You must take appropriate steps to respond to unusual transactions and behaviour you identify. This helps you mitigate and manage your customers’ money laundering, terrorism financing and proliferation financing risks. We refer to these as ML/TF risks.

We expect that your anti-money laundering and counter-terrorism financing (AML/CTF) policies include all the following:

• how you’ll respond to unusual transactions and behaviour, including appropriate measures you’ll apply
• escalation processes to follow when reviewing and responding to unusual transactions and behaviour
• procedures to make sure you comply with your suspicious matter reporting (SMR) obligations.

Responding to unusual transactions and behaviour

How you respond to unusual transactions and behaviour will depend on the type of activity or alert identified in your customer monitoring processes, and the customer’s ML/TF risk. 

Depending on the circumstances, you may do any or all of the following:

• manually review the alert to assess if the customer’s transaction and behaviour are unusual
• update your know your customer (KYC) information and assessment of their ML/TF risk
• change the ongoing CDD measures you apply to better manage and mitigate the customer’s ML/TF risk. Such as reviewing transactions more frequently
• escalate the matter to senior managers or an AML/CTF compliance officer for review and response
• submit an SMR if you form a reasonable suspicion
• apply enhanced CDD measures
• make a decision about whether to continue providing designated services to the customer.

Determining if a transaction or behaviour is unusual

Customers may have unusual transactions or behaviour, but this doesn’t always mean they’re doing something illegal. 

When you identify unusual transactions and behaviour, you could determine if either: 

• there’s a legitimate explanation
• you need to take further action, such as conducting enhanced CDD or submitting an SMR to us.

To determine if a transaction or behaviour is unusual, we expect you to consider what you reasonably know about all of the following:

• the customer, including their ML/TF risk
• the nature and purpose of the business relationship
• the customer’s source of funds or source of wealth.

For example, you could:

• compare the transaction with your customer’s previous transactions and information you already know
• compare the transactions with information about similar customers and how they use your designated services
• consider information about your industry to help you determine what’s an unusual or complex transaction.

Learn more about unusual transactions and behaviour.

Enhanced customer due diligence

You must apply enhanced CDD if the designated service satisfies any of the following:

• has no apparent economic or legal purpose
• would involve an unusually complex or large transaction
• would involve an unusual pattern of transactions.

Learn how to apply enhanced CDD.

Submitting a suspicious matter report

You must submit an SMR if you suspect any of the following on reasonable grounds:

• information you have may be relevant to crime
• a customer, possible future customer or their agent isn’t who they claim to be
• a person is planning an ML/TF offence using a designated service.

Learn more about suspicious matter reports.

Example: Responding to an unusual transaction or behaviour

This is an example of steps you may take in response to an alert of unusual transaction or behaviour identified through your customer monitoring processes. There may be other ways to appropriately respond to an alert.

Step 1 – review the activity in context

• Compare the activity to what you currently know about your customer, including their ML/TF risk.  
• Consider the nature of the customer’s relationship with your business.
• Look at their transaction history.
• Consider if the activity has a clear economic or lawful purpose.

Step 2 – check information you currently hold

• Review existing records, including KYC information, prior interactions and any past alerts.
• Consider any linked accounts or services provided by your business that may hold related information. For example, if a customer is transferring money between accounts.
• Consider what you know about similar customers to determine if the activity is unusual. 

Step 3 – decide on next steps 

Once you have reviewed the activity and information you currently hold, we expect you to take steps to appropriately mitigate and manage any ML/TF risks.

If you determine that the activity is not unusual, or is consistent with what you know about the customer, you may decide that no further action is needed at this stage.

In other cases, you may decide whether to do one or more of the following:

• review, and if appropriate, update the customer’s KYC information and/or ML/TF risk
• apply enhanced CDD if required, such as obtaining source of funds or source of wealth information
• escalate the matter to senior managers for consideration
• submit an SMR
• stop providing designated services, or limit providing designated services to the customer.

Step 4 – document your review and response

Keep a record of all the following:

• the details of the alert
• how you reviewed the alert, including the steps taken and decisions made
• how you responded to the alert and why.

Record keeping

You must keep records to show how you complied with your ongoing CDD obligations in relation to a customer. This includes all the following:

• keeping records of the customer’s transactions
• your identification, and assessment of the customer’s ML/TF risk
• any decisions your business makes about how you conduct ongoing CDD on the customer.

Learn more about record keeping. 

Related pages

• Overview of ongoing customer due diligence
• What you must monitor for
• How to monitor your customers
• Reviewing and updating a customer’s ML/TF risk and KYC information