Customer identification controls are only part of ensuring that the true identity of a customer is established. Criminals (including money launderers) are likely to have convincing documentation. The knowledge, experience and alertness of staff members provide the essential human intervention to ensure that systems and controls are routinely monitored and modified to identify abnormal behaviour.

Risk assessment must be realistic. Knowing who your customers are and having a good understanding of which, if any, of your designated services are vulnerable to ML/TF risks, is the basis of developing an AML/CTF program suitable to your business needs. For example, the ML/TF risk for the same product may differ if the customer is a domestically-based individual, or an offshore trust. Customer identification procedures need to be developed relative to the nature, size, complexity and resource capacity of your business. For example, with internet access you may be able to determine the level of risk posed by persons from certain countries that may be exposed to levels of economic and political corruption.

Your risk assessment methodology and associated AML/CTF policies and procedures could specify the factors that your staff should spell out when a customer does fall into a higher risk category. In these situations, when your business has assessed a customer to be high risk, additional KYC information should be sought. The type of additional information you will request in each situation should be documented as part of the processes in your AML/CTF program and communicated to your staff.

The AML/CTF Act does not prescribe what additional documents you should request, however chapter 4 of the AML/CTF Rules does provide some suggestions for consideration.