Know Your Customer

What is KYC in Australia

AUSTRAC states that as a reporting entity you must identify and know your customers, and that your customer identification procedures, KYC procedures, must be documented in Part B of your AML and CTF program.

AUSTRAC’s KYC guidance explains that Part B is solely focused on customer identification procedures and that you must document the procedures you use for different types of customers, based on the level of money laundering and terrorism financing risk different customers pose.

It also states you must check a customer’s identity by collecting and verifying information before providing designated services, and that you must identify both individuals and non individuals such as companies, associations or trusts.

In practice, KYC is the structured process you use to answer three questions.

• Who is the customer
• Who owns or controls the customer
• What is the purpose and expected nature of the relationship

Why KYC matters for Tranche 2 compliance

For Tranche 2 sectors, KYC is often new. Many professional services firms already collect client information for commercial and legal reasons, but AML and CTF compliance requires a higher standard of consistency, verification, and risk based decision making.

Strong KYC helps you:

• Prevent anonymous or disguised clients entering the business
• Understand beneficial ownership and control, especially behind companies and trusts
• Identify politically exposed persons and other higher risk indicators
• Detect unusual behaviour by comparing activity against the expected profile

AUSTRAC also notes that to identify, mitigate and manage money laundering and terrorism financing risk, you need ongoing customer due diligence processes and this includes developing and documenting an enhanced customer due diligence program and a transaction monitoring program in Part A of your AML and CTF program.

So KYC is not isolated. It links directly into ongoing monitoring and escalation.

KYC and FATF customer due diligence standards

FATF Recommendation 10 sets out the global baseline for customer due diligence. It includes identifying the customer and verifying identity using reliable independent source documents, identifying and taking reasonable measures to verify the beneficial owner, understanding the purpose and intended nature of the relationship, and conducting ongoing due diligence and scrutiny of transactions to ensure they are consistent with what is known about the customer, including the source of funds where necessary.

This alignment matters because Australia’s reforms continue to move the regime towards clear outcomes. In a regulatory conversation, being able to map your KYC process to FATF logic strengthens your position.

Practical KYC steps for Tranche 2 businesses

Step 1: Define the customer type

Individual, company, trust, partnership, association, or other arrangement. AUSTRAC requires procedures for different customer types.

Step 2: Collect identity information

Collect the information your procedures require, including details that allow verification.

Step 3: Verify identity

Use reliable evidence and verification methods appropriate to the risk. Your goal is to be satisfied the person is who they claim to be, or the entity exists and you understand beneficial owners.

Step 4: Identify beneficial owners and controllers

AUSTRAC expects Part B to include how you collect and verify beneficial owner information and how you determine if the customer or beneficial owner is a PEP.

Step 5: Understand purpose and expected behaviour

FATF expects understanding of the purpose and intended nature, and ongoing scrutiny against that expected profile.

Step 6: Record a simple file note

Write a short explanation that links the evidence to your conclusion and your risk rating.

Practical Examples of KYC

Example 1: Individual buyer in a property transaction

You verify identity, check sanctions and PEP status, and record how the deposit is funded and why it is plausible for the customer.

Example 2: Company client for advisory services

You verify the company exists, identify directors and controllers, identify beneficial owners, and document the ownership and control structure in plain English.

Example 3: Trust client

You identify the trustee, the settlor where relevant, beneficiaries where required by your procedures, and the controlling persons. Trusts are often where weak KYC creates major exposure later.

Best practice KYC controls

• Write KYC procedures that staff can follow under pressure. If the process only works on quiet days, it is not a real control.
• Use risk based depth. AUSTRAC expects procedures based on the risk different customers pose.
• Build PEP checks into the workflow. Part B should include how you identify PEPs for customers and beneficial owners.
• Handle discrepancies properly. AUSTRAC expects procedures for how you respond to discrepancies when verifying information.
• Link KYC to ongoing CDD. KYC is the beginning of due diligence, not the end.

Common Challenges in Implementing KYC Procedures

• Treating KYC as document collection rather than verification plus judgement.
• Missing beneficial ownership because staff stop at the first company layer.
• Inconsistent files across offices and partners, especially in professional services.
• Leaving KYC until late in the matter, which creates operational friction.

How Tranche 2 Consultants can help

Tranche 2 Consultants can design a KYC framework that fits your sector and workflow, including Part B procedures, beneficial ownership templates, PEP and screening steps, and staff training that helps teams apply KYC consistently without slowing down legitimate business.

Final Thoughts on KYC

Know your customer is the foundation of AML and CTF compliance. In Tranche 2 businesses, it is also the area where practical implementation often succeeds or fails. A clear Part B procedure, risk based verification, and strong beneficial ownership work will reduce downstream issues and make your compliance program defensible against both AUSTRAC expectations and FATF aligned standards.