KYC in Australia: What AUSTRAC Expects for Customer Identification and Verification

A practical, plain English guide to AUSTRAC KYC obligations: what to collect, what to verify, beneficial owners, PEP checks, and what "reliable and independent" evidence means.

Know your customer, usually shortened to KYC, is the foundation of Australia's AML and CTF framework. In AUSTRAC language, KYC sits inside "customer identification and verification" and links directly to beneficial owners and politically exposed persons checks.

If you are an accounting firm preparing for Tranche 2 readiness, this is one of the first areas to get right because everything else, risk ratings, enhanced due diligence, monitoring, record keeping, depends on it. AUSTRAC has confirmed reforms commence on 1 July 2026 for tranche 2 entities.

What you will get from this article

By the end, you will understand: 1. What AUSTRAC means by KYC 2. The two step process: collect, then verify 3. What "reliable and independent" evidence actually means 4. Where beneficial owners and PEP checks fit 5. How to apply a practical risk based approach

1. What is KYC, in AUSTRAC terms

AUSTRAC describes KYC as the process of collecting information about a customer and then verifying certain information using reliable and independent documentation, electronic data, or both.

This is not just an identity check. It also includes: 1. Identifying beneficial owners of a customer (where relevant) 2. Establishing whether the customer, or certain related parties, are politically exposed persons

AUSTRAC groups these together under customer identification and verification guidance because they are core controls for money laundering and terrorism financing risk.

2. The two step process: collect, then verify

Think of KYC as two separate jobs:

Step 1: Collect identification information

You gather minimum identification details about: 1. The customer 2. Any beneficial owners you are required to identify

AUSTRAC publishes an easy reference guide that outlines the minimum information required for different customer types.

Step 2: Verify certain customer information

You then verify specific details using reliable and independent sources: 1. Documents 2. Electronic data 3. Or a combination of both

This distinction matters because many firms collect ID but do not verify correctly, or do not record verification evidence in a defensible way.

3. What "reliable and independent" evidence means in practice

AUSTRAC's guidance is explicit: you must use reliable and independent documentation or electronic data (or both) to verify information about the customer and beneficial owner.

Documents

For documents, AUSTRAC states you must use original or certified copies of primary or secondary documents.

Electronic data

For electronic data verification, AUSTRAC states you must use at least two separate data sources to verify customer information.

Practical interpretation for accounting firms: 1. Be clear which details you verified (name, date of birth, address, company number, trustee details, etc.) 2. Record which source verified each detail 3. Keep enough evidence to show an auditor what you did and why it met the standard

4. Which customers are covered: individuals and entities

AUSTRAC's customer identification and verification approach changes depending on the customer type. The easy reference guide outlines minimum information to collect and verify for different customer types.

At a high level:

Individuals

You collect personal identifying details, then verify them using documents, electronic data, or both.

Companies and other entities

You identify the entity and also identify the individuals behind it where required, including beneficial owners.

Trusts

Trusts can be more complex because you may need to identify additional parties, and beneficial ownership and control can require more detailed mapping. AUSTRAC provides beneficial owner examples involving trusts and corporate trustees.

5. Beneficial owners: where they fit and why they matter

Beneficial owners are not optional admin. AUSTRAC treats beneficial owner identification as an important part of applicable customer identification procedures.

In practical terms, beneficial ownership work is about answering: 1. Who ultimately owns the customer 2. Who ultimately controls the customer 3. Who benefits from the relationship, especially for structures like trusts

This is exactly where many real world AML failures happen, especially with layered entities, nominee arrangements, or informal control.

6. PEP checks: risk signal, not automatic guilt

AUSTRAC is clear on two things at once: 1. PEPs can present higher ML and TF risk because of exposure to bribery and corruption 2. Being a PEP does not automatically mean someone is involved in criminal activity

Your process should focus on: 1. Identifying whether the customer, or relevant related parties, are PEPs 2. Assessing the risk based on the circumstances 3. Applying enhanced customer due diligence where risk is high

7. Risk based approach: what changes for low risk vs high risk

AUSTRAC's KYC guidance supports a risk based approach. For example, it states you can use reliable and independent documents or electronic data to verify the identity of a medium or low risk customer.

As risk increases, your verification approach should become more conservative and more thorough. AUSTRAC's ECDD guidance and reforms guidance set expectations for enhanced measures when risk is high, including specific triggers relating to foreign PEPs.

8. A practical KYC checklist for accounting firms

Use this as your baseline workflow.

KYC minimum workflow

1. Confirm the customer type (individual, company, trust, other) 2. Collect minimum identification information 3. Identify beneficial owners where required 4. Establish whether the customer and relevant parties are PEPs 5. Verify required details using reliable and independent sources 6. Record what you did, what sources were used, and keep evidence 7. Apply enhanced due diligence where risk is high

9. Where firms typically get this wrong

Common failure points: 1. Collecting ID but not verifying against reliable and independent sources 2. Only using one electronic source when electronic verification is used, instead of at least two 3. Treating beneficial ownership as a tick box without mapping control properly 4. Treating PEP status as automatic high risk, instead of assessing circumstances 5. Weak record keeping, meaning you cannot demonstrate compliance later

10. How Nelvo helps

1. Guided KYC capture for individuals and entities, using an AUSTRAC aligned structure 2. Beneficial owner mapping and evidence capture in a consistent register format 3. PEP and enhanced due diligence workflow support, linked to risk assessment outcomes

11. Reforms note: why guidance references mention 31 March 2026

AUSTRAC's core guidance pages currently note that reforms guidance has been released and that existing obligations guidance is maintained until laws change on 31 March 2026. AUSTRAC also states reforms commence on 1 July 2026 for tranche 2 entities.

For your audience, the practical takeaway is: 1. Use current AUSTRAC core guidance to build capability now 2. Track reforms guidance so you are ready as commencement dates approach

References

AUSTRAC guidance referenced in this article: 1. <a href="https://www.austrac.gov.au/business/core-guidance/customer-identification-and-verification" target="_blank" rel="nofollow noopener noreferrer">Customer identification and verification hub</a> 2. <a href="https://www.austrac.gov.au/business/core-guidance/customer-identification-and-verification/customer-identification-know-your-customer-kyc" target="_blank" rel="nofollow noopener noreferrer">Customer identification, Know your customer</a> 3. <a href="https://www.austrac.gov.au/business/core-guidance/customer-identification-and-verification/customer-identification-and-verification-easy-reference-guide" target="_blank" rel="nofollow noopener noreferrer">Customer identification and verification easy reference guide</a> 4. <a href="https://www.austrac.gov.au/business/core-guidance/customer-identification-and-verification/reliable-and-independent-documentation-and-electronic-data" target="_blank" rel="nofollow noopener noreferrer">Reliable and independent documentation and electronic data</a> 5. <a href="https://www.austrac.gov.au/business/core-guidance/customer-identification-and-verification/beneficial-owners" target="_blank" rel="nofollow noopener noreferrer">Beneficial owners</a> 6. <a href="https://www.austrac.gov.au/business/core-guidance/customer-identification-and-verification/politically-exposed-persons" target="_blank" rel="nofollow noopener noreferrer">Politically exposed persons</a> 7. <a href="https://www.austrac.gov.au/business/core-guidance/amlctf-programs/enhanced-customer-due-diligence-program" target="_blank" rel="nofollow noopener noreferrer">Enhanced customer due diligence program</a> 8. <a href="https://www.austrac.gov.au/about-us/austrac-regulatory-expectations-and-priorities-2025-26" target="_blank" rel="nofollow noopener noreferrer">AUSTRAC regulatory expectations and priorities 2025 to 26</a> 9. <a href="https://www.austrac.gov.au/about-us/amlctf-reform/reforms-guidance" target="_blank" rel="nofollow noopener noreferrer">Reforms guidance pages on ECDD and PEPs</a>

Disclaimer

This article is general information only and is not legal, financial, or compliance advice. It is not tailored to your circumstances. While we aim to keep content current and accurate, AML and CTF obligations and regulator guidance can change. You should obtain independent professional advice and consult AUSTRAC guidance before making compliance decisions.