Maintaining and implementing robust Customer Due Diligence (CDD) procedures is essential in operating a financial services business in Australia. AUSTRAC is responsible for overseeing all financial service providers who are considered reporting entities under the Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Act and this includes ensuring all entities have in place procedures to identify and verify their customers.
Identification and verification of your customers is essential in order to:
- determine the money laundering and terrorism financing risks posed by each customer;
- determine whether to proceed to onboard the customer; and
- assess the level of future monitoring which may be required.
CDD requirements are included in the AML/CTF Act and the AML/CTF Rules. A variety of information needs to be collected from the customer, depending on the customer type. Reporting entities must collect information from the following types of customers:
- sole traders;
- associations (incorporated and unincorporated);
- registered cooperatives;
- government bodies;
- agents acting on behalf of a customer; and
- beneficial owners.
Reporting entities are also required to verify the information collected. This process is intended to ensure the information provided is confirmed by the reporting entity as being accurate. The AML/CTF contains safe harbor provisions which include verifying the information collected against certified copies of a primary photographic, non photographic or secondary document. Reporting entities do not necessarily need to meet the safe harbor requirements for verification. The AML/CTF Act operates under a risk based model and allows reporting entities to undertake a risk assessment and implement the relevant controls regarding verification as are required by their risk assessment. However putting all your clients through your processes as ‘low risk’ is not sufficient – you need to document what indicators would make a client ‘medium risk’ or ‘high risk’ and what documents you would need to collect to satisfy your obligations to be sure about the identity of your client.
The CDD requirements must also be included in Part B of a reporting entity’s AML/CTF Program. Reporting entities should ensure their CDD procedures comply with the AML/CTF Rules and that the AML/CTF Program accurately reflects the procedures implemented on a daily basis. You should also not forget that the AML/CTF Act requires you to conduct Ongoing Customer Due Diligence (OCDD) – that is, regular monitoring of customers and documenting what triggers you have to require further or updated identification from your clients.
Sophie Grace can assist you in relation to your AML/CTF Program, including providing a program tailored to your business or reviewing your current program to ensure it complies with the AML/CTF Rules.