You must monitor your customers for any unusual transactions and behaviours that may trigger an obligation to submit a suspicious matter report (SMR). 

This includes monitoring for information that may be relevant to an investigation or prosecution of certain crimes. 

Unusual transactions and behaviours include:

• unusually large or complex transactions
• unusual patterns of transactions and behaviours
• transactions that have no apparent economic or lawful purpose
• transactions that aren’t consistent with what you know about the customer, the nature and purpose of their relationship with you, their ML/TF risk, or their source of funds or source of wealth.

Understanding what unusual transactions or behaviours are, and what may be an indicator of crime, will help you:

• develop procedures to effectively monitor your customers
• identify if you need to submit an SMR
• identify what you can do to mitigate and manage your customer’s ML/TF risk.

Customers may have unusual transaction patterns or behaviours, but that doesn’t always mean they’re doing something illegal.

When you identify unusual transactions and behaviours, determine if either: 

• there’s a legitimate explanation
• you need to take further action. For example, conducting enhanced CDD or submitting an SMR to us.

Learn more about responding to unusual transactions and behaviours.

Unusual transactions

Unusual transactions may look different for each customer. For example, a high volume of transactions might be normal for one customer, but not for another.  

What’s unusual will depend on the:

• customer’s profile and expected activity
• nature of your business, designated services and sector
• circumstances in which the activity occurs.

Examples of unusual transactions include, but aren’t limited to:

• activity inconsistent with the customer’s known risk or transaction history
• transactions that appear structured to avoid reporting obligations
• transactions that seem unusually complex for the nature of the business relationship
• dealings with people in high-risk countries or regions
• large cash deposits or withdrawals
• transactions involving politically exposed persons
• transactions involving individuals designated for targeted financial sanctions
• transactions involving income or wealth inconsistent with the customer’s known circumstances
• transactions through a services provider, such as lawyers or accountants, for no apparent commercial or other reason
• using legal entity structures or corporate vehicles to conduct transactions for no apparent commercial or other reason, or to obscure ownership
• using trust funds/structures as a vehicle to move funds
• registering domestic companies or businesses that have no apparent commercial activity. 

Unusual behaviours

Unusual behaviours aren’t just what you see during your interactions with a customer. It can also be patterns or changes in how a customer uses your designated services.

Examples of unusual behaviour include, but aren’t limited to:

• appearing nervous, defensive or evasive when questioned
• giving answers that seem coached or rehearsed
• appearing directed by a third party
• changes to in-person behaviour during physical interactions. Such as trying to rush transactions
• being unable or unwilling to provide details or explanations for establishing a business relationship or receiving a designated service
• frequent changes to know your customer (KYC) information
• attempts to influence staff members to ignore their activity, including offering tips and/or other incentives
• only dealing with select staff members and avoiding others
• making unusual enquiries to staff about whether they report to government authorities
• enquiring about transaction limits or requests to not report their transaction
• using an agent or third party without a clear commercial or lawful purpose.

Offences you must monitor for

You must monitor your customers for information that:

• suggests the customer or their agent isn’t who they claim to be
• suggests a person is planning a` ML/TF offence using a designated service
• would be useful in an enforcement matter relating to the proceeds of crime.

You must also monitor your customers for information that may be relevant to an investigation or prosecution of any of the following crimes.

Financial crimes:

• money laundering
• financing of terrorism
• proliferation financing and other offences relating to the breach of sanctions
• bribery
• extortion
• counterfeiting currency
• crimes relating to taxation
• insider trading and market manipulation.

Trafficking and crimes against the person:

• piracy
• human trafficking or people smuggling
• sexual exploitation (including exploitation of children)
• trafficking of illicit substances
• arms trafficking
• other goods trafficking (including stolen goods)
• robbery or theft
• kidnapping, illegal restraint or taking hostages
• smuggling (including offences in relation to customs and excise)
• murder or grievous bodily harm.

Other crimes:

• forgery
• terrorism
• corruption
• cybercrime
• environmental crime
• counterfeiting or piracy of products
• fraud (including identity theft and scams)
• participation in organised crime or racketeering
• offences against the Act or Regulations
• any other offence you’ve identified in your AML/CTF program as high risk in relation to money laundering.

Unusual transactions and behaviours may be indicators of these offences. If you appropriately monitor your customer’s transactions and behaviours, you’ll be more likely to identify criminal activity.

You must submit an SMR if you suspect on reasonable grounds that you’ve information that may be relevant to a crime. 

Learn more about your SMR obligations.

Sector specific indicators

We publish indicators of criminal activity. These publications can help you identify unusual transactions and behaviours relevant to your business. 

We expect you to use these indicators to inform your monitoring program, where they’re relevant to your business and the designated services you provide.

We also expect you to update your customer monitoring procedures when either:

• we produce new indicators or assessments of ML/TF risk that may be relevant to your business
• you become aware of new indicators or change your own assessment of ML/TF risk from your own internal intelligence.

Learn more about risks and indicators of suspicious activity relevant to your business.

Record keeping

You must keep records that show how you complied with your ongoing CDD obligations in relation to a customer. This includes all of the following:

• keeping records of the customer’s transactions
• your identification, analysis and assessment of the customer’s ML/TF risk
• any decisions your business makes about how you conduct ongoing CDD on the customer.

Learn more about record keeping. 

Related pages

• Ongoing customer due diligence
• How to monitor your customers
• Responding to unusual transactions and behaviours
• Enhanced customer due diligence
• Risks and indicators of suspicious activity