Guide to AML/CTF Enhanced Customer Due Diligence (ECDD) in Australia

Reading Time: 7 minutes

Introduction to Enhanced Customer Due Diligence (ECDD)

Australia’s robust anti-money laundering and counter-terrorism financing (AML/CTF) framework is crucial for combating money laundering and terrorism financing (ML/TF). For Australian reporting entities, compliance with these regulations is mandatory and essential for protecting the integrity of the financial system. A cornerstone of this framework is Enhanced Customer Due Diligence (ECDD), a more rigorous approach than standard customer due diligence (CDD) and know your customer (KYC) procedures.

This guide aims to simplify ECDD for Australian organisations that provide designated services. It will clarify when reporting entities must undertake ECDD, detail the key measures involved in an effective ECDD program, and explain how to maintain ongoing CDD. 

Defining Enhanced Customer Due Diligence (ECDD)

What is ECDD?

Enhanced Customer Due Diligence (ECDD) is a critical element of Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) programs in Australia. It represents a more rigorous set of checks that go beyond standard Customer Due Diligence (CDD) processes, particularly when there is a higher risk of money laundering or terrorism financing (ML/TF).

ECDD involves undertaking extra measures to ensure comprehensive risk management. These measures include:

• Carrying out additional checks on customer identification.
• Collecting more detailed customer information.
• Performing further verification of customer information.

Purpose of ECDD in AML/CTF Compliance

The primary purpose of ECDD within AML/CTF compliance is to detect, disrupt, and prevent ML/TF. Additionally, ECDD plays a vital role in protecting businesses and organisations from being exploited for criminal activities.

By implementing ECDD measures, organisations can make informed decisions about whether to submit a Suspicious Matter Report (SMR) to Australian Transaction Reports and Analysis Centre (AUSTRAC). ECDD serves several key purposes, including:

• Risk Mitigation: It helps organisations effectively manage and mitigate higher risks of ML/TF associated with certain customers or transactions.
• Detection and Prevention: ECDD enhances an organisation’s ability to detect unusual or suspicious activities that may indicate illicit financial flows.
• Protection of Businesses: By identifying and scrutinising high-risk relationships, ECDD protects businesses from potential exploitation by criminals.
• Informing SMR: The insights gained through ECDD assist organisations in determining whether an SMR should be submitted to AUSTRAC, thereby fulfilling their regulatory reporting obligations.

When to Apply ECDD

High ML/TF Risk Scenarios

ECDD becomes essential when your risk-based systems and controls identify a higher risk of ML/TF. This determination arises from your organisation’s risk assessment, which considers various factors, including:

• Customer Type: Different profiles may present varying levels of risk.
• Nature of Services Provided: Certain services are more susceptible to ML/TF activities.
• Geographical Risks: Transactions involving high-risk regions can increase overall risk.

When your assessment indicates that a customer or business relationship poses a significant risk of ML/TF, it triggers the need to undertake ECDD measures to effectively mitigate these risks.

Foreign Politically Exposed Persons (PEPs)

ECDD is mandatory when dealing with customers who are, or have beneficial owners who are, foreign politically exposed persons (PEPs). Foreign PEPs are individuals who hold prominent public positions in a country apart from Australia. Due to their positions, foreign PEPs are considered to present a higher risk of money laundering and other offences such as bribery and corruption.

This heightened risk necessitates enhanced scrutiny, which includes:

• Verifying Identity: Ensuring the PEP’s identity is thoroughly confirmed.
• Legitimacy of Source of Wealth and Funds: Assessing the origins of their wealth and financial transactions to ensure they are legitimate.

Suspicion of Criminal Activities and SMRs

When a customer’s activities or behaviour raise suspicion of criminal activity, it is imperative to apply ECDD. This is particularly relevant when there are grounds to submit an SMR to AUSTRAC.

Submitting an SMR does not negate the need for ECDD; rather, it underscores the necessity for a more in-depth investigation into the customer relationship and transactions. ECDD in these situations help to:

• Analyse Suspicious Activity: Gain a more in-depth understanding of the nature and extent of the suspicious activity.
• Understand the Customer’s Profile: Develop a detailed profile to identify potential risks.
• Determine ML/TF Risk Extent: Assess the level of ML/TF risk involved.

Transactions Involving High-Risk Jurisdictions

ECDD is also required when a transaction involves individuals or entities associated with high-risk jurisdictions. These jurisdictions are often identified by AUSTRAC and international bodies like the Financial Action Task Force (FATF) as having deficient AML/CTF systems or posing a higher risk of ML/TF.

Transactions connected to these prescribed foreign countries necessitate enhanced due diligence to mitigate the increased risk. This involves:

• Stricter Verification: Ensuring all parties involved are accurately identified and verified.
• Comprehensive Monitoring: Keeping a closer watch on transactions to confirm their legitimacy.
• Preventing Illicit Financial Flows: Ensuring that transactions do not facilitate illegal financial activities.

This enhanced scrutiny is crucial to maintaining compliance and preventing potential misuse of financial services.

Key Measures in an ECDD Program

Collecting Additional Customer Information

Collecting additional customer information is a crucial measure in an effective ECDD program. This process involves gathering extra details from customers or third-party sources to build a clearer picture of the customer profile. Understanding the source of wealth and funds is essential for mitigating the risks of ML/TF. By obtaining more information, organisations can better clarify the nature of the customer’s ongoing business and accurately assess their risk profile.

Additional information that may be collected includes:

• Source of wealth: Investigating the origin of the customer’s total assets, such as business ownership, employment history, or investments, to understand their financial standing.
• Source of funds: Examining the origin of the specific funds used in transactions or business relationships, such as salary payments or business revenue, to directly trace the money being handled.
• Purpose of the business relationship: Gaining more in-depth insights into why the customer requires specific services and their expected transaction patterns to identify any inconsistencies.

Enhanced Verification and Analysis

Enhanced verification and analysis are vital components of an ECDD program, requiring a more rigorous approach to confirming customer information. This goes beyond standard customer identification processes and necessitates a more in-depth analysis of existing data to effectively identify and manage risks. A thorough verification process ensures that the information provided by the customer is accurate and reliable, which is crucial for effective CDD.

Enhanced verification and analysis measures include:

• Re-verifying customer information: Confirming or re-confirming customer details, such as full name and date of birth, using reliable and independent documentation to ensure identity verification.
• More in-depth analysis of existing information: Conducting a more detailed examination of the information already collected to reveal insights into the source of funds and identify potential high-risk situations or criminal activity.
• Utilising reliable and independent sources: Ensuring that verification processes use documentation and data from sources known for their reliability and independence to strengthen the verification process.

Detailed Transaction Monitoring

Detailed transaction monitoring is a key measure within an ECDD program, focusing on the thorough examination of customer transactions to detect unusual patterns. This enhanced level of monitoring is essential to ensure that transactions align with the expected customer profile and to identify any activities that may indicate ML/TF. By closely scrutinising transactions, organisations can effectively manage customer risk and maintain compliance requirements.

Detailed transaction monitoring involves:

• Monitoring transaction types: Observing the kinds of transactions a customer engages in to identify any unusual or high-risk activities.
• Analysing transaction purpose: Understanding the reasons behind transactions to ensure they are legitimate and consistent with the customer’s profile.
• Tracking transaction frequency: Monitoring how often transactions occur to detect any patterns that deviate from expected or normal behaviour.
• Reviewing past and future transactions: Examining both historical and ongoing transactions to gain a comprehensive view of the customer’s financial activities and identify any inconsistencies over time.

Senior Management Approval for High-Risk Relationships

Obtaining senior management approval is a critical step in managing high-risk customer relationships within an ECDD program. This requirement ensures that there is an additional layer of oversight and accountability when establishing or continuing business relationships with customers who present a higher risk of ML/TF. Seeking senior management approval demonstrates a commitment to robust risk management and compliance within the organisation.

Senior management approval is specifically required for:

• Establishing business relationships: Gaining formal approval before initiating a business relationship with a high-risk customer to ensure careful consideration and due diligence from the outset.
• Continuing business relationships: Seeking approval to maintain ongoing relationships with high-risk customers, ensuring periodic review and reaffirmation of the risk assessment.
• Providing designated services: Obtaining authorisation before offering specific designated services to high-risk customers, adding a control layer for service provision.
• Processing transactions: Requiring senior-level sign-off for processing transactions for high-risk customers, particularly those that are complex or unusual, to ensure thorough scrutiny and informed decision-making.

Developing and Maintaining an Effective ECDD Program

Defining High-Risk Factors and Procedures

To establish a robust ECDD program, it is essential to clearly define what constitutes high-risk within your organisation. This involves identifying specific customer types, designated services, delivery channels, and geographical locations that pose a higher risk of ML/TF. Your ECDD program must outline procedures that ensure the consistent implementation of ECDD processes whenever these high-risk factors are present.

Key elements to define within your ECDD program include:

• High-Risk Customer Types: Specify categories of customers that are more likely to present an elevated ML/TF risk. This could include certain industries, business structures, or customer demographics identified through your risk assessments.
• High-Risk Designated Services: Identify particular services your organisation offers that may be more susceptible to ML/TF activities. Certain types of financial transactions or services might inherently carry a higher risk.
• High-Risk Channels: Determine which channels of service delivery could increase ML/TF risks. For example, non-face-to-face interactions or transactions conducted through specific digital platforms might require enhanced scrutiny.
• High-Risk Jurisdictions: List countries or regions considered high-risk due to factors such as weak AML/CTF regimes or higher levels of corruption. Transactions or customers connected to these jurisdictions necessitate enhanced due diligence.

Assigning Responsibilities and Implementing Controls

A crucial aspect of an effective ECDD program is the clear assignment of responsibilities and the implementation of robust controls. It is vital to explicitly identify the roles and individuals within your organisation responsible for carrying out ECDD measures. Furthermore, establishing controls ensures the consistent application of ECDD, its effective operation, ongoing monitoring, and comprehensive internal reporting.

Key actions for assigning responsibilities and implementing controls include:

• Clearly Defined Roles: Specify which positions or teams are accountable for performing ECDD tasks. This ensures there is no ambiguity about who is responsible for each step of the ECDD process.
• Established Controls for Consistent Application: Implement procedures and systems that guarantee ECDD is applied uniformly across the organisation whenever high-risk triggers are identified. This might involve checklists, automated alerts, or mandatory review stages.
• Monitoring Mechanisms: Set up systems to monitor the effectiveness of your ECDD program. Regular reviews and audits can help identify any gaps or areas for improvement in the application of ECDD measures.
• Internal Reporting Lines: Establish clear channels for reporting on ECDD activities and any identified suspicious matters within the organisation. This ensures that relevant information is escalated to the appropriate levels of management for review and action.

Conclusion

Enhanced Customer Due Diligence (ECDD) is a vital component of Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) compliance for Australian reporting entities. It is specifically designed to manage the higher risks associated with certain customers, transactions, and jurisdictions that pose a greater threat of money laundering or terrorism financing (ML/TF). By undertaking ECDD, organisations can more effectively identify and mitigate these risks, ensuring they meet their compliance requirements and protect themselves from being exploited for criminal activities.

To ensure your organisation’s AML/CTF program is robust and fully compliant with ECDD requirements, it is essential to seek expert guidance. Contact AML House today to explore our specialised services and discover how our unparalleled expertise can assist you in navigating the complexities of ECDD and strengthening your overall AML/CTF framework.

Frequently Asked Questions (FAQ)