Why you must monitor your customers

You must monitor your customers to appropriately identify, assess, manage and mitigate the risks of money laundering, terrorism financing and proliferation financing (we refer to these as ML/TF risks) that you may reasonably face while providing designated services. 

This includes monitoring for unusual transactions or behaviour that may require you to submit a suspicious matter report (SMR).

You monitor customers by both:

• developing systems, controls, policies and procedures
• applying these continuously to all customers receiving a designated service. 

Failing to monitor customer transactions and behaviour can have serious flow-on effects for other anti-money laundering and counter-terrorism financing (AML/CTF) obligations. This includes your obligations to submit an SMR, conduct enhanced CDD, assess your customer’s ML/TF risk over time, and take steps to manage and mitigate your ML/TF risks.

We expect you can demonstrate that your customer monitoring both:

• effectively monitors and analyses your customer’s transactions and behaviour
• alerts you in a timely way to any unusual transactions or behaviour.

Monitoring during a business relationship or occasional transaction

You must monitor all customers when providing designated services to identify, assess, manage and mitigate ML/TF risks you may reasonably face.

For a customer you only provide an occasional transaction to, this means you must monitor them while you are providing the designated service.

However, if you have an ongoing business relationship with a customer, you must monitor their transactions and how they are using your designated services throughout the course of the business relationship. 

In certain circumstances, for these customers you must also review and, where appropriate, update both:

• your identification of the customer’s ML/TF risk
• KYC information about the customer.

Learn about ongoing customer due diligence.

How to monitor your customers

The way you monitor your customers must be appropriate to your business. 

Your ML/TF risk assessment will help you develop thresholds and triggers to identify unusual transactions and behaviour. 

Your monitoring of customers is informed by both:

• your identification of their ML/TF risk in initial CDD
• any changes to their ML/TF risk during your business relationship.

We expect your AML/CTF policies relating to customer monitoring include processes to do all the following:

• effectively monitor and analyse your customers’ transactions and behaviour
• capture all relevant sources of customer and transaction data or information
• identify unusual transactions and behaviour
• review and manage the internal escalation and investigation of unusual transactions and behaviour
• manage the consistent reporting of suspicious matters to us
• include sufficient assurance processes to review how your business manages identified issues
• reassess a customer’s ML/TF risk and determine if they remain within your risk appetite
• document and audit your monitoring processes.

Automated and manual monitoring

Your customer monitoring measures can be manual, automated, or both. What’s appropriate will depend on the nature, size and complexity of your business. 

Automated customer monitoring

We expect that you have an automated transaction monitoring system if you can’t effectively monitor transactions manually. For example, if you deal with a high volume of transactions. 

Transaction monitoring software may identify issues that you can’t manually recognise when dealing with high volumes of transactions. For example:

• unusual patterns
• unusually large transactions
• spikes in activity
• potential structuring of transactions to avoid reporting
• transactions to high-risk jurisdictions or to sanctioned persons.

Manual customer monitoring

If you can effectively monitor your customers manually, you could do this by doing all the following:

• training relevant personnel to identify unusual transactions and behaviour and respond appropriately
• scheduling regular time, such as weekly or monthly, to review your customers’ transactions and behaviour for indicators of unusual activity
• comparing a customer’s transactions and behaviour with their history and what you know about them
• comparing a customer’s transactions and behaviour with similar customers and how they use your designated services
• considering information about your industry to help you identify if a transaction or behaviour is unusual or complex
• escalating unusual transactions or behaviour for further review and response. For example, to an AML/CTF compliance officer. 

Monitoring alerts

We expect that your customer monitoring will appropriately identify and alert you to transactions and behaviour that requires further investigation.

We expect that your AML/CTF policies outline when you’ll review a transaction or behaviour to determine if you need to submit an SMR. 

If you don’t have a process to review and respond to unusual transactions or behaviour, it’s unlikely that you’ll be able to show that you’re managing or mitigating your customers’ ML/TF risks.

For example, you could flag transactions or behaviour for further investigation where:

• the size, frequency or patterns of transactions seem unusual or suspicious
• the transaction or behaviour involves a high-risk country or region
• the transaction or behaviour involves a person or organisation on a sanctions list
• transactions look structured to avoid threshold transaction reporting obligations
• the transaction or behaviour is inconsistent with a customer's ML/TF risk or previous pattern of behaviour
• there’s other unexpected customer activity which may indicate money laundering or terrorism financing, or other criminal activity.

Learn more about:

• what you must monitor for
• responding to unusual transactions and behaviour
• suspicious matter reports

Monitoring customers based on risk 

You must monitor your customers in a way that’s appropriate to manage and mitigate their ML/TF risk.

For example, some customers may require more intensive monitoring than others and it may be appropriate to:

• include more alerts in your customer monitoring to help you monitor their activity more closely
• manually review their transactions more frequently.  

Checking your customer monitoring

We expect you to regularly check that your customer monitoring measures are operating effectively and as intended. 

This includes confirming all the following:

• you’ve enough information about your customers to identify unusual transactions and behaviour
• you’re being alerted to any unusual transactions and behaviour
• you’re appropriately responding to alerts.

If you identify any issues during your reviews, we expect you to promptly address them.

We expect you to update your customer monitoring to detect new indicators of criminal activity. For example, indicators you identify through your internal intelligence and indicators published by us.

When you’re updating your customer monitoring, we expect you to take steps to make sure all of the following are satisfied:

• there’s no impact to other AML/CTF processes, such as your reporting obligations
• relevant senior managers approve any changes that may affect AML/CTF compliance
• you have assurance processes to confirm your customer monitoring is working effectively while the changes are being made
• you document any changes.

Record keeping

You must keep records that show how you complied with your ongoing CDD obligations in relation to a customer. This includes all the following:

• keeping records of the customer’s transactions and significant behaviour
• your identification, analysis and assessment of the customer’s ML/TF risk
• any decisions your business makes about how you conduct ongoing CDD on the customer.

Learn more about record keeping. 

Related pages

• Ongoing customer due diligence
• What you must monitor for
• Responding to unusual transactions and behaviours