If you provide any designated services listed under section 6 of the AML/CTF Act, such as financial, gambling, bullion or digital currency exchange services, you are considered by AUSTRAC to be a “reporting entity” and are required to have an anti-money laundering and counter-terrorism financing (AML/CTF) program.
This must include an enhanced customer due diligence (ECDD) program which records the measures undertaken in situations where there is a high risk of money laundering or terrorism financing. This article explores the key considerations as outlined by AUSTRAC.
What is enhanced customer due diligence (ECDD)?
Enhanced customer due diligence involves conducting supplementary checks on a customer’s identification, gathering extra information, and performing additional verification. This helps to detect, disrupt and prevent money laundering and terrorism financing (ML/TF), and to protect your organisation from being exploited for criminal activity.
When to apply ECDD
ECDD must be applied in several high-risk situations:
- If you suspect that a person or transaction is linked to a crime, a suspicious matter report (SMR) must be submitted to AUSTRAC. Simply submitting an SMR does not mitigate ML/TF risk – in such situations ECDD also needs to be applied.
- When you determine through your risk-based systems and controls the ML/TF risk is high.
- The service you are asked to provide is for a customer who is (or has a beneficial owner who is) a foreign politically exposed person (PEP) – an individual who holds a prominent public position or role in a government body or international organisation, either in Australia or overseas.
- A transaction involves a person or a company that has a presence or is incorporated in a high-risk jurisdiction.
Establishing an effective ECDD program
An effective ECDD program should:
- Clearly outline the customer types, designated services, channels, and jurisdictions that are considered to pose a high or greater level of risk. Procedures should also be in place to enable consistent implementation of ECDD processes.
- Explicitly identify the individuals or roles responsible for carrying out ECDD.
- Establish controls to ensure consistent application of ECDD, encompassing its operation, monitoring, and internal reporting.
The measures employed for ECDD must be appropriate for the specific situation, incorporating a variety of the measures described below. It is also crucial to maintain a traceable record of decision-making.
ECDD measures
ECDD measures may include collecting additional information, undertaking a more detailed analysis of customer information, verifying or re-verifying customer information, undertaking more detailed analysis and monitoring of transactions, and getting approval from senior management.
Collecting additional information
You must collect additional information from the customer or third-party sources so you can do one or more of the following:
- Clarify or update customer or beneficial owner information.
- Take reasonable measures to identify the customer’s and beneficial owners’ source of wealth and funds.
- Clarify the nature of their ongoing business with you.
Further analysis or verification of customer information
In addition to collecting additional information, you may need to conduct further analysis of the customer’s identification (KYC) information that has previously been collected.
You may also need to verify or re-verify customer information, such as name and date of birth, using reliable and independent documentation or electronic data.
More detailed analysis and monitoring of transactions
Under certain circumstances, it may be necessary to thoroughly examine and closely monitor both the past and future transactions of the customer. In such cases it is important to determine the purpose and rationale behind these transactions, while also keeping track of their types and frequencies. Additionally, you should carefully monitor the anticipated nature and volumes of your customer’s transactions, including any upcoming transactions.
Getting approval from senior management
You must seek approval from senior management to:
- Continue a business relationship with the customer.
- Keep providing designated services to the customer.
- Process a transaction on an account.
Key takeaways
If you are considered a reporting entity by AUSTRAC, you must apply enhanced customer due diligence (ECDD) in high-risk situations such as when a customer’s activity leads you to make a suspicious matter report. Your ECDD program should follow best practices outlined by AUSTRAC and incorporate measures such as collecting additional customer information and conducting further analysis.