Example Of Works

Below is an example of the standard of work produced. This is one document in an AML/CTF Program containing 30+ documents.

AML/CTF Customer Due Diligence (CDD) Policy

1. Application

This policy applies to all staff, departments, and business functions responsible for customer onboarding, transaction monitoring, and compliance obligations under the AML/CTF framework.

2. Purpose

To outline the obligations, procedures, and responsibilities relating to Customer Due Diligence (CDD), in accordance with the AML/CTF Act and Rules, ensuring proper customer identification and risk management.

3. Background

Customer Due Diligence is a key control under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth). It involves verifying the identity of customers, understanding beneficial ownership, and identifying politically exposed persons to mitigate the risk of ML/TF.

4. Applicable Legislation

This policy is governed by the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), the AML/CTF Rules Instrument 2007 (No.1), and guidance issued by AUSTRAC.

5. Policy

  • All customers must be identified and verified before the provision of a designated service, in accordance with sections 32–36 of the AML/CTF Act 2006 (Cth) and Chapter 4 of the AML/CTF Rules.
  • For individuals, collect and verify full name, date of birth, and residential address in line with Rule 4.2.1.
  • For non-individuals (e.g., companies, trusts), verify legal existence and controlling individuals under Rules 4.3–4.5.
  • Identify and verify beneficial owners who own or control 25% or more, or otherwise exercise effective control (Rule 4.12).
  • Conduct PEP screening and apply Enhanced Due Diligence (EDD) where required under Rules 4.12–4.13.
  • Records must be retained for at least 7 years under section 107 of the AML/CTF Act.

6. Roles and Responsibilities

  • Board / Senior Management:

- Provide strategic oversight and support for the implementation of CDD requirements.

- Ensure the policy aligns with AUSTRAC obligations and is appropriately resourced.

  • AML/CTF Compliance Officer - Develop, implement, and maintain the CDD Policy in accordance with the AML/CTF Act and Rules.

- Oversee the execution of CDD processes and conduct periodic reviews.

- Provide staff with ongoing guidance, training, and updates.

- Escalate unresolved verification or high-risk issues for decision-making.

  • Customer-Facing Staff / Onboarding Teams:

- Collect and verify customer identification documents in line with this policy.

- Accurately complete CDD/KYC forms and escalate incomplete or suspicious profiles.

  • Operations / Administration Teams - Maintain CDD records securely and in accordance with record-keeping requirements.

- Ensure data integrity and retrievability for audit or regulatory requests.

  • Internal Audit / Review Function - Conduct periodic audits of CDD implementation, documentation, and compliance.

- Provide assurance that the policy is being followed consistently.

7. Exemptions

Some low-risk customers may qualify for Simplified Due Diligence (SDD) under Rule 4.8 of the AML/CTF Rules.

8. Definitions

  • Beneficial Owner: A natural person who ultimately owns or controls a customer
  • CDD: Customer Due Diligence
  • EDD: Enhanced Due Diligence
  • KYC: Know Your Customer
  • PEP: Politically Exposed Person

9. Related Policies, Procedures, Registers, Forms, Checklists, Guidelines and Documents

  • CDD and KYC Forms
  • CDD Checklist
  • Customer Onboarding Procedure
  • Customer Verification Register
  • Enhanced Due Diligence Policy
  • Politically Exposed Persons Policy

10. Summary – Who, What, Why, When, Where, How

  • Who: Compliance team, onboarding staff, risk management.
  • What: The structured process of identifying and verifying customers.
  • Why: Required to mitigate ML/TF risk and comply with AUSTRAC legislation.
  • When: Prior to providing any designated service and during customer lifecycle reviews.
  • Where: Across all channels and platforms where services are offered.
  • How: Through identification, verification, risk assessment, and documentation.

11. Compliance Actions Checklist

☐ Collect and verify customer identity documents
☐ Identify and verify beneficial ownership
☐ Screen all customers against PEP and sanctions lists
☐ Apply EDD for high-risk profiles

Re-identify customers where there is a change in risk or doubt about original documentation (Rule 4.11)
☐ Document all verification steps and retain records for 7 years
☐ Update records as necessary during ongoing monitoring

12. Non-Compliance

Failure to comply may result in:
• Civil Penalties: AUSTRAC can apply for civil penalty orders under the AML/CTF Act, with fines exceeding $20 million for serious breaches (Part 15, Division 2).

  • Criminal Charges: Deliberate non-compliance or facilitating money laundering/terrorism financing can lead to prosecution, fines, and imprisonment (Sections 136–137).
  • Enforceable Undertakings: AUSTRAC may enter into enforceable undertakings to address serious non-compliance (Section 197).
  • Remedial Directions: AUSTRAC can issue binding directions requiring corrective action to fix deficiencies (Section 191).
  • Infringement Notices: Issued for minor breaches without court action, often accompanied by financial penalties (Section 186).
  • License Suspension or Cancellation: Entities operating under financial licenses may face suspension or loss of accreditation.
  • Public Naming and Shaming: AUSTRAC may publish details of breaches and actions taken, which can damage reputation.
  • Staff Disciplinary Action: Employees who breach AML/CTF policies may be subject to internal disciplinary measures, including warnings, retraining, suspension, or termination.
  • Loss of Banking or Business Relationships: Non-compliance can lead to de-banking or strained partnerships with financial service providers.
  • Increased Audit and Monitoring: Entities may be subject to more frequent reviews, audits, and reporting requirements from AUSTRAC and other regulators.

13. Document Management and Control

  • This document is controlled by the AML/CTF Compliance Officer.
  • It will be reviewed at least annually and updated to reflect legal, business, or regulatory changes.
  • Historical versions will be archived for audit and traceability purposes.
  • Version Control:
    - Effective Date: [Insert Date]
    - Review Date: [Insert Review Date]
    - Prepared By: [Insert Preparer Name]
    - Approved By: [Insert Approver Name]

 

Version         Date                             Author                       Role                          Summary of Changes
1.0                   15/05/2025             [Insert Name]         [Insert Role]        Draft document created
1.1                   20/05/2025             [Insert Name]         [Insert Role]         Board approved. Final version.

 

END

 

Key Takeaways

  • CDD must be completed before providing any designated service.
  • KYC requirements vary for individuals, companies, trusts, and partnerships and must follow Chapter 4 of the AML/CTF Rules.
  • Beneficial owners with 25% or more control must be identified and verified.
  • Politically Exposed Persons (PEPs) must be screened, and EDD applied if necessary.
  • Re-identification is required when there’s a change in risk or doubt about previously obtained documents (Rule 4.11).
  • All identity and verification records must be retained for 7 years (Section 107 AML/CTF Act).
  • Failure to comply can result in civil and criminal penalties, staff disciplinary action, and reputational harm.

Ready to streamline your business operations?