Chapter 9 - AML/CTF Reforms
Simply collecting a copy of a clients ID is only part of your process.
Your initial and ongoing customer due diligence (CDD) obligations start with understanding the money laundering, terrorism financing risks (ML/TF risks) of your customer.
Why customer risk ratings matter
Developing a process to assign customer risk ratings helps you accurately and consistently:
identify the risk of each customer
assign appropriate risk ratings - low, medium or high risk.
This helps you apply your AML/CTF policies to appropriately manage and mitigate customer risk. It will also determine when you can apply your simplified CDD measures (for low-risk customers) and when you must apply enhanced CDD (for high-risk customers).
When assigning a customer risk rating for CDD, you must use the information and factors in your ML/TF risk assessment, and consider how these apply to the individual customer. This includes all of the following:
the kind of customer (individual, sole trader, trust, partnership, company).
the source of funds and source of wealth, and/or complexity of structures.
the delivery channels you'll use to provide advice to the customer (for example, delivery advice through a POA).
the customers PEP status.
any ties the customer has to high-risk jurisdictions..
The presence of particular risk factors, and the customer’s overall risk rating, will then determine the:
subsequent KYC information you collect and/or verify (for initial CDD)
monitoring process (for ongoing CDD).
Customer Risk Ratings
Low-risk customer: the customer is an Australian resident seeking advice within a low-risk jurisdiction. There are no red flags or enhanced CDD triggers are present.
Medium-risk customer: where there are no red flags or enhanced CDD triggers present, but there are some ML/TF risk factors that may have a moderate impact. For example, if one of the following applies to the customer, they:
have multi-layered business structures (which isn’t unduly complex)
have connections to medium-risk jurisdictions.
are a low-profile domestic politically exposed person (PEP).
High-risk customer: the customer has high-risk indicators with significant complexity. For example, if one or more of the following applies to the customer:
has a business structure that’s unusually complex.
is a high-profile PEP
is a foreign PEP.
has ties to high-risk jurisdictions.
is seeking advice from you that doesn’t have a clear economic or lawful purpose or reason.
The presence of particular risk factors, and the customer’s overall risk rating, will then determine the:
subsequent KYC information you collect and/or verify (for initial CDD)
monitoring process (for ongoing CDD).
Examples of Customer Risk Ratings
1. Low-risk customer – employed individual, simple advice scope:
Through the fact-finding process, the adviser meets with an individual Australian resident (in person or via video link) who is PAYG employed and seeks advice limited to consolidating superannuation accounts and reviewing existing personal insurances.
The customer’s income, assets, and contribution patterns are consistent with their employment and age. There is no use of cash, no complex structures, and no third-party involvement. The client is not a PEP and has no connections to medium- or high-risk jurisdictions.
Under the risk rating system, the customer is assessed as low risk, and simplified CDD measures are applied.
2. Low-risk customer – SMSF establishment with clear funding source
The adviser identifies a married Australian couple seeking advice to establish an SMSF using rollovers from existing APRA-regulated superannuation funds.
All trustees are Australian residents, the source of funds is clearly documented through superannuation rollover statements, and there are no external contributors or complex investment strategies proposed at establishment.
There are no PEP, sanctions, or jurisdictional risk indicators. The customer is assessed as low risk, and simplified CDD is sufficient.
3. Medium-risk customer – overseas connections (non–high-risk jurisdiction)
Through the fact-finding process, the adviser identifies a client who is an Australian resident but has lived and worked overseas in a medium-risk jurisdiction (e.g. Philippines or Malaysia) within the last five years.
The client has accumulated savings offshore and intends to transfer funds to Australia for investment. While documentation is provided and the explanation of wealth is reasonable, the offshore element introduces an elevated ML/TF risk.
Under the risk rating system, the adviser classifies the customer as medium risk and applies standard CDD with increased scrutiny, including verification of offshore bank statements and closer ongoing monitoring.
4. Medium-risk customer – trust structure with third-party contributors
The adviser identifies a client seeking advice through a discretionary family trust, where adult children make contributions to a pooled investment strategy.
While all parties are Australian residents and there are no high-risk jurisdictions involved, the presence of multiple contributors and beneficial owners increases complexity and opacity.
The customer is assessed as medium risk, requiring full identification and verification of trustees, beneficiaries, and contributors, with heightened ongoing monitoring.
5. High-risk customer - overly complex structures with large amounts of cash and ties to high risk jurisdictions:
Through your fact-finding process, the adviser identifies a client who has multiple business structures that or overly complex, with large amounts of cash. The client appears coached or rehearsed when answering questions about their current personal and financial situation. They also have ties to high-risk jurisdictions (e.g. Iran, Syria, Afghanistan)
Under the adviser’s risk rating system, the adviser classifies the customer as high risk.
In addition to the standard CDD steps above, they complete the following enhanced CDD measures :
a source of funds and source of wealth check – to determine the source of the cash and whether the customer’s wealth came from a legitimate source
given the customers deceptive behaviors and links to high-risk jurisdictions, the adviser would search the Department of Foreign Trade’s Consolidated List, which includes all individuals, entities and vessels subject to Australian sanctions, including targeted financial sanctions, travel bans, arms embargos and maritime sanctions - Consolidated List | Australian Government Department of Foreign Affairs and Trade
additional checks to verify the politically exposed status of the person – including proof of their current employment from their employer
additional reliable and independent data to verify the customer’s identity – including additional photographic identification such as the buyer’s passport and driver's licence
ongoing monitoring for indications of corruption and bribery – with staff monitoring the customer against indicators specified in the business’s customer monitoring program.
6. High-risk customer – nominee or power of attorney arrangements
The adviser identifies a client who insists on acting through a nominee or power of attorney arrangement without clear justification. The underlying beneficial owner is reluctant to engage directly or provide identity documentation.
The lack of transparency and resistance to disclosure elevate the ML/TF risk. Under the risk rating system, the customer is classified as high risk, and enhanced CDD is applied, including
verification of both the nominee and beneficial owner and heightened monitoring.
In the next lesson, we will look at how you can apply your Customer Due Diligence to low-risk customers.