.

Last modified: 14/11/2016 12:15