KYC means Know Your Customer and sometimes Know Your Client. KYC or KYC check is the mandatory process of identifying and verifying the identity of the client when opening an account and periodically over time. Financial Services may refuse to open an account or halt business relationship if the customer fails to meet minimum KYC requirements.

The process of “knowing your customer” ensures identity is verified either before or during the time that a financial institution starts doing business with an individual or entity and can also reference the regulated financial services practices that are used to verify clients’ identities.

It is up to financial institutions that issue credit or allow customers to open accounts to practice enhanced due diligence and verify customers to ensure they are not taking part in a money laundering scheme. They must verify where large sums of money originated, monitor suspicious activities and report material cash transactions.

Many financial institutions begin their KYC procedures by collecting basic data and information about their customers, ideally using electronic identity verification. Pieces of information such as names, passport, Medicare card, phone numbers, birthdays, and addresses can be very useful when determining whether an individual is involved in a financial crime. This verification process can go further to include facial verification and biometric verification.

The KYC process is a legal requirement intended as an Anti-money laundering and Counter Terrorism Financing measure. KYC policies require “reasonable due diligence” to know (and retain) the essential data concerning every customer.

Anti-money laundering (AML) and Counter Terrorism Financing (CTF) describes the legal controls that require financial institutions and other regulated entities to prevent, detect and report money laundering activities. Laws against money laundering were created as far back as the 1930’s.

Directives such as the Bank Secrecy Act (BSA) of 1970 and the more recent legislation in Australia, the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 regulate the set of procedures, laws and regulations designed to stop the practice of generating income through illegal actions.

RegTech (Regulatory Technology) is the application of emerging technology to improve the way businesses manage regulatory compliance. RegTech companies can engage machine learning, natural language processing, blockchain, AI, and other technologies in order to bring the power of digital transformation to the world of regulatory compliance.

The AUSTRAC AML/CTF reforms start in two waves: 31 March 2026 for current reporting entities under the AML/CTF Act 2006, and 1 July 2026 for tranche 2 entities (real estate, lawyers, conveyancers, accountants, trust and company service providers, and dealers in precious metals and stones). Existing tranche 1 customers must be transitioned to the new CDD standard by 30 March 2029.

A tranche 2 entity is an Australian business that becomes regulated by AUSTRAC for the first time on 1 July 2026 because it provides one or more new "designated services": real estate brokering and developer sales, legal and conveyancing services, accounting services, trust and company service provision, and dealing in precious metals, stones and products at or above the prescribed thresholds. If you provide any of these services with a geographical link to Australia, you must enrol with AUSTRAC and stand up an AML/CTF program before 1 July 2026.RegTech (Regulatory Technology) is the application of emerging technology to improve the way businesses manage regulatory compliance. RegTech companies can engage machine learning, natural language processing, blockchain, AI, and other technologies in order to bring the power of digital transformation to the world of regulatory compliance.

Yes. From 1 July 2026 every Australian real estate agent, buyer's agent and property developer must complete AML/CTF customer due diligence on both the buyer and the seller before the brokered transaction proceeds, and must operate an AML/CTF program covering risk assessment, source of funds checks, ongoing monitoring, suspicious matter reporting and seven-year record keeping.

From 1 July 2026, lawyers, accountants, conveyancers, financial advisers and insolvency practitioners that provide a designated professional service must enrol with AUSTRAC, complete initial customer due diligence on the client before commencing the matter, run ongoing CDD and transaction monitoring, lodge Suspicious Matter Reports and Threshold Transaction Reports where applicable, keep records for seven years, and operate a written AML/CTF program. Pure legal or financial advice that only "influences" a transaction is not a designated service, and legal professional privilege continues to apply.

Customer due diligence (CDD) is the risk-based AML process of identifying your customer, verifying their identity, identifying the beneficial owners, understanding the nature and purpose of the relationship, and monitoring it over time. It has three layers: initial CDD before you provide a designated service, ongoing CDD (transaction monitoring and KYC refresh), and enhanced due diligence (EDD) for high-risk customers, politically exposed persons (PEPs), or where source of funds and source of wealth must be established.

AUSTRAC enrolment opened for tranche 2 entities on 31 March 2026, and you must be enrolled before you start providing a designated service from 1 July 2026. Enrolment is the baseline notification through AUSTRAC Online; registration is a separate, more rigorous step (with a fit and proper assessment) that applies on top of enrolment for remittance providers and virtual asset service providers (VASPs).

A Suspicious Matter Report (SMR) is a mandatory AUSTRAC report you must lodge when, in the course of providing a designated service, you form a suspicion on reasonable grounds that the matter may relate to money laundering, terrorism financing, proceeds of crime or another serious offence. SMRs must be lodged via AUSTRAC Online within 3 business days (or 24 hours for terrorism financing), and the report cannot be disclosed to the customer under the tipping off offence.

No, not all at once. Existing tranche 1 reporting entities have until 30 March 2029 to bring their existing customer base up to the reformed initial CDD standard, and tranche 2 entities can treat customers they were already engaged with on 1 July 2026 as "pre-commencement customers" until a trigger event (an SMR obligation, or a significant change in the relationship that lifts ML/TF risk to medium or high) forces fresh initial CDD.

The AUSTRAC travel rule requires the institution that orders a value transfer (including a virtual asset transfer) to send specified originator and beneficiary information with the transfer, and requires the beneficiary institution to receive, screen and act on it. For virtual asset service providers (VASPs) and digital currency exchanges, additional FATF-aligned obligations cover counterparty wallet attribution, sanctions screening on counterparty addresses, and unhosted (self-custody) wallet transfers, and apply from 31 March 2026.

An AML/CTF program is the documented framework that sets out how an AUSTRAC reporting entity identifies, assesses, mitigates and manages money laundering, terrorism financing and proliferation financing (ML/TF/PF) risk. Under the reformed AUSTRAC Rules every program must contain five elements: a governance framework with a board-equivalent governing body, an AML/CTF compliance officer (AMLCO) and accountable senior manager; a documented ML/TF risk assessment; AML/CTF policies covering CDD, screening, monitoring, reporting and record keeping; periodic review; and an independent evaluation by someone independent of the program.

Electronic identity verification is used to match particular electronic data sources to customer details. To comply with the AUSTRAC ‘safe harbour’ rules you must verify at a minimum Name, Address and Date of Birth on two independent data sources. The AFSL may choose to apply greater rigour and additional checks as part of their KYC Program.

For example, while verifying Name, Address and Date of Birth on two independent data sources such as electoral roll and credit bureau will meet the minimum requirements, many organisations also require at least one government source such as a driver’s license, Medicare, or passport (known as the Document Verification Service or DVS).

The most common approach is to establish a ‘scorecard’ for verification against a source like electoral roll AND a government source.

The LAB dynamic Onboarding Framework performs electronic verification on individuals based on the IDMatrix profile selected by your organisation (sometimes referred to as an organisation’s Scorecard).

All individuals in an application that are required to be electronically verified are identified in accordance with the selected IDMatrix profile.

For a comprehensive list please visit the LAB Community Knowledge Base here.

A PEP is an individual who holds a prominent public position or role in a government body or international organisation, either in Australia or overseas. Immediate family members and/or close associates of these individuals are also considered PEPs.

PEPs often have power over government spending and budgets, procurement processes, development approvals and grants. Examples of PEPs include government ministers or equivalent politicians, senior government executives, high ranking judges, high-ranking military officers, or board members or executives of an international organisation. This is not a complete list of PEPs.

Because PEPs hold positions of power and influence they can be a target for corruption and bribery attempts, and ultimately for money laundering or terrorism financing activities. This is why it’s important to use AML/CTF measures to identify and manage any such potential risks. However, you should remember that being a PEP doesn’t automatically mean someone is involved in criminal activities.

As part of your AML/CTF program, you must outline how you identify PEPs and what steps you take when dealing with them.

Yes! Customers apply from your website to your branded version of the LAB dynamic Onboarding Framework to provide a seamless customer journey.

The LAB dynamic Onboarding Framework integrates with a number of industry systems and organisations including HiTrust, Pershing, Macquarie, AusieX, IRESS Xplan, Accuity, FinClear, Trulioo, Praemium, Hub24, M2, Open Markets and Pacific Systems.

We are almost always introducing new integrations and partners. For the most up to date list or to speak to us about an integration request, contact us.

LAB Group has API’s and webhooks available to integrate with your current systems, including:

• Triggering an action to your system based on events
• Our Initiate API allows businesses to initiate and pre populate aspects of an application through the LAB dynamic Onboarding Framework independent of the online application form
• LAB Group’s Completion API allows organisations to extract application data entered into an online application through the LAB dynamic Onboarding Framework. Organisations can extract application data via the Completion API and then use this to load application data into their account management, registry system or CRM.
• The Federated Identity API allows organisations to utilise LAB Groups Federated Identity capability to seamlessly log into the LAB Application Manager without a user needing to provide additional credentials.
• The Application Maintenance API allows organisations to update an application through the LAB dynamic Onboarding Framework with specific details, such as setting an account number or setting a specific label.

The LAB dynamic Onboarding Framework is a multi-lingual platform and can support multiple languages. Default translations of core field are supplied to the client for review however any translations for client specific application wording must be provided by the client.

Currently the following languages are supported/activated in the LAB dynamic Onboarding Framework:

• English
• Spanish
• Chinese
• Japanese
• Russian
• Bahasa
• Portuguese
• German

We have a support desk available for you to submit cases in our LAB Community with the option for technical support. This is a central location for resources, Frequently Asked Questions, Guides and a place to monitor the progress of your support cases. Go to the LAB Community here to view our Knowledge Base, Request Access, or Submit a Case.

Yes. We have different levels of access available for managing and monitoring applications within LAB’s Application Manager ensuring staff get the correct authorised access and permissions.