KYC.IO

Global Regulations and Requirements for KYC Onboarding
(powered by KYC-Chain)

KYC to onboard domestic persons

nameresidential addressdate of birth

KYC to onboard international persons

namedate of birthresidential address

corporate requirements

registered nameregistered addressprincipal place of businessAustralian Company Number

National ID card name

no national identity card

Does the country have Esignature Laws?

Electronic Transactions Act 1999

E-sig law files

C2011C00445

What year did the relevant AML laws and regulations become effective?

2006

Further details on AML regime

2006 (with staggered implementation from 13 Dec 2006 to 12 Dec 2008, thus phasing in the new legislation and replacing the old). A second tranche to include accountants, lawyers, real estate and others has been delayed.

Who is the regulator for AML controls for Banking

The Australian Transaction Reports and Analysis Centre (“AUSTRAC”) regulates AML across all industry sectors

Link to site

http://www.austrac.gov.au/

Other financial Services

N/A

Website of Regulator

N/A

Financial Sector regulator

N/A

Practical Guidance for AML

Guidance on AML requirements has been provided by AUSTRAC:

Practical guidance PDF's

www.austrac.gov.au

Is there a requirement to verify the identity of customers retroactively?

Retroactive details

No, although there are certain 'trigger events' that require a reporting entity to verify the identity of existing customers. An example of such a trigger event is the customer accessing a new product or service.

Has the country been the subject of FATF mutal evaluation in the last 3 years?

Yes

PDF of FATF review

mer-australia-2015.html

Are there minimum transaction thresholds (Y/N)

More details on minimum transaction thresholds.

No, however a certain number of exemptions have been provided for transaction thresholds in industries including bullion, low value superannuation, gaming service providers and currency exchange at accommodation facilities

What are the requirements for customer identification information for individuals

The reporting entity must obtain the customer’s name, residential address and date of birth. The customer’s full name and either their date of birth or their residential address must be verified based on reliable and independent documentation and/or electronic data.

Details to be Collected on Corporates

The reporting entity must collect from the customer the following information: a) the company's full registered name; b) registered address; c) principal place of business address; and d) Australian Company Number (“ACN") or Australian Registered Business Number (“ARBN”).

What are the high level requirements around beneficial ownership (identification and verification)?

Under the new AML/CTF Rules commenced in June 2014: A reporting entity must collect and verify the full name and either the date of birth or address of all beneficial owners on all entity types. The reporting entity is not required to identify beneficial owners if the customer is a company which is verified under the simplified company verification procedure under paragraph 4.3.8 of the AML/CTF Rules 2007, or a trust which is verified under the simplified trustee verification procedure under paragraph 4.4.8 of the AML/CTF Rules 2007. The beneficial owner is defined as an individual who ultimately owns (25% or more) or controls (directly or indirectly) the customer

What circumstances are enhanced customer due diligence measures required?

Enhanced due diligence procedures are required to be implemented by reporting entities in accordance with the risk based approach and procedures that they adopt. Risk triggers specified in the rules as requiring enhanced customer due diligence are where the provision of a designated service is high risk or when a suspicion has arisen. Also to be considered are prescribed foreign countries in relation to prohibition or regulation of transactions with them. Under the new AML/CTF Rules commenced in June 2014, a foreign PEP or the customer that has a foreign PEP as the beneficial owner must be subject to enhanced customer due diligence.

How should FI's deal with Politically exposed persons

Reporting entities are required to consider the risk posed by PEPs in accordance with the risk based approach and procedures that have been adopted by the reporting entity. As A13, under the new AML/CTF Rules commenced in June 2014, a foreign PEP or the customer that has a foreign PEP as the beneficial owner must be subject to enhanced customer due diligence

What enhanced due diligence must be performed for correspondent banking relationships?

Due diligence assessments must be carried out on the financial institution with which they wish to enter a correspondent banking relationship, prior to the commencement of the relationship and at regular intervals thereafte

Are relationships with banks who might be considered a 'shell' and without substance permitted?

Yes

In what circumstances is additional due diligence required for non face-to-face transactions and/or relationships?

Reporting entities are required to consider the additional risk posed by non face-to-face business, in accordance with the risk based approach and procedures they have adopted. There are currently no specific rules or guidance relating to non face-to-face business.

To whom are SAR's made? (suspicious activity reports)

Suspicious Matter Reports (“SMRs”) are made to AUSTRAC, who act as Regulator and FIU

Link to website of SAR reporting

http://www.austrac.gov.au/

Other Suspicious or unusual transactions obligations.

All Threshold Transactions (“TTRs”) over AUD10,000 (approx. USD7,030) in cash and all International Funds Transfer Instructions (“IFTIs”) are required to be reported to AUSTRAC. In addition, Cross Border Currency movements (“CBMs”) must be reported to AUSTRAC, the Australian Customs Service, or the Police if over AUD10,000 (approx. USD7,030).

Are there any de-minimis thresholds below which transactions do not need to be reported?

No minimum threshold for SMRs, or IFTIs, but AUD10,000 (approx. USD7,030) for Cash Transactions.

Are there any penalties for non compliance with reporting requirements e.g. tipping off?

Yes, prohibited under criminal law and the AML/CTF Act 2006.

Are there any requirements (legal or regulatory) to use automated Suspicious Transaction monitoring technology?

No requirement to have automated monitoring, but the AML/CTF Rules require each reporting entity to have a suspicious activity monitoring program.

Is there a requirement to obtain authority to proceed with a current/ongoing transaction that is identified as suspicious?

Does the local legislation allow transactions to be monitored outside the jurisdiction?

Yes, provided the requirements of the Privacy legislation and protocols are complied with. Rules silent on how to monitor and where – AUSTRAC focuses on appropriateness of arrangements.

Is there a legal requirement for a bank’s external auditor/other external organisation to report on the bank’s AML systems and controls?

There is no requirement for a bank’s external auditor/other external organisation to report on the bank’s AML systems and controls. However, there is a requirement for the reporting entity to have an independent review performed on Part A of their Program on a regular basis. This independent review can be performed by either an internal or external party (Standard AML/CTF programs are divided into Parts A and B)

If an external report on the bank’s AML systems and controls is required: a) how frequently must the report be provided?

As above, an independent review of the Program is required on a ‘regular’ basis. In practice this is conducted based on the bank’s risk-based approach, with many banks choosing to conduct the independent review on an annual basis. The report must be provided to the governing board and senior management. The regulator also requests a copy during their reviews. This does not constitute part of the financial statement audit.

To whom should the report on AML systems be submitted?

N/A

Is an AML system part of the financial statement audit?

N/A

What are the requirements for the content of this external report on a bank’s AML systems and controls? Does it require: a) sample testing of KYC files? b) sample testing of SAR reports? c) examination of risk assessments?

assess the effectiveness of the Part A program having regard to the ML/TF risk of the reporting entity

Data Protection Laws And Personal Data

yes

Data Protection for Corporate Data

Data protection for "sensitive Data" and additional protections.

yes. Sensitive data is information or an opinion about an individual’s racial or ethnic origin, political opinions, membership or a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record or health information. It is subject to a higher level of privacy protection as it may only be collected with consent, cannot be used or disclosed for a secondary purpose and cannot be shared in the same way that personal information can be shared.

Do any restrictions on the transfer of credit reports exist?

Regulator Acronym

AUSTRAC

Year of last FATF mutual evaluation

2015

National ID card details

No identification card

National ID source

N/A

Passport Photo

practical Guidance yes / no

Is there a risk based approach

Legal Requirement

Regulator allows for monitoring transactions outside jurisdiction

Requirement to proceed

requirement to use automated suspicious transaction tools

Who are SARS made to?

SMRs

shell banks

Yes

EDD for correspondent banking

Yes

Personal Data protection

key restrictions

The law does not apply to documents related to migration and citizenship. In addition, some regions have laws that provide that the law does not apply to wills, powers of attorney and some real estate transactions. However, there is no exception to the law that applies to standard business agreements.

Summary

Part 10 states that one can meet legal requirement for a handwritten signature by using an electronic signature or communication. Summary of law Australia's electronic signature law is considered a permissive or minimalist law. This means that it allows nearly all documents to be signed using simple electronic signatures. It is very similar to the U.S law, with minimal requirements and clear enforceability. One only needs to have a means to reasonably identify the person signing and show evidence of their agreement. Of course, one should always get the consent of the signing party to do business electronically and follow standard record retention processes.

Are e-signatures acceptable

If the AML laws and/or regulations became effective in the last 2 years, what were the requirements of the previous AML regime?

There is no new legislation; however new AML/CTF Rules commenced in June 2014 primarily focused on customer due diligence. The old legislation (Financial Transaction Reports Act 1988) is still in force but applies to a limited number of entities

Non financial sector (e.g. casinos, high value goods etc.)

N/A

Does the country have a risk based approach?

Yes. This is the central theme of the AML regime

Where copies of identification documentation are provided, what are the requirements around independent verification or authentication?

Identification documents must be certified as a true copy by one of a number of categories of qualified individuals including legal practitioners, Justices of the Peace and Police Officers. A list of authorised persons can be found in chapter 1 of the AML/CTF Rules.

Is there case law, other constitutional law or any other laws or regulations that may impact upon the transfer of information to this jurisdiction?

No.

List of case law, constitutional law or any other laws or regulations that may impact upon the transfer of information.

No, Australia is not subject to the above