News Index
17.05.2007
More on the 'Know Your Customer' (KYC) requirements of the new Anti-money Laundering (AML) legislation
Thank you for your fabulous response – we have been inundated with calls in response to our last email on the new anti-money laundering (AML) legislation.
It was a real pleasure to discuss AML with so many of you. Most people I spoke with wanted more information on the new Know Your Customer (KYC) requirements and the new KYC Reports we will be launching in late April or early May.
Know Your Customer (KYC) Reporting
For those covered by the first tranche, the AML/CTF Act requires KYC procedures to be in place by December 2007. However, if you are going to be affected by the second tranche we encourage you to begin the process as soon as possible. You will eventually need to carry out due diligence on your current customers and, as a number of our clients have suggested, implementing an effective AML program is not easy – SO WHY NOT START NOW AND BE AHEAD OF THE GAME!!!
We are committed to providing the best possible KYC solution. Our solution will ensure KYC compliance because it will more than meet the minimum KYC requirements set out in the Rules that accompany the AML/CTF Act. We have almost finalized our KYC product range and will be launching them in late April or early May.
We will provide a new AML menu item on our portal with a number of different specialized KYC reports that will:
- Make ordering KYC information quick and easy
- Assure compliance in a risk based framework
- Ensure record keeping is accurate
What is required to Know Your Customer?
What follows is a concise summary of the KYC requirements as set out in the Rules that accompany the AML/CTF Act. For those interested, the Rules can be found at the AUSTRAC web site (http://www.austrac.gov.au).
There are basically two major requirements to Know Your Customer:
- Collect your customer information
- Verify these details with reliable and independent data sources
You will have to collect and verify KYC details for all your customers, including both organisations and individuals.
For organisations, details on the organisation have to be collected and these details have to be verified with documents from the appropriate registration bodies. The information that has to be collected for each type of organisation (e.g. business partnership, private/public company, public/private foreign company, trust, association etc) can include the beneficial owner, registered office, principal place of business, name of each director etc (for a complete list of the details required for each organisation type see the Rules accompanying the AML/CTF Act).
The organisation details can be verified with the appropriate documents from various government bodies (e.g. ASIC, the various state Offices of Fair Trading, Department of Taxation etc).
Needless to say, the KYC solution we offer will enable electronic verification of organisation details from the appropriate bodies in keeping with the requirements outlined by the Rules.
For individuals, the minimum information that needs to be collected includes:
- name
- date of birth
- address
For verification, the customer’s name and either the residential address or date of birth have to be verified by means of:
- original or certified primary photographic identification or
- both primary non-photographic identification and an original or certified secondary identification document
It appears that the KYC verification procedures for individuals can be less rigorous than the hundred point check currently used by many organisations. For those organisations that can perform face-to-face over-the-counter verification of the appropriate documents, it appears that KYC checks for individuals should not be too difficult.
There is also recourse in the new legislation for electronic verification. Electronic verification of individuals requires verifying the name and address using two separate data sources and either the customer’s date of birth with an independent data source or verifying the customer’s transaction history for at least 3 years. Given the lack of reliable data sources on individuals in this country (unlike the UK and USA) electronic verification of individuals appears to be problematic. We wait with baited breath the Attorney General’s Department suggestion that there soon may be easier access to government operated databases such as births, deaths, and marriages etc.
It should be stressed that the Rules outline the minimum KYC requirements for low to medium risk customers. Reporting entities need to have an AML program in place that assesses the risk posed by customers, and for customers considered high risk more information will need to be verified and the appropriate due diligence checks will have to be performed.
The key to a risk based Act is that the onus is squarely on you to assess the risk and take the adequate steps.
To meet the requirements of the risk based approach we will offer a range of products so as more information can be verified for higher risk customers.