What are ‘source of funds’ and ‘source of wealth’?

‘Source of funds’ refers to how and where the customer obtained the funds for a specific transaction or designated service you provide to the customer. Verifying, on a risk-sensitive basis, information collected about your customer’s source of funds will assist you in applying risk-based systems and controls in accordance with your AML/CTF program, and help you meet your transaction monitoring and suspicious matter reporting obligations. This process includes determining if you suspect on reasonable grounds that the customer’s funds could be derived from the proceeds of crime or may be relevant to the investigation of a criminal offence.

In collecting and verifying information on a risk-sensitive basis about a customer’s source of funds, you are aiming to answer, for example, the following questions:

• Is there a reasonable explanation for the customer to conduct this transaction, in particular, if it involves the use of cash?
• Are there any indicators that the customer’s source of funds are derived from the proceeds of crime?

‘Source of wealth’ refers to where the customer’s entire body of wealth and assets came from – not just what is involved in a transaction or business relationship. It describes the economic, business, or commercial activities that generated, or significantly contributed to, the customer’s overall net worth.

In collecting and verifying information on a risk-sensitive basis about a customer’s source of wealth, you are aiming to answer, for example, the following questions:

• Why and how does the customer have the amount of assets they do?
• How did they acquire or generate these assets?

A customer’s source of wealth may change over time and should be considered as part of your ongoing customer due diligence processes.

Applying the risk-based approach to source of funds and source of wealth checks

In 2021, AUSTRAC published guidance explaining the rationale and objectives behind the risk-based approach. When determining appropriate risk-based systems and controls, you must have regard to, among other things, the nature, size and complexity of your business and the type of money laundering and terrorism financing (ML/TF) risks you might reasonably face.

This means understanding and measuring risks in a meaningful way and using that information to focus proportionate efforts and controls to mitigate and manage the identified risks. Higher risk customers are therefore more likely to undergo additional or deeper checks (ECDD requirements) and increased monitoring compared with lower risk customers, such as frequent ongoing due diligence maintenance, broader screening parameters and enhanced transaction monitoring.

The risk-based approach ensures that you can use your resources effectively and efficiently in combating, preventing and disrupting ML/TF.

Identifying the source of funds and source of wealth is recognised as being among the key elements of the risk management of certain customers.

You should adopt a risk-based approach to determine the amount of information collected and where verification is required to assess source of wealth and source of funds.

In so doing, it is acknowledged that reporting entities may apply different definitions and approaches to addressing what constitutes source of wealth and source of funds. This also applies to how and when you decide, on a risk-sensitive basis, to verify and use the information that forms part of your KYC processes, in accordance with your agreed risk appetite.

It is important that you accurately document these processes and procedures to ensure they are applied consistently and in accordance with your risk appetite. These processes and procedures and the systems and controls must also be subject to regular independent review.

Applying ‘reasonable measures’

In higher risk situations and in accordance with your enhanced customer due diligence obligations (ECDD), you should take reasonable measures to determine the source of the wealth and funds of the customer and each beneficial owner.

Note: for the purposes of this guidance, ‘reasonable’ means what is practical and necessary in line with your identified ML/TF risks.

When to collect and verify information on the source of funds and source of wealth

Your AML/CTF program should clearly outline the triggers for undertaking source of funds and source of wealth checks, including:

• as part of your applicable customer identification procedures (ACIP) before commencing to provide a designated service to a customer
• when carrying out enhanced customer due diligence (ECDD) where the customer or beneficial owner is a foreign PEP
• when carrying out ECDD for higher risk customers
• as part of ongoing due diligence and monitoring of any customer, particularly where there is a change in the ML/TF risk profile. This may change over time as the ML/TF risk profile of the customer changes.

Applicable customer identification procedures

Your AML/CTF program must outline your risk-based systems and controls for determining whether to collect any additional KYC information about a customer, including source of funds and source of wealth information (refer to Part 4.2.5 of the AML/CTF Rules).

In addition to collecting further KYC information, including source of funds and source of wealth information, your AML/CTF program must also outline your risk-based systems and controls for determining whether KYC information collected should also be verified (refer to Part 4.2.8 of the AML/CTF Rules).

Politically exposed persons

You are required to apply reasonable measures to collect, and on a risk-sensitive basis, verify the source of funds and source of wealth when your customer or their beneficial owner is a foreign politically exposed person (PEP) or a high money laundering and terrorism financing (ML/TF) risk (for example, refer to Part 4.13.3(3) of the AML/CTF Rules), in accordance with your risk-based systems and controls.

A PEP is an individual who holds a prominent public position or role in a government body or international organisation, either in Australia or overseas. Immediate family members and close associates of these individuals are also considered PEPs. Read more about individuals who may be considered a PEP.

When dealing with a PEP, you also need to consider if there is any information about corruption or evidence that government funds are being used inappropriately.

Ongoing and enhanced customer due diligence

As part of your AML/CTF program, your ongoing due diligence and monitoring program should include triggers and circumstances when it would be appropriate to undertake source of funds and source of wealth checks for any customer (refer to Parts 15.2 and 15.8 of the AML/CTF Rules).

Factors to be considered as part of your risk based assessment could include, for example:

• the overall inherent risk rating of the customer (which typically will include an assessment of risk based on the customer’s specific circumstances, products and services usage, transactional and behavioural activity (actual or expected) and geographic factors)
• the quality and plausibility of the information provided as part of the due diligence and source of wealth checks, the evidence available to verify it and whether this reduces (and by how much) the inherent risk (for example, available evidence indicates that the customer’s wealth is sufficiently transparent)
• any other information held by your entity on the customer, including information held by other lines of the business or jurisdictions of operations (subject to relevant privacy or other confidentiality provisions for sharing information).

In some cases, you may be satisfied without having to, on a risk-sensitive basis, independently verify the information you have collected about the source of funds or source of wealth. In other circumstances, relying on self-disclosure alone may not be adequate and it may be appropriate to verify information obtained by using other reliable sources.

The steps you take to verify the source of funds and source of wealth should be proportionate to the assessed ML/TF risk.

Examples that could trigger the need to verify on a risk-sensitive basis the information you have collected on the source of funds or source of wealth could include:

• the customer or their beneficial owner is a PEP
• the customer’s transactions or other activity are inconsistent with what you know about the customer
• there are discrepancies between the information provided by the customer and other information available to you
• either party to a transaction is established in a high-risk country
• the transaction is complex, unusually large, forms an unusual pattern of transactions, or has no apparent legitimate purpose, whether commercial, legal or otherwise
• there is adverse media reporting or other reliable information that is relevant to the customer’s source of funds and/or source of wealth
• there has been a material change in the customer’s circumstances
• you determine that the risks associated with providing the designated service to the customer are high or have increased, which makes it appropriate to consider and verify the customer’s source of funds and/or source of wealth.

How to collect information on the source of funds and source of wealth

You should draw on a range of information when establishing the source of funds and source of wealth of a customer. This information could include, for example:

• information the customer has already provided to you for the purpose of other designated services or products
• asking the customer or requesting they make a formal declaration about their source of funds or source of wealth
• secondary sources such as internet searches, media reporting, published lists of prominent persons, commercial databases – this information may be more readily available for foreign PEPs and high-net-worth individuals
• information you have collected about or from the customer as part of your credit risk assessment of the customer (e.g. if applicable, for the purposes of assessing a loan application).

After collecting initial information from the customer on their source of funds and source of wealth, your next step is determining, on a risk-sensitive basis the extent to which that information should be verified by further information, official documentation from the customer, and/or reliable external sources, to assist you in ascertaining that the customer is not involved in the proceeds of crime.

How and when to verify the source of funds and the source of wealth

Source of funds

Verifying the source of funds on a risk-sensitive basis involves confirming where those funds came from, how they were obtained by the customer and whether this is consistent with what you expect of the customer.

The type of evidence required to verify the source of funds is dependent on the specific source. Evidence that has been used to verify the customer’s source of wealth may also be used to verify the source of funds, when these are indistinct.

Verifying the information involves more than knowing, for example, which financial institution the funds were transferred from (unless the financial institution is providing finance, such as a loan, for the transaction). Simply checking that the customer’s personal details match those on the account from where it was transferred is not sufficient.

The information you obtain should substantiate how the customer has acquired the funds. Examples may include funds from the sale of property or other assets, receipt of a gift or an inheritance.

If a customer declares that they have been given funds for a transaction from a third party, you should record information relating to that original transaction. You could verify this by requesting bank statements or other documentation relating to the transfer.

In some cases, it may be difficult to determine the source of funds without some understanding or knowledge of the customer’s source of wealth.

Source of wealth

Verifying the source of wealth of a customer on a risk-sensitive basis can be more challenging, as their wealth may include funds or assets that you do not hold on behalf of the customer.

The data or documents you use to verify the source of wealth will depend on the level of ML/TF risk, the type of transactions undertaken and the designated services you provide to the customer.

Verification is effective when it helps to support the source of wealth information collected. This can take various forms, such as information from independent, publicly available, reputable sources or documents issued by reputable third parties such as company registries, banks, accountants and lawyers, commercial data bases (for example in relation to PEPs), sanctions lists and reputable media sources. The level of reliance you should place on evidence used for verification requires the judgement and is determined by the source type and verifiability of the evidence provided.

You should consider all the evidence collected and determine whether it is sufficient to support the source of wealth assessment.

Documents and data to support collection verification processes

Consistent with your AML/CTF program obligations, including ECDD requirements, you must document any source of funds or source of wealth checks conducted on a customer or transaction, including the checks undertaken, the information or evidence obtained, and your determinations or conclusions.

The type of documentation acceptable to verify source of funds/source of wealth will depend on the level of assessed risk. Examples of documents and data you could use to identify the source of funds or source of wealth in higher risk situations include:

• bank statements
• payslips
• tax returns
• a will (or a certified copy)
• court order (e.g. divorce settlement)
• a trust deed (or a certified copy)
• audited financial accounts showing funds disbursed to the customer
• sale/purchase agreements
• share registries
• royalties
• records pertaining to business ownership including audited financial statements, or a letter from a legal practitioner, accountant or financial advisor
• receipts of other transactions or similar documentation
• documents detailing share transactions, business activities, bequest of a gift, insurance payouts, inheritances, gambling winnings, trading in digital currencies, compensation from a legal ruling, etc.
• searches of publicly available registers, including property or land registers, and business and company registers
• transaction records
• written confirmation from a legal practitioner or accountant
• formal and witnessed declaration (using a statutory declaration in the absence of any other supporting information).

Note: This list is not intended to be exhaustive.

Your AML/CTF program and risk-based procedures 

Your assessment of your customer’s ML/TF risk will determine the appropriate steps you take to understand and, on a risk-sensitive basis, verify your customer’s financial position. The level of verification should be proportionate to the level of ML/TF risk.

Understanding the nature and purpose of your business relationship with a customer will help you identify unusual or unexpected transactions or activity that may warrant establishing (and where appropriate, verifying) their source of funds or source of wealth.

When developing your AML/CTF program, consider the factors on this page. You should also take into account any risk assessments or other publications by AUSTRAC related to the services you provide.

Customer types and their control structures

Different types of customers will present different risks, depending on their ownership and control structures, industry and other factors.

Examples of customer types and control structures, which may present a higher risk, include:

• Foreign PEPs are recognised as presenting particular risks – it is mandatory that you take appropriate measures such as establishing the source of funds and source of wealth for all designated services you provide to a customer who is a foreign PEP and obtain senior management approval to proceed with the relationship and transaction.
• High ML/TF risk domestic or international organisation PEPs – you should also take reasonable measures to establish the source of funds and source of wealth to enable senior management review.
• Limited visibility of the source of funds for high-net-worth individuals moving funds into or out of Australia for the purposes of gambling or other cash intensive services.
• Complex and opaque corporate or trust structures that do not appear to have a legitimate economic purpose. These structures may also be exploited to conceal the financial activities of the individual beneficial owners seeking to move and use funds without detection.
• Customers acting as intermediaries for another person may be used to obscure the activities of the individual on whose behalf they are acting.

Expected sources of funds and wealth of your customers

Understanding the typical profiles of your customers will help you determine the appropriate risk-based systems and controls to include in your AML/CTF program.

For example, consider a customer who typically earns a regular salary and wages and whose wealth consists of a family home, savings and other ordinary investments or inheritance. There may be less need to collect and verify information about this customer’s source of funds and source of wealth.

In comparison, consider, for example, customers who typically fund themselves or have higher levels of wealth as a result of higher risk, less common or less transparent activities. For such customers, AUSTRAC would expect you to undertake more intensive information collection and verification on a risk-sensitive basis in order to establish their source of funds and source of wealth.

The types of designated services you provide

Some designated services will be more open to abuse and exploitation by criminals, even where the majority of customers use your services for lawful purposes.

For example, cash intensive services could be more susceptible to customers seeking to obscure the source of those funds or their true identity.

How you deliver designated services

How you deliver your services may be a relevant consideration when designing your risk-based systems and controls for verifying source of funds and source of wealth. For example, if you provide your services online to a global market, the risks will be different than if you were providing services face-to-face in a small community. In this example, it would be expected that the reporting entity providing designated services to customers in a small community would be more familiar personally with its customer base and their specific circumstances.

Geographic risk

If you deal with higher risk jurisdictions, this should be factored into your risk-based systems and controls related to verifying, on a risk-sensitive basis, the source of wealth and source of funds. Examples of risk factors can include corruption risks, organised crime, known tax secrecy havens, terrorism financing, proliferation financing, or sanctions risks.

What to do if you cannot establish the source of funds or source of wealth

If you cannot satisfactorily establish the source of funds or the source of wealth for a high-risk customer, who in your assessment poses an unacceptable ML/TF risk that cannot be appropriately mitigated, then with the input of your senior management, you should consider whether to continue to provide designated services to the customer (refer to Rule 15.10.6).

If you continue the relationship, you may choose to elevate the risk of that specific client and monitor the relationship more closely. For example, you may decide to increase the frequency of reviews of the business relationship, to ascertain whether the customer’s risk profile has changed and whether the risk remains manageable or as specified in your AML/CTF program, by applying other enhanced customer due diligence measures.

Reporting suspicious matters

If you notice unusual activity that raises a suspicion while establishing the customer’s source of funds or source of wealth, including if you suspect on reasonable grounds that a person or transaction is linked to a crime or may otherwise be relevant to the investigation of an offence, you must consider whether to submit a suspicious matter report to AUSTRAC.

Privacy law

The information you collect and verify about a person’s identity is covered by the Privacy Act, and you should be aware of your obligations under that law. The personal information you collect about a PEP to comply with your AML/CTF obligations may be considered ‘sensitive’ and, according to the Australian Privacy Principles, should be given a higher level of privacy protection. For example, the Privacy Act defines information about someone’s political opinions or their membership of a political association as sensitive. You must make sure that the way you manage sensitive information complies with your obligations under the Privacy Act.

Examples of identifying a customer’s source of funds and source of wealth

Bullion

Source of funds - Bullion Dealer A

A customer purchases a bullion in an over the counter transaction, using a large amount of cash that the bullion dealer considers to be unusual and suspicious. When asked about the source of the funds, the customer advises the bullion dealer that the funds were withdrawn from their bank account. The bullion dealer then asks the customer to use their mobile device to provide evidence of the withdrawal from their bank account.

Source of wealth - Bullion Dealer B

During regular ongoing customer due diligence, a bullion dealer notices that a customer had recently conducted significant bullion purchases. The bullion dealer considered that these significant purchases were inconsistent with any income or wages that the customer might have earned from the occupation listed on their file. The bullion dealer decides to conduct third party searches on social media sites, to ascertain whether they can identify any other information about the customer’s source of wealth. This search does not return the desired results, so the bullion dealer decides to verify the customer’s source of wealth. The customer provides pay slips and bank account statements, to confirm the customer’s salary and other regular deposits.

Digital currency exchange providers

Source of funds – Digital currency exchange provider A

A customer converts a large amount of cash into digital currency using a cryptocurrency ATM. The digital currency exchange provider deems such transactions to be high risk under its AML/CTF program. The AML/CTF compliance officer places the account on hold while they seek to verify where the large amount of cash was sourced from. The AML/CTF compliance officer requests that the customer provide documentation, such as bank account statements, to provide evidence of the source of funds. The customer provides documents which appear to have been altered and are of low quality. The compliance officer decides to end the business relationship with the customer, as the customer and their activities are outside of the business’ risk appetite. The compliance officer also determines that the customer’s activities warrant, on reasonable grounds, reporting a suspicious matter to AUSTRAC. 

Source of wealth – Digital currency exchange provider B

A customer’s transaction volumes suddenly increase and no longer align with the customer profile. The digital currency exchange attempts to identify the source of the customer’s wealth by using prior evidence of investing/trading in cryptocurrency to identify situations where the customer has made significant financial gains from previous cryptocurrency trading. The digital currency exchange confirms this trading through Blockchain evidence of the customer’s successful trading in digital currencies.

Remittance service providers

Source of funds – Remittance provider A

A customer completes a series of transactions in quick succession that are funded by cash. The remittance provider decides the customer’s transactions present a higher risk. In reviewing the customer history, the remittance provider attempts to identify the customer’s source of funds by asking the customer a range of questions. The customer is reluctant to provide responses. Accordingly, the remittance provider defers the processing of the transactions until the customer agrees to provide documented evidence, such as pay slips or a bank account statement that confirms the source of funds.

Source of wealth – Remittance provider B

A customer’s outgoing remittance transactions suddenly increase in volume and value, which are inconsistent with the customer’s risk profile. The remittance provider decides to interrogate existing internal data as well as internet searches and notes that the customer’s occupation is already held on file and the customer has a large extended family domiciled overseas. The customer’s transaction activity continues to increase and extends to a wider range of recipients. The remittance provider conducts further third party searches in order to determine the average salary of an individual in the customer’s claimed profession. The remittance provider decides it is appropriate to verify the customer’s source of wealth by requesting copies of pay slips in order to corroborate the customer’s occupation and salary.

Pubs and Clubs

Source of funds – Hotel A

A gaming floor attendant of a hotel observes a customer frequently leaving the venue and returning with large amounts of cash, to play electronic gaming machines. After consulting with their supervisor, the attendant approaches the customer to enquire about their movements. The attendant finds the customer to be aggressive and threatening on approach. Due to this behaviour, and in accordance with the attendant’s training, the attendant makes no further inquiries and reports this behaviour to their supervisor and venue manager via an incident report. Confirming that this behaviour is not acceptable in the venue and that staff safety is paramount, the manager asks the customer to leave the premises and bars them from re-entering. The manager also determines that the customer’s behaviour warrants the reporting of a suspicious matter to AUSTRAC.

Source of wealth – Club B

A Club’s monitoring of a member’s gambling activity shows their average bet and time spent gambling has increased substantially in the past month. However, the known employment history and income of the member (as recorded on file) does not substantiate the increased level of gambling activity. The compliance officer asks gaming floor staff about this customer’s increased patronage and ascertains that the customer had told a member of staff that they recently sold their house. The compliance officer then decides to verify this by conducting an online search to corroborate the sale, using the customer’s address on file. Finding the recent sale, the compliance officer notifies reception and gaming staff to remind the member to update their address details when they next come in to the venue and continue to monitor the gaming activity consistent with harm minimisation obligations.

Casinos

Source of funds – Casino A

A customer presents $11,000 in cash to a cashier, requesting it be exchanged in return for gaming chips. As the amount exceeds $10,000, the cashier performs KYC procedures, recording the customer’s details, noting they hold a patron’s account, and submits a threshold transaction report. The cashier decides, on a risk-sensitive basis, to identify the source of funds by questioning the customer. The customer advises they withdrew cash from their bank account prior to entering the casino premises and presents a receipt confirming the withdrawal. Later that day, the customer returns to the cashier with a large sum of cash and requests to purchase chips. The cashier alerts the cage manager of the customer’s request for another large cash transaction, and the manager requests the customer evidence their source of funds before the casino allows further gaming.

Source of wealth – Casino B

In a review of a long term customer’s gaming activity, the casino invites the customer to a higher tier of the casino’s membership rewards program. Prior to completing the necessary processes, the AML/CTF team reviews the customer profile, noting the customer has indicated on their membership form that they are the Director of a company. The AML/CTF team seeks to identify the customer’s source of wealth and consults with the credit department, to determine whether they hold any relevant supporting information. The credit department advise they have only conducted minimal checks of the customer. The AML/CTF team decides to conduct an ASIC search that confirms the company registration and the company directorship. They also undertake an internet search which identifies the company website and the nature of the business and names the customer as its principal. Over the following month, the customer’s gambling activity continues to significantly increase and the AML/CTF team decides to verify the customer’s source of wealth by requesting documentation, including financial statements and an individual tax return. 

Online betting agency

Source of funds

A customer makes a large deposit into their betting account, which is inconsistent with their previous activity. Prior to allowing these funds to be used, the online betting agency enquires about the source of the customer’s funds. The customer provides a vague response about recently receiving an inheritance. The corporate bookmaker decides to limit activity on the customer’s account and requests documentation confirming receipt of the inheritance, such as a copy of a letter on an appropriate letterhead from the solicitor who oversaw the process.

Superannuation

Source of funds – Superannuation Fund A

Transaction monitoring identifies a large non-concessional contribution deposited into a customers' account. The superannuation fund undertakes a review of information already held on the customer and assesses the contribution amount to be inconsistent with their known profile. The superannuation fund contacts the customer and undertakes KYC processes and asks for further information explaining the source of the funds. The customer advises the funds were received from a bonus paid by their employer and this is confirmed through the provision of a pay slip that corroborates the payment.  

Source of wealth – Superannuation Fund B

A superannuation fund receives a request to rollover a large amount from a customer's self-managed-super-fund (SMSF). On review of the request, it is identified that the customer’s SMSF has accumulated an unusually large amount over a relatively short period of time. The fund decides to undertake KYC processes and requests additional information concerning the amount of the rollover. The fund decides to corroborate the customers’ source of wealth by requesting a series of documents relating to the customer’s employment history and bank statements to ensure the amount is not derived from the proceeds of crime.

Financial advisers

Source of funds – scenario A

A prospective customer presents with accumulated cash savings well in excess of their annual income from operating as a sole trader. At on-boarding the financial adviser requests copies of bank statements and tax return documentation to corroborate the customer’s source of funds.

Source of wealth – scenario B

A customer indicates they have received a large sum of money and are seeking advice on how to invest it. The financial advisor reviews the original financial information collected on the customer and is concerned that the source of wealth is not in line with the customer’s known financial and personal circumstances. Having been advised that the customer is a beneficiary of an inheritance from a distant relative, the financial adviser requests additional information and is provided a signed letter from a lawyer handling a deceased estate that names the customer as a beneficiary of the distant relative’s estate.

Non-bank loan providers

Source of funds

A relatively new customer, who has been making minimum repayments on the purchase of a car, advises they intend to make a large lump sum payment for the remainder of their car loan. The non-bank lender makes inquiries and is advised by the customer that they recently sold their house. After making customer inquiries in order to complete the repayment process, the non-bank lender undertakes internet searches of the real estate agent responsible for the sale of the property and the reported auction result. The non-bank lender also searches the land registry regarding the property sale.

Securities and derivatives dealers / Managed investment funds

Source of funds

Ongoing monitoring identifies a customer has made a large purchase of securities. A review of the customer’s profile indicates the amount and type of securities purchased was unusual in comparison with the customer's transaction history. The reporting entity identifies that a third party agent was involved in the purchase and confirms the customer was aware of and authorised the purchase. Further open source enquiries identify numerous negative reviews related to the third party agent. Based on the information ascertained as part of the enhanced customer due diligence procedures, the reporting entity submits a SMR to AUSTRAC outlining their investigation and findings related to the third party agent. In response to the higher risk scenario, the reporting entity decides to increase monitoring related to the use of the third party agent for future purchases.

Additional resources

• Frequently asked questions on Source of Wealth and Source of Funds, issued by The Wolfsberg Group
• Financial Action Task Force (FATF) guidance on Politically Exposed Persons
• FATF’s ‘High-risk and other monitored jurisdictions’