Enhanced Customer Due Diligence (ECDD) triggers under the AML/CTF Rules

When ECDD applies

Chapter 15 of the AML/CTF Rules mandates Enhanced Customer Due Diligence (ECDD) in certain situations. These circumstances are defined to ensure a heightened level of scrutiny for customers and transactions presenting a greater risk of money laundering or terrorism financing.

ECDD is required when a reporting entity identifies a customer, or a beneficial owner of that customer, as a foreign Politically exposed persons (PEP) screening. It also applies when the reporting entity is required by section 41 to consider making a Suspicious Matter Report.

Finally, ECDD is triggered when a customer or transaction originates from a country identified as high-risk by the FATF or AUSTRAC. Additionally, ECDD must be applied if the reporting entity’s risk-based assessment determines a higher level of risk, including for domestic and international organisation PEPs assessed as high risk.

Minimum ECDD measures

Enhanced Customer Due Diligence (ECDD) involves specific actions beyond standard Ongoing customer due diligence (OCDD). These measures include obtaining and verifying additional Know Your Customer (KYC) information. This information relates to the customer themselves, any beneficial owners, and the customer’s source of funds and source of wealth.

Further ECDD measures require obtaining senior management approval. This approval is needed both for establishing a new business relationship and for continuing an existing one. Enhanced ongoing monitoring of customer transactions is also a required element of ECDD.

The specific measures applied must be commensurate with the risk identified. In some circumstances, ECDD may also involve considering whether to lodge a Suspicious Matter Report (SMR).

FATF high-risk jurisdictions

The Financial Action Task Force (FATF) identifies jurisdictions with strategic AML/CTF deficiencies through two lists: a Public Statement (the black list) and Jurisdictions Under Increased Monitoring (the grey list). Reporting entities in Australia are obligated to apply Enhanced Customer Due Diligence (ECDD) to customers and transactions originating from or involving FATF black list jurisdictions.

For transactions and customers linked to FATF grey list jurisdictions, reporting entities are required to undertake a risk-based assessment and apply enhanced measures accordingly. This assessment should consider the specific risks posed by the jurisdiction and the nature of the customer or transaction. [Sanctions compliance Australia — DFAT] considerations are also vital.

AUSTRAC may supplement these FATF lists by issuing notices and guidance that identify specific high-risk jurisdictions. It is important to note that sanctions lists are separate from, but operationally aligned with, AML/CTF obligations; therefore, the DFAT consolidated sanctions list must also be screened.

Documentation and record-keeping

Documentation of Enhanced Customer Due Diligence (ECDD) is a mandatory requirement. All steps taken to satisfy ECDD obligations must be recorded and maintained within the customer file. This includes evidence of approval from senior management for any sign-off required during the ECDD process.

The outputs generated through the ECDD process may be used to inform the Senior Management Review (SMR) decision-making process. Failure to apply ECDD when it is triggered constitutes a contravention of section 36 of the AML/CTF Act.

Records relating to ECDD must be retained for a minimum period of 7 years from the end of the customer relationship, as stipulated by section 113 of the AML/CTF Act. This ensures ongoing compliance and auditability.