How to comply with the latest KYC regulations

In today’s rapidly evolving regulatory landscape, staying compliant with the latest Know Your Customer (KYC) regulations is paramount for businesses across various industries.

What is the number one rule of anti-money laundering and terrorist financing? Know your customer. 

Know Your Customer (KYC) regulations are crucial to Australia’s anti-money laundering (AML) and counter-terrorist financing (CTF) regime, and businesses, which are obligated to report back to AUSTRAC, must pay attention to the latest changes to stay compliant. 

Businesses caught not complying with KYC checks face potential fines well into the millions of dollars, not to mention the risk of letting criminals into your business.  

So what are these KYC requirements, how are they evolving, and how can businesses ensure compliance? 

Let’s dive in. 

What is KYC?

KYC stands for ‘know your customer’ or ‘know your client’ and is crucial to Anti-Money Laundering (AML) regulations in Australia and many other countries. KYC processes aim to prevent money laundering, terrorist financing, and related fraud. 

AML refers to a wide-ranging set of processes, policies and regulations designed to prevent illegal money laundering and terrorist financing. At the same time, KYC specifically focuses on verifying customers’ identities and risk levels during customer onboarding or periodically while doing business with them. 

According to Australian law, AML and KYC compliance are mandatory for businesses in specific regulated industries, such as banking and financial services. 

However, ensuring the person on the other side of any transaction is “who they say they are” is also essential for various industries outside financial services, such as gaming and wagering, crypto, global remittance, and more. 

This applies to both individual customers (people) and non-individual customers, such as companies, associations or trusts. 

Staying KYC compliant in Australia

In Australia, AML and KYC are regulated by the Australian Transaction Reports and Analysis Centre (AUSTRAC). AUSTRAC ensures that regulated institutions comply with the Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) Act. 

The AML/CTF Act was passed in 2006 and has since been enhanced multiple times to keep up with the latest crime threats and risks. 

There are three main components of KYC regulations:

  • Customer Identification Program (CIP)
  • Customer Due Diligence (CDD)
  • Enhanced Due Diligence (EDD)

A Customer Identification Program (CIP) includes collecting personal information, such as name, date of birth and address, during customer onboarding or account creation to verify the identities of new and existing customers. 

Identity data collection generally involves asking customers to provide their personal data and confirming the details against identification documents such as a driver’s licence or passport. 

The verification process can include identity document verification, address verification (e.g. utility bills), biometric data verification, or any combination.

Customer Due Diligence (CDD) is the process used to evaluate customer risk. It includes collecting personal information to verify a customer’s identity and prevent fraud before they engage in financial activity with an organisation, as well as checking personal customer information against global watch lists or sanctions against individuals. 

Enhanced Customer Due Diligence (ECDD) ensures businesses gain a deeper understanding of who they are doing business with, measure the level of risk they present, and mandate reporting measures to ensure risks are documented for future reference.

Here’s the critical part: regulated businesses must complete KYC – checking a customer’s identity by collecting and verifying information – before providing any designated services to them. 

This means performing KYC checks during onboarding, such as when opening a bank account, and on an ongoing basis to ensure customers are who they say they are and determine the level of risk they present. 

How KYC is evolving

Over the past few years, KYC regulations have evolved in terms of the level of personal information that needs to be collected and the industries that need to comply. 

Here are a few of the latest changes:

1. Alternative methods for KYC during the pandemic

During the COVID-19 pandemic, it became harder for businesses to collect in-person information to comply with KYC/AML regulations. So, AUSTRAC provided alternative methods for compliance, encouraging digital identity verification. 

For example, AUSTRAC recommended that Australian organisations use electronic or scanned copies of identity documents and video call verification. 

2. Extending KYC regulations to high-risk industries

One of the critical challenges in Australia, much like the rest of the world, is the rapidly evolving complexity of financial crimes. From money laundering to identity theft, criminal threats are evolving constantly, and regulators are racing to keep up. As a result, the requirements for specific industries can evolve depending on emerging threats. 

Australia is significantly lagging behind international expectations in its AML laws for Designated Non-Financial Businesses and Professions (DNFBPs), which includes regulating lawyers, accountants, real estate agents and some other sectors. 

Proposed reforms, known as “Tranche 2,” aim to align Australia’s anti-money laundering (AML) and counter-terrorism financing(CTF) laws with global standards set by the Financial Action Task Force (FATF).

Also, according to its 2024 Regulatory Priorities, AUSTRAC will increase its regulatory activities in the following sectors:

  • Digital currency exchanges (DCEs)
  • Payment platforms
  • Bullion
  • Non-bank lenders and financiers.

This is a result of rapid and significant growth, as well as concerns about compliance, in these sectors.

3. KYC Changes in Online Wagering 

Under the National Consumer Protection Framework for Online Wagering, Australian Governments have implemented customer pre-verification for online wagering accounts. 

As a result, the AML/CTF Rules have been amended to strengthen the identity verification process that applies to online wagering service providers. 

From 29 September 2024, all online wagering service providers must complete the customer identification procedures before creating an online gambling account or providing any designated service.

This change is to help ensure that online wagering services are not exploited by criminals or used by individuals on the National Self-Exclusion Register.

Customer expectations are evolving 

Businesses need to be aware of not only evolving KYC regulations but also ever-changing customer expectations. 

Consumers now expect organisations to provide not only robust security but also a seamless and fast onboarding user experience. Speed and convenience are expected whether someone is signing up as a new customer for online wagering or opening a bank account.

When it comes to identity verification, these expectations are no different. As the process becomes increasingly digitised, customers expect their identities to be verified in real-time. 

They want to complete onboarding on the spot from their mobile phone. Businesses that fail to meet that expectation are in danger of losing customers at the very first step. 

How to stay compliant with KYC changes 

By understanding the changes, businesses can take proactive measures to strengthen their KYC processes and ensure compliance – that’s where technology comes into play. 

Technologies are constantly advancing to ensure organisations can keep pace with the changes, stay compliant and deliver a seamless customer experience when verifying identities.  

Sophisticated identity verification solutions now leverage machine learning (ML) and artificial intelligence (AI) combined with biometric technology, liveness detection and streamlined document verification. 

These improve accuracy to meet stringent criteria set by AUSTRAC while reducing friction and meeting customer expectations.

For example, GBG’s smart capture technology enables quick and easy document image capture to match the document against our extensive global library, check it is genuine, and detect tampering. 

Facial matching and liveness checks then verify the person pictured on the document is really present and is the same person onboarding. To speed up form completion and minimise errors, Optical Character Recognition (OCR) automatically extracts data from documents to autofill forms and fast-track genuine customers through onboarding.

Flexibility is key

With ever-changing rules and risks, flexibility is the key to staying ahead of the latest KYC regulation changes. You need to know that your processes and technologies can adapt to ensure you remain compliant without adding unnecessary hurdles to your customer experience. 

That’s where your identity verification technology comes in. With a configurable and scalable solution at the heart of your KYC framework, you can tailor KYC checks to meet your business and compliance needs and keep your customers and AUSTRAC happy. 

Learn how GBG’s identity verification solutions make it easy for your business to meet KYC regulations.



Why choose GBG?

Here at GBG, we help you onboard more genuine customers and stay compliant with fast and accurate identity verification. Regardless of your business size or industry, you can tap into powerful global verification solutions to keep bad actors out and protect your business.

Related Blogs