Individuals who might need a flexible approach

Some individuals may:

• experience barriers obtaining standard identification. This might be ongoing, temporary or because of their situation
• be unable to access standard identification because of circumstances outside their control
• have inconsistent personal details across identification documents, such as their name or date of birth.

This may include people who are:

• Aboriginal and Torres Strait Islander
• affected by natural disasters
• affected by family and domestic violence
• experiencing homelessness
• in prison or recently released from prison
• refugees, asylum seekers and recent migrants to Australia
• from culturally and linguistically diverse backgrounds
• intersex, transgender and gender diverse
• living in remote areas
• older Australians
• living in a hospital setting for lengthy periods
• not registered at birth
• raised in institutional or foster care
• experiencing digital exclusion or inaccessibility.

This list isn’t exhaustive. Some individuals may also face multiple barriers. 

You can use alternative identification options for individuals whose identity you need to establish for initial CDD. This includes: 

• your customer
• an individual receiving the service on your customer’s behalf
• an individual acting on behalf of your customer
• if your customer isn’t an individual (for example, they’re a corporation) an individual beneficial owner of the customer.

The importance of financial inclusion

Appropriate anti-money laundering and counter-terrorism financing (AML/CTF) safeguards shouldn’t exclude vulnerable groups from the financial system. 

Limiting access to financial services can have a devastating impact on individuals. It also increases the risk of money laundering and crime by pushing individuals to unregulated channels.

Standard CDD relies on access to reliable identification documents. This can create a barrier to providing financial services to individuals who can’t provide these documents. 

We strongly encourage reporting entities that provide financial services to: 

• apply a flexible, sensitive and compassionate approach to support individuals
• consider the barriers individuals may face obtaining and providing identification
• design procedures that balance meeting the needs of these individuals with meeting CDD obligations
• make sure staff feel confident to implement alternative identification procedures and exercise discretion as needed. This may include providing resources like internal policies, decision guides and employee training programs.

You should be mindful that some individuals get support from other people who contact and engage with financial institutions on their behalf. This may include financial counsellors, social support case workers or prison reintegration officers.

When you develop your procedures, you could consider using data sources to proactively identify communities and locations where individuals are more likely to need a flexible approach. This could be based on factors such as: 

• remoteness
• digital exclusion
• areas with a high population of Aboriginal and Torres Strait Islander peoples. 

Data sources could include the:

• Australian Bureau of Statistics Table Builder
• Australian Digital Inclusion Index. 

Using alternative identification procedures

You must have AML/CTF policies that mitigate and manage any additional risk arising when an individual cannot provide standard identification information or evidence. 

When using alternative identification procedures, first confirm the individual can’t either:

• provide the standard identification documents needed for the service or transaction
• prove their standard identification is correct if the information doesn’t match. For example, date of birth, address or name.

Steps you can take to meet your obligations using alternative identification

You can comply with your initial CDD obligations by using alternative options for an individual if you do all the following:

• take reasonable steps to make sure the customer is who they claim to be using the alternative identification you have
• identify the customer’s ML/TF risk based on accepting alternative identification options reasonably available for the customer
• collect know your customer (KYC) information that’s appropriate to their ML/TF risk
• take reasonable steps to verify the KYC information using the alternative forms of identification and appropriate to their ML/TF risk
• mitigate and manage any additional ML/TF risk arising from the lack of standard information or evidence. 

When using alternative identification procedures, we expect you to:

• consider the individual’s circumstances
• discuss the alternative forms of identification they can provide
• assess the customer’s ML/TF risk profile. 

Consider the risk factors involved

Consider risk factors such as: 

• the likely kinds of transactions and services you expect to see on their account
• whether you expect to see regular, verifiable sources of income and expenses.

We expect you to apply the least invasive procedures to verify the individual’s identification. Make sure the procedures are suitable for their ML/TF risk profile and circumstances. This is especially important for vulnerable individuals, where complicated procedures could cause more hardship.

You must apply appropriate ongoing CDD based on the ML/TF risk. This includes monitoring for any unusual behaviour or transactions. It may be appropriate to collect and/or verify additional KYC information throughout the course of your business relationship. For example, if their ML/TF risk changes.

Train your personnel to consistently implement alternative identification procedures

We expect you to provide training to make sure your staff can implement and consistently apply your alternative identification procedures. 

It’s also best practice to implement a process to: 

• monitor how effective your alternative identification procedures are
• identify potential improvements that will further support individuals who require alternative identification. 

Allowing more time to provide standard identification documents

You may use alternative identification for individuals facing short-term barriers to accessing standard identification. For example, individuals affected by a natural disaster or family and domestic violence. You can use alternative identification and provide services while they replace or update standard identification.

You should ask the individual to provide their standard identification documents when they become available. 

Individuals facing long-term barriers 

When an individual is facing long-term barriers to accessing standard identification, you can continue to rely on alternative forms of identification. 

Many individuals face systemic and ongoing barriers to accessing standard identification documents. This can include individuals who experience long-term homelessness or live in remote areas. 

You should move the individual to standard identification if long-term barriers are resolved. However, you should be mindful that in some cases the individual’s circumstances may not change. 

Changes in a customer’s ML/TF risk profile

A customer’s ML/TF risk profile may change after you accept alternative identification. For example, you may identify a change in their behaviour or expected financial transaction patterns.

You can continue to rely on existing alternative identification procedures when you manage and reduce the risks. You should mitigate and manage the risk through appropriate controls before you consider declining or withdrawing services. 

You may use enhanced CDD measures to mitigate and manage the risks. You must apply enhanced CDD if a customer’s ML/TF risk has increased to high. Enhanced CDD measures may include:

• collecting additional KYC information
• verifying or re-verifying KYC information  
• increasing monitoring of the customer’s transactions
• imposing limits on the account
• undertaking source of funds checks.

Example: Customer’s risk rating increases due to unusual transactions

A bank assesses a customer to be a low ML/TF risk. They’re also satisfied that the customer can’t access standard identification documents. 

The bank discusses what alternative identification documents the customer can access. The bank accepts a written reference from the customer’s employer and opens a bank account for them.

The bank later detects unusual transactions on the customer’s bank account. This includes large cash transactions that can’t be connected to any legitimate source. The bank reassesses the ML/TF risk of the customer as high. 

The ML/TF risk is connected to the source of the customer’s funds, not their identity. The bank conducts a source of funds check under their enhanced CDD program. While they do this, the bank doesn’t require the customer to provide any further identification documents. The source of funds check establishes that the large cash payments came from a legitimate source – gifts from family members following the customer’s wedding. 

The bank reassesses the customer’s risk rating as low. The bank doesn’t require further identification information.

Alternative identification options

Alternative identification options may include one or more of the following:

• a referee statement
• government correspondence, including documents from state or territory corrective services
• confirming an individual’s identity with reputable organisations or bodies known to them. For example, Aboriginal and Torres Strait Islander organisations or community health organisations
• a community ID or organisation membership card for Aboriginal and Torres Strait Islander peoples
• recently expired identification
• an individual’s self-attestation of their identity. 

This list isn’t exhaustive. You may use other sources to verify the individual’s identity. 

Referee statements

We expect the referee to be someone who both: 

• holds a position of trust in the community
• has an existing relationship with the individual.

Suitable referees may include a:

• school principal, teacher or counsellor
• current or former employer or manager
• medical practitioner (for example, doctor, nurse, midwife, dentist, community health professionals, psychologist)
• minister of religion
• police officer
• financial counsellor, adviser, planner or capability worker
• community leader, such as an Elder
• official from an Aboriginal and Torres Strait Islander organisation, or a board member of a Local Aboriginal Land Council
• legal aid or community lawyer
• Services Australia (Centrelink) staff
• correctional services staff
• manager or warden of a refuge or shelter accommodation or homeless shelter
• manager of an aged care facility or hospital.

It can also be an individual who is able to witness a statutory declaration.  

Suitable referees may also include other social support service providers such as: 

• family violence workers
• social workers
• prison case workers and reintegration officers
• youth services workers.

There may be other suitable referees you choose to accept that aren’t on this list.

What a referee statement should include

A referee statement can take various forms. The statement could contain the:

• date of the reference
• referee’s name, signature, position, contact details and relationship to the individual
• referee’s knowledge of the individual’s full name, residential address (if known) and date of birth (actual or approximate)
• approximate dates the referee has known the individual.

If known by the referee they could also include:

• other addresses where the individual has recently lived
• other names the individual has been or is known by
• the individual’s circumstances that have resulted in limited access to identification documents
• a brief explanation of the reasons why the individual has inconsistent details on their identification.

These aren’t mandatory requirements for the reference to be acceptable. You could base your approach on: 

• the individual’s circumstances
• your organisation’s specific requirements.

You may also consider other ways to accept the referee statement, such as:

• a real-time video call
• a pre-recorded video statement
• a written or online statutory declaration
• an online form. 

You may use a template or form to collect information from the individual and their referee. We have an example form (PDF, 867 KB) you can tailor to your requirements.

Verifying and managing the risks of accepting a referee statement

When accepting a referee statement, consider the following to verify the individual’s KYC information and manage and mitigate the ML/TF and fraud risks. These aren’t mandatory requirements and you could consider them based on the risk. 

You may ask the referee to: 

• provide the statement on an official letterhead of the organisation they represent
• include a recent photograph of the individual as an alternative to standard photographic identification
• submit the statement directly to your organisation from an official email address, to make sure it’s not altered.

If a referee has provided a statement as a member of a particular profession, you could confirm they’re a member when possible. For example, you may search the:

• Register of Practitioners managed by the Australian Health Practitioner Regulation Agency (AHPRA)
• Australian Legal Profession Register managed by the Legal Services Council
• Financial Advisers Register managed by the Australian Securities and Investments Commission (ASIC). 

You may also do an internet search of the individual or the organisation they work. 

If you have doubts about the authenticity of a reference, you could take additional steps to confirm. For example, you may follow up with an email or phone call. 

It’s up to you to determine what would be an appropriate length of time that the referee has known the individual. Only one interaction would likely not be appropriate as there’s no established relationship. 

You could specify the minimum qualifications of witnesses. For example, a school principal or teacher.

Other controls may include:

• using multiple referees
• combining a referee statement with other forms of alternative identification, such as government correspondence or expired identification
• an online or in-person interview with the individual to assess the consistency and legitimacy of their claims
• monitoring the number of times the same individual is acting as a referee for different individuals, as multiple requests to use the same individual may require further investigation
• monitoring the behaviour of both the individual and referee for any signs of coercion or fraud, after the referee statement has been accepted.

If there’s a risk of coercion you could also request:

• an interview or pre-recorded video with the referee
• that an independent individual witnesses the referee’s statement.

This isn’t an exhaustive list.

Banks may consider delaying conducting initial CDD for up to 20 days after opening an account in some circumstances under section 6-12 of the Rules. This may allow more time to check alternative identification documents. 

Transaction controls to manage the risks 

You may use other controls when accepting alternative forms of identification. These may include limiting the functionality, features, products or services you offer to that individual based on your customer’s ML/TF risk. 

This could include placing limits on the:

• number or total value of transactions
• amount per transaction
• overall balance or value of the account.

You could also limit the geographical scope of the transactions. For example:

• only allowing domestic transactions
• not allowing cross-border transactions with countries with higher ML/TF risks.

Government correspondence

You may accept correspondence from an Australian federal, state or territory government authority or foreign government that shows the individual’s name.

For people in prison or recently released from prison, this can include identification documents issued by the state or territory corrective services. For example, a Corrections Record Number.

Expired identification

You may allow an individual to provide recently expired identification when they have trouble getting standard identification. You could request the individual provide standard identification documents as soon as they can. However, we expect you to be mindful of their specific circumstances and any barriers they may face. 

In some cases, you may rely on older expired identification when it’s appropriate to the risk and you can either:

• match at least one other identifying detail, such as date of birth
• visually identify the individual from their photo on the expired identification.

This may be especially useful for individuals disproportionately impacted by barriers to updating expired identification documents, such as:

• Aboriginal and Torres Strait Islander individuals
• individuals living in remote communities
• people in prison – particularly those with long sentences
• elderly people who don’t officially hand in their driver’s licence when they stop driving
• individuals in a care facility.

You could determine the length of time you’ll rely on expired identification. 

Individuals declaring their own identity (self-attestation)

If you can’t establish the identity of an individual in any other way, you may accept an individual’s self-attestation of their identity as a last resort.

Self-attestation may be useful for individuals who are:

• experiencing homelessness
• refugees without identification documents
• unable to nominate a referee who meets your alternative customer identification requirements.

You must not rely on self-attestation if you know or suspect that it’s incorrect or misleading.

You must continue to apply ongoing CDD to manage and mitigate the ML/TF risks. This includes transaction monitoring.

You must take reasonable steps to verify the individual’s identity using data reasonably available. For example, you may ask the individual to provide:

• another form of alternative identification within an agreed period
• standard identification documents if they have access to them.

Obtaining and submitting documents

Obtaining and submitting identification may be complex and challenging. The cost can also be a barrier. 

You could consider the most efficient way for the individual to obtain and submit documentation. 

If it isn’t possible for individuals to submit documents in person, you could:

• accept documents by email, certified mail or fax
• use online conferencing services, video calls or pre-recorded video call statements
• allow the individual to provide a photo of themselves holding their identification documents, along with a copy of the documents themselves.

This is particularly relevant for individuals in remote areas. 

If you use an online platform for individuals to submit their identification documents, you could consider if it can accept alternative forms of identification. If it can’t, you could offer another way for an individual to submit their documents. 

Record keeping for alternative forms of identification

You must keep records of what you did to identify the individual and what alternative identification you used. This record should include information about the individual’s particular circumstances. 

Learn more about record keeping.

Next step

Learn more about how you can use alternative identification procedures to identify Aboriginal and Torres Strait Islander individuals who don’t have standard identification.

Related pages

• Examples of using alternative identification procedures
• Customer due diligence.