Introduction
With the anticipated implementation of Tranche 2 reforms, Australian accountants are set to become reporting entities under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth). This shift establishes a legal obligation for firms to implement rigorous Know Your Customer (KYC) protocols, positioning accountants as crucial gatekeepers in preventing money laundering and terrorism financing.
This guide offers a practical framework to help your accounting firm understand and manage these new compliance responsibilities. It details the core components of an effective KYC program, covering customer identification, verification, risk assessment, and the application of customer due diligence (CDD) to mitigate financial crime risks and ensure compliance with the Australian Transaction Reports and Analysis Centre (AUSTRAC)’s requirements.
Understanding Your Core KYC Obligations
Customer Identification & Verification Procedures
As an accountant providing designated services, you are required to carry out applicable customer identification procedures before establishing a business relationship or undertaking a transaction. This process, often called KYC, is a foundational element of your anti-money laundering and counter-terrorism financing (AML/CTF) program and must be documented.
The goal is to be satisfied that a customer is who they claim to be. The minimum information you must collect varies depending on the client type:
| Customer Type | Minimum Information to Collect |
|---|---|
| Individual Customer | • Full name • Either residential address or date of birth |
| Non-Individual Customer | • Full name of the company • Registration status with the Australian Securities & Investments Commission (ASIC) • Australian Company Number (ACN) or Australian Registered Body Number (ARBN) |
Once collected, this information must be verified using reliable and independent sources. Verification can be achieved through:
- Documents
- Electronic data
- A combination of both
For individual clients, this may involve sighting a primary photographic ID like a passport or driver’s licence. For companies, verification can often be completed by searching the relevant ASIC database.
Identifying & Verifying Beneficial Ownership
When your client is a company, trust, or another non-individual entity, your due diligence obligations extend beyond simply verifying the entity itself. A critical component of your KYC compliance is to identify and take reasonable measures to verify the identity of the beneficial owners.
A beneficial owner is any individual who ultimately owns or controls the customer, directly or indirectly. The threshold for beneficial ownership is typically met by any individual who:
- Owns 25% or more of the customer entity
- Exercises ultimate and effective control over the customer, even without a significant ownership stake
For a company, this involves identifying the natural persons behind any corporate shareholders until you have a clear picture of who is in control. For a trust, you must identify:
- The settlor
- The trustees
- All beneficiaries
This information must be collected and verified either before you provide a designated service or as soon as is reasonably practical afterward to ensure you understand who you are truly doing business with.
Ongoing Customer Due Diligence & Record Keeping
Your KYC obligations do not end once a client is onboarded. You must implement a system of ongoing customer due diligence (OCDD) to ensure the information you hold remains current and to monitor for potential risks.
This process involves periodically reviewing client details and scrutinising their transactions to ensure they align with your understanding of their business and risk profile. Any unusual or suspicious activity could be a red flag for money laundering or terrorism financing and may require further investigation.
Maintaining detailed and accurate records is a crucial part of this process and a legal requirement under the AML/CTF framework. You must document:
- All steps taken to identify and verify your customers and their beneficial owners
- Your risk assessments
- Any ongoing monitoring activities
These records must be kept for a minimum of seven years after the end of the business relationship, providing a clear audit trail that demonstrates your compliance with your legal obligations.
Get Your Free Initial Consultation
Request a Free Consultation with one of our experienced AML Lawyers today.
Implementing a Risk-Based Approach for KYC Compliance
Assessing Client Risk Profiles
AUSTRAC requires reporting entities, including accountants, to adopt a risk-based approach to their KYC procedures. This means the level of CDD you apply should directly correspond to the assessed risk of money laundering or terrorism financing.
By profiling clients, you can allocate compliance resources more effectively, focusing greater scrutiny on high-risk areas. A client’s risk profile is determined by evaluating several key factors. Your firm’s AML/CTF program should outline how you assess these elements to assign a risk rating, such as low, medium, or high.
Key factors to consider in your risk assessment include:
| Risk Factor | Description |
|---|---|
| Client Type and Structure | Assess the complexity of the client’s legal structure. Simple structures (sole traders, local companies) are often lower risk, while complex trusts or entities with opaque ownership are higher risk. |
| Services Provided | The nature of designated services impacts risk. Standard tax returns are typically low-risk, while services like company formation or managing client funds carry elevated risk. |
| Geographic Risk | Consider the client’s location and operational jurisdictions. Clients connected to high-risk countries, especially those identified by the Financial Action Task Force (FATF), require a higher risk rating. |
| Delivery Channel | Face-to-face interactions are lower risk than non-face-to-face or remote onboarding processes. |
Applying Enhanced Due Diligence for High-Risk Clients
When your risk assessment identifies a client as high-risk, standard CDD is insufficient. In these situations, you must apply Enhanced Due Diligence (EDD) to mitigate the potential for financial crime.
EDD involves taking additional, more stringent steps to verify information and understand the client’s activities. Your AML/CTF program must have clear triggers for when these more intensive procedures are initiated.
These triggers include when a client is:
- Identified as a Politically Exposed Person (PEP) or is a close associate of a PEP.
- Operating in or sourcing funds from a high-risk jurisdiction.
- Assessed as high-risk based on your firm’s internal risk profiling.
- Engaging in unusual or suspicious transactions that lack a clear economic rationale.
- Using complex or opaque business structures, such as those involving offshore entities or nominee shareholders.
The specific actions taken during EDD are designed to provide a deeper understanding of the client and their financial dealings. These procedures must be documented thoroughly and may include:
| EDD Procedure | Description |
|---|---|
| Source of Wealth & Funds | Obtain verifiable information on the client’s source of wealth (SOW) and the source of funds (SOF) for specific transactions. |
| Adverse Media Checks | Conduct checks for any credible allegations of criminal activity. |
| Senior Management Approval | Require approval from senior management before onboarding or continuing the client relationship. |
Sample KYC Client Onboarding Workflows
Onboarding a Low-Risk Client
A streamlined client onboarding process for low-risk clients ensures compliance without creating unnecessary friction. This workflow applies to clients like a local professional services firm operating solely in Australia, which presents a lower risk of money laundering or terrorism financing.
The process for a low-risk client typically involves the following steps:
| Step | Key Actions |
|---|---|
| Initial Engagement & Info Collection | Provide an onboarding form to collect essential details like: The company’s name ABN, address Personal information of directors/beneficial owners |
| Customer Identification & Verification | For a low-risk Australian company, verification can often be straightforward. You can: Run an ASIC search to confirm the company’s details Verify identities of individual directors and beneficial owners using their driver’s licences or passports through a reliable electronic verification platform or by sighting original documents |
| Risk Assessment | Conduct and document a risk assessment, concluding a low-risk rating based on the client’s profile and services requested. |
| Approval & Onboarding | The client is approved via a standard internal procedure and formally onboarded into the firm’s systems. |
| Ongoing Monitoring | Schedule periodic CDD, such as an annual review or every 24-36 months. |
Onboarding a High-Risk Client
When a potential client presents a higher risk of financial crime, a more rigorous onboarding workflow involving EDD is necessary. A high-risk client could be a complex trust structure with an overseas corporate trustee, particularly one based in a jurisdiction known for high secrecy or tax advantages.
The onboarding workflow for a high-risk client is more intensive and requires greater scrutiny at each stage:
| Step | Key Actions |
|---|---|
| Engagement & Initial Assessment | Identify initial red flags, such as requests for complex structures or involvement of high-risk jurisdictions. |
| Information Collection & Verification | The verification process is more demanding. You must: Request certified copies of key documents, such as the Trust Deed and the Certificate of Incorporation for any foreign entities Identify all individual beneficial owners of the trust and any corporate trustees, which can be a complex undertaking |
| Risk Assessment & EDD Trigger | A formal risk assessment results in a HIGH RISK rating, formally triggering the requirement for EDD. |
| Enhanced Due diligence Procedures | • Source of Wealth and the Source of Funds: Request verifiable evidence of wealth and funds. • Screening: Screen all individuals and entities against global watchlists for PEPs and sanctions. • Adverse Media Checks: Conduct in-depth searches for negative news or credible allegations. |
| Senior Management Approval | The complete EDD file is submitted to a partner or compliance officer for final review and sign-off. |
| Onboarding & Monitoring | After approval, the client is onboarded and subjected to frequent ongoing monitoring, such as quarterly reviews. |
Get Your Free Initial Consultation
Request a Free Consultation with one of our experienced AML Lawyers today.
Preparing for Tranche 2 Compliance
Key Compliance Dates & Deadlines
As Australia moves towards implementing Tranche 2 reforms, accounting firms must be aware of several critical deadlines to ensure a smooth transition to becoming reporting entities. Proactive preparation is essential for meeting these regulatory milestones and achieving full compliance.
Your firm should mark the following key dates in its compliance calendar:
| Date | Milestone |
|---|---|
| December 2025 | AUSTRAC is expected to release a starter AML/CTF program template. |
| March 31, 2026 | The official enrolment period with AUSTRAC opens for all Tranche 2 entities. |
| July 1, 2026 | Full compliance with the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) becomes mandatory. |
Developing Your AML & CTF Program
Your AML/CTF program is the cornerstone of your firm’s compliance framework. It documents the policies, procedures, and controls you have in place to identify, mitigate, and manage the risk of AML/CTF.
This written program must be:
- Tailored to your firm’s specific risk profile
- Approved by senior management
An effective AML/CTF program is typically divided into two main parts:
| Program Section | Content Focus |
|---|---|
| Part A | Outlines the firm’s approach to identifying, assessing, and managing ML/TF risks. It details risk-based systems, controls, staff training, and the appointment of a compliance officer. |
| Part B | Dedicated entirely to KYC procedures. It documents how the firm will collect and verify information for different customer types, including identifying beneficial owners and handling discrepancies. |
Your program must also include provisions for OCDD, transaction monitoring, and a clear process for reporting suspicious matters to AUSTRAC. Additionally, it is a dynamic document that should be independently reviewed and updated regularly, at least every three years, to reflect any changes in your business or the regulatory landscape.
Get Your Free Initial Consultation
Request a Free Consultation with one of our experienced AML Lawyers today.
Conclusion
As Tranche 2 reforms approach, Australian accountants must implement comprehensive KYC protocols, including customer identification, risk assessment, and ongoing due diligence, to comply with their new obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth). Developing a tailored AML/CTF program and applying distinct onboarding workflows for low and high-risk clients are essential steps to mitigate financial crime risks and meet AUSTRAC’s requirements.
To ensure your firm is fully prepared for these significant changes, contact our AML for Accountants team today. Our AML compliance team provides specialised legal and consulting services to help you navigate these complex regulations, ensuring your compliance framework is robust and effective.
