Go to top of page

Customer due diligence

Customer due diligence (CDD) is central to an effective anti-money laundering and counter-terrorism financing (AML/CTF) regime. Reporting entities need to identify and verify each of their customers so they can:

  • determine the money laundering and terrorism financing risk posed by each customer
  • decide whether to proceed with a business relationship or transaction
  • assess the level of future monitoring required.

CDD requirements under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) and the AML/CTF Rules include:

  • consideration of the broader risks associated with customers
  • collection of identification information in relation to customers
  • collection, where necessary, of identification information about who owns and controls customers
  • verification of information where necessary
  • ongoing customer due diligence and monitoring - including scrutiny of transactions.

New CDD requirements

New CDD requirements took effect from 1 June 2014 through amendments to seven chapters of the AML/CTF Rules:

  • Chapter 1 (containing key terms and concepts)
  • Chapter 4 (relating to customer identification)
  • Chapter 5 (relating to a special AML/CTF program)
  • Chapter 8 (relating to Part A of a standard AML/CTF program)
  • Chapter 9 (relating to Part A of a joint AML/CTF program)
  • Chapter 15 (relating to ongoing customer due diligence)
  • Chapter 30 (relating to disclosure certificates).

The updated AML/CTF Rules are part of a comprehensive legal framework designed to strengthen Australia's financial system against money laundering and terrorism financing. This framework helps to protect Australia, its people, economy and financial institutions from abuse by criminal activity.

The changes to the AML/CTF Rules draw on best practice international techniques and endorsed international standards which directly seek to protect:

  • Australia's revenue base through enhanced collection and verification of customer information
  • Australia's national security from organised criminals and money launderers misusing the complex business structures to conceal their ownership and controlling interest.

Privacy impact assessment

A privacy impact assessment (PIA) has been undertaken in relation to the new CDD requirements. The PIA was conducted in accordance with PIA Guidelines issued by the Office of the Australian Information Commissioner. The new Australian Privacy Principles, which commenced on 12 March 2014, formed the basis for analysis in the PIA.

A number of recommendations in the PIA resulted in changes to the final form of the AML/CTF Rules.

Access the PIA here.

Regulation impact statement

The Australian Government requires a regulation impact statement (RIS) to accompany every policy proposal designed to introduce or abolish regulation. The RIS and related documents for the additional CDD requirements can be found below.

On 9 April 2014 the Office of Best Practice Regulation (OBPR) assessed the RIS as:

  • consistent with the RIS process
  • containing an adequate quality of analysis against the Government's best practice regulation requirements.

The RIS was considered by the AUSTRAC CEO in the decision to make the AML/CTF Rules.

Proposed reform to strengthen Customer Due Diligence - Regulation Impact Statement (Word, 869KB)

Proposed reform to strengthen Customer Due Diligence - Regulation Impact Statement (PDF, 929KB)

Letter of submission accompanying RIS from AUSTRAC to OBPR dated 8 April 2014 (PDF, 590KB)

Letter of RIS assessment to AUSTRAC from OBPR dated 9 April 2014 (PDF, 168KB)

Further reading

Access the 2013 and 2014 industry consultation materials below:

Consultation on possible enhancements to the requirements for customer due diligence (PDF, 677KB)

Last modified: 28/04/2016 14:22