Personnel due diligence (Reform)
Learn how and when to conduct personnel due diligence. This includes assessing their skills, knowledge, expertise and integrity.
On this page
- When to conduct personnel due diligence
- What to include in your AML/CTF policies
- How to conduct personnel due diligence
- Evidence of an AML/CTF compliance breach or incident involving personnel
- Record keeping
- Related pages
In this guidance, ‘personnel’ includes any person you employ or engage to perform anti-money laundering and counter-terrorism financing (AML/CTF) functions.
When to conduct personnel due diligence
This section refers to the Rules section 5–8(2).
You must conduct personnel due diligence to assess the people you employ or engage to perform AML/CTF roles.
This helps protect your business by:
- making sure only suitable people perform AML/CTF functions
- reducing the likelihood of internal fraud.
You must conduct personnel due diligence:
- before you employ or engage the person
- on an ongoing basis during their employment or engagement.
What to include in your AML/CTF policies
This section refers to the Act section 26F(4)(d).
Your AML/CTF policies must ensure you conduct initial and ongoing personnel due diligence.
We expect you to do the following and outline how you do so in your AML/CTF policies:
- assess roles that need personnel due diligence
- make sure personnel due diligence is appropriate to the risk associated with the role
- make sure personnel due diligence is appropriate to the seniority of the role
- develop procedures to assess and make sure an individual has the skills, knowledge and expertise to perform their AML/CTF functions
- conduct checks to assess the integrity of personnel, including background checks where appropriate
- schedule frequency and triggers for periodic reassessment to make sure ongoing suitability
- respond to adverse assessments
- document all assessments and decisions reasonably necessary to demonstrate compliance.
How to conduct personnel due diligence
This section refers to the Rules section 5–8(2).
You must conduct personnel due diligence before and during a person’s employment or engagement. You must assess the person’s:
- skills, knowledge and expertise relevant to their AML/CTF responsibilities
- integrity.
We expect that the level of due diligence will be tailored to the person’s role and the ML/TF risks associated with it.
For example, a customer-facing staff member who is only responsible for ensuring that customers fill out on-boarding forms would require much lighter personnel due diligence than an AML/CTF compliance officer responsible for overseeing the effectiveness of the entire AML/CTF program.
Initial personnel due diligence
This section refers to the Rules section 5–8(2).
You must assess the following before a person begins performing AML/CTF-related functions.
Skills, knowledge and expertise
Assessing a person’s skills, knowledge and expertise includes assessing that they have or demonstrate the ability to do the following as it relates to their role:
- understand the ML/TF risks
- understand AML/CTF obligations
- apply your AML/CTF policies effectively.
You might do this by, for example, doing any or all of the following:
- conducting interviews for the role
- completing knowledge-based assessments
- considering prior AML/CTF qualifications or experience
- validating their technical skills or qualifications
- checking any professional membership they hold
- checking their website if relevant and any material, videos or updates on it
- seeking evidence of previous performance.
A person may not need all required AML/CTF knowledge and expertise to perform their roles before you engage them. However, you need to consider if they generally can meet the role’s requirements with role-specific training and support.
If you identify gaps in a person’s AML/CTF capability that may pose a risk of ML/TF or non-compliance, you might:
- provide targeted training during onboarding or before they start the AML/CTF-function
- delay assigning them AML/CTF responsibilities until they complete training
- reassess their knowledge once training is completed
- consider additional supervision and support until the gap is addressed.
Integrity
This section refers to the Rules section 5–14.
Integrity assessments make sure that individuals uphold ethical standards and don’t pose an undue risk to your AML/CTF compliance.
This may involve the following, as appropriate to the ML/TF risks of the role:
- verifying their identity
- police checks
- bankruptcy checks
- screening. for example, sanction and adverse media checks
- reference checks from previous employers
- confirming qualifications and certifications
- reviewing past regulatory breaches or disciplinary actions (where applicable)
- self-disclosures.
You may also consider any existing integrity tests they’ve completed to meet other regulatory or professional requirements.
AML/CTF compliance officer
This section refers to the Act section 26K(2) and the Rules section 5–14.
Your AML/CTF compliance officer must also meet additional requirements to show they’re a fit and proper person to hold the role. For further information, see our guidance on the AML/CTF compliance officer.
Ongoing personnel due diligence
This section refers to the Act section 29F(d) and the Rules section 5–8(2).
As your risks, roles and processes evolve, ongoing personnel due diligence helps you to assess whether personnel:
- still have the skills, knowledge, expertise and integrity to comply with your AML/CTF obligations
- may need additional training to continue meeting their AML/CTF responsibilities.
We expect you to make sure the frequency and scope of reassessment is proportionate to the person’s role, including associated ML/TF risks and skill, knowledge and expertise requirements.
When conducting ongoing personnel due diligence, you may consider:
- requiring personnel to notify you of any changes to their circumstances relevant to their integrity or suitability. This may include criminal investigations or charges, significant changes in financial arrangements, conflicts of interest or secondary employment
- updating criminal history checks and adverse media screening for high-risk roles at regular intervals if there hasn’t been a trigger-based review
- asking employees to declare or self-attest at regular intervals if there hasn’t been a trigger-based review or self-disclosure
- requesting personnel report suspicious behaviour displayed by other personnel that may indicate they’ve been targeted for collusion or coercion by criminal groups.
To help maintain the effectiveness of your due diligence processes, we expect you to review and update your personnel due diligence policies and processes where appropriate.
You may also consider implementing performance targets and assessing whether personnel are effectively implementing AML/CTF policies. This could form part of your AML/CTF compliance reports from the compliance officer to your governing body.
Trigger-based reassessment
As well as periodic reviews, we expect you to make sure your AML/CTF policies outline when you’ll conduct personnel due diligence in response to certain triggers to ensure ongoing suitability and integrity.
A trigger could include changes in the person’s responsibility. This may be due to either:
- being promoted into a higher-risk compliance or oversight role
- a significant change in your ML/TF risk profile leading to a change in the risk profile of their role. For example, offering a new high-risk service.
A trigger could include a change in the person’s circumstances relevant to their integrity or suitability.
Due diligence of personnel for newly regulated entities
We expect you to conduct due diligence checks on current personnel to make sure you meet your due diligence obligations.
This may involve:
- considering what due diligence checks you’ve already conducted for current personnel
- identifying additional due diligence checks that may be required
- making sure you have sufficient records of their due diligence checks to demonstrate compliance
- updating or conducting new due diligence checks to meet your requirements.
Evidence of an AML/CTF compliance breach or incident involving personnel
We expect you to take appropriate action if you identify a person who doesn’t meet your integrity, knowledge, expertise and skills requirements. This will help make sure your business remains compliant and that you don’t increase your ML/TF risks.
Below are some potential actions you may take:
- Low-level integrity concern: you may monitor more frequently or reassign to a lower-risk role.
- Significant risk or integrity concern: you may consider removing them from their AML/CTF duties.
- Employee fails to comply with your AML/CTF policies: depending on the severity, you may consider mandatory training to address the concerns, formal warnings, disciplinary action or removing them from their AML/CTF duties.
- Insufficient skills to perform their role: make sure that they can obtain the skills to perform their AML/CTF duties. You may need to replace them with someone who has the required skills if they aren’t able to be sufficiently trained.
Record keeping
This section refers to the Act section 116.
You must keep records that are reasonably necessary to demonstrate compliance with your personnel due diligence obligations.
Depending on your personnel due diligence policies, this may include records of:
- qualifications or certifications (if any)
- results of knowledge or skills testing
- interview results
- reference checks
- integrity assessments, such as police checks, sanctions and adverse media screening results and bankruptcy checks
- reassessments, including the trigger for review and results.
We expect you to keep a documented audit trail of decisions and actions taken for each person subject to personnel due diligence.
Learn more about your record keeping requirements.
Related pages
This guidance sets out how we interpret the Act, along with associated Rules and regulations. Australian courts are ultimately responsible for interpreting these laws and determining if any provisions of these laws are contravened.
The examples and scenarios in this guidance are meant to help explain our interpretation of these laws. They’re not exhaustive or meant to cover every possible scenario.
This guidance provides general information and isn't a substitute for legal advice. This guidance avoids legal language wherever possible and it might include generalisations about the application of the law. Some provisions of the law referred to have exceptions or important qualifications. In most cases your particular circumstances must be taken into account when determining how the law applies to you.