Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 (110 of 2024)

Schedule 2 Customer due diligence

Part 1 Main amendments

Anti-Money Laundering and Counter-Terrorism Financing Act 2006

7 Divisions 1 to 5 of Part 2

Repeal the Divisions, substitute:

Division 1 - Introduction

27 Simplified outline

The following is a simplified outline of this Part:

• A reporting entity must undertake initial customer due diligence before providing a designated service to a customer. However, in special cases, initial customer due diligence may be carried out after the provision of the designated service.

• A reporting entity must undertake ongoing customer due diligence in relation to the provision by the reporting entity of designated services.

• Simplified customer due diligence may be undertaken in certain low risk circumstances as part of initial and ongoing customer due diligence.

• Enhanced customer due diligence must be undertaken in certain circumstances as part of initial and ongoing customer due diligence.

• Certain pre-commencement customers are subject to modified customer due diligence.

• Exemptions from initial customer due diligence, and ongoing customer due diligence, apply in certain circumstances.

Division 2 - Initial customer due diligence

28 Undertaking initial customer due diligence

(1) A reporting entity must not commence to provide a designated service to a customer if the reporting entity has not established on reasonable grounds each of the matters in subsection (2) in relation to the customer.

Note 1: See also section 31 (simplified customer due diligence).

Note 2: See also section 32 (enhanced customer due diligence).

Note 3: See section 36 for rules that apply to pre-commencement customers.

(2) The matters are as follows:

(a) the identity of the customer;

(b) the identity of any person on whose behalf the customer is receiving the designated service;

(d) if the customer is not an individual - the identity of any beneficial owners of the customer;

(e) whether the customer, any beneficial owner of the customer, any person on whose behalf the customer is receiving the designated service, or any person acting on behalf of the customer is:

(i) a politically exposed person; or

(ii) a person designated for targeted financial sanctions;

(f) the nature and purpose of the business relationship or occasional transaction;

(g) any other matter relating to the customer that is specified in the AML/CTF Rules.

(3) Without limiting subsection (1), a reporting entity must do the following for the purposes of establishing on reasonable grounds the matters in subsection (2):

(a) if the customer is an individual - take reasonable steps to establish that the customer is the person the customer claims to be;

(b) identify the ML/TF risk of the customer, based on KYC information about the customer that is reasonably available to the reporting entity before commencing to provide the designated service;

(d) verify, using reliable and independent data, such of the KYC information referred to in paragraph (c) as is appropriate to the ML/TF risk of the customer.

(4) If a reporting entity provides its designated services at or through a permanent establishment of the reporting entity in Australia, a reporting entity must take into account the following matters when identifying the ML/TF risk of the customer for the purposes of paragraph (3)(b):

(a) the reporting entity's ML/TF risk assessment;

(b) the kind of customer to whom the designated services will be provided;

(d) the delivery channels by which the reporting entity's designated services are or will be provided to the customer;

(e) the countries with which the reporting entity deals, or will deal, in providing its designated services to the customer;

(f) the matters (if any) specified in the AML/CTF Rules.

(5) Subsection (4) does not limit the matters a reporting entity may take into account for the purposes of paragraph (3)(b).

(6) The AML/CTF Rules may do either or both of the following:

(a) specify requirements that must be complied with for the purposes of establishing on reasonable grounds the matters in subsection (2);

(b) set out circumstances in which a reporting entity is taken to comply with a matter mentioned in that subsection.

(7) Without limiting paragraph (2)(g) or (4)(f) or subsection (6), AML/CTF Rules made for the purposes of any of those provisions may make different provision in relation to different classes of customers, including:

(a) customers in relation to whom simplified due diligence measures may be taken in accordance with section 31; and

(b) customers in relation to whom enhanced customer due diligence measures must be undertaken in accordance with section 32.

Note: This subsection also does not limit subsection 13(3) of the Legislation Act 2003 or subsection 33(3AB) of the Acts Interpretation Act 1901: see section 249.

(8) Subsection (1) is a civil penalty provision.

(9) A reporting entity that contravenes subsection (1) in relation to a customer commits a separate contravention of that subsection in respect of each designated service that the reporting entity provides to the customer at or through a permanent establishment of the reporting entity in Australia.

(10) A reporting entity that contravenes subsection (1) in relation to a customer commits a separate contravention of that subsection on each day that the reporting entity provides designated services to the customer at or through a permanent establishment of the reporting entity in a foreign country.

29 Exemptions from initial customer due diligence

Despite subsection 28(1), a reporting entity may commence to provide a designated service to a customer before the reporting entity complies with that subsection if:

(a) circumstances specified in the AML/CTF Rules apply; and

(b) the reporting entity determines on reasonable grounds that commencing to provide the designated service to the customer before subsection 28(1) is complied with in relation to the customer is essential to avoid interrupting the ordinary course of business; and

(i) as soon as reasonably practicable after commencing to provide the designated service to the customer; and

(ii) within the period (if any) specified in the AML/CTF Rules; and

(d) the reporting entity determines on reasonable grounds that any additional risk of money laundering, terrorism financing or proliferation financing associated with complying with subsection 28(1) in relation to the customer after commencing to provide the designated service to the customer is low; and

(e) the reporting entity implements AML/CTF policies to mitigate and manage the associated risks; and

(f) the reporting entity complies with the requirements (if any) specified in the AML/CTF Rules.

Division 3 - Ongoing customer due diligence

30 Undertaking ongoing customer due diligence

(1) A reporting entity must monitor its customers in relation to the provision of its designated services to appropriately identify, assess, manage and mitigate the risks of money laundering, financing of terrorism and proliferation financing that the reporting entity may reasonably face in providing designated services.

Note 1: See also section 31 (simplified customer due diligence).

Note 2: See also section 32 (enhanced customer due diligence).

Note 3: See section 36 for rules that apply to pre-commencement customers.

(2) Without limiting subsection (1), if the reporting entity provides its designated services at or through a permanent establishment of the reporting entity in Australia, the reporting entity must:

(a) monitor for unusual transactions and behaviours of customers that may give rise to a suspicious matter reporting obligation; and

(b) if the reporting entity has a business relationship with a customer - review and, where appropriate, update the reporting entity's identification and assessment of the ML/TF risk of the customer in the following circumstances:

(i) if there is a significant change to any of the matters mentioned in subsection 28(4);

(ii) if there are unusual transactions and behaviours in relation to the customer that may give rise to a suspicious matter reporting obligation;

(iii) circumstances specified in the AML/CTF Rules; and

(c) if the reporting entity has a business relationship with a customer - review and, where appropriate, update and reverify KYC information relating to the customer at a frequency appropriate to the ML/TF risk of the customer, and if either of the following occur:

(i) the reporting entity has doubts about the adequacy or veracity of the KYC information relating to the customer;

(ii) circumstances specified in the AML/CTF Rules; and

(d) if the reporting entity has a business relationship with a customer that is a pre-commencement customer - monitor for significant changes in the nature and purpose of the business relationship that may result in the ML/TF risk of the customer being medium or high; and

(e) comply with any other requirements specified in the AML/CTF Rules.

Note: For suspicious matter reporting obligation , see section 41.

(3) The AML/CTF Rules may do either or both of the following:

(a) specify requirements that must be complied with in relation to the matters mentioned in subsection (2);

(b) set out circumstances in which a reporting entity is taken to comply with a matter mentioned in that subsection.

(4) Without limiting subparagraph (2)(b)(iii) or (2)(c)(ii), paragraph (2)(e) or subsection (3), AML/CTF Rules made for the purposes of any of those provisions may make different provision in relation to different classes of customers, including:

(a) customers in relation to whom simplified due diligence measures may be taken in accordance with section 31; and

(b) customers in relation to whom enhanced customer due diligence measures must be undertaken in accordance with section 32.

Note: This subsection also does not limit subsection 13(3) of the Legislation Act 2003 or subsection 33(3AB) of the Acts Interpretation Act 1901: see section 249.

(5) For the purposes of this section, unusual transactions and behaviours of a customer include the following:

(a) unusually large or complex transactions relating to the customer;

(b) transactions and behaviours that are part of an unusual pattern of transactions and behaviours relating to the customer;

(d) transactions and behaviours that are inconsistent with what the reporting entity reasonably knows about any of the following:

(i) the customer;

(ii) the nature and purpose of the business relationship;

(iii) the ML/TF risk of the customer;

(iv) where relevant, the customer's source of funds or source of wealth.

(6) Subsection (1) is a civil penalty provision.

(7) A reporting entity that contravenes subsection (1) in relation to a customer commits a separate contravention of that subsection in respect of each designated service that the reporting entity provides to the customer at or through a permanent establishment of the reporting entity in Australia.

(8) A reporting entity that contravenes subsection (1) in relation to a customer commits a separate contravention of that subsection on each day that the reporting entity provides designated services to the customer at or through a permanent establishment of the reporting entity in a foreign country.

Registered remittance affiliates

(9) If an obligation is imposed by subsection (1) on a reporting entity in its capacity as a registered remittance affiliate of a registered remittance network provider, the obligation may be discharged by the registered remittance network provider.

Exemption

(10) This section does not apply to a designated service covered by item 54 of table 1 in section 6.

Note: Item 54 of table 1 in section 6 covers a holder of an Australian financial services licence who arranges for a person to receive a designated service.

Division 4 - Simplified and enhanced customer due diligence

31 Simplified customer due diligence

In complying with the obligation imposed on a reporting entity under subsection 28(1) or 30(1) in relation to a customer, the reporting entity may apply simplified customer due diligence measures if:

(a) the ML/TF risk of the customer is low; and

(b) section 32 does not apply to the customer; and

32 Enhanced customer due diligence obligation

In complying with the obligation imposed on a reporting entity under subsection 28(1) or 30(1) in relation to a customer, the reporting entity must apply enhanced customer due diligence measures appropriate to the ML/TF risk of the customer if one or more of the following apply to the customer:

(a) the ML/TF risk of the customer is high;

(b) if:

(i) a suspicious matter reporting obligation arises for the reporting entity in relation to the customer; and

(ii) the reporting entity proposes to continue to provide a designated service or designated services to the customer;

(c) the customer, any beneficial owner of the customer, any person on whose behalf the customer is receiving the designated service, or any person acting on behalf of the customer, is a foreign politically exposed person;

(d) the customer, any beneficial owner of the customer, any person on whose behalf the customer is receiving the designated service, or any person acting on behalf of the customer, is:

(i) an individual who is physically present in a high risk jurisdiction for which the international body known as the Financial Action Task Force has called for enhanced due diligence to be applied; or

(ii) a body corporate or legal arrangement that was formed in a high risk jurisdiction for which the international body known as the Financial Action Task Force has called for enhanced due diligence to be applied;

(e) the designated service provided or proposed to be providedto the customer is provided or proposed to be providedas part of a nested services relationship;

(f) the customer is of a kind specified in the AML/CTF Rules.

Note: For suspicious matter reporting obligation , see section 41.

Copyright notice

You are free to copy, adapt, modify, transmit and distribute material on this website as you wish (but not in any way that suggests the ATO or the Commonwealth endorses you or any of your services or products).