Close this search box.

Customer Identification – Know your customer (KYC)

If you provide a designated service as defined in Section 6 of the AML/CTF Act you must implement customer identification procedures for all your customers.

Part B of your AML/CTF program should be drafted to outline your ‘know your customer’ (“KYC”) procedures. The procedures you implement must be risk-based. This means you need to conduct a risk assessment on each of your customer types and consider the money laundering and terrorism financing (“ML/TF“) risk associated with them and implement KYC procedures accordingly.

What is Customer Identification?

You must check a customer’s identity by both:

  1. Collecting, and
  2. Verifying

information before providing any designated services to them. After checking a customer’s identity, you must be satisfied that:

For Individual Customers – they are who they claim to be

For non-Iindividual Customers – they are real entities that actually exist and you know the details of their beneficial owners

Minimum Requirements


The identity information you must collect and verify depends on the type of customer and the level of ML/TF risk posed by the customer.

  1. Collection:
  • For individual customers, their full name, residential address and date of birth.
  • For customers who aren’t individuals, you must collect information to reasonably ensure the existence of the customer.


For instance, the following information should be collected about an Australian company:

  • The complete name of the company as registered by ASIC.
  • The full address of the company’s registered office and principal place of business.
  • The ACN issued to the company.
  • Whether the company is registered by ASIC as a proprietary or public company.
  • If the company is registered as a proprietary company, the names of each director of the company.


  1. Verification:

The verification can be conducted using reliable and independent documentation or reliable and independent electronic data, or a combination of both.

(a) reliable and independent documentation (often referred to as document-based verification) includes:

  • original primary photographic identification documents such as:
    • a licence or permit issued under a law of a State or Territory;
    • a passport issued by the Commonwealth;
  • original primary non-photographic identification documents such as:
    • a birth certificate or birth extract issued by a State or Territory;
    • a citizenship certificate issued by the Commonwealth;
    • a concession card, as defined from time to time in the Social Security Act 1991.


The list provided above is just a snapshot of what the AML/CTF Act includes. Depending on the level of the ML/TF risk associated with the customer, the transaction, and your designated services, you may rely on other documents as appropriate.

(b) reliable and independent electronic data – this is often referred as electronic-based verification.

To determine whether electronic data is reliable and independent, the following factors should be considered:

  • the accuracy of the data;
  • how secure the data is;
  • how the data is kept up-to-date;
  • how comprehensive the data is (for example, by reference to the range of persons included in the data and the period over which the data has been collected);
  • whether the data has been verified from a reliable and independent source;
  • whether the data is maintained by a government body or pursuant to legislation; and
  • whether the electronic data can be additionally authenticated.

Safe Harbour Provisions for individuals

You can opt to use ‘safe harbour’ procedures to verify your individual customer’s identity and their ML/TF risk is assessed as medium or low. You must verify the customer’s full name, and either their date of birth or residential address.

(a) For document-based verification, you must use original or certified copies of primary or secondary documents. Specifically:

  • an original or certified copy of a primary photographic identification document; or
  • both:
    • an original or certified copy of a primary non-photographic identification document; and
    • an original or certified copy of a secondary identification document; and

(b) For electronic-based verification, you must use at least two separate data sources to verify customer information. This can include records from credit reporting agencies.

Simplified Procedures for Companies

The simplified company verification procedure applies when the company is one of the following:

  • a domestic listed public company;
  • a majority owned subsidiary of a domestic listed public company; or
  • licensed and subject to the regulatory oversight of a Commonwealth, State or Territory statutory regulator in relation to its activities as a company;


Verification can be confirmed by obtaining one or a combination of the following sources:

  • a search of the relevant domestic stock exchange
  • a public document issued by the relevant company
  • a search of the relevant ASIC database
  • a search of the licence or other records of the relevant regulator.

Simplified procedures for Trusts

There are simplified trust verification procedures which are available in some circumstances.


You must complete your applicable customer identification procedures before you provide any designated services to the customer. This applies to both one-off transactions and ongoing business relationships. However, there are some limited exceptions to this obligation.

The required timeframe for identifying the beneficial owner of a customer and whether the customer or beneficial owner is a politically exposed person is different. This verification process must be completed either before providing the designated service or as soon as practicable after the designated service has been provided.

Further Information

Please refer to AUSTRAC’s website for more customer identification and verification requirements.

Sophie Grace can provide you with an AML/CTF Program tailored to your business’ needs, which will help you navigate these obligations. Alternatively, you can purchase a template document from our online shop.

For additional information or assistance, please contact Sophie Grace directly.

Sophie Grace Compliance Portal

Sign up today for up-to-date compliance policies and regular consultation with our staff.

Contact Us

We will contact you as soon as possible!