An entrepreneur's guide to complying with the Privacy Act Australia 2023 that provides compliance examples provided by the government of Australia.
Complying with AML and KYC Regulations in Australia
Fighting financial fraud in today’s digital age is a global concern. In Australia, irrespective of the industry, all businesses must comply with Know Your Customer (KYC) and Anti Money Laundering (AML) regulations.
At its core, KYC refers to verifying their customer’s details to ensure that they are who they claim to be and ensuring that they are not listed on any sanctions lists before providing any services. KYC and AML policies in Australia are regulated by the Australian Transaction Reports and Analysis Centre (AUSTRAC).
Compliance isn’t a suggestion – the penalty for failing to do so can cost a business as much as $1.3 billion as levied against Australian bank, Westpac in 2020.
Let’s dive into the steps businesses in Australia must take to comply with these regulations.
Australia Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Act
The AML/CTF Act in Australia was passed in 2006. It has since been enhanced several times to regulate business activities in the financial services, digital currency exchange, bullion and gambling sectors.
These activities are known as designated services and are known to have a high risk of money laundering, terror financing and other criminal activities. Any business that provides such designated services is known as a reporting entity and must fulfill the following requirements:
- The business must be registered and enrolled with AUSTRAC
- The business must have an internal AML/CTF program
- The business must conduct customer due diligence including identity verification
- The business must conduct ongoing due diligence
- Any and all suspicious activity/transactions must be reported
- The business must maintain records of all transactions and related activities
These businesses need to design customer identification procedures based on:
- The nature, complexity and size of a business
- The purpose of having business relationships with customers
- The type of designated services offered
- How the services are offered
- The type of ML/TF risk faced by the business
- The type of customers
- The customer’s sources of wealth
- The control structure of the business’s non-individual customers
- The foreign jurisdictions the company does business with
Establishing KYC Compliance Processes
KYC procedures have different goals for individual customers and entities such as companies, associations, trusts, etc. However, the reference source used for customer identification procedures must meet the same standards. They must be:
- Able to be additionally authenticated
- Maintained by a government body under legislation
KYC and AML for Individuals
Complying with KYC norms for individuals involves collecting and verifying personal details such as the individual’s full name, residential address and date of birth. These details can be verified through documents or an electronic verification tool. The documents that can be used to verify customer identities include:
- Original primary photographic identification documents:
- Australian/ foreign passport
- Driver’s license
- Government-issued ID card
- National ID cards issued by the UN or foreign government
- Original primary non-photographic identification documents:
- Birth certificate
- Health card
- Citizenship certificate
- Pensioner concession card
- Original secondary identification documents:
- Utility bill within the last 90 days
- Student ID card
- Tax notice
Businesses that offer regulated services involving financial transactions must also take steps to assess the customer’s risk profile. A customer’s risk profile will depend on many factors including the industry he/she operates in, the average transaction value, nationality, subjectivity to sanctions, political exposure, history of financial crime and so on.
KYC and AML for Entities
When it comes to entities, AUSTRAC requires businesses to have enough information to be reasonably satisfied that the company/ trust/ association actually exists and must know details of the entity’s beneficial owners. KYC compliance includes the collection and verification of:
- Company name as registered with the Australian Securities and Investments Commission (ASIC)
- Complete street address of the company’s registered office
- Complete street address of the company’s main business location
- Names of anyone who holds more than a 25% stake in the company
- Political exposure of all Directors and beneficial owners
In addition, there are certain other details that need to be verified based on the type of company
- In the case of Domestic companies:
- Australian Company Number (ACN)
- Whether or not the company is registered as a public company or proprietary by the Australian Securities and Investments Commission (ASIC)
- Names of all the Directors in the case of a proprietary company
- In the case of foreign companies:
- Australian Registered Body Number (ARBN)
- Details of the country where the company was registered
- Type of company
- Names of Directors if applicable
- In the case of partnerships:
- Names and full residential addresses of each partner
- The country where the partnership was established
- In the case of trustees
- Full name of the trust and trustee
- The settlor of the trust
- Complete address of all trustees
- Type of trust
- Country where the trust was established
- Beneficiary names and details
Consequences of non-compliance
Businesses that do not comply with AUSTRAC KYC/AML regulations risk facing enforcement actions and having to pay penalties. For example, in May 2023, Crown Melbourne Ltd and Burswood Nominees Ltd were ordered to pay $450 million for breaching the AML/CTF Act. In addition to the financial penalty, businesses may need to offer an enforceable undertaking setting out specific actions to be taken/ not taken in the future to comply with the Act.
The impact of such penalties is not limited to the company’s finances. Brand reputation also suffers and businesses could lose their customer’s trust.
Summing it up
Given the serious consequences of non-compliance, businesses in all sectors need to make a determined effort to verify customer identities before providing them with any services. That said, inconveniencing the customer in any way can cost businesses the customer’s loyalty. This brings about the need for automated identity and address verification tools. These tools can deliver real-time results by comparing customer data with reliable third-party databases and scanning them against global watchlists, PEP databases, sanctions lists and more. Leverage these tools and build your KYC process today.