KYC Requirements in Australia—Complete Guide (2024)

According to the Financial Action Task Force’s latest report, Australia has been actively developing a stricter Anti-Money Laundering regime. In particular, it “has taken steps to improve how risk-based supervision is undertaken in the financial sector”. This means that all regulated businesses must keep an eye on these changing regulations to ensure compliance. 

So, let’s get familiar with Australia’s AML laws and how to comply with them. To help with this, we at Sumsub have prepared this guide with all the necessary information on AML and KYC in Australia. 

What is KYC and why is it important?

Know Your Customer (KYC) is the process of obtaining information about a customer and verifying their identity. During the process, customers submit their personal data and documents. It’s on the businesses to ensure that submitted documents aren’t fake and that customers are who they say they are.

The importance of KYC is difficult to overstate. In Australia, regulated companies must implement KYC checks in order to comply with regulations. Yet, even unregulated companies can largely benefit from KYC, as this procedure minimizes the chances of financial crime and protects the company’s reputation from harm. 

Moreover, more and more industries are getting regulated. Sooner or later, your company may also have to comply with Anti-Money Laundering laws. To make this transition sooner, consider implementing a KYC solution ahead of time. 

Who are the regulators?

The Australian Transaction Reports and Analysis Center (AUSTRAC) is the primary government body responsible for overseeing AML compliance. The authority also functions as the country’s Financial Intelligence Union (FIU). Among other responsibilities outlined by the AML/CFT Act and FTR Act, AUSTRAC also receives, processes, and investigates various reports (e.g., suspicious activity reports) submitted by financial institutions.

Other regulators include the Australian Securities and Investment Commision (ASIC), which focuses on examining customer complaints and ensuring that companies operate fairly and ethically, and the Australian Prudential Regulation Authority (APRA), which ensures that companies are financially stable and trustworthy. 

AML & KYC regulations in Australia

The main regulation in the country is the Anti-Money Laundering Counter Terrorism Financing Act (AML/CTF Act), which was first passed in 2006 and amended over time. The Act outlines which entities are regulated (banks, financial institutions, crypto companies, casinos, etc.) and sets requirements for them—such as registering with AUSTRAC and creating an internal AML program.

To meet Australian regulatory requirements, companies need to properly conduct due diligence checks, which can be done with an efficient Know Your Customer (KYC) solution. Other necessary checks include monitoring of user behavior/transactions, reporting, and recordkeeping. 

While the AML/CTF Act is the main regulation in Australia, companies should also keep AUSTRAC guidelines in mind, along with other laws such as The Privacy Act (which ensures that sensitive data collected during the KYC stage is safeguarded). 

KYC process

For KYC, companies must identify and verify their customers, which involves them providing the following information:

• Full name
• Date of birth or residential address

The provided information must then be verified through two reliable sources. 

Customers may pose different risk levels. Therefore, companies must assess the risk posed by a given customer, dividing them into risk categories, and adjust their checks accordingly. To learn more about the differences between each risk category, check out our articles on Customer Due Diligence and Enhanced Due Diligence. 

KYB process

Upon commencing business relationship with another company, it’s necessary to collect the following:

• The full name of the company 
• The full address of the company’s registered office and principal place of business, if any
• The registration number issued to the company
• Whether the company is registered as a proprietary or public company
• If the company is registered as a proprietary company, the name of each director of the company

Additionally, the UBO of the legal entity should be identified and verified.

To learn more about the specific documents that must be collected from businesses, check out our guidelines here.

How to get compliant

To comply with AML regulations in Australia, companies need to follow the obligations set out by the AML/CFT Act. They include:

• Appointing a Money Laundering Reporting Officer (MLRO)
• Staff training
• Risk assessment of each customer depending on their likelihood of conducting illegal activities, such as money laundering and terrorism financing
• Conducting Customer Due Diligence (CDD), Simplified Due Diligence (SDD), and Enhanced Due Diligence (EDD) 
• Checking Source of Funds and Source of Wealth
• Recordkeeping for at least seven years from the end date of a business relationship or final transaction
• Reporting suspicious activity (called Suspicious Matter Reports)

Companies must submit a special report to AUSTRAC every time a customer conducts a transfer of physical currency exceeding A$10,000, within 10 days after the transaction took place. In cases when a company believes that a transaction is related to a criminal activity, the Suspicious Matter Reports must be submitted within 24 hours if the crime is linked to terrorism financing, and within 3 days if it’s related to money laundering. 

Penalties for non-compliance

AUSTRAC is in charge of enforcing penalties over failures to comply with regulations and/or purposeful illicit activity. The penalties may vary from fines to license revocation and even imprisonment. 

The maximum penalty for money laundering offenses for an individual might include life imprisonment or a financial penalty of A$6,260,000 (approximately $4.2 million). 

When it comes to violating the AML/CFT Act, the maximum penalty for an individual is A$6,260,000. Meanwhile, a corporation may face up to a A$31,3 million fine (approximately $21 million).

KYC solutions for Australia

Sumsub provides a variety of tools that can minimize criminal activity. These include, but aren’t limited to:

• Customer identification—providing customer personal data (name, date of birth, address)
• Liveness—checking that the customer is a real and living person. This can be done through facial biometrics authentication.
• Verification—determining the authenticity of the customer’s claims and documents. This step may include AML screening to check whether the customer is listed in adverse media, sanctions lists, PEP lists, etc.
• Address verification—verifying that the customer actually resides in their selected country by checking utility bills, bank statements, or other proof of address documents. This includes checking whether the customer comes from high-risk countries (such as Iran and North Korea) or countries under increased monitoring.
• Risk scoring—determining the risk category of the customer based on the results of the above checks. Depending on the calculated risk level, businesses adjust their approach to the customer’s verification. Accordingly, a higher risk score will necessitate additional checks.

FAQ

• What are the KYC requirements in Australia?

  A new user must provide their personal information, including:

  • Full name

  • Date of birth or residential address

• What is eKYC in Australia?

  Automated KYC solutions, or eKYC, can process documents by extracting their data, checking security features, and comparing them against templates. Algorithms draw together the results of these checks and indicate whether the identity document is authentic.

• What are the rules for KYC compliance?

  The main regulation in the country is called the Anti-Money Laundering Counter Terrorism Financing Act (AML/CTF Act). The Act outlines the list of affected entities, which includes various types of companies working with finances (banks, financial institutions, crypto companies, casinos, etc.) and sets requirements for them. This includes registering with d AUSTRAC and creating an internal AML program.