Requirements for reliance on a case-by-case basis

New AML/CTF reforms guidance has now been released. Until the laws change on 31 March 2026, we’ll maintain our guidance on existing obligations on these pages. 

To understand your obligations from 31 March onwards, please refer to our reforms guidance.

A PDF quick guide is also available for this topic

This page contains detailed information about reliance on a case-by-case basis. For a simplified summary, download the Quick guide - Reliance on a case-by-case basis (PDF, 155KB)

You can rely on applicable customer identification procedures (ACIP) or other customer identification procedure carried out by another reporting entity or foreign entity on a case-by-case basis, provided that the third party is either:

  • a reporting entity for the purposes of the AML/CTF Act that is based in Australia, and has measures in place to comply with the customer due diligence and record keeping requirements
  • a foreign entity regulated by one or more laws of a foreign country that give effect to the FATF recommendations relating to customer due diligence and record keeping and has measures in place to comply with obligations under those laws.

Specific case-by-case reliance scenarios

Reliance on customer identification and verification procedures carried out by licensed financial advisers can continue under the amended s 38. Reliance on the adviser must continue to be appropriate having regard to the ML/TF risk you face in providing the designated service to a particular customer.

The new provisions

The new provisions do not apply to historic instances of reliance on licensed financial advisers which occurred before 17 June 2021. Such reliance continues to be regulated by the repealed s 114 and Chapter 20 of the AML/CTF Rules. Reliance on any licensed financial adviser on or after 17 June 2021 is subject to the amended requirement with respect to obtaining or accessing records of identification procedures.

Reliance on other domestic and offshore members of a reporting entity’s global corporate or designated business group can take place without the need to enter into a customer due diligence (CDD) arrangement. 

Case-by-case reliance in detail 

What are the requirements for reliance on a case-by-case basis? 

You can rely on the ACIP or other procedures carried out by a third party if you have reasonable grounds to believe that it is appropriate, having regard to:

  • the type and level of ML/TF, or other serious crime risks that you may reasonably be expected to face in the provision of designated services
  • the nature, size and complexity of the other person’s business, including its products, services, delivery, channels, and customer types
  • the level of money laundering, financing of terrorism or other serious crime risks in the country or countries in which the other person operates or resides.

Using the risk-based approach 

A relied-on third party may, for example, have completed standard ACIP because the relevant customer and requested designated service was considered low to medium ML/TF risk.

The reporting entity wishing to rely on the ACIP of the third party may be providing a designated service that poses a higher ML/TF risk, and requires additional customer due diligence.

Accordingly, it is important that you apply a risk-based approach to determine whether the ACIP or other customer identification procedure is sufficient having regards to ML/TF risks concerning the customer type or designated service.

Example: Reliance on a financial advisor (Item 54)

Waterland Financial Advisory Services (Waterland) is approached by a new customer, William Lee who has requested advice to invest a recently obtained $50,000 inheritance. William expresses an interest in investing the entire amount into a high performing managed fund.  Based on this request, Waterland requires William to fill out a customer information form which includes the KYC information required to be collected under Waterland Special AML/CTF Program.  Waterland verifies William’s KYC information and following review of William’s, circumstances recommends that the funds be invested into the Dover House Managed Investment Fund.

Waterland has an agreement with Dover House and invests many of its customers into their products.  Waterland assists William in completing Dover House’s application for the investment by completing the application form on his behalf.  Waterland then passes on the completed application form, including the completed KYC documents to Dover House. 

Dover are comfortable and satisfied with the completed ACIP and documents submitted by Waterland, noting that William falls within the low-risk customer profile in Dover’s AML/CTF Program, the amount to be invested by William is within the ordinarily expected range for such investments, there are no other higher-risk indicators and therefore that no additional due diligence or information is required in respect of this customer. 

Retain a written record 

It is your responsibility to make a written record that outlines how the requirements for reliance with a third party were satisfied.

What is meant by the phrase ‘an agreement in place for the management of relevant documents and electronic data relating to identification and verification’? 

This agreement can be between you and the relied-on third party, to immediately make available the relevant documents and electronic data covering the identification and verification of a customer.

Reliance between members of a corporate group or designated business group 

If you and the third party you are relying on to carry out the ACIP are members of the same corporate group or designated business group, you are considered to have met the case-by-case reliance requirements if:

  • you have a joint AML/CTF program or other group-wide measures relating to customer due diligence and record keeping which implements risk-based systems and controls consistent with the requirements of the relevant FATF recommendations, and
  • any higher ML/TF risks in a country that the third person operates in are adequately identified, mitigated and managed by their AML/CTF systems and controls and are adequately supervised or monitored at the group level.

Related legislation

This guidance sets out how we interpret the Act, along with associated Rules and regulations. Australian courts are ultimately responsible for interpreting these laws and determining if any provisions of these laws are contravened. 

The examples and scenarios in this guidance are meant to help explain our interpretation of these laws. They’re not exhaustive or meant to cover every possible scenario.

This guidance provides general information and isn't a substitute for legal advice. This guidance avoids legal language wherever possible and it might include generalisations about the application of the law. Some provisions of the law referred to have exceptions or important qualifications. In most cases your particular circumstances must be taken into account when determining how the law applies to you.

Last updated: 16 Oct 2025
Page ID: 683

Was this page helpful?

Please note that feedback you provide here will be used only for the purpose of improving our website. If you have a specific question about your AML/CTF obligations, please contact us.