Customer due diligence (KYC) on every customer
Identify and verify every customer (and beneficial owner) before providing a designated service.
Who must comply
All AUSTRAC reporting entities.
What triggers it
Onboarding a customer for a designated service.
When due
Before providing the designated service. Ongoing for customer relationships.
Evidence required
KYC records (identity documents, beneficial ownership), PEP/sanctions screening evidence, EDD documentation.
Max penalty
Each unverified customer can be a separate breach — up to $33M per contravention
Summary
Reporting entities must collect and verify customer identification information before providing a designated service. For non-individuals, beneficial owners (≥25% control or ownership) must be identified. Enhanced due diligence applies to high-risk customers including PEPs, complex structures, and high-risk jurisdictions. Simplified due diligence is available for limited low-risk categories.
Enforced by
Source legislation
Topics
Related obligations
- CWLTHMaintain a written AML/CTF programEvery reporting entity needs a documented AML/CTF program — Part A risk + Part B systems.
- CWLTHEnrol with AUSTRAC as a reporting entityTranche 2 entities must enrol with AUSTRAC by 29 July 2026.
- CWLTHSuspicious matter, threshold, and IFTI reporting to AUSTRACLodge SMRs, TTRs ($10K+ cash), and IFTI reports via AUSTRAC Online.
- CWLTHDesignate an AML/CTF Compliance OfficerReporting entities must designate a senior employee as AML/CTF Compliance Officer.
- CWLTHDetect + enhance due diligence on Domestic + Foreign PEPsAML/CTF Rules require detection + EDD on Politically Exposed Persons (foreign + domestic + international organisation).
- CWLTHIndependent review of AML/CTF programReporting entities must arrange independent review of their Part A AML/CTF program at appropriate intervals.
Frequently asked questions
- Who must comply with Customer due diligence (KYC) on every customer?
- All AUSTRAC reporting entities.
- What triggers Customer due diligence (KYC) on every customer?
- Onboarding a customer for a designated service.
- When is Customer due diligence (KYC) on every customer due?
- Before providing the designated service. Ongoing for customer relationships.
- What is the maximum penalty for Customer due diligence (KYC) on every customer?
- Each unverified customer can be a separate breach — up to $33M per contravention
- What evidence is required for Customer due diligence (KYC) on every customer?
- KYC records (identity documents, beneficial ownership), PEP/sanctions screening evidence, EDD documentation.
Source: https://austrac.gov.au/business/core-guidance/customer-identification-and-verification. Rules Mate is not a law firm. Always verify against the live regulator source before acting.