Under section 113 of the AML/CTF Act records of customer identification must be retained for 7 years.

The AML/CTF Act is principles-based rather than prescriptive legislation. This means it is up to your organisation to determine if you will keep electronic or paper records and how those records will be stored and protected. For example, while it is not always necessary to photocopy documents, you must keep records of the identification details. Again, these practices will vary depending on things such as the size and nature of your organisation, information technology capabilities, available onsite storage and the security procedures you have in place.

Note that under the Privacy Act, storage of personal information must be secure and confidentiality needs to be maintained. Your business should consider the best way to ensure these obligations are met. For example, electronic records may be password protected and restricted to certain individuals for legitimate reasons.