Documenting your procedures

Your AML/CTF program must set out how you meet your obligations around beneficial owners. This includes documenting:

• how you determine who your customers’ beneficial owner(s) are
• the information you collect about each beneficial owner
• the information you verify about each beneficial owner and what reasonable measures you will implement to do so 
• the reliable and independent documentation or electronic data you use to verify the identity documents of the beneficial owners
• how you update beneficial ownership information for a customer and manage changing risks over the duration of your business relationship
• if, and when, you allow the use of ‘disclosure certificates’ as a last resort (see more about disclosure certificates below)
• if, and when, you identify an ‘alternative individual’ when you can’t identify a beneficial owner (see more about ‘alternative individuals’ below).

The procedures must be specific to your business or organisation and its level of money laundering/terrorism financing risk.

Your employees must follow the procedures set out in your AML/CTF program for determining, identifying and collecting beneficial owner information.

Determining who your customers’ beneficial owners are

Doing business with an individual has different money laundering/terrorism financing risks compared to doing business with a non-individual customer (such as a company, trust or association). It can be hard to determine the beneficial owner of a non-individual customer.

Customers who are not individuals can have complex ownership structures. To determine who the beneficial owner is, you need to know and understand your customer’s business or organisational structure – how it is owned and controlled. There may be several links in the chain of owners.

Usually you can ask the customer for the information you need. However, sometimes you may need to do your own research, especially if the customer has a complex structure. Documents that can help you with your research include:

• a certificate of incorporation of a company from ASIC (Australian Securities and Investment Commission) and/or an annual statement including the amendments submitted to ASIC
• a trust deed
• a partnership agreement
• the constitution and/or certificate of incorporation for an incorporated association
• the constitution of a registered cooperative.

You must identify the beneficial owner or owners before you provide the designated service to the customer, or as soon as possible afterwards.

Assessing beneficial owner’s money laundering/terrorism financing risk

You must assess the different levels of money laundering/terrorism financing risks posed by your customers’ beneficial owners.

For example, you should consider whether a beneficial owner:

• is a politically exposed person
• has links with a high-risk country, region or group.

There are different processes for verifying information for medium and low-risk beneficial owners compared to high-risk beneficial owners.

The beneficial owner of a customer may change over time. You must regularly review beneficial owner information and update your risk assessment of any new beneficial owner and the customer.

Beneficial owner information you must collect and verify

Once you have identified a customer’s beneficial owner or owners, you must collect both:

• the full name of each individual beneficial owner
• their date of birth or full residential address.

You must then take reasonable measures to verify that this information is correct using reliable and independent documents or electronic data. ‘Reasonable’ means what is practical, necessary and appropriate in line with your identified money laundering and terrorism financing risk.

Verifying beneficial owner information for medium and low-risk customers (safe harbour procedures)

If you have assessed your customer as being a medium or low risk for money laundering or terrorism financing, you can verify their beneficial owners’ identity using what are known as ‘safe harbour’ procedures.

You can use either reliable and independent documents or electronic data to verify the identity of your medium or low-risk customer.

Note that these procedures on their own are not enough to verify the identity of high-risk customers.

Verifying beneficial owner information for high-risk customers

You must apply Enhanced Customer Due Diligence measures for high-risk customers. These measures include how you verify beneficial owner information for those customers.

Using disclosure certificates to verify beneficial owner identity

If you have not been able to verify the identity of a beneficial owner through reliable and independent documents or electronic data, you can use a disclosure certificate as a last resort.

A disclosure certificate contains details of the customer’s beneficial owner. It is certified as being true, accurate and complete by an ‘appropriate person’ from within the customer’s organisation.

AUSTRAC expects to see evidence that you have made reasonable attempts to identify an actual beneficial owner before we will accept disclosure certificates.

Chapter 30 of the AML/CTF Rules (latest version) sets out the information required in a disclosure certificate.

Alternative individuals: if you can’t identify beneficial owners

You may not always be able to identify the beneficial owner or owners of your customer. For example, there might not be a single individual who owns 25% or more of the customer or there might not be a single individual in control. In these cases you must take reasonable steps to identify and verify an alternative individual. ‘Reasonable’ means what is practical, necessary and appropriate in line with your identified money laundering/terrorism financing risk.

Alternative individual for a company or a partnership

If your customer is a company or a partnership, the best reasonable alternative individual is someone who can exercise 25% or more of the company or partnership’s voting rights, including the power of veto. Their voting rights may be direct, or they may be indirect in that they have significant influence over voting rights.

If you can’t identify an alternative individual who fits this criteria, a reasonable alternative is an executive or senior managing official.

Alternative individual for a trust

If your customer is the trustee or trustees of a trust, a reasonable alternative individual is any person who can appoint or remove the trustees. The person in this role is usually called the ‘appointor’, but may also be called the 'custodian' or 'principal' and should be noted in the trust deed.

Alternative individual for an association or a registered cooperative

If your customer is an association or a registered cooperative, three reasonable alternatives to beneficial owners are listed in priority order below.

1. An individual who can exercise 25% or more of the voting rights, including a power of veto.
2. An individual who would be entitled to 25% or more of the property of the association or registered cooperative if it were dissolved.
3. Any individual who holds the position of senior managing official.

Record-keeping obligations

You must keep records of how you identified your customers’ beneficial owners, and how you verified their information. Your records must show that you have traced each link in a customer’s chain of ownership until you have identified the individuals who meet the definition of beneficial owners.

Get more information about record-keeping.

Discrepancies in beneficial owner information

You must have risk-based systems and controls in place to deal with any discrepancies you notice when verifying beneficial owner information, such as if a name on someone’s passport doesn’t match the name they gave you. If you notice inconsistencies, you should collect more information from your customer.

Exceptions – when you don’t need to identify beneficial owners

You don’t need to identify beneficial owners for a customer that is:

• a company that has been verified under the simplified company verification procedure – see more about this and customer identification procedures
• a trust which has been verified under the simplified trustee verification procedure – see more about this and customer identification procedures
• an Australian Government body
• a foreign-listed public company, or a majority-owned subsidiary of one, that comes under beneficial ownership disclosure requirements in its own country if they are comparable to Australia’s.

If your customer doesn’t fall into any of these categories, you must identify its beneficial owner or owners.

Example 1a: A clear beneficial owner

Ash Pty Ltd wants to open an account with Birch Bank. Because Birch Bank is a reporting entity who would be providing a designated service to Ash Pty Ltd, it must now identify Ash’s beneficial owner(s).

Ash Pty Ltd provides certified copies of its most recent ASIC annual statement, including amendments, which shows Ash’s holding company, office holders, company share structure and members with Mr Green owning 60%, CEO Ms Plum owning 20% and Ms Silver owning 20%.

Based on this information, Birch Bank identifies Mr Green as a beneficial owner because he owns more than 25% of the issued share capital in Ash Pty Ltd.

Example 1b: Ownership not concentrated with one individual

Ash Pty Ltd wants to open an account with Birch Bank. Because Birch Bank is a reporting entity who would be providing a designated service to Ash Pty Ltd, it must now identify Ash’s beneficial owner(s).

Ash Pty Ltd provides certified copies of its most recent ASIC annual statement, including amendments, which shows Ash’s holding company, office holders, company share structure and members, with CEO Ms Plum owning 20% and another four shareholders each owning 20%.

Because Ash’s ownership is not concentrated with one individual holding more than 25% of its share capital, and no other individual owning or controlling 25% of its shares through voting rights or other means, then Birch Bank would identify Ms Plum as the beneficial owner. This is because as CEO she controls the company by making daily decisions about its financial and operating policies.

In some cases, it may be appropriate to identify beneficial owners considering both ownership and control, for example with higher risk customers, or if there are concerns about ownership information.

What Birch Bank must do

Birch Bank must verify the identity of both the company and the beneficial owner.

• Ash Pty Ltd in line with the customer identification procedures for a company.
• Beneficial owner Mr Green in example 1a and beneficial owner Ms Plum in example 1b in line with the customer identification procedures for individuals.

Example 2: Identifying the beneficial owner of a corporate trustee of a trust

Maple Pty Ltd is the corporate trustee of the Grey Family Trust, and Maple wants to open an account with Birch Bank. This is a designated service so Birch Bank must undertake various checks, including identifying Maple Pty Ltd’s beneficial owners.

Maple Pty Ltd provides Birch Bank with certified copies of its most recent ASIC annual statement, including amendments. These documents show that Brian Grey and Margaret Grey are the directors and two equal shareholders of Maple Pty Ltd.

Maple Pty Ltd also provides a certified copy of the trust deed for the Grey Family Trust which outlines that:

• the beneficiaries of the trust are Margaret Grey, Anne Grey and John Grey
• the settlor of the trust is Mr Amber, the accountant for the Grey family
• the ‘appointor’ of the trust is Margaret Grey.

In this instance Birch Bank must:

• collect and verify certain information about its customer – Maple Pty Ltd – the corporate trustee of the Grey Family Trust, including the name of the trustee, and information under the applicable customer identification procedure about the company
• collect and verify beneficial owner information about Maple Pty Ltd. In this example Brian Grey and Margaret Grey are the beneficial owners because they are the two equal shareholders of Maple Pty Ltd
• collect and verify certain information about the Grey Family Trust, including that the trust exists and the full name of the trust
• collect the full names of all beneficiaries of the Grey Family Trust – Margaret Grey, Anne Grey and John Grey, as noted in the trust deed
• collect and verify full name of the settlor of the trust – Mr Amber – unless any of the following are true:
  • the material asset contribution to the trust by Mr Amber, as the settlor, at the time the trust is established is less than $10,000
  • at the time of the customer identification procedures Mr Amber is deceased
  • the trust is verified using the simplified trustee verification procedure, or
  • the customer, Maple Pty Ltd is a custodian.

Related legislation

• 4.4.2(2), 4.3.2(1), 4.3.3(1) of the AML/CTF Rules
• 4.3.2(2), 4.12 of the AML/CTF Rules
• 4.4.2(1), 4.4.3(1), 4.4.5(1) of the AML/CTF Rules
• 4.4.2(2) of the AML/CTF Rules
• 4.4.3(5), 4.4.5(5) of the AML/CTF Rules