Customer identification and due diligence overview
As a reporting entity, you must identify and know your customers.
Your customer identification procedures – Know your customer (KYC) procedures – must be documented in Part B of your AML/CTF program. All AML/CTF programs must include a Part B program.
To identify, mitigate and manage money laundering and terrorism financing (ML/TF) risk, you need ongoing customer due diligence processes. This includes developing and documenting an enhanced customer due diligence program and a transaction monitoring program in Part A of your AML/CTF program.
Holders of an Australian Financial Services Licence (AFSL) who arrange for their customers to receive a designated service, and do not provide any other designated services, do not have to have a Part A program.
Customer identification and ongoing customer due diligence processes will help you identify unusual transactions and behaviour, to identify and manage high-risk customers and report suspicious matters when appropriate.
Identifying and verifying customers: Part B of your AML/CTF program
Part B of your written AML/CTF program must document in detail the procedures you use to identify your customers and verify that their information is correct. After using these ‘applicable customer identification procedures’ you must be reasonably satisfied that:
- an individual customer is who they claim to be
- a customer who is not an individual (such as a company, association or trust) is a real entity and you know the details of its beneficial owners.
Applicable customer identification procedures
Applicable customer identification procedures (ACIP) include:
- collecting and verifying customer identification information through know your customer procedures
- identifying and verifying the beneficial owner(s) of a customer
- identifying whether a customer or beneficial owner of a customer is a politically exposed person (PEP)
- getting information on the purpose and intended nature of the business relationship.
Your ACIP must consider, among other things:
- the nature, size and complexity of your business
- the purpose of your business relationship with your customers
- the type of ML/TF risk you might reasonably face
- customer types (including beneficial owners and politically exposed persons)
- customers’ sources of funds and wealth
- control structures of non-individual customers
- types of designated services provided
- how you deliver these services
- the foreign jurisdictions you deal with.
If there is a higher risk associated with a customer, you will need to collect and verify more information to ensure you are reasonably satisfied that your customers are who they claim to be and that you are effectively managing your ML/TF risk.
Your systems and controls must:
- consider the ML/TF risks identified
- include procedures to collect and verify information relating to a customer's agent.
Your staff and, if applicable, your agents, must understand your ACIP and you must monitor and ensure compliance with these procedures.
In most cases, it is a requirement to carry out ACIP before providing a designated service, and the designated service must not be provided if a customer cannot first meet the ACIP requirements. Not carrying out your ACIP due to customers being unhappy or uncooperative puts your business and your community at greater risk and is a breach of your obligations.
Failure to correctly conduct ACIP on customers can significantly impact ongoing identification, mitigation and management of ML/TF risks and introduce risks across all aspects of AML/CTF compliance.
Ongoing customer due diligence procedures: Part A of your AML/CTF program
Part A of your AML/CTF program must include ongoing customer due diligence (OCDD) systems and controls to decide whether additional customer and beneficial owner information should be collected and verified on an ongoing basis.
OCDD includes ensuring the information you have about your customer is up to date, and processes for transaction monitoring and enhanced customer due diligence (ECDD). Enhanced customer due diligence procedures must be applied when there is a high risk of money laundering or terrorism financing.
Systems that carry out OCDD must be able to identify ML/TF risks, and be able to mitigate and manage those risks. For example, when unusual customer behaviour or other triggers are identified, you must conduct ECDD to investigate the risks further, and determine whether additional action is required to mitigate those risks.
Monitoring is not limited to identifying, mitigating or managing the risks posed by individual customers. Ongoing monitoring should also identify patterns of risk across customers and mitigate and manage that risk at a business level.
You must be proactive and monitor your customers throughout your entire relationship with them.
The content on this website is general and is not legal advice. Before you make a decision or take a particular action based on the content on this website, you should check its accuracy, completeness, currency and relevance for your purposes. You may wish to seek independent professional advice.