AML/CTF & Financial-Sanctions Legal Corpus — UN · AU · UK · US · EU · CA · SG · CH · HK · JP · AE (v1)

Home / AML/CTF Rules 2025

Anti-Money Laundering and Counter-Terrorism Financing Rules 2025

Legislative instrument (Rules) · adopted n/a · aus/rules/aml-ctf-2025

Authoritative text

Anti-Money Laundering and Counter-Terrorism Financing Rules 2025 made under the Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 Compilation No. 1 Compilation date: 31 March 2026 Includes amendments: F2026L00353 About this compilation This compilation This is a compilation of the Anti-Money Laundering and Counter-Terrorism Financing Rules 2025 that shows the text of the law as amended and in force on 31 March 2026 (the compilation date). The notes at the end of this compilation (the endnotes) include information about amending laws and the amendment history of provisions of the compiled law. Uncommenced amendments The effect of uncommenced amendments is not shown in the text of the compiled law. The details of amendments made up to, but not commenced at, the compilation date are underlined in the endnotes. Any uncommenced amendments affecting the law are accessible on the Register (www.legislation.gov.au). Application, saving and transitional provisions If the operation of a provision or amendment of the compiled law is affected by an application, saving or transitional provision that is not included in this compilation, details are included in the endnotes. Editorial changes For more information about any editorial changes made in this compilation, see the endnotes. Presentational changes The Legislation Act 2003 provides for First Parliamentary Counsel to make presentational changes to a compilation. Presentational changes are applied to give a more consistent look and feel to legislation published on the Register, and enable the user to more easily navigate those documents. Modifications If the compiled law is modified by another law, the compiled law operates as modified but the modification does not amend the text of the law. Accordingly, this compilation does not show the text of the compiled law as modified. Any modifications affecting the law are accessible on the Register. Self-repealing provisions If a provision of the compiled law has been repealed in accordance with a provision of the law, details are included in the endnotes.

Contents Part 1—Preliminary 1 1-1 Name 1 1-3 Authority 1 1-4 Definitions 1 1-5 Domestic politically exposed person 5 1-6 Enrolment details 6 1-7 Registrable details 6 1-8 Transfer of value—excluded transfers 7 1-9 Security—managed investment schemes 7 Part 2—Reporting groups 8 2-1 Reporting group that is a business group 8 2-2 Reporting group formed by election 9 2-3 Conditions for discharge of obligations by members of a reporting group 11 2-4 Conditions for discharge of obligations by members of a reporting group that are not reporting entities 11 Part 3—Enrolment 12 Division 1—Application for enrolment 12 3-1 Purpose of this Division 12 3-2 Information about applicant’s designated services 12 3-3 Information relating to the applicant 13 3-4 Information relating to earnings 16 3-5 Information about the person completing the application and declaration 17 Division 2—Correction and removal of enrolment details 18 3-6 Correction of entries in the Reporting Entities Roll 18 3-7 Removal of name and enrolment details on AUSTRAC CEO’s own initiative 18 3-8 Request to remove entry from Reporting Entities Roll—required information 18 Division 3—Changes in enrolment details 19 3-9 Changes in enrolment details to be advised 19 Part 4—Registration 20 Division 1—Management of the Remittance Sector Register and the Virtual Asset Service Provider Register 20 4-1 Correction of entries 20 4-2 Publication of register information 20 Division 2—Information requirements for registration applications 21 4-3 Purpose of this Division 21 4-4 Application—general information 21 4-5 Information relating to ML/TF risks 24 4-6 Information relating to AML/CTF policies 25 4-7 Information relating to accounts with financial institutions 25 4-8 Information relating to other persons assisting 26 4-9 Information relating to key personnel and past unlawful activity etc. 26 4-9A Additional requirements for application for registration as a remittance network provider 27 4-10 Additional requirements for application by remittance network provider for registration of an affiliate 28 4-11 Additional requirements for application by independent remittance dealer for registration as a remittance affiliate 28 4-12 Additional requirements for application for registration as a remittance network provider, an independent remittance dealer or a remittance affiliate of network provider 28 4-13 Additional requirements for application for registration as a remittance affiliate of network provider 29 4-14 Additional requirements for application for registration as a virtual asset service provider 29 Division 3—Registration decisions 31 4-15 Registration decisions—other matters 31 Division 4—Suspension of registration 32 4-16 Purpose of this Division 32 4-17 Suspension of registration 32 4-18 Effect of suspension—renewal and advising of certain matters 33 4-19 Period of suspension 33 4-20 Notice of suspension decision 33 4-21 Notice of extension of suspension 34 4-22 Revocation of suspension of registration 34 4-23 Notice of decision to revoke suspension of registration 34 4-24 Register entry in relation to suspension of registration 34 Division 5—Cancellation of registration 36 4-25 Cancellation of registration—other matters 36 4-26 Publication of cancellation information 37 Division 6—Renewal of registration 38 4-27 Purpose of this Division 38 4-28 Application for renewal of registration 38 4-29 Period within which renewal applications may be made 38 4-30 Determining renewal application 38 4-31 Period for which renewed registrations have effect 39 4-32 Decision on renewal application is a reviewable decision 39 4-33 Continuation of registration pending decision on renewal application 39 Division 7—Matters registered persons required to advise 40 4-34 Matters registered persons required to advise 40 Division 8—Other matters 41 4-35 Spent convictions 41 Part 5—AML/CTF programs 42 Division 1—ML/TF risk assessment 42 5-1 Review of ML/TF risk assessment 42 Division 2—AML/CTF policies related to ML/TF risk mitigation 43 5-2 Carrying out customer due diligence 43 5-3 Policies relating to targeted financial sanctions 43 5-4 Reviewing and updating AML/CTF policies following independent evaluation 43 5-5 Actions requiring approval or that senior manager be informed 44 Division 3—AML/CTF policies related to governance and compliance management 46 5-6 Provision of information to governing body 46 5-7 Reporting from AML/CTF compliance officer to governing body 46 5-8 Undertaking personnel due diligence 46 5-9 Providing personnel training 47 5-10 Independent evaluations 47 5-11 Fulfilling reporting obligations 48 5-12 Assessment of potential suspicious matters 48 5-13 Prevention of tipping off 48 Division 4—AML/CTF compliance officers 49 5-14 AML/CTF compliance officer requirements—matters to have regard to in determining whether a fit and proper person 49 Division 5—AML/CTF program documentation 50 5-15 Time period for AML/CTF program documentation 50 Division 6—AML/CTF policies related to lead entities 51 5-16 Record-keeping by lead entity of reporting group 51 Division 7—AML/CTF policies related to transfers of value 52 5-17 Policies relating to the obligations of ordering institutions 52 5-18 Policies relating to the obligations of beneficiary institutions 53 5-19 Policies relating to the obligations of intermediary institutions 55 Division 8—AML/CTF policies related to real estate transactions 56 5-20 Policies relating to customer due diligence for real estate transactions 56 Part 6—Customer due diligence 57 Division 1—Initial customer due diligence 57 6-1 Customer is sole trader 57 6-2 Customer is body corporate, partnership or unincorporated association 57 6-3 Customer is trust or foreign equivalent 58 6-4 Customer is government body 59 6-5 Establishing the identity of persons associated with the customer 60 6-6 Person on whose behalf the customer is receiving the designated service 60 6-7 Beneficial owners of the customer 61 6-8 Beneficial owners and senior manager, for bodies corporate, partnerships and unincorporated associations 62 6-9 The nature and purpose of the business relationship or occasional transaction 63 6-10 Individual cannot provide satisfactory evidence regarding a matter 63 6-11 Previous compliance in a foreign country 64 Division 2—Providing services before completion of initial customer due diligence 65 6-12 Delayed verification—various designated services provided in Australia 65 6-13 Delayed verification—opening an account and deposit 66 6-14 Delayed verification—certain financial market transactions 66 6-15 Delayed initial customer due diligence—service provided in foreign country 67 Division 3—Simplified customer due diligence 69 6-16 Simplified customer due diligence requirements generally 69 6-17 Simplified initial customer due diligence for certain matters 69 6-18 Simplified initial customer due diligence for identity of beneficial owners 69 6-19 Person acting on behalf of customer 70 Division 4—Enhanced customer due diligence 71 6-20 Enhanced customer due diligence required when customer seeks unusual services 71 6-21 Establishing source of wealth and source of funds when enhanced due diligence required in certain circumstances 71 6-22 Enhanced customer due diligence requirements for certain virtual asset services 71 Division 5—Politically exposed persons 73 6-23 Matters for initial customer due diligence—politically exposed person 73 6-24 Ongoing customer due diligence—politically exposed person 73 Division 6—Nested services relationships 75 6-25 Matters for initial customer due diligence—nested services relationship 75 6-26 Ongoing customer due diligence—nested services relationship 76 Division 7—Transferred customers 77 6-27 Initial customer due diligence—transferred customer 77 6-28 Ongoing customer due diligence—transferred pre-commencement customer 77 Division 8—Reliance on collection and verification of KYC information 79 6-29 Requirements for agreement or arrangement on collection and verification of KYC information 79 6-30 Regular assessment of agreement or arrangement 80 6-31 Requirements for reliance on collection and verification of KYC information 80 Division 9—Real estate transactions 82 6-32 Delayed initial customer due diligence—real estate transactions 82 6-33 Initial customer due diligence—real estate transactions 83 Division 10—Life policies and sinking fund policies 85 6-34 Initial customer due diligence—life policies and sinking fund policies 85 Division 11—Ongoing customer due diligence 86 6-35 Monitoring for unusual transactions and behaviours 86 Division 12—Keep open notices 88 6-36 Senior member of agency—superintendent 88 6-37 Prescribed agencies 88 6-38 Form of keep open notice 88 6-39 Information and documents required to be contained in or to accompany keep open notice 88 6-40 Extension notices 89 6-41 Further extension application 89 Division 13—Transitional 90 6-42 Initial customer due diligence—previous carrying out of applicable customer identification procedure 90 6-43 Initial customer due diligence—service provided in a foreign country 90 Part 7—Correspondent banking 91 Division 1—Due diligence assessment for entry into correspondent banking relationship 91 7-1 Requirements for due diligence assessment 91 7-2 Matters to which a senior officer must have regard before giving approval 92 Division 2—Requirements for ongoing due diligence assessments 94 7-3 Requirements for ongoing due diligence assessments 94 7-4 Timing of ongoing due diligence assessments 94 Part 8—Transfers of value 95 Division 1—Ordering institutions and beneficiary institutions 95 8-1 Determination of who is an ordering institution 95 8-2 Determination of who is a beneficiary institution 95 Division 2—Transfers of value 97 8-3 Obligations of ordering institutions—collecting, verifying and passing on information 97 8-4 Obligations of beneficiary institutions—monitoring for receipt of information 99 8-5 Obligations of intermediary institutions—monitoring for receipt of information and passing on information 100 8-6 Payment transparency—transition to revised FATF Recommendations 101 Division 3—Exemptions from obligations relating to transfers of value 103 8-7 Exemptions—designated services provided at or through foreign permanent establishments 103 8-8 Exemptions—transfers of value occurring in specified circumstances 103 Division 4—International value transfer services 106 8-9 When value is in a country 106 Part 9—Reporting 107 Division 1—Reports of suspicious matters 107 9-1 Purpose of this Division 107 9-2 Reports of suspicious matters—general information 107 9-3 Reports of suspicious matters—information about persons 108 9-4 Reports of suspicious matters—information about the matter 110 9-4A Matters to be taken into account—real estate brokering 114 Division 2—Reports of threshold transactions 115 9-5 Purpose of this Division 115 9-6 Reports of threshold transactions—general information 115 9-7 Reports of threshold transactions—information about the customer and other persons 115 9-8 Reports of threshold transactions—information about the transaction 117 Division 3—AML/CTF compliance reports 121 9-9 Reporting and lodgement periods for AML/CTF compliance reports 121 Division 3A—Amending or withdrawing reports 122 9-9A Purpose of this Division 122 9-9B Reporting entity may amend or withdraw if requested by AUSTRAC CEO 122 Division 4—Registered remittance affiliates 123 9-10 Reporting obligations of registered remittance affiliates 123 Division 5—Cross-border movement reports 124 9-11 Purpose of this Division 124 9-12 Reports about moving monetary instruments into or out of Australia 124 9-13 Reports about receiving monetary instruments moved into Australia 126 9-14 Affixing of notices about cross-border movement reporting obligations 128 Part 10—Secrecy and access 129 10-1 Disclosure of AUSTRAC information to foreign countries or agencies 129 Part 11—Other matters 130 11-1 False or misleading information or documents 130 11-2 Use of computers to take administrative action—prescribed provisions 130 11-3 Applications for reconsideration of decisions made by delegates of the AUSTRAC CEO 130 Part 12—Application, saving and transitional provisions 132 12-1 Transitional—reports of suspicious matters to be in old form for first 3 months after commencement 132 12-2 Transitional—reports of suspicious matters by entities on Reporting Entities Roll at commencement 132 12-3 Transitional—reports of threshold transactions to be in old form for first 3 months after commencement 133 12-4 Transitional—reports of threshold transactions by entities on Reporting Entities Roll at commencement 133 12-5 Transitional—keep open notices 134 Schedule 1—Forms 135 Form 1—Keep open notice 135 Form 2—Extension notice 137 Form 3—Application to issue extension notice 140 Endnotes 142 Endnote 1—About the endnotes 142 Endnote 2—Abbreviation key 143 Endnote 3—Legislation history 144 Endnote 4—Amendment history 145

Part 1—Preliminary 1-1 Name This instrument is the Anti-Money Laundering and Counter-Terrorism Financing Rules 2025. 1-3 Authority This instrument is made under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006. 1-4 Definitions Note: Expressions used in this instrument have the same meaning as in the Act (see paragraph 13(1)(b) of the Legislation Act 2003). Some examples are the following: (a) designated service; (b) financial institution; (c) governing body; (d) nested services relationship; (e) reporting entity; (f) senior manager; (g) transfer of value. In this instrument: ABN has the meaning given by section 41 of the A New Tax System (Australian Business Number) Act 1999. ACN has the meaning given by section 9 of the Corporations Act 2001. Act means the Anti-Money Laundering and Counter-Terrorism Financing Act 2006. ARBN has the meaning given by section 9 of the Corporations Act 2001. ARSN has the meaning given by section 9 of the Corporations Act 2001. Attorney-General’s Department means the Department administered by the Attorney-General. BECS means the Bulk Electronic Clearing System administered by the Australian Payments Network. BPAY means the electronic bill payment system known as BPAY. card number includes a tokenised reference that allows the issuer of a credit card, debit card or stored value card to trace a payment to a payer’s card. co-operative means a body that, under a law of the Commonwealth, a State, a Territory or a foreign country, is registered as a co-operative. corporate group means a group of 2 or more bodies corporate, where each member of the group is a related body corporate of each other member of the group. Defence Department means the Department administered by the Minister responsible for administering the Defence Act 1903. DEFT (short for “Direct Electronic Funds Transfer”) means the electronic bill payment system known as DEFT. director identification number has the meaning given by section 9 of the Corporations Act 2001. domestic transfer of value: a transfer of value is a domestic transfer of value if the value to be transferred is in Australia and, as a result of the transfer, the value will be in Australia. Note: See section 8-9 for the circumstances in which the value is in a country. earnings has the meaning given by subsection 3-4(1). eligible officer has the meaning given by section 1272B of the Corporations Act 2001. Foreign Affairs Department means the Department administered by the Minister responsible for administering the Diplomatic Privileges and Immunities Act 1967. foreign company has the same meaning as in the Corporations Act 2001. Home Affairs Department means the Department administered by the Minister responsible for administering the Australian Border Force Act 2015. independent evaluation report has the meaning given by paragraph 5-10(2)(e). key personnel of a person means each individual who is any of the following: (a) either: (i) for a person who is an individual—the individual; or (ii) otherwise—the individual, or an individual in the group of individuals, with primary responsibility for the governance and executive decisions of the person; (b) for a person other than an individual—a beneficial owner of the person; (c) an individual who makes, or participates in making, decisions that affect the whole, or a substantial part, of the business of the person; (d) an AML/CTF compliance officer of the person. Note: For a person who is a reporting entity: (a) paragraph (a) covers the reporting entity’s governing body (defined in section 5 of the Act); and (b) paragraph (c) covers a senior manager (defined in section 5 of the Act) of the reporting entity. leviable entity has the same meaning as in the Australian Transaction Reports and Analysis Centre Industry Contribution Act 2011. merchant payment: a transfer of value is a merchant payment if: (a) the value transferred is money; and (b) the money is transferred to the payee in the payee’s capacity as a merchant; and (c) the transfer occurs as a result of the use of any of the following: (i) a credit card; (ii) a debit card; (iii) a stored value card; and (d) the ordering institution issued that card to the payer; and (e) the beneficiary institution initiates the transfer by sending the payer’s instruction for the transfer to the ordering institution; and (f) the beneficiary institution pays, or accepts liability to pay, the payee (either directly or through another person). passport has the same meaning as in the Migration Act 1958. payable-through accounts has the meaning given by paragraph 7-1(3)(g). payer information, in relation to a transfer of value, means both of the following: (a) the payer’s full name; (b) information that is one or more of the following: (i) a unique customer identification number given to the payer by the ordering institution; (ii) a unique identifier for the payer; (iii) if the payer is an individual—the payer’s date and place of birth; (iv) the payer’s full business or residential address (not being a post box). registered financial sector entity means an entity that is a registered entity within the meaning of the Financial Sector (Collection of Data) Act 2001. registrable services means: (a) in relation to registration or proposed registration of a person under Part 6 of the Act as a remittance network provider—registrable remittance network services; or (b) in relation to registration or proposed registration of a person under Part 6 of the Act as an independent remittance dealer or a remittance affiliate of a registered remittance network provider—registrable remittance services; or (c) in relation to registration or proposed registration of a person under Part 6A of the Act as a virtual asset service provider—registrable virtual asset services. related body corporate has the same meaning as in the Corporations Act 2001. South Australian Electricity Legislation has the same meaning as in the Competition and Consumer Act 2010. super-agent has the meaning given by subsection 4-13(2). tracing information, in relation to a transfer of value, means information that satisfies both of the following: (a) the information: (i) for a transfer from an account held by the payer with the ordering institution—enables the ordering institution to identify the account; or (ii) for a transfer of a virtual asset from a custodial wallet—enables the ordering institution to identify the payer’s virtual asset holdings in the wallet (such as by providing the wallet address, including the destination tag or memo details, if applicable); or (iii) for a transfer of a virtual asset from a self-hosted virtual asset wallet—provides the address of the wallet; or (iv) in any other case—provides a unique transaction reference number for the transfer of value; (b) the information: (i) for a transfer in circumstances where the value is to be made available to the payee by depositing it into an account held by the payee—enables the beneficiary institution to identify the account; or (ii) for a transfer of a virtual asset in circumstances where the asset is to be made available to the payee by transferring it to a custodial wallet—enables the beneficiary institution to identify the payee’s virtual asset holdings in the wallet (such as by providing the wallet address, including the destination tag or memo details, if applicable); or (iii) for a transfer of a virtual asset in circumstances where the value is to be made available to the payee by transferring it to a self-hosted virtual asset wallet—provides the address of the wallet; or (iv) in any other case—provides a unique transaction reference number for the transfer of value. Note: An example of information to which subparagraphs (a)(i) and (b)(i) apply is a combination of a BSB and account number. ultimate parent of a remitter, virtual asset service provider or financial institution means a body corporate that: (a) controls the remitter, virtual asset service provider or financial institution; and (b) is not itself controlled by another body corporate. Note: For the meaning of control, see section 11 of the Act. unique identifier for a person means: (a) a unique identifier given to the person by an Australian government body (other than the person’s tax file number within the meaning of section 202A of the Income Tax Assessment Act 1936); or (b) a unique identifier given to the person by a government body of a foreign country (together with information identifying the body); or (c) a legal entity identifier given to the person by an organisation accredited by the Global Legal Entity Identifier Foundation (together with information identifying the organisation); or (d) a connected business identifier code given to the person by the Society for Worldwide Interbank Financial Telecommunication. unique transaction reference number, in relation to a transfer of value, means information to which both of the following paragraphs apply: (a) the information is a combination of any or all of the following: (i) letters; (ii) digits; (iii) characters; (iv) symbols; (b) the information distinguishes the transfer of value in a way that, either alone or in conjunction with any other information in the transfer message for the transfer of value, enables the ordering institution to associate the transfer of value with the payer, and the beneficiary institution to associate the transfer of value with the payee. 1-5 Domestic politically exposed person For the purposes of paragraph (a) of the definition of domestic politically exposed person in section 5 of the Act, the following offices and positions are specified: (a) Governor-General; (b) Governor of a State; (c) Administrator of a Territory; (d) Justice of the High Court; (e) Judge of the Federal Court of Australia; (f) Judge of the Supreme Court of a State or Territory; (g) accountable authority, or member of the accountable authority, of a Commonwealth entity within the meaning of the Public Governance, Performance and Accountability Act 2013; (h) member of the governing body of a wholly-owned Commonwealth company within the meaning of the Public Governance, Performance and Accountability Act 2013; (i) head (however described) of: (i) a Department of State of a State or Territory; or (ii) an agency or authority of a State or Territory that has a prominent public function; (j) head (however described) of a local government council in a State or Territory; (k) any of the following offices of a company or other incorporated body that is wholly-owned or majority-owned by a State or Territory: (i) chair of the board; (ii) chief executive officer; (iii) chief financial officer; (l) Chief of the Defence Force, Vice Chief of the Defence Force, Chief of Navy, Chief of Army or Chief of Air Force; (m) officer of the Navy of the rank of Vice Admiral or a higher rank; (n) officer of the Army of the rank of Lieutenant General or a higher rank; (o) officer of the Air Force of the rank of Air Marshal or a higher rank; (p) any of the following offices of the Commonwealth in a foreign country, or to a public international organisation, to which appointments are made by the Governor-General: (i) Ambassador; (ii) High Commissioner; (iii) Consul-General; (iv) Australian Representative; (v) Special Representative; (vi) Representative; (vii) Permanent Representative; (viii) Chargé d’Affaires; (q) member of the governing body of a political party represented in the legislature of the Commonwealth or a State or Territory. 1-6 Enrolment details For the purposes of the definition of enrolment details in section 5 of the Act, enrolment details in relation to a person are the information mentioned in sections 3-2, 3-3 and 3-4 in relation to the person (as an applicant). Note: Sections 3-2, 3-3 and 3-4 set out the information that is required to be contained in an enrolment application regarding the applicant and its designated services. 1-7 Registrable details For the purposes of the definition of registrable details in section 5 of the Act, the following are the registrable details in relation to a person registered under Part 6 or 6A of the Act (which deal with the Remittance Sector Register and the Virtual Asset Service Provider Register): (a) the full name of the person; (b) any other names of the person under which the person provides or will provide its registrable services; (c) the person’s ABN, ACN, ARBN and ARSN (as applicable); (d) a legal entity identifier for the person (if any) given by an organisation accredited by the Global Legal Entity Identifier Foundation (together with information identifying the organisation); (e) the address of the principal place of business of the person in Australia (if applicable); (f) the domain names for all websites through which the person provides or will provide its registrable services. 1-8 Transfer of value—excluded transfers (1) For the purposes of paragraph (b) of the definition of transfer of value in section 5 of the Act, a transfer covered by subsection (2) or (3) of this section is specified. (2) This subsection covers a transfer of a security or derivative that is not a virtual asset. (3) This subsection covers a transfer of money if: (a) the transfer occurs in the course of a person performing administrative services for a client of the person that is an employer; and (b) the administrative services relate to: (i) payments, on behalf of the employer, of salary, wages or other benefits to its employees; or (ii) arrangements between the employer and its employees under which employees forgo amounts of salary or wages in return for benefits of a similar cost; or (iii) payments, on behalf of the employer, of superannuation contributions for its employees; and (c) the transfer does not involve the receipt of physical currency from the payer or a person acting on behalf of the payer; and (d) the transfer does not involve making physical currency available to the payee or to a person acting on behalf of the payee. 1-9 Security—managed investment schemes For the purposes of paragraph 7A(2)(a) of the Act, an interest in a managed investment scheme is specified as a security. Part 2—Reporting groups 2-1 Reporting group that is a business group Business group that is ineligible (1) For the purposes of subparagraph 10A(1)(a)(iii) of the Act, a business group is ineligible to be a reporting group if: (a) a member of the business group that is a reporting entity gives the other reporting entities in the group notice in writing that the member declines to be a member of a reporting group; and (b) the notice by the member has not been withdrawn by further notice in writing to the other reporting entities in the group; and (c) the member that gave the notice continues to be a reporting entity. Note: A person enrolled under Part 3A of the Act (Reporting Entities Roll) is required to advise of changes in the person’s enrolment details, including whether the person is a member of a reporting group—see subsection 51F(1) of the Act and subsection 3-3(8) and section 3-9 of this instrument. (1A) A notice given by a reporting entity for the purposes of subsection (1) is taken to be effective if the reporting entity has taken reasonable steps to ensure it is given to all the other reporting entities in the business group, and is not invalid merely because a particular reporting entity did not receive the notice. Lead entity (2) For the purposes of subsection 10A(5) of the Act, the lead entity of a reporting group to which paragraph 10A(1)(a) of the Act applies must satisfy the following requirements: (a) the member is: (i) the member of the reporting group that the members of the group that themselves satisfy paragraphs (b) and (d) of this subsection have agreed, in writing, will be the lead entity of the group; or (ii) appointed in writing by the person in the business group that controls each other person in the group to be the lead entity of the reporting group; (b) the member is not controlled by another member of the group that provides designated services; (c) the member has the capability and authority (including by consent of group members) to develop and maintain the AML/CTF policies required by reporting entities in the group; (d) the member is one of the following: (i) a body corporate incorporated in Australia; (ii) a registered foreign company within the meaning of the Corporations Act 2001; (iii) a trust that has at least one trustee that is a resident of Australia; (iv) if the member is not a body corporate, foreign company or trust—a resident of Australia. Conditions for operation of reporting group (3) For the purposes of subparagraph 10A(1)(a)(iv) of the Act: (a) a reporting group must not operate without a lead entity for a continuous period of more than 28 days; and (b) during any such period, each member of the reporting group that is a reporting entity must continue to comply with the AML/CTF policies of the most recent lead entity of the group (the previous lead entity) that applied to the member immediately before the previous lead entity ceased to be the lead entity of the group. 2-2 Reporting group formed by election Conditions on group members (1) For the purposes of subparagraph 10A(1)(b)(iv) of the Act, each member of the group must be: (a) a reporting entity; or (b) a person who discharges obligations imposed on members of the reporting group by the Act, the regulations or the AML/CTF Rules; or (c) a member of a business group. (2) A member of a business group is only permitted to be a member of a group to which paragraph 10A(1)(b) of the Act applies if all members of the business group are also members of the group to which paragraph 10A(1)(b) applies. Note: If one member of a business group elects to leave a reporting group, the other members of the business group are no longer permitted to be members of the reporting group (and are taken to have elected to also leave—see subsection (9)). Lead entity (3) For the purposes of subsection 10A(5) of the Act, the lead entity of a reporting group to which paragraph 10A(1)(b) of the Act applies is the member of the group that satisfies the following requirements: (a) the member is not controlled by another member of the reporting group that provides designated services; (b) if the reporting group includes members of one or more business groups—the member is a member of one of those business groups; (c) the other members of the group have agreed to the member having the capacity to determine the outcome of decisions about the AML/CTF policies of the other members; (d) the member is one of the following: (i) a body corporate incorporated in Australia; (ii) a registered foreign company within the meaning of the Corporations Act 2001; (iii) a trust that has at least one trustee that is a resident of Australia; (iv) if the member is not a body corporate, foreign company or trust—a resident of Australia. Election to join reporting group (4) For the purposes of subparagraph 10A(1)(b)(ii) of the Act, a person electing to be a member of a reporting group that is already in operation must have obtained the consent of the lead entity of the reporting group. Note 1: A person enrolled under Part 3A of the Act (Reporting Entities Roll) is required to advise of changes in the person’s enrolment details, including whether the person is a member of a reporting group—see subsection 51F(1) of the Act and subsection 3-3(8) and section 3-9 of this instrument. Note 2: The AML/CTF policies of the lead entity of a reporting group must deal with recording changes of membership—see section 5-16 of this instrument. (5) For the purposes of subsection 10A(1B) of the Act, a member of a business group is not required to make an election in writing if another member of the business group has made an election on behalf of, and with the consent of, all members. (6) For the purposes of subparagraph 10A(1)(b)(vi) and subsection 10A(1B) of the Act, if: (a) a person becomes a member of a business group; and (b) the existing members of the business group are members of a reporting group to which paragraph 10A(1)(b) of the Act applies; the person also becomes a member of the reporting group. Conditions for leaving group (7) For the purposes of subparagraph 10A(1)(b)(vi) of the Act, a member of a reporting group (other than the lead entity) that elects to leave the reporting group must give the lead entity notice in writing. Note 1: A person enrolled under Part 3A of the Act (Reporting Entities Roll) is required to advise of changes in the person’s enrolment details, including whether the person is a member of a reporting group—see subsection 51F(1) of the Act and subsection 3-3(8) and section 3-9 of this instrument. Note 2: The AML/CTF policies of the lead entity of a reporting group must deal with recording changes of membership—see section 5-16 of this instrument. (8) For the purposes of subparagraph 10A(1)(b)(vi) of the Act, if the lead entity of a reporting group elects to leave the reporting group, the lead entity must give each other member of the group notice in writing. Note: A person enrolled under Part 3A of the Act (Reporting Entities Roll) is required to advise of changes in the person’s enrolment details, including whether the person is a member of a reporting group—see subsection 51F(1) of the Act and subsection 3-3(8) and section 3-9 of this instrument. (9) For the purposes of subparagraph 10A(1)(b)(vi) of the Act, if a member of a reporting group that elects to leave the group is also a member of a business group, all members of the business group are taken to have elected to leave the reporting group. Condition for operation of group (10) For the purposes of subparagraph 10A(1)(b)(vi) of the Act: (a) a reporting group must not operate without a lead entity for a continuous period of more than 28 days; and (b) during any such period, each member of the reporting group that is a reporting entity must continue to comply with the AML/CTF policies of the most recent lead entity of the group (the previous lead entity) that applied to the member immediately before the previous lead entity ceased to be the lead entity of the group. Membership of more than one reporting group (11) For the purposes of subsection 10A(2A) of the Act, a person that is: (a) a member of a reporting group to which paragraph 10A(1)(b) of the Act applies; and (b) a member of a business group that is a reporting group to which paragraph 10A(1)(a) of the Act applies; is taken for the purposes of the Act to be a member of only the former. 2-3 Conditions for discharge of obligations by members of a reporting group For the purposes of paragraph 236B(5)(c) of the Act, it is a condition for discharging an obligation imposed on a reporting entity that is a member of a reporting group that the reporting group has a lead entity. 2-4 Conditions for discharge of obligations by members of a reporting group that are not reporting entities (1) For the purposes of paragraph 236B(5)(c) of the Act, this section specifies conditions that apply when the member of the reporting group (the discharging member) that is to discharge an obligation of another member of the reporting group is not itself a reporting entity. (2) The discharging member must have undertaken due diligence, in relation to persons who are employed or otherwise engaged and who perform functions relevant to discharging the obligation, that satisfies the requirements of the AML/CTF policies of the reporting entity included in those policies for the purposes of paragraph 26F(4)(d) of the Act. (3) The discharging member must have provided training to those persons that satisfies the requirements of the AML/CTF policies of the reporting entity included in those policies for the purposes of paragraph 26F(4)(e) of the Act. Part 3—Enrolment Division 1—Application for enrolment 3-1 Purpose of this Division For the purposes of paragraph 51E(2)(b) of the Act, this Division sets out the information that must be contained in an application for enrolment as a reporting entity under subsection 51E(1) of the Act. 3-2 Information about applicant’s designated services (1) The application must contain the following information in relation to each kind of designated services provided or proposed to be provided by the applicant: (a) a description of the designated services; (b) the date the applicant commenced to provide, or proposes to provide, the designated services; (c) whether any of the following circumstances apply: (i) the applicant provides, or proposes to provide, the designated services at or through a permanent establishment of the applicant in Australia; (ii) the applicant is a resident of Australia and the designated services are provided, or proposed to be provided, at or through a permanent establishment of the applicant in a foreign country; (iii) the applicant is a subsidiary of a company that is a resident of Australia and the designated services are provided, or proposed to be provided, at or through a permanent establishment of the applicant in a foreign country; (d) information on the industry in which the applicant provides, or proposes to provide, the designated services. (2) If designated services provided, or proposed to be provided, by the applicant are registrable remittance network services, registrable remittance services or registrable virtual asset services, the application must contain information about whether the applicant is, or whether an application has been or will be made for the applicant to be, any of the following: (a) for registrable remittance network services—a registered remittance network provider; (b) for registrable remittance services—a registered independent remittance dealer or a registered remittance affiliate of a registered remittance network provider; (c) for registrable virtual asset services—a registered virtual asset service provider. (3) The application must contain information on whether section 233K of the Act: (a) applies to the applicant; or (b) will apply to the applicant if the applicant provides a designated service proposed to be provided by the applicant. Note: Under section 233K of the Act, certain provisions of the Act do not apply to a reporting entity that provides certain gambling services in circumstances where the entity and any related entity that is a reporting entity are entitled to operate no more than 15 gaming machines under State or Territory licences. (4) If all the designated services provided, or proposed to be provided, by the applicant are covered by item 54 of table 1 in section 6 of the Act, the application must contain a statement to that effect. Note: Item 54 of table 1 in section 6 of the Act covers a holder of an Australian financial services licence who arranges for a person to receive a designated service. 3-3 Information relating to the applicant General information relating to the applicant (1) The application must contain the following information relating to the applicant: (a) the applicant’s full name, and any registered or other names under which the applicant provides or will provide its designated services; (b) the applicant’s ABN, ACN, ARBN and ARSN (as applicable); (c) a legal entity identifier for the applicant (if any) given by an organisation accredited by the Global Legal Entity Identifier Foundation (together with information identifying the organisation); (d) the address of the applicant’s registered office (if applicable); (e) the address of the applicant’s principal place of business or operations in Australia; (f) if the applicant is not an individual—information about the legal form of the applicant (such as a partnership, company or trust); (g) the names and dates of birth of any beneficial owners of the applicant; (h) information on the number of employees employed by the applicant; (i) if the applicant is an Australian resident (within the meaning of the Income Tax Assessment Act 1997)—whether the applicant was a small business entity (within the meaning of section 328-110 of that Act) for the income year (within the meaning of that Act) corresponding to the previous financial year; (ia) whether the applicant is a Market Generator under the South Australian Electricity Legislation; (j) information identifying one or more associations of which the applicant is a member (if any) that represent the interests of a particular industry, profession or trade; (k) the applicant’s telephone number; (l) the applicant’s email address; (m) the full name, job title or position and email address of a contact person for the purposes of communications relating to the Australian Transaction Reports and Analysis Centre Industry Contribution (Collection) Act 2011; (n) the domain names for all websites (if any) through which the applicant provides or will provide its designated services; (o) a description of the applicant’s business or principal activity; (p) the approximate annual turnover of the applicant for the most recent financial year. Information for bodies corporate (2) If the applicant is a body corporate, the application must contain the following information relating to the body corporate: (a) the full name, and any former names, of each director; (b) the date of birth of each director; (c) the director identification number (if any) of each eligible officer of the body corporate; (d) the country in which the body corporate was incorporated and any countries in which it is registered; (e) if the body corporate was incorporated or is registered in any foreign country—the address of the principal place of business of the body corporate in that foreign country. (3) If the applicant is a body corporate that has an ultimate holding company (within the meaning of the Corporations Act 2001), the application must contain the following information relating to the ultimate holding company: (a) the name of the ultimate holding company; (b) the address of the principal place of business and the registered office of the ultimate holding company; (c) the country or countries of which the ultimate holding company is a resident; (d) a unique identifier for the ultimate holding company. Information for government bodies (4) If the applicant is a government body, the application must contain the following information relating to the applicant: (a) whether the applicant is an Australian government body; (b) if the applicant is not an Australian government body—the foreign country in which the applicant is established. Note: For the meaning of Australian government body, see section 5 of the Act. Information for partnerships (5) If the applicant is a partnership, the application must contain the following information in relation to each partner: (a) for a partner that is an individual (other than a trustee) and who has, or is a member of a group of individuals who have, primary responsibility for the governance and executive decisions of the partnership: (i) the individual’s full name, and any former names of the individual; and (ii) the individual’s residential address; and (iii) the individual’s date of birth; and (iv) a unique identifier for the individual given by an Australian government body or a government body of a foreign country; (b) for a partner that is a body corporate (other than a trustee): (i) the partner’s full name; and (ii) a legal entity identifier for the partner (if any) given by an organisation accredited by the Global Legal Entity Identifier Foundation (together with information identifying the organisation); and (iii) the partner’s ABN, ACN, ARBN and ARSN (as applicable), or, if the partner has none of these, any unique identifier other than the one referred to in subparagraph (ii); and (iv) the address of the partner’s principal place of business or operations in Australia; and (v) the information mentioned in paragraphs (2)(a) to (e), in relation to the partner; (c) for a partner that is an association—the information mentioned in subsection (7) in relation to the association; (d) for a partner that is a trustee of a trust: (i) the name of the trust; and (ia) a unique identifier for the trust (if any has been given); and (ii) the information mentioned in paragraphs (6)(a) to (d), in relation to the trust. Information for trusts (6) If the applicant is a trust, the application must contain the following information relating to the trust: (a) the kind of trust (such as discretionary trust, bare trust or unit trust); (b) any former names of the trust; (c) for any trustee that is an individual—the information mentioned in subparagraphs (5)(a)(i) to (iv), in relation to the trustee; (d) for any trustee that is a body corporate: (i) the trustee’s full name; and (ii) a legal entity identifier for the trustee (if any) given by an organisation accredited by the Global Legal Entity Identifier Foundation (together with information identifying the organisation); and (iii) the trustee’s ABN, ACN, ARBN and ARSN (as applicable), or, if the trustee has none of these, any unique identifier other than the one referred to in subparagraph (ii); and (iv) the address of the trustee’s principal place of business or operations in Australia; and (v) the information mentioned in paragraphs (2)(a) to (e), in relation to the trustee. Information for associations or co-operatives (7) If the applicant is an incorporated association, an unincorporated association or a co-operative, the application must contain the information mentioned in subparagraphs (5)(a)(i) to (iv) in relation to the individual, or each member of a group of individuals, with primary responsibility for the governance and executive decisions of the association or co-operative. Information relating to reporting group (8) The application must contain the following information: (a) whether the applicant is a member of a reporting group; (b) whether the applicant is the lead entity of a reporting group; (c) if the applicant is the lead entity of a reporting group—the following information about the members of the reporting group that are reporting entities: (i) the name of the reporting entity; (ii) the identifier assigned to the reporting entity by AUSTRAC (if any); (d) if the applicant is a member of a reporting group but not the lead entity of the reporting group—the following information about the lead entity: (i) the name of the lead entity; (ii) the identifier assigned to the lead entity by AUSTRAC (if any). 3-4 Information relating to earnings (1) The earnings of a person for a period has the meaning given by the following table.

Definition of earnings | Definition of earnings | Definition of earnings | Definition of earnings Item | Type of person | Is the person a foreign company or a subsidiary of a foreign company? | Definition of earnings of the person for a period 1 | An ADI or registered financial sector entity, or a related body corporate of an ADI or registered financial sector entity | No | The total profit of the person for the period before tax, depreciation and amortisation 2 | An ADI or registered financial sector entity, or a related body corporate of an ADI or registered financial sector entity | Yes | The total profit of the person for the period derived from operations in Australia, before tax, depreciation and amortisation 3 | A person not covered by item 1 or 2 | No | The total earnings of the person for the period before tax, interest, depreciation and amortisation 4 | A person not covered by item 1 or 2 | Yes | The total earnings of the person for the period derived from operations in Australia, before tax, interest, depreciation and amortisation

(2) Subject to subsection (3), the application must contain: (a) if the applicant is not a member of a corporate group—the earnings of the applicant for a period of 12 months; or (b) if the applicant is a member of a corporate group—the total earnings, for a period of 12 months, of the applicant and all other members of the group that are leviable entities for the financial year in which the period ends. Note: A leviable entity does not include a person who is an “exempt entity” within the meaning of the Australian Transaction Reports and Analysis Centre Industry Contribution Act 2011. (3) Subsection (2) does not apply if the earnings or total earnings, as the case may be, are less than $100,000,000. 3-5 Information about the person completing the application and declaration Information about the individual completing the enrolment application (1) The application must contain the following information relating to the individual completing the application: (a) the individual’s full name; (b) the individual’s job title or position; (c) information on the individual’s role or relationship in relation to the applicant; (d) the individual’s telephone number; (e) the individual’s email address. Declaration by the individual completing the application (2) The application must contain a declaration by the individual completing the application that the information contained in the application is true and correct. Division 2—Correction and removal of enrolment details 3-6 Correction of entries in the Reporting Entities Roll For the purposes of paragraph 51C(4)(a) of the Act, if the AUSTRAC CEO reasonably believes that there is an error in, or an omission from, an entry in the Reporting Entities Roll, the AUSTRAC CEO may correct the error or omission. 3-7 Removal of name and enrolment details on AUSTRAC CEO’s own initiative For the purposes of paragraph 51C(4)(b) of the Act, the AUSTRAC CEO may remove a person’s name and enrolment details from the Reporting Entities Roll on the AUSTRAC CEO’s own initiative if the AUSTRAC CEO reasonably believes that the person has ceased to provide designated services or has not commenced to provide designated services. 3-8 Request to remove entry from Reporting Entities Roll—required information For the purposes of paragraph 51G(2)(b) of the Act, a request by a person under subsection 51G(1) of the Act to remove the person’s name and enrolment details from the Reporting Entities Roll must contain the following information: (a) the person’s full name; (b) whether the person has ceased to provide designated services, and if so, the date on which the person ceased to provide designated services; (c) whether the person intends to provide a designated service in the next financial year to begin after the request is given; (d) whether the person has any outstanding obligations to provide a report under any of the following provisions of the Act, and if so, information on the outstanding obligations: (i) section 43 (reports of threshold transactions); (ii) section 46 (reports of international value transfer services); (iii) section 46A (reports of transfers of value involving unverified self-hosted virtual asset wallets); (iv) section 47 (AML/CTF compliance reports). Division 3—Changes in enrolment details 3-9 Changes in enrolment details to be advised (1) For the purposes of subsection 51F(1) of the Act, a change in a person’s enrolment details that are information mentioned in section 3-2 or 3-3 is specified. (2) For the purposes of subsection 51F(1) of the Act, a change in a person’s enrolment details that is information mentioned in subsection 3-4(2) for each succeeding period of 12 months is specified. Part 4—Registration Division 1—Management of the Remittance Sector Register and the Virtual Asset Service Provider Register 4-1 Correction of entries (1) This section is made for the purposes of paragraphs 75(4)(a) and 76B(4)(a) of the Act. (2) If the AUSTRAC CEO reasonably believes that there is an error in, or omission from, an entry in the Remittance Sector Register or the Virtual Asset Service Provider Register, the AUSTRAC CEO may correct the error or omission. (3) As soon as reasonably practicable after making a correction of an entry under this section, the AUSTRAC CEO must give notice of the correction to: (a) the person whose registration the entry relates to; and (b) if the registration is of a person as a remittance affiliate of a registered remittance network provider—the provider. 4-2 Publication of register information (1) For the purposes of subsections 75(4) and 76B(4) of the Act, the AUSTRAC CEO must publish the following on AUSTRAC’s website: (a) the details mentioned in paragraphs 75A(1)(a), (b), (c) and (f) of the Act on the Remittance Sector Register; (b) the details mentioned in paragraphs 76C(a) and (d) of the Act on the Virtual Asset Service Provider Register; (c) information mentioned in section 4-24 of this instrument (register entry in relation to suspension of registration) on the Remittance Sector Register and the Virtual Asset Service Provider Register. (2) If the AUSTRAC CEO considers it appropriate to do so, the AUSTRAC CEO may publish on AUSTRAC’s website one or more conditions, mentioned in paragraph 75A(1)(d) or 76C(b) of the Act, to which the registration of a person is subject. Division 2—Information requirements for registration applications 4-3 Purpose of this Division (1) For the purposes of paragraphs 75B(3)(b) and 76D(2)(b) of the Act, this Division sets out the information that must be contained in the following: (a) an application by a person under subsection 75B(1) of the Act for registration as a remittance network provider, an independent remittance dealer or a remittance affiliate of a registered remittance network provider; (b) an application by a registered remittance network provider under subsection 75B(2) of the Act for another person to be registered as a remittance affiliate of the registered remittance network provider; (c) an application by a person under subsection 76D(1) of the Act for registration as a virtual asset service provider. (2) The information set out in the following provisions of this instrument is not required in an application for registration as a remittance affiliate of a registered remittance network provider (under either subsection 75B(1) or 75B(2) of the Act) if a senior manager of the remittance affiliate has given or intends to give the approval referred to in subsection 26S(4) of the Act: (a) sections 4-5, 4-6 and 4-8; (b) paragraphs 4-12(a) to (c). 4-4 Application—general information (1) The application must contain the following information relating to the person (the candidate) proposed to be registered: (a) the candidate’s full name; (b) both of the following: (i) any other names the candidate is commonly known by; (ii) any names under which the candidate will provide its registrable services; (c) the candidate’s ABN, ACN, ARBN and ARSN (as applicable); (d) a legal entity identifier for the candidate (if any) given by an organisation accredited by the Global Legal Entity Identifier Foundation (together with information identifying the organisation); (e) if the candidate is registered in, or holds a licence issued in, a foreign country to provide services that are of the same, or a similar, kind as registrable services (whether or not there is a connection to Australia or a resident of Australia)—details of that registration or licence; (f) the address of the principal place of business or operations of the candidate in Australia (if applicable); (g) the address of the candidate’s registered office (if applicable); (h) the addresses of any other places at or from which the candidate proposes to provide its registrable services; (i) information about the legal form of the candidate (such as an individual or a partnership, company or trust); (j) in relation to any individual who is a beneficial owner of the candidate: (i) the individual’s full name; and (ii) any other names the individual is commonly known by; and (iii) any former names of the individual; and (iv) the individual’s residential address; and (v) the individual’s date and place of birth; and (vi) a unique identifier for the individual given by an Australian government body or the government of a foreign country; (k) the candidate’s telephone number; (l) the candidate’s email address; (m) the domain names for any website through which the candidate will provide its registrable services; (n) a description of the candidate’s business or principal activity; (o) whether there are any permanent establishments of the candidate in Australia, and if so, information on those permanent establishments; (p) information on the expected turnover of the candidate in respect of the provision of its registrable services for the period of 12 months following registration; (q) if the provision of the candidate’s registrable services will involve dealing with customers or other persons located in foreign countries—information identifying those foreign countries. Information relating to completion of the application and declaration (2) The application must contain the following information about the individual completing the application: (a) the individual’s full name; (b) the individual’s job title or position; (c) if the individual is not the candidate—information on the individual’s role or relationship in relation to the candidate; (d) the individual’s date of birth; (e) the individual’s telephone number; (f) the individual’s email address; (g) the individual’s postal address. (3) The application must contain a declaration by the individual completing the application that the information contained in the application is true and correct. Information relating to the candidate—body corporate (4) If the candidate is a body corporate, the application must contain the following information relating to the body corporate: (a) the full name of each director; (b) for each director: (i) any other names the director is commonly known by; and (ii) any former names of the director; (c) the date and place of birth of each director; (d) the director identification number (if any) of each eligible officer of the body corporate; (e) the country in which the body corporate was incorporated and any countries in which it is registered; (f) if the body corporate was incorporated or is registered in any foreign country—the address of the principal place of business of the body corporate in that foreign country. Information relating to the candidate—partnership (5) If the candidate is a partnership, the application must contain information setting out the terms of the partnership agreement (if any), and the following information relating to each partner: (a) for a partner that is an individual (other than a trustee): (i) the individual’s full name; and (ii) any other names the individual is commonly known by; and (iii) any former names of the individual; and (iv) the individual’s residential address and most recent former residential address; and (v) the individual’s date and place of birth; and (vi) a unique identifier for the individual; (b) for a partner that is a body corporate (other than a trustee): (i) the partner’s full name; and (ii) a legal entity identifier for the partner (if any) given by an organisation accredited by the Global Legal Entity Identifier Foundation (together with information identifying the organisation); and (iii) the partner’s ABN, ACN, ARBN and ARSN (as applicable), or, if the partner has none of these, any unique identifier other than the one referred to in subparagraph (ii); and (iv) the address of the partner’s principal place of business or operations in Australia; and (v) the information mentioned in paragraphs (4)(a) to (f), in relation to the partner; (c) for a partner that is an association—the information mentioned in subsection (7) in relation to the association; (d) for a partner that is a trustee of a trust: (i) the name of the trust; and (ia) a unique identifier for the trust (if any has been given); and (ii) the information mentioned in paragraphs (6)(a) to (d), in relation to the trust. Information relating to the candidate—trusts (6) If the candidate is a trust, the application must contain the following information relating to the trust: (a) the kind of trust (such as discretionary trust, bare trust or unit trust); (b) any former names of the trust; (c) for any trustee, beneficiary, settlor, appointer, guardian or protector of the trust that is an individual—the information mentioned in subparagraphs (5)(a)(i) to (vi), in relation to the individual; (d) for any trustee, beneficiary, settlor, appointer, guardian or protector of the trust that is a body corporate: (i) the body corporate’s full name; and (ii) a legal entity identifier for the body corporate (if any) given by an organisation accredited by the Global Legal Entity Identifier Foundation (together with information identifying the organisation); and (iii) the body corporate’s ABN, ACN, ARBN and ARSN (as applicable), or, if the body corporate has none of these, any unique identifier other than the one referred to in subparagraph (ii); and (iv) the address of the body corporate’s principal place of business or operations in Australia; and (v) the information mentioned in paragraphs (4)(a) to (f), in relation to the body corporate. Information relating to the candidate—associations or co-operatives (7) If the candidate is an incorporated association, unincorporated association or a co-operative, the application must contain the information mentioned in subparagraphs (5)(a)(i) to (vi) in relation to the individual, or each member of the group of individuals, with primary responsibility for the governance and executive decisions of the association or co-operative. 4-5 Information relating to ML/TF risks The application must contain the following information: (a) information identifying the key risks of money laundering, financing of terrorism and proliferation financing that the candidate has assessed it may reasonably face in providing its registrable services; (b) information on the risks of money laundering, financing of terrorism and proliferation financing associated with the following: (i) the kinds of customers to whom the candidate will provide its registrable services; (ii) any foreign countries in which the candidate will operate in providing its registrable services; (iii) the products and services the candidate will provide in relation to its registrable services; (iv) the delivery channels by which the candidate’s registrable services will be provided; (v) the kinds of transactions the candidate will undertake in providing its registrable services; (c) information on the candidate’s process for reviewing and updating its ML/TF risk assessment (see section 26D of the Act). 4-6 Information relating to AML/CTF policies (1) The application must contain information setting out the AML/CTF policies that the candidate has in relation to the following matters: (a) appropriately managing and mitigating the risks of money laundering, financing of terrorism and proliferation financing that the candidate may reasonably face in providing its registrable services; (b) ensuring the candidate complies with the obligations imposed by the Act, the regulations and the AML/CTF Rules on the candidate; (c) undertaking due diligence in relation to persons who are, or will be, employed or otherwise engaged by the candidate and who perform, or will perform, functions relevant to the candidate’s obligations under the Act; (d) providing training to persons who are employed or otherwise engaged by the candidate and who perform, or will perform, functions relevant to the candidate’s obligations under the Act in relation to: (i) the risk of money laundering, financing of terrorism and proliferation financing that the candidate may reasonably face in providing its registrable services; and (ii) the obligations imposed by the Act, the regulations and the AML/CTF Rules on the candidate; (e) reviewing and updating the AML/CTF policies; (f) carrying out customer due diligence in accordance with Part 2 of the Act, including: (i) complying with obligations under that Part in relation to politically exposed persons; and (ii) any use of distributed ledger technology for the purposes of carrying out that due diligence. (2) The application must include the full name and business address of any training provider used to deliver training mentioned in paragraph (1)(d) within the period of 12 months before the application is made. 4-7 Information relating to accounts with financial institutions The application must contain the following information in relation to each account with a financial institution that the candidate will use in providing its registrable services: (a) the full name, and the date of birth, of each individual who is the holder of, or a signatory to, the account; (aa) the financial institution with which the account is held; (ab) the unique identification details assigned to the account (such as the BSB and account number); (b) the country within which the account is held; (c) information on the foreign currencies that can be held in the account. 4-8 Information relating to other persons assisting The application must contain the following information: (a) whether the candidate has entered or will enter into an agreement or arrangement for another person to perform, or assist with the performance of, functions relevant to the candidate’s obligations under the Act, and if so, information on those functions; (b) whether any of those functions would be performed or assisted with by that person in any foreign countries, and if so, which foreign countries; (c) information on what quality controls the candidate will use regarding the other person’s performance of, or assistance with, those functions. 4-9 Information relating to key personnel and past unlawful activity etc. (1) The application must contain the following information regarding each of the candidate’s key personnel: (a) the individual’s full name; (b) the individual’s date of birth; (c) the individual’s job title or position; (ca) a description of the individual’s role in the candidate’s business; (cb) if the individual is a senior manager or AML/CTF compliance officer of the candidate—the individual’s professional experience relevant to performing that role; (d) the individual’s telephone number; (e) the individual’s email address; (f) the individual’s residential address. Note: For key personnel, see section 1-4. (1A) The application must contain information on whether any of the candidate’s key personnel has ever been a beneficial owner of, or operated or been involved in the management of, a person (the other provider) who provides, or has provided, services of the same, or a similar, kind as the registrable services (whether or not there is a connection to Australia or a resident of Australia), and if so: (a) the full name of the other provider; and (b) the key personnel’s role in, or relationship with, the other provider; and (c) the period for which the key personnel was a beneficial owner of, or operated or was involved in the management of, the other provider. (2) The application must contain the following information: (a) whether the candidate or any of its key personnel has been charged or convicted of an offence against the Act, or of an offence against a law of the Commonwealth, a State or Territory or a foreign country of any of the following kinds: (i) money laundering; (ii) financing of terrorism; (iii) proliferation financing; (iv) people smuggling; (v) fraud (including scams); (vi) a serious offence of any other kind; (b) whether the candidate or any of its key personnel has been found by a court to have contravened the Act, the regulations or the AML/CTF Rules; (c) whether the candidate or any of its key personnel has been the subject of civil or criminal proceedings, or a regulatory or disciplinary process in Australia or a foreign country that: (i) related to the management of an entity, or commercial or professional activity; and (ii) involved an adverse finding as to the competence, diligence, judgement, honesty or integrity of the candidate or the key personnel (as applicable); (d) what steps the candidate has taken to establish the matters mentioned in paragraphs (a) to (c) in relation to its key personnel; (e) if any of the circumstances mentioned in paragraphs (a) to (c) exist—details of each of the circumstances; (f) whether any of the candidate’s key personnel has ever applied, or has been a beneficial owner of a person (other than an individual) that has applied, for registration under Part 6 or 6A of the Act (which deal with the Remittance Sector Register and the Virtual Asset Service Provider Register), and if so, information about that application; (g) whether any of the candidate’s key personnel is, has applied to be, or is intending to apply for registration, licensing or approval (however described) in any country to conduct regulated activity in the financial sector, and if so, details of the country and the kind of regulated activity the key personnel is involved in; (h) details of any training the candidate’s key personnel has received within the period of 12 months before the application is made in relation to providing registrable services, including the full name and business address of any training provider used to deliver the training. 4-9A Additional requirements for application for registration as a remittance network provider If the application is under paragraph 75B(1)(a) of the Act for registration as a remittance network provider, the application must contain the following information: (a) the number of remittance affiliates that the candidate intends to apply to register under subsection 75B(2) of the Act within the period of 3 years after the candidate’s own registration; (b) when the candidate intends to begin applying to register remittance affiliates; (c) information setting out the AML/CTF policies that the candidate has in relation to the following matters: (i) applying for, or consenting to, registration of a person as a remittance affiliate; (ii) submitting reports of suspicious matters on behalf of registered remittance affiliates; (iii) providing training to registered remittance affiliates. 4-10 Additional requirements for application by remittance network provider for registration of an affiliate If the application is by a registered remittance network provider, under subsection 75B(2) of the Act, for the candidate to be registered as a remittance affiliate of the registered remittance network provider, the application must contain the following information: (a) whether the provider has assessed the suitability of the candidate to be a remittance affiliate of the provider, taking into account the related risks of money laundering, financing of terrorism and proliferation financing that the provider may reasonably face if the candidate is registered as a remittance affiliate of the provider; (b) if such an assessment has been made—whether the candidate was found to be suitable; (c) whether the candidate has consented to the making of the application and, if so, information on when the consent was given. 4-11 Additional requirements for application by independent remittance dealer for registration as a remittance affiliate If the application is under paragraph 75B(1)(c) of the Act for registration as a remittance affiliate of a registered remittance network provider, the application must contain information on whether the registered remittance network provider has consented to the making of the application and, if so, when the consent was given. 4-12 Additional requirements for application for registration as a remittance network provider, an independent remittance dealer or a remittance affiliate of network provider If the application is for the candidate to be registered as a remittance network provider, an independent remittance dealer or a remittance affiliate of a registered remittance network provider, the application must contain the following information: (a) information on whether offsetting arrangements or third party remittance arrangements will be involved in the provision of the candidate’s registrable services; (b) details of the delivery channels by which the candidate’s registrable services will be provided; (c) information on the ways the candidate’s customers will, for transfers of value to which its registrable services relate, be able to make value available for transfer or receive value transferred; (d) information on the expected average number of designated services covered by each of items 29 and 30 of table 1 in section 6 of the Act that are registrable services the candidate would provide each month over the first 12 months following registration; (e) information on the expected average total monetary value of the money and property (but not virtual assets) that, in relation to designated services covered by each of items 29 and 30 of table 1 in section 6 of the Act that are registrable services it would provide, would be transferred per month over the first 12 months following registration. Note: For additional requirements in relation to registration as a virtual asset service provider, see section 4-14. 4-13 Additional requirements for application for registration as a remittance affiliate of network provider (1) If the application is for the candidate to be registered as a remittance affiliate of a registered remittance network provider, the application must contain the following information: (a) whether the candidate is to be represented by a super-agent in its dealings with the network provider; (b) whether the candidate intends for a senior manager of the candidate to approve the registered remittance network provider’s ML/TF risk assessment and AML/CTF policies as mentioned in subsection 26S(4) of the Act. (2) A super-agent is a person who, in the course of carrying on a business: (a) provides administrative services to a registered remittance network provider to assist with the control or management of the remittance network operated by the provider; and (b) as part of providing those services, represents the interests of remittance affiliates of the provider in their dealings with the provider. 4-14 Additional requirements for application for registration as a virtual asset service provider If the application is under subsection 76D(1) of the Act for registration as a virtual asset service provider, the application must contain the following information: (a) information on the kind of virtual assets in relation to which the candidate will provide its registrable services; (b) details of the delivery channels by which the registrable services are intended to be provided; (c) information on the methods by which customers’ virtual assets or money may be used in any exchanges relating to the registrable services; (d) whether the candidate will implement any transaction or time limits on the amounts of virtual assets or money that customers can use in any exchanges relating to the registrable services, and if so, details of what limits will apply; (e) information on: (i) the expected average number of designated services covered by each of items 29, 30, 46A, 50A, 50B and 50C of table 1 in section 6 of the Act that are registrable services the candidate would provide per month over the first 12 months following registration; and (ii) the expected average total monetary value of customers’ money, virtual assets and property with which the candidate would deal, in relation to designated services covered by each of items 29, 30, 46A, 50A, 50B and 50C of table 1 in section 6 of the Act that are registrable services, per month over the first 12 months following registration; (f) for each virtual asset wallet controlled by the candidate: (i) the kinds of virtual assets the wallet can store; and (ii) the address of the wallet. Division 3—Registration decisions 4-15 Registration decisions—other matters For the purposes of paragraphs 75C(2)(b) and 76E(2)(b) of the Act, in deciding whether to register a person (the candidate) in accordance with an application made under section 75B or 76D of the Act, the following matters are specified: (a) any offences of which any of the following have been charged or convicted under the law of the Commonwealth, a State or Territory or a foreign country: (i) the candidate; (ii) the key personnel of the candidate; (b) any compliance or non-compliance by any of the following with the Act or any other law of the Commonwealth, a State or Territory or a foreign country: (i) the candidate; (ii) if the candidate is not an individual—any beneficial owner of the candidate; (iii) if the candidate is a body corporate—any related body corporate (within the meaning of the Corporations Act 2001) of the candidate; (iv) if the registration would be as a remittance affiliate of a registered remittance network provider—the registered remittance network provider; (c) for an application made under subsection 75B(2) by a registered remittance network provider for the candidate to be registered as a remittance affiliate of the registered remittance network provider—whether the consent of the candidate has been obtained; (d) whether the candidate and its key personnel have experience that is appropriate, having regard to: (i) the nature, size and complexity of the candidate’s business; and (ii) the risks of money laundering, financing of terrorism and proliferation financing that the candidate may reasonably face in providing its registrable services; (e) the likelihood of the candidate conducting a business involving the provision of the registrable services; (f) the operational readiness of the candidate in relation to the proposed registration, including its ability to comply with the Act, the regulations and the AML/CTF Rules following registration; (g) the proposed resourcing (including personnel resourcing) of the candidate in relation to the provision of its registrable services. Division 4—Suspension of registration 4-16 Purpose of this Division This Division is made for the purposes of sections 75H and 76K of the Act. 4-17 Suspension of registration The AUSTRAC CEO may suspend a person’s registration under Part 6 or 6A of the Act if the AUSTRAC CEO reasonably suspects that: (a) the person, any of its key personnel or any associate of the person or its key personnel, has been charged or convicted of an offence against the Act, or of an offence against a law of the Commonwealth, a State or Territory or a foreign country of any of the following kinds: (i) money laundering; (ii) terrorism or financing of terrorism; (iii) proliferation financing; (iv) people smuggling; (v) fraud (including scams); (vi) a serious offence of any other kind; or (b) the person or any of its key personnel has been found by a court to have contravened the Act, the regulations or the AML/CTF Rules; or (c) the person or any of its key personnel has been the subject of civil or criminal proceedings, or a regulatory or disciplinary process in Australia or a foreign country that: (i) related to the management of an entity, or commercial or professional activity; and (ii) involved an adverse finding as to the competence, diligence, judgement, honesty or integrity of the person or the key personnel (as applicable); or (d) the person or any of its key personnel is committing, continuing or repeating a contravention of the Act, the regulations or the AML/CTF Rules; or (e) the continued registration of the person involves, or may involve, a significant money laundering, financing of terrorism or other serious crime risk; or (f) the person has breached a condition of the person’s registration; or (g) the person does not have the operational capability necessary to comply with the obligations imposed by the Act, the regulations and the AML/CTF Rules on the person; or (h) the person or the person’s key personnel no longer have experience that is appropriate, having regard to the nature of the person’s business and the ML/TF risks of the person’s customers, in functions relevant to: (i) the person’s obligations under the Act; or (ii) providing registrable services; or (i) any information given by the person, or if the registration is as a remittance affiliate of a registered remittance network provider, the provider, for the purposes of Part 6 or 6A of the Act in connection with that registration: (i) is false or misleading in a material particular; or (ii) omits any matter or thing without which the information is misleading in a material particular. 4-18 Effect of suspension—renewal and advising of certain matters While a person’s registration under Part 6 or 6A of the Act is suspended, the person is taken to be registered for the purposes of the following provisions despite that suspension: (a) Division 6 of this Part (which deals with renewal of registration); (b) sections 75M and 76P of the Act (which deal with advising of material changes in circumstance etc.), as applicable. 4-19 Period of suspension (1) A suspension of a registration under Part 6 or 6A of the Act by the AUSTRAC CEO has effect for a period determined by the AUSTRAC CEO, which may be up to 3 months. (2) The AUSTRAC CEO may extend the period of the suspension by a further period of up to 3 months if the AUSTRAC CEO is satisfied it is appropriate to do so, having regard to whether the AUSTRAC CEO continues to reasonably suspect a matter mentioned in section 4-17. (3) The AUSTRAC CEO must not extend the period of a suspension under subsection (2) more than once. 4-20 Notice of suspension decision (1) If the AUSTRAC CEO decides to suspend a person’s registration under Part 6 or 6A of the Act, the AUSTRAC CEO must, as soon as practicable after the decision is made, give written notice of the suspension to: (a) the person; and (b) if the suspension is of the registration of a registered remittance network provider—each registered remittance affiliate of that provider; and (c) if the suspension is of the registration of a registered remittance affiliate of a registered remittance network provider—the provider. (2) The notice must contain: (a) information setting out the effect of the suspension; and (b) the date the suspension takes effect; and (c) the date the suspension ceases; and (d) information on the power of the AUSTRAC CEO to extend the period of the suspension. 4-21 Notice of extension of suspension (1) If the AUSTRAC CEO extends the period of the suspension of a person’s registration under subsection 4-19(2), the AUSTRAC CEO must, as soon as practicable after the suspension is extended, give written notice of the extension to: (a) the person; and (b) if the suspension is of the registration of a registered remittance network provider—each registered remittance affiliate of that provider; and (c) if the suspension is of the registration of a registered remittance affiliate of a registered remittance network provider—the provider. (2) The notice must contain: (a) information setting out the effect of the extension; and (b) the date the suspension, as extended, ceases. 4-22 Revocation of suspension of registration (1) The AUSTRAC CEO may decide to revoke the suspension of a person’s registration under Part 6 or 6A of the Act if the AUSTRAC CEO is satisfied that it is appropriate to do so, having regard to the information (if any) given to the AUSTRAC CEO by the person after the suspension of the person’s registration. (2) Subsection (1) applies whether or not the suspension of a person’s registration has been extended under subsection 4-19(2). 4-23 Notice of decision to revoke suspension of registration (1) If the AUSTRAC CEO decides, under subsection 4-22(1), to revoke the suspension of a person’s registration under Part 6 or Part 6A, the AUSTRAC CEO must, as soon as practicable after the decision, give written notice of the decision to: (a) the person; and (b) if the suspension was of the registration of a registered remittance network provider—each registered remittance affiliate of that provider; and (c) if the suspension was of the registration of a registered remittance affiliate of a registered remittance network provider—the provider. (2) The notice must specify the date that the suspension of registration ceased. 4-24 Register entry in relation to suspension of registration (1) If the AUSTRAC CEO suspends the registration of a person under Part 6 or 6A of the Act, or extends such a suspension, the AUSTRAC CEO must enter on the Remittance Sector Register or the Virtual Asset Service Provider Register, respectively, information identifying that the person’s registration is or remains suspended. (2) The AUSTRAC CEO must remove that information from the Remittance Sector Register or the Virtual Asset Service Provider Register as soon as practicable after: (a) the suspension is revoked under subsection 4-22(1); or (b) the period of the suspension ceases. Division 5—Cancellation of registration 4-25 Cancellation of registration—other matters For the purposes of paragraphs 75G(1)(c) and 76J(1)(c) of the Act, the following matters are specified: (a) whether the person, any of its key personnel or any associate of the person or its key personnel, has been charged or convicted of an offence against the Act, or of an offence against a law of the Commonwealth, a State or Territory or a foreign country of any of the following kinds: (i) money laundering; (ii) terrorism or financing of terrorism; (iii) proliferation financing; (iv) people smuggling; (v) fraud (including scams); (vi) a serious offence of any other kind; (b) whether the person or any of its key personnel has been found by a court to have contravened the Act, the regulations or the AML/CTF Rules; (c) whether the person or any of its key personnel has been the subject of civil or criminal proceedings, or a regulatory or disciplinary process in Australia or a foreign country that: (i) related to the management of an entity, or commercial or professional activity; and (ii) involved an adverse finding as to the competence, diligence, judgement, honesty or integrity of the person or the key personnel (as applicable); (d) whether the person is carrying on a business that involves providing registrable services; (e) whether the person continues to have the operational capability necessary to comply with the obligations imposed on the person by the Act, the regulations and the AML/CTF Rules; (f) whether the person and the person’s key personnel continue to have experience that is appropriate, having regard to the nature of the person’s business and the ML/TF risks of the person’s customers, in functions relevant to: (i) the person’s obligations under the Act; and (ii) providing registrable services; (g) whether any information given by the person, or if the registration is as a remittance affiliate of a registered remittance network provider, the provider, for the purposes of Part 6 or 6A of the Act in connection with that registration: (i) is false or misleading in a material particular; or (ii) omits any matter or thing without which the information is misleading in a material particular. 4-26 Publication of cancellation information For the purposes of subsections 75G(3) and 76J(4) of the Act, the names and dates mentioned in those subsections may be published: (a) on AUSTRAC’s website; or (b) on the Remittance Sector Register or the Virtual Asset Service Provider Register (as relevant); or (c) on both AUSTRAC’s website and the relevant Register. Division 6—Renewal of registration 4-27 Purpose of this Division This Division is made for the purposes of sections 75J and 76L of the Act. 4-28 Application for renewal of registration (1) A person registered under Part 6 or 6A of the Act as any of the following may apply in writing to the AUSTRAC CEO for renewal of that registration: (a) a remittance network provider; (b) an independent remittance dealer; (c) a remittance affiliate of a registered remittance network provider that applied for registration on its own behalf (see paragraph 75B(1)(c) of the Act); (d) a virtual asset service provider. (2) A registered remittance network provider that applied, under subsection 75B(2) of the Act, for registration of another person as a remittance affiliate of the provider under Part 6 of the Act may apply in writing to the AUSTRAC CEO for renewal of that other person’s registration. (3) An application under this section: (a) must be in the approved form; and (b) must contain the information required by the approved form, which may include information regarding whether section 75M or 76P of the Act (as applicable) has been complied with in relation to the registration. 4-29 Period within which renewal applications may be made An application for renewal of a person’s registration under Part 6 or 6A of the Act may be made within the period of 90 days ending on the day on which the registration would otherwise cease. Note 1: Registrations are in effect for a period of 3 years (see paragraphs 75F(1)(c) and 76H(1)(c) of the Act, and section 4-31 of this instrument). Note 2: Registration of a person may continue in effect after the expiry of the 3 year registration period if a decision on the person’s application for renewal under this section has not been made before the end of the period (see section 4-33). 4-30 Determining renewal application If an application for renewal of a person’s registration is made in accordance with sections 4-28 and 4-29 of this instrument, the AUSTRAC CEO must decide to renew the registration if the AUSTRAC CEO is satisfied that it is appropriate to do so, having regard to: (a) whether the renewed registration of the person would involve a significant money laundering, financing of terrorism or other serious crime risk; and (b) whether section 75M or 76P of the Act (as applicable) has been complied with in relation to the registration, and whether the person’s enrolment details and registrable details, as advised to the AUSTRAC CEO, are correct and up-to-date; and (c) whether the AUSTRAC CEO reasonably suspects that any information contained in the application: (i) is false or misleading in a material particular; or (ii) omits any matter or thing without which the information is misleading in a material particular; and (d) whether the person is carrying on a business that involves providing registrable services; and (e) whether the person continues to have the operational capability necessary to comply with the Act, the regulations and the AML/CTF Rules. 4-31 Period for which renewed registrations have effect A renewed registration under Part 6 or 6A of the Act has effect for a period of 3 years. 4-32 Decision on renewal application is a reviewable decision For the purposes of section 233B of the Act, a decision of the AUSTRAC CEO under section 4-30 of this instrument not to renew a person’s registration is a reviewable decision. 4-33 Continuation of registration pending decision on renewal application (1) This section applies if: (a) the registration of a person under Part 6 or 6A of the Act would otherwise cease at the end of the period of 3 years commencing on the day on which the registration took effect; and (b) before the end of that period, an application for renewal of the registration is made in accordance with sections 4-28 and 4-29 of this instrument. (2) The person’s registration continues in effect after the end of the 3-year period until the AUSTRAC CEO’s decision on the renewal application takes effect. Division 7—Matters registered persons required to advise 4-34 Matters registered persons required to advise (1) For the purposes of paragraphs 75M(1)(e) and (2)(b), and 76P(1)(b), of the Act, this section specifies matters that a person registered under Part 6 or 6A of the Act must advise to the AUSTRAC CEO under those paragraphs. (2) The person must advise the following matters: (a) a change in the person’s registrable details; (b) a change in the matters mentioned in paragraphs 4-9(2)(a), (b) or (c) in relation to the person or its key personnel (which deal with certain criminal or civil proceedings); (c) a change in information mentioned in section 4-8 (which deals with information regarding other persons assisting) in relation to the person; (d) a change in any details mentioned in paragraph 4-4(1)(e) (which deals with foreign country registrations or licences) in relation to the person; (e) the person ceasing to provide registrable services; (f) a change in the information mentioned in paragraph 4-4(1)(j) (which deals with details of any beneficial owners) in relation to the person; (g) a change in the information mentioned in paragraph 4-4(1)(q) (which deals with dealing with persons located in foreign countries) in relation to the person; (h) for a person registered as a remittance network provider—a removal by the provider of a remittance affiliate of the provider from its remittance network. (3) The person must advise if the person becomes aware that information given to the AUSTRAC CEO was incomplete or inaccurate, and of the correction or clarification required in relation to the information, in circumstances where the information was given: (a) by the person in connection with the registration; or (b) if the registration is as a remittance affiliate of a registered remittance network provider—by the provider in connection with the registration; or (c) if the registration is as a remittance network provider—by the provider in connection with the registration of a remittance affiliate of the provider. Division 8—Other matters 4-35 Spent convictions Nothing in this Part affects the operation of Part VIIC of the Crimes Act 1914 (which includes provisions that, in certain circumstances, relieve persons from the requirement to disclose spent convictions and require persons aware of such convictions to disregard them). Part 5—AML/CTF programs Division 1—ML/TF risk assessment 5-1 Review of ML/TF risk assessment (1) For the purposes of subparagraph 26D(1)(a)(iii) of the Act, a reporting entity must review its ML/TF risk assessment if an independent evaluation report contains adverse findings in relation to the ML/TF risk assessment. (2) For the purposes of paragraph 26D(2)(d) of the Act, the review must be undertaken as soon as practicable after the governing body of the reporting entity receives the independent evaluation report. Division 2—AML/CTF policies related to ML/TF risk mitigation 5-2 Carrying out customer due diligence (1) For the purposes of paragraph 26F(7)(a) of the Act, this section specifies requirements in relation to the matter mentioned in paragraph 26F(3)(b) of the Act (carrying out customer due diligence in accordance with Part 2 of the Act). (2) The AML/CTF policies of the reporting entity must set out the circumstances in which the reporting entity will, for the purposes of undertaking initial customer due diligence in accordance with section 28 of the Act: (a) collect kinds of KYC information relating to a customer; or (b) both collect and verify kinds of KYC information relating to a customer; including but not limited to the circumstances in which the reporting entity will collect, or collect and verify, information on the customer’s source of wealth and source of funds. (3) The AML/CTF policies of the reporting entity must set out the circumstances in which the reporting entity will, as part of undertaking ongoing customer due diligence of customers in accordance with section 30 of the Act: (a) collect kinds of additional KYC information relating to a customer; or (b) both collect and verify kinds of additional KYC information relating to a customer; including but not limited to the circumstances in which the reporting entity will collect, or collect and verify, information on the customer’s source of wealth and source of funds. 5-3 Policies relating to targeted financial sanctions For the purposes of paragraph 26F(3)(e) of the Act, the AML/CTF policies of a reporting entity must deal with ensuring that, in providing its designated services, the reporting entity: (a) does not make any assets available to, or available for the benefit of, a person designated for targeted financial sanctions, in contravention of the Autonomous Sanctions Act 2011 or the Charter of the United Nations Act 1945; and (b) does not use or deal with, or allow or facilitate the use of or dealing with, any assets owned or controlled (directly or indirectly) by a person designated for targeted financial sanctions, in contravention of either of those Acts. 5-4 Reviewing and updating AML/CTF policies following independent evaluation For the purposes of subparagraph 26F(3)(c)(ii) of the Act, the AML/CTF policies of a reporting entity must deal with reviewing and updating the AML/CTF policies in response to an independent evaluation report that contains adverse findings in relation to the AML/CTF policies. 5-5 Actions requiring approval or that senior manager be informed Approval of senior manager (1) For the purposes of paragraph 26F(3)(e) of the Act, the AML/CTF policies of a reporting entity must ensure that the approval of a senior manager of the reporting entity is obtained before the reporting entity does any of the following: (a) commences to provide a designated service to a customer, if the reporting entity has established on reasonable grounds that the customer, any beneficial owner of the customer or any person on whose behalf the customer is receiving the service is a foreign politically exposed person; (b) commences to provide a designated service to a customer, if: (i) the reporting entity has established on reasonable grounds that the customer, any beneficial owner of the customer or any person on whose behalf the customer is receiving the service is a domestic politically exposed person; and (ii) the ML/TF risk of the customer is high; (c) commences to provide a designated service to a customer, if: (i) the reporting entity has established on reasonable grounds that the customer, any beneficial owner of the customer or any person on whose behalf the customer is receiving the service is an international organisation politically exposed person; and (ii) the ML/TF risk of the customer is high; (e) commences to provide a designated service as part of a nested services relationship; (f) enters into an agreement or arrangement of the kind referred to in paragraph 37A(1)(a) of the Act as the first entity. (1A) For the purposes of paragraph 26F(3)(e) of the Act, the AML/CTF policies of a reporting entity must ensure that, if the reporting entity establishes on reasonable grounds that the customer, any beneficial owner of the customer or any person on whose behalf the customer is receiving a designated service: (a) has become a foreign politically exposed person; or (b) has become a domestic politically exposed person, or an international organisation politically exposed person, in circumstances where the ML/TF risk of the customer is high; a senior manager of the reporting entity will determine, as soon as practicable after the steps required by section 6-24 of this instrument are completed, whether the reporting entity will continue a business relationship with the customer. (2) A foreign politically exposed person is to be treated as a domestic politically exposed person for the purposes of subsections (1) and (1A) if: (a) the designated service is being provided to the customer at or through a permanent establishment in a foreign country; and (b) the foreign politically exposed person has that status because of the person’s connection to the same foreign country. Informing senior manager (3) For the purposes of paragraph 26F(3)(e) of the Act, the AML/CTF policies of a reporting entity must ensure that a senior manager of the reporting entity is informed before the reporting entity commences to provide a designated service covered by item 39 of table 1 in section 6 of the Act to a customer if the ML/TF risk of the customer is high. Other actions requiring approval (4) For the purposes of paragraph 26F(3)(e) of the Act, the AML/CTF policies of a reporting entity must deal with: (a) circumstances (other than the circumstances mentioned in subsection (1)) in which approval is required relating to: (i) the reporting entity commencing to provide a designated service to a customer; or (ii) whether the reporting entity is to continue a business relationship with a customer; and (b) who is authorised to give the required approval in each of those circumstances. (5) Without limiting subsection (4), the polices must deal with circumstances in which the approval of a senior manager of the reporting entity is required if the customer, any beneficial owner of the customer or any person on whose behalf the customer is receiving a designated service was previously a politically exposed person. Division 3—AML/CTF policies related to governance and compliance management 5-6 Provision of information to governing body For the purposes of paragraph 26F(4)(g) of the Act, the AML/CTF policies of a reporting entity must deal with the provision of information to the governing body of the reporting entity to enable the governing body to fulfil its responsibilities under subsection 26H(1) of the Act. 5-7 Reporting from AML/CTF compliance officer to governing body Requirements (1) For the purposes of paragraph 26F(4)(g) of the Act, the AML/CTF policies of a reporting entity must deal with ensuring its governing body receives reports from its AML/CTF compliance officer about the following matters: (a) the reporting entity’s compliance with its AML/CTF policies; (b) the extent to which the reporting entity’s AML/CTF policies are appropriately managing and mitigating the risks of money laundering, financing of terrorism and proliferation financing that the reporting entity may reasonably face in providing its designated services; (c) the reporting entity’s compliance with the Act, the regulations and the AML/CTF Rules. (2) The AML/CTF policies of a reporting entity must provide for the reporting mentioned in subsection (1) to occur regularly, with a frequency of at least once every 12 months. Exception (3) Subsections (1) and (2) do not apply to a reporting entity if: (a) the reporting entity is an individual; or (b) the AML/CTF compliance officer of the reporting entity is the same individual who is the governing body of the reporting entity. 5-8 Undertaking personnel due diligence (1) For the purposes of paragraph 26F(7)(a) of the Act, this section specifies requirements in relation to the matter mentioned in paragraph 26F(4)(d) of the Act (undertaking due diligence in relation to persons who are, or will be, employed or otherwise engaged by the reporting entity). (2) The AML/CTF policies of the reporting entity must require the reporting entity, as part of undertaking that due diligence, to assess, both before a person’s employment or engagement and during a person’s employment or engagement: (a) the person’s skills, knowledge and expertise relevant to the particular responsibilities of the person under the AML/CTF policies; and (b) the person’s integrity. 5-9 Providing personnel training (1) For the purposes of paragraph 26F(7)(a) of the Act, this section specifies requirements in relation to the matter mentioned in paragraph 26F(4)(e) of the Act (providing training to persons who are employed or otherwise engaged by the reporting entity). (2) The AML/CTF policies of the reporting entity must deal with both initial training upon a person’s employment or engagement and ongoing training during a person’s employment or engagement. (3) The AML/CTF policies of the reporting entity must require that the training provided to a person: (a) is appropriate having regard to: (i) the particular function performed by the person; and (ii) the particular risks of money laundering, financing of terrorism and proliferation financing that are relevant to the person’s function; and (iii) the particular responsibilities of the person under the AML/CTF policies; and (b) is readily understandable by the person. 5-10 Independent evaluations (1) For the purposes of paragraph 26F(7)(a) of the Act, this section specifies requirements in relation to the matter mentioned in paragraph 26F(4)(f) of the Act (the conduct of independent evaluations of the reporting entity’s AML/CTF program). (2) The AML/CTF policies of the reporting entity must require the following as part of the conduct of an independent evaluation: (a) evaluation of the steps taken by the reporting entity when undertaking or reviewing the reporting entity’s ML/TF risk assessment, against the requirements of the Act, the regulations and the AML/CTF Rules; (b) evaluation of the design of the reporting entity’s AML/CTF policies, against the requirements of the Act, the regulations and the AML/CTF Rules; (c) testing and evaluation of the compliance of the reporting entity with the reporting entity’s AML/CTF policies; (d) testing and evaluation of whether the reporting entity is appropriately identifying, assessing, managing and mitigating the risks of money laundering, financing of terrorism and proliferation financing that the reporting entity may reasonably face in providing its designated services; (e) production of a written report (an independent evaluation report) containing findings on the matters mentioned in paragraphs (a) to (d); (f) delivery of the independent evaluation report to the governing body of the reporting entity and to any senior manager responsible for approvals under section 26P of the Act. (3) The AML/CTF polices of the reporting entity must deal with how the reporting entity will respond to an independent evaluation report. 5-11 Fulfilling reporting obligations For the purposes of paragraph 26F(4)(g) of the Act, the AML/CTF policies of a reporting entity must deal with ensuring that information reported by the entity under sections 41, 43, 46 and 46A of the Act is complete, accurate and free from unauthorised change. 5-12 Assessment of potential suspicious matters For the purposes of paragraph 26F(4)(g) of the Act, the AML/CTF policies of a reporting entity must deal with the following: (a) enabling timely review of material that is relevant to matters that may need to be reported under section 41 of the Act; (b) ensuring determination, as soon as practicable, of whether the reporting entity suspects on reasonable grounds any of the matters referred to in paragraphs 41(1)(d) to (j) of the Act. 5-13 Prevention of tipping off For the purposes of paragraph 26F(4)(g) of the Act, the AML/CTF policies of a reporting entity must deal with establishing safeguards to prevent any contravention of subsection 123(1) of the Act by the reporting entity or an officer, employee or agent of the reporting entity, including by ensuring the confidentiality and appropriate use of information disclosed by the reporting entity to persons employed or otherwise engaged by the reporting entity. Division 4—AML/CTF compliance officers 5-14 AML/CTF compliance officer requirements—matters to have regard to in determining whether a fit and proper person (1) For the purposes of subsection 26J(4) of the Act, a reporting entity must have regard to the following matters in determining whether an individual is a fit and proper person for the purposes of paragraph 26J(3)(b) of the Act: (a) whether the individual possesses the necessary competence, skills, knowledge, diligence, expertise and soundness of judgement to properly perform the duties of the AML/CTF compliance officer for the reporting entity (also having regard to the nature, size and complexity of the reporting entity); (b) whether the individual has the attributes of good character, honesty and integrity; (c) whether the individual has been convicted of a serious offence; (d) whether the individual has been the subject of civil or criminal proceedings, or a regulatory or disciplinary process in Australia or a foreign country that: (i) related to the management of an entity, or commercial or professional activity; and (ii) involved an adverse finding as to the individual’s competence, diligence, judgement, honesty or integrity; (e) whether the individual is an undischarged bankrupt under the law of Australia or a foreign country; (f) whether the individual has executed a personal insolvency agreement under Part X of the Bankruptcy Act 1966 or a similar law of a foreign country; (g) whether the individual has a conflict of interest that will create a material risk that the individual will fail to properly perform the duties of the AML/CTF compliance officer for the reporting entity. (2) Paragraph (1)(c) of this section does not affect the operation of Part VIIC of the Crimes Act 1914 (which includes provisions that, in certain circumstances, relieve persons from the requirement to disclose spent convictions and require persons aware of such convictions to disregard them). Division 5—AML/CTF program documentation 5-15 Time period for AML/CTF program documentation (1) For the purposes of subsection 26N(1) of the Act, a reporting entity must document: (a) the ML/TF risk assessment undertaken by the reporting entity under section 26C of the Act; and (b) the AML/CTF policies developed by the reporting entity under section 26F of the Act; within the period ending immediately before the reporting entity first commences providing a designated service to a customer. (2) For the purposes of subsection 26N(1) of the Act, if a reporting entity: (a) updates its ML/TF risk assessment under section 26D of the Act; or (b) updates its AML/CTF policies; the reporting entity must document its AML/CTF program (as updated) within 14 days after the update occurs. Division 6—AML/CTF policies related to lead entities 5-16 Record-keeping by lead entity of reporting group For the purposes of paragraph 26F(6)(d) of the Act, the AML/CTF policies of a reporting entity that is the lead entity of a reporting group must deal with keeping up-to-date records about the membership of the reporting group (including recording changes of membership). Division 7—AML/CTF policies related to transfers of value 5-17 Policies relating to the obligations of ordering institutions Scope (1) This section applies if a reporting entity is to provide a designated service covered by item 29 of table 1 in section 6 of the Act as an ordering institution. Policies relating to all transfers of value (2) For the purposes of paragraph 26F(4)(g) of the Act, the AML/CTF policies of the reporting entity must set out systems and controls to enable the reporting entity to comply with its obligation under subsection 64(5) of the Act to provide information to another institution in the value transfer chain as soon as practicable after receiving a request. (3) For the purposes of paragraph 26F(7)(b) of the Act, the AML/CTF policies of a reporting entity are taken to comply with the matters mentioned in subsection (2) in relation to the provision of information if they require provision of the information within 3 business days after receiving sufficient information from the other institution to process the request. Policies relating to merchant payments (4) Subsection (5) applies if: (a) the designated service relates to a merchant payment; and (b) the designated service is provided at or through a permanent establishment of the reporting entity in Australia. (5) For the purposes of paragraph 26F(1)(d) of the Act, the AML/CTF policies of a reporting entity must enable the reporting entity to provide the following information to another institution in the value transfer chain within 3 business days after receiving a request from the institution for that information: (a) the reporting entity’s full name; (b) the permanent establishment at or through which it provided the designated service. Policies relating to virtual asset transfers (6) For the purposes of paragraph 26F(3)(e) of the Act, the AML/CTF policies of a reporting entity must deal with the following if the designated service relates to the transfer of a virtual asset: (a) how the reporting entity will undertake due diligence to determine, for the purposes of subsection 66A(2) of the Act: (i) whether the wallet to which the virtual asset is being transferred is a custodial wallet or a self-hosted wallet; and (ii) if the wallet is a custodial wallet—whether the person who controls the wallet is required to be licensed or registered under a law that gives effect to the FATF Recommendations, and, if the person is so required, whether the person is so licensed or registered; (b) if the person who controls the wallet is a person licensed or registered under a law that gives effect to the FATF Recommendations, or a person not required to be so licensed or registered—how the reporting entity will determine whether the beneficiary institution is capable of: (i) securely receiving the information that the reporting entity is required to pass on under subsection 64(3) of the Act; and (ii) safeguarding the confidentiality of that information; (c) if the wallet is a self-hosted wallet—how the reporting entity will identify the payee and any steps the reporting entity will take to verify the person who controls the wallet; (d) how the reporting entity will manage and mitigate the ML/TF risk of transferring the virtual asset if the person who controls the wallet is: (i) the payee (in a case where the person who controls the wallet has not been verified); or (ii) a person not required to be licensed or registered under a law that gives effect to the FATF Recommendations. Note: Subsection 66A(4) of the Act prohibits provision of the designated service if the transfer of value involves passing on a transfer message to a person who is required to be licensed or registered under a law that gives effect to the FATF Recommendations, but is not so licensed or registered. 5-18 Policies relating to the obligations of beneficiary institutions Scope (1) This section applies if a reporting entity is to provide a designated service covered by item 30 of table 1 in section 6 of the Act as a beneficiary institution to a payee. Policies relating to all transfers of value (2) For the purposes of paragraph 26F(3)(e) of the Act, the AML/CTF policies of a reporting entity must deal with the following: (a) the steps that the reporting entity will take to monitor: (i) whether the reporting entity has received the information specified in section 8-4 of this instrument relating to the transfer of value; and (ii) whether the information received about the payee is accurate; (b) determining whether to make the transferred value available to the payee in the circumstances described in subsection 65(3) of the Act; (c) determining whether to request further information from another institution in the value transfer chain in the circumstances described in subsection 65(3) of the Act. Note: Subsection 66A(6) of the Act prohibits a beneficiary institution from providing the designated service in relation to the transfer of a virtual asset if it has not received or otherwise obtained all of the information, unless the exception in subsection 66A(10) applies. Policies relating to virtual asset transfers (3) The AML/CTF policies of the reporting entity must also deal with the following if the designated service is to be provided in relation to the transfer of a virtual asset: (a) how the reporting entity will undertake due diligence to determine, for the purposes of subsection 66A(2) of the Act: (i) whether the wallet from which the virtual asset is being transferred is a custodial wallet or a self-hosted wallet; and (ii) if the wallet is a custodial wallet—whether the person who controls the wallet is required to be licensed or registered under a law that gives effect to the FATF Recommendations, and, if the person is so required, whether the person is so licensed or registered; (b) if the person who controls the wallet is a person who is licensed or registered under a law that gives effect to the FATF Recommendations, or a person not required to be so licensed or registered—how the reporting entity will determine whether the ordering institution, and any intermediary institution, is capable of securely passing on the information specified in section 8-4 of this instrument relating to the transfer of value; (c) if the wallet is a self-hosted wallet—how the reporting entity will identify the payer, and any steps the reporting entity will take to verify the person who controls the wallet; (d) how the reporting entity will manage and mitigate the ML/TF risk of transferring the virtual asset if the person who controls the wallet is: (i) the payer (in a case where the person who controls the wallet has not been verified); or (ii) a person not required to be licensed or registered under a law that gives effect to the FATF Recommendations; or (iii) a person licensed or registered under a law that gives effect to the FATF Recommendations, in a case where the ordering institution or any intermediary institution is not capable of securely passing on information. Note: Subsection 66A(7) of the Act prohibits provision of the designated service if the person who controls the wallet is required to be licensed or registered under a law that gives effect to the FATF Recommendations, but is not so licensed or registered. Policies relating to merchant payments (4) Subsection (5) applies if: (a) the designated service provided by a reporting entity relates to a merchant payment; and (b) the designated service is provided at or through a permanent establishment of the reporting entity in Australia. (5) For the purposes of paragraph 26F(1)(d) of the Act, the AML/CTF policies of the reporting entity must enable the reporting entity to provide the following information to another institution in the value transfer chain within 3 business days after receiving a request from the institution for that information: (a) the reporting entity’s full name; (b) the permanent establishment at or through which it provided the designated service. 5-19 Policies relating to the obligations of intermediary institutions Scope (1) This section applies if a reporting entity is to provide a designated service covered by item 31 of table 1 in section 6 of the Act, as an intermediary institution, for a transfer of value. Policies relating to all transfers of value (2) For the purposes of paragraph 26F(3)(e) of the Act, the AML/CTF policies of a reporting entity must deal with the following: (a) the steps that the reporting entity will take to monitor whether the reporting entity has received the information specified in section 8-5 of this instrument relating to the transfer of value; (b) determining whether to pass on a transfer message for the transfer of value in the circumstances described in subsection 66(3) of the Act; (c) determining whether to request further information from another institution in the value transfer chain in the circumstances described in subsection 66(3) of the Act. (3) For the purposes of paragraph 26F(4)(g) of the Act, the AML/CTF policies of the reporting entity must set out systems and controls to enable the reporting entity to comply with its obligations under subsection 66(5) of the Act to provide information to another institution in the value transfer chain as soon as practicable after receiving a request. (4) For the purposes of paragraph 26F(7)(b) of the Act, the AML/CTF policies of a reporting entity are taken to comply with the matters mentioned in subsection (3) of this section if they require provision of the information within 3 business days after receiving sufficient information from the institution to process the request. Division 8—AML/CTF policies related to real estate transactions 5-20 Policies relating to customer due diligence for real estate transactions For the purposes of paragraph 26F(3)(e) of the Act, the AML/CTF policies of a reporting entity that: (a) is to provide a designated service covered by item 1 of table 5 or item 1 of table 6 in section 6 of the Act; and (b) is a participant in an arrangement of the kind described in paragraph 6-33(f) of this instrument; must deal with how the reporting entity will verify the KYC information the reporting entity has collected in relation to a customer before the settlement of a sale, purchase or transfer of real estate, if the reporting entity does not obtain KYC information and data used for verification in relation to the customer from another reporting entity as described in paragraph 6-33(g) of this instrument. Part 6—Customer due diligence Division 1—Initial customer due diligence 6-1 Customer is sole trader (1) This section applies in relation to complying with the obligation imposed on a reporting entity under subsection 28(1) of the Act in relation to a customer, if: (a) the customer is an individual; and (b) the provision of a designated service is proposed to relate to the customer’s conduct of a business; and (c) a designated service is proposed to be provided by the reporting entity to the customer at or through a permanent establishment of the reporting entity in Australia. (2) For the purposes of paragraph 28(6)(a) of the Act, in establishing on reasonable grounds the matter mentioned in paragraph 28(2)(a) of the Act (the identity of the customer), the reporting entity must collect at least the following KYC information: (a) the customer’s full name; (b) any business name used for the conduct of the business; (c) any other names the customer is commonly known by; (d) a unique identifier for the business or, if none has been given, a unique identifier for the customer (if any has been given); (e) the address of the principal place of business of the customer. (3) For the purposes of paragraph 28(6)(a) of the Act, in establishing on reasonable grounds the matter mentioned in paragraph 28(2)(f) of the Act (the nature and purpose of the business relationship or occasional transaction), the reporting entity must collect at least KYC information about the nature of the customer’s business. 6-2 Customer is body corporate, partnership or unincorporated association (1) This section applies in relation to complying with the obligation imposed on a reporting entity under subsection 28(1) of the Act in relation to a customer, if: (a) the customer is a body corporate, a partnership or an unincorporated association; and (b) a designated service is proposed to be provided by the reporting entity to the customer at or through a permanent establishment of the reporting entity in Australia. (2) For the purposes of paragraph 28(6)(a) of the Act, in establishing on reasonable grounds the matter mentioned in paragraph 28(2)(a) (the identity of the customer), the reporting entity must collect at least the following KYC information: (a) the customer’s full name; (b) any business names of the customer; (c) any other names the customer is commonly known by; (d) a unique identifier for the customer (if any has been given); (e) the address of the principal place of business or operations of the customer; (f) the address of any registered office of the customer; (g) evidence of the customer’s existence; (h) information about the powers that bind and govern the customer; (i) the full name, and if applicable director identification number, of the individual, or each member of the group of individuals, with primary responsibility for the governance and executive decisions of the customer. (3) For the purposes of paragraph 28(6)(a) of the Act, in establishing on reasonable grounds the matter mentioned in paragraph 28(2)(d) of the Act (the identity of any beneficial owners of the customer), the reporting entity must collect at least KYC information about the ownership and control structure of the customer. (4) For the purposes of paragraph 28(6)(a) of the Act, in establishing on reasonable grounds the matter mentioned in paragraph 28(2)(f) of the Act (the nature and purpose of the business relationship or occasional transaction), the reporting entity must collect at least KYC information about the nature of the customer’s business or operations. 6-3 Customer is trust or foreign equivalent (1) This section applies in relation to complying with the obligation imposed on a reporting entity under subsection 28(1) of the Act in relation to a customer, if: (a) the customer is a trust, or an equivalent foreign legal arrangement such as a fiducie, waqf, treuhand or fideicomiso; and (b) a designated service is proposed to be provided by the reporting entity to the customer at or through a permanent establishment of the reporting entity in Australia. (2) For the purposes of paragraph 28(6)(a) of the Act, in establishing on reasonable grounds the matter mentioned in paragraph 28(2)(a) (the identity of the customer), the reporting entity must collect at least the following KYC information: (a) the customer’s full name; (b) the kind of trust or equivalent (such as discretionary trust, bare trust or unit trust); (c) any business names of the customer; (d) any other names the customer is commonly known by; (e) a unique identifier for the customer (if any has been given); (f) the address of the principal place of business or operations of the customer; (g) evidence of the customer’s existence; (h) information about the powers that bind and govern the customer; (i) the full name of the individual, or each member of the group of individuals, with primary responsibility for the governance and executive decisions of the customer. (3) For the purposes of paragraph 28(6)(a) of the Act, in establishing on reasonable grounds the matter mentioned in paragraph 28(2)(b) of the Act (the identity of any person on whose behalf the customer is receiving the designated service), the reporting entity must collect at least KYC information about: (a) the identity of each beneficiary of the trust or equivalent; or (b) if the nature of the trust or equivalent means it is not possible to identify each beneficiary, a description of each class of beneficiary. (4) For the purposes of paragraph 28(6)(a) of the Act, in establishing on reasonable grounds the matter mentioned in paragraph 28(2)(c) of the Act, the reporting entity must collect at least KYC information about the identity of the trustees of the trust. (5) For the purposes of paragraph 28(6)(a) of the Act, in establishing on reasonable grounds the matter mentioned in paragraph 28(2)(d) of the Act (the identity of any beneficial owners of the customer), the reporting entity must collect at least the following KYC information: (a) the control structure of the customer; (b) the identity of any settlor, appointor, guardian or protector of the trust or equivalent. (6) For the purposes of paragraph 28(6)(a) of the Act, in establishing on reasonable grounds the matter mentioned in paragraph 28(2)(f) of the Act (the nature and purpose of the business relationship or occasional transaction), the reporting entity must collect at least KYC information about the nature of the customer’s business or operations. 6-4 Customer is government body (1) This section applies in relation to complying with the obligation imposed on a reporting entity under subsection 28(1) of the Act in relation to a customer, if: (a) the customer is a government body; and (b) a designated service is proposed to be provided by the reporting entity to the customer at or through a permanent establishment of the reporting entity in Australia. (2) For the purposes of paragraph 28(6)(a) of the Act, in establishing on reasonable grounds the matter mentioned in paragraph 28(2)(a) of the Act (the identity of the customer), the reporting entity must collect at least the following KYC information: (a) the customer’s full name; (b) any other names the customer is commonly known by; (c) the name of the country or part of a country under which the customer is established; (d) a unique identifier for the customer (if any has been given); (e) the address of the principal place of business or operations of the customer; (f) evidence of the customer’s existence; (g) the full name, of the individual, or each member of the group of individuals, with primary responsibility for the governance and executive decisions of the customer. (3) For the purposes of paragraph 28(6)(a) of the Act, in establishing on reasonable grounds the matter mentioned in paragraph 28(2)(f) of the Act (the nature and purpose of the business relationship or occasional transaction), the reporting entity must collect at least KYC information about the nature of the customer’s business or operations. 6-5 Establishing the identity of persons associated with the customer (1) For the purposes of paragraph 28(6)(a) of the Act, this section specifies requirements in relation to establishing on reasonable grounds the identity of: (a) any person on whose behalf a customer is receiving a designated service, if the person is not an individual; or (b) any person acting on behalf of a customer, if the person is not an individual. (2) A reporting entity must collect at least the information relating to the identity of the person that would be required under whichever of subsections 6-2(2), 6-3(2) or 6-4(2) would apply to the person as a customer. 6-6 Person on whose behalf the customer is receiving the designated service Customer other than trust or foreign equivalent (1) For the purposes of paragraph 28(6)(b) of the Act, a reporting entity is taken to have established on reasonable grounds the matter mentioned in paragraph 28(2)(b) of the Act in relation to a customer if: (a) the customer is not a trust or an equivalent foreign legal arrangement such as a fiducie, waqf, treuhand or fideicomiso; and (b) the designated service proposed to be provided by the reporting entity to the customer is not covered by item 37 or 38 of table 1 in section 6 of the Act (services relating to a life policy or sinking fund policy); and (c) the reporting entity has established on reasonable grounds the identity of the customer as required by paragraph 28(2)(a) of the Act. Note: For a rule relating to providing a designated service covered by item 37 or 38 of table 1, see Division 10 of this Part. (1A) In circumstances where subsection (1) applies, the reporting entity is also taken to have established on reasonable grounds, for the purposes of paragraph 28(2)(e) of the Act, whether any person on whose behalf the customer is receiving the designated service is a politically exposed person or a person designated for targeted financial sanctions. Customer is trust or foreign equivalent (2) For the purposes of paragraph 28(6)(b) of the Act, a reporting entity is taken to have established on reasonable grounds the matter mentioned in paragraph 28(2)(b) of the Act in relation to a customer if: (a) the customer is a trust or an equivalent foreign legal arrangement such as a fiducie, waqf, treuhand or fideicomiso; and (c) the reporting entity establishes on reasonable grounds: (i) the identity of the beneficiaries of the trust or equivalent; or (ii) if the nature of the trust or equivalent means that it is not possible to identify each beneficiary—a description of each class of beneficiary. (3) In circumstances where subsection (2) applies and the reporting entity has established, on reasonable grounds, the matter mentioned in subparagraph (2)(c)(ii), the reporting entity is also taken to have established on reasonable grounds, for the purposes of paragraph 28(2)(e) of the Act, whether any person on whose behalf the customer is receiving the designated service is a politically exposed person or a person designated for targeted financial sanctions. 6-7 Beneficial owners of the customer (1) For the purposes of paragraph 28(6)(b) of the Act, a reporting entity is taken to have established on reasonable grounds the matter mentioned in paragraph 28(2)(d) of the Act (the identity of any beneficial owners of the customer) in relation to the customer if the reporting entity has established on reasonable grounds that: (a) the customer is a listed public company; and (b) the customer is subject to public disclosure requirements (however imposed) that ensure transparency regarding the identity of any beneficial owners. (1A) For the purposes of paragraph 28(6)(b) of the Act, a reporting entity is taken to have established on reasonable grounds the matter mentioned in paragraph 28(2)(d) of the Act in relation to the customer if the reporting entity has established on reasonable grounds that the customer is a government body. (1B) For the purposes of paragraph 28(6)(b) of the Act, a reporting entity is taken to have established on reasonable grounds the matter mentioned in paragraph 28(2)(d) of the Act in relation to the customer if the reporting entity has established on reasonable grounds that the customer is controlled (whether directly or indirectly) by: (a) a listed public company that is subject to public disclosure requirements (however imposed) that ensure transparency regarding the identity of any beneficial owner of the company; or (b) a government body. (1C) For the purposes of paragraph 28(6)(b) of the Act, a reporting entity is taken to have established on reasonable grounds, for the purposes of paragraph 28(2)(d) of the Act, the identity of an individual who is a beneficial owner of the customer if: (a) the reporting entity has established on reasonable grounds that the customer is owned in part (whether directly or indirectly) by, but not controlled by: (i) a listed public company that is subject to public disclosure requirements (however imposed) that ensure transparency regarding the identity of any beneficial owner of the company; or (ii) a government body; and (b) the individual is a beneficial owner of: (i) the company mentioned in subparagraph (a)(i); or (ii) the body mentioned in subparagraph (a)(ii); and (c) the individual is a beneficial owner of the customer solely by reason of the ownership mentioned in paragraph (b). (2) In circumstances where subsection (1), (1A), (1B) or (1C) applies, the reporting entity is also taken to have established on reasonable grounds, for the purposes of paragraph 28(2)(e) of the Act, whether any beneficial owner of the customer is a politically exposed person or a person designated for targeted financial sanctions. 6-8 Beneficial owners and senior manager, for bodies corporate, partnerships and unincorporated associations If reporting entity is unable to establish the identity of any beneficial owners (1) For the purposes of paragraph 28(6)(b) of the Act, a reporting entity is taken to have established on reasonable grounds the matter mentioned in paragraph 28(2)(d) of the Act (the identity of any beneficial owners of the customer) in relation to the customer if: (a) the customer is a body corporate, partnership or unincorporated association; and (b) the reporting entity has taken all reasonable steps to establish the identity of any beneficial owners of the customer, but has been unable to do so; and (c) the reporting entity has recorded the steps taken and any difficulties encountered in attempting to establish the identity of any beneficial owners; and (d) the reporting entity has collected information about the identity of the individual who is the chief executive officer (or equivalent) of the customer; and (e) the reporting entity has verified, using reliable and independent data, such of that information as is appropriate to the ML/TF risk of the customer. If reporting entity establishes there are no beneficial owners (2) For the purposes of paragraph 28(2)(g) of the Act, the matter in subsection (3) of this section is specified in relation to a customer if: (a) the customer is a body corporate, partnership or unincorporated association; and (b) the reporting entity establishes on reasonable grounds that the customer does not have any beneficial owners. (3) The matter is the identity of the individual who is the chief executive officer (or equivalent) of the customer. 6-9 The nature and purpose of the business relationship or occasional transaction For the purposes of paragraph 28(6)(b) of the Act, a reporting entity is taken to have established on reasonable grounds the matter mentioned in paragraph 28(2)(f) of the Act (the nature and purpose of the business relationship or occasional transaction) in relation to the customer if: (a) the reporting entity is not required to apply enhanced customer due diligence measures in relation to the customer; and (b) if the customer is an individual—the reporting entity has taken reasonable steps to establish that the customer is the person the customer claims to be; and (c) the reporting entity has identified the ML/TF risk of the customer, based on KYC information about the customer that is reasonably available to the reporting entity before commencing to provide the designated service; and (d) the reporting entity has collected KYC information about the customer relating to the matter mentioned in paragraph 28(2)(f) of the Act that is appropriate to the ML/TF risk of the customer. Note: For when enhanced customer due diligence measures must be applied in relation to a customer, see section 32 of the Act and Division 4 of this Part. 6-10 Individual cannot provide satisfactory evidence regarding a matter For the purposes of paragraph 28(6)(b) of the Act, a reporting entity is taken to have established on reasonable grounds a matter mentioned in subsection 28(2) of the Act that relates to establishing the identity of a person if: (a) the person is an individual; and (b) the person is unable to provide the information or evidence of identity necessary for the reporting entity to establish the matter because: (i) the person is unable to obtain the information or evidence; or (ii) the person is unable to access the information or evidence due to circumstances beyond the person’s control; and (c) the reporting entity has taken reasonable steps to establish that the person is who the person claims to be; and (d) if the person is the customer—the reporting entity has done all of the following: (i) identified the ML/TF risk of the customer, based on KYC information about the customer that is reasonably available to the reporting entity before commencing to provide the designated service; (ii) collected KYC information about the customer that is appropriate to the ML/TF risk of the customer; (iii) taken reasonable steps to verify, using data reasonably available to the reporting entity, such of the KYC information referred to in subparagraph (ii) as is appropriate to the ML/TF risk of the customer; and (e) the reporting entity has AML/CTF policies to mitigate and manage any additional ML/TF risk arising from the lack of the information or evidence. 6-11 Previous compliance in a foreign country For the purposes of paragraph 28(6)(b) of the Act, a reporting entity is taken to have established on reasonable grounds a matter mentioned in subsection 28(2) of the Act in relation to a customer if: (a) the designated service is proposed to be provided by the reporting entity to the customer at or through a permanent establishment of the reporting entity in Australia; and (b) the reporting entity or another member of the reporting group of the reporting entity has previously commenced to provide a service (whether or not a designated service) to the customer at or through a permanent establishment in a foreign country; and (c) laws of the foreign country giving effect to the FATF Recommendations relating to customer due diligence and record-keeping applied in relation to the provision of the service; and (d) either: (i) the reporting entity or other member of the reporting group was not required to establish the matter under those laws in relation to the provision of the service on the basis that the risks of money laundering, financing of terrorism and proliferation financing associated with the provision of the service to the customer were low; or (ii) the reporting entity or other member of the reporting group established the matter in relation to the provision of the service as required by those laws; and (e) either: (i) the reporting entity holds the KYC information collected on the customer, and the reliable and independent data used to verify the KYC information, in connection with the provision of the service; or (ii) the reporting entity has in place an arrangement permitting immediate access to the KYC information collected on the customer by the other member of the reporting group, and the reliable and independent data used to verify the KYC information, in connection with the provision of the service. Division 2—Providing services before completion of initial customer due diligence 6-12 Delayed verification—various designated services provided in Australia Permitted circumstances (1) For the purposes of paragraph 29(a) of the Act, a reporting entity may commence to provide a designated service to a customer (subject to the requirements of section 29 of the Act and this section) if the designated service is provided at or through a permanent establishment of the reporting entity in Australia. (2) However, subsection (1) does not apply in circumstances where section 6-13, 6-14 or 6-32 applies to the provision of the designated service. Requirements (3) For the purposes of paragraph 29(f) of the Act, it is a requirement for commencing to provide any such designated service that the reporting entity: (a) if the customer is an individual—has taken reasonable steps to establish that the customer is the person the customer claims to be; and (b) has identified the ML/TF risk of the customer, based on KYC information about the customer that is reasonably available to the reporting entity; and (c) has collected KYC information about the customer relating to all matters mentioned in subsection 28(2) of the Act, other than the matters specified in subsection 6-23(2) of this instrument, that is appropriate to the ML/TF risk of the customer; and (d) has established on reasonable grounds the matters in paragraphs 28(2)(a) and (c) of the Act. Note: Section 29 of the Act requires that the reporting entity also determines on reasonable grounds that commencing to provide the service is essential to avoid interrupting the ordinary course of business, and that any additional risk of money laundering, terrorism financing or proliferation financing is low, and the reporting entity has and implements AML/CTF policies relating to completing initial customer due diligence and mitigating and managing risks. (4) For the purposes of paragraph 29(f) of the Act, it is a further requirement for commencing to provide any such designated service that the reporting entity must not, before complying with subsection 28(1) of the Act: (a) transfer, or allow or facilitate the transfer of, money, property or virtual assets for or on behalf of the customer; or (b) otherwise make money, property or virtual assets available to the customer (other than holding the money, property or virtual assets in an account or otherwise on deposit from the customer). Specified period (5) For the purposes of subparagraph 29(c)(ii) of the Act, the specified period is the period ending 20 business days after commencing to provide the designated service to the customer. Note: In all cases, paragraph 29(c) of the Act requires a reporting entity to have AML/CTF policies to comply with subsection 28(1) of the Act as soon as reasonably practicable after commencing to provide the designated service to the customer. 6-13 Delayed verification—opening an account and deposit Permitted circumstances (1) For the purposes of paragraph 29(a) of the Act, a reporting entity may commence to provide a designated service to a customer (subject to the requirements of section 29 of the Act and this section) if: (a) one of the following applies to the designated service: (i) the designated service is covered by item 1 of table 1 in section 6 of the Act; (ii) the designated service is covered by item 3 of table 1 in section 6 of the Act, and the transaction is a deposit made to the account; (iii) provision of the designated service is reasonably incidental to the provision of a designated service mentioned in subparagraph (i) or (ii); and (b) the designated service is provided at or through a permanent establishment of the reporting entity in Australia. Requirements (2) For the purposes of paragraph 29(f) of the Act, it is a further requirement for commencing to provide any such designated service that the reporting entity must not, before complying with subsection 28(1) of the Act: (a) transfer, or allow or facilitate the transfer of, money, property or virtual assets for or on behalf of the customer; or (b) otherwise make money, property or virtual assets available to the customer (other than holding the money, property or virtual assets in an account or otherwise on deposit from the customer). 6-14 Delayed verification—certain financial market transactions Permitted circumstances (1) For the purposes of paragraph 29(a) of the Act, a reporting entity may commence to provide a designated service to a customer (subject to the requirements of section 29 of the Act and this section) if: (a) the designated service is covered by item 33 of table 1 in section 6 of the Act; and (b) the acquisition or disposal is of a security, derivative or foreign exchange contract on a declared financial market (within the meaning of the Corporations Act 2001); and (c) the acquisition or disposal must be performed rapidly due to financial market conditions relevant to the transaction; and (d) the designated service is provided at or through a permanent establishment of the reporting entity in Australia. Requirements (2) For the purposes of paragraph 29(f) of the Act, further requirements for commencing to provide any such designated service are: (a) the designated service must not involve the acquisition of an interest in a managed investment scheme to which section 1019B of the Corporations Act 2001 applies; and (b) the reporting entity must not do any of the following before complying with subsection 28(1) of the Act: (i) accept physical currency or virtual assets to fund the designated service; (ii) permit the customer to transfer, or otherwise part with, proceeds from a disposal of an asset to which the designated service relates; (iii) resell, transfer, or otherwise part with an asset to which the designated service relates that has been acquired on behalf of the customer; (iv) allow the customer to be recredited with, or obtain a refund of, the purchase price. Specified period (3) For the purposes of subparagraph 29(c)(ii) of the Act, the specified period is the period ending 5 business days after commencing to provide the designated service to the customer. Note: Paragraph 29(c) of the Act requires a reporting entity to have AML/CTF policies to comply with subsection 28(1) of the Act as soon as reasonably practicable after commencing to provide the designated service to the customer. 6-15 Delayed initial customer due diligence—service provided in foreign country (1) For the purposes of paragraph 29(a) of the Act, a reporting entity may commence to provide a designated service to a customer (subject to the requirements of section 29 of the Act and this section) if: (a) the service is provided at or through a permanent establishment of the reporting entity in a foreign country; and (b) the law of that country that gives effect to the FATF Recommendations permits the reporting entity to establish a matter or matters in subsection 28(2) of the Act after providing the service. (2) For the purposes of paragraph 29(f) of the Act, it is a requirement for commencing to provide any such designated service that the reporting entity has complied with the law of the foreign country relating to collection and verification of KYC information in relation to providing the service. Division 3—Simplified customer due diligence 6-16 Simplified customer due diligence requirements generally For the purposes of paragraph 31(c) of the Act, for a reporting entity to apply simplified customer due diligence measures, the AML/CTF policies of the reporting entity must deal with the application of those measures. 6-17 Simplified initial customer due diligence for certain matters For the purposes of paragraph 28(6)(b) of the Act, a reporting entity is taken to have established on reasonable grounds a matter mentioned in paragraph 28(2)(b), (c) or (d) of the Act in relation to a customer if: (a) section 31 of the Act permits the reporting entity to apply simplified customer due diligence measures in relation to the customer; and (b) if the customer is an individual—the reporting entity has taken reasonable steps to establish that the customer is the person the customer claims to be; and (c) the reporting entity has identified the ML/TF risk of the customer, based on KYC information about the customer that is reasonably available to the reporting entity before commencing to provide the designated service; and (d) the reporting entity has collected KYC information about the customer relating to the matter that is appropriate to the ML/TF risk of the customer; and (e) there are no reasonable grounds for the reporting entity to doubt the adequacy or veracity of that KYC information. 6-18 Simplified initial customer due diligence for identity of beneficial owners (1) For the purposes of paragraph 28(6)(b) of the Act, a reporting entity is taken to have established on reasonable grounds the matter mentioned in paragraph 28(2)(d) of the Act in relation to a customer if: (a) section 31 of the Act permits the reporting entity to apply simplified customer due diligence measures in relation to the customer; and (b) the reporting entity has established on reasonable grounds that the customer is, or is controlled by: (ii) a person that is subject to oversight by a prudential, insurance, or investor protection regulator through registration or licensing requirements; or (iii) a corporation or association of homeowners in a strata title or community title scheme. (2) In circumstances where subsection (1) applies, the reporting entity is also taken to have established on reasonable grounds, for the purposes of paragraph 28(2)(e) of the Act, whether any beneficial owner of the customer is a politically exposed person or a person designated for targeted financial sanctions. 6-19 Person acting on behalf of customer For the purposes of paragraph 28(6)(b) of the Act, a reporting entity is taken to have established on reasonable grounds, for the purposes of paragraph 28(2)(c) of the Act, the identity of a person acting on behalf of the customer and their authority to do so if: (a) the customer is not an individual; and (b) the reporting entity has established on reasonable grounds the authority of the person to act on behalf of the customer; and (c) the reporting entity determines on reasonable grounds that any additional risk of money laundering, terrorism financing or proliferation financing associated with the person acting on behalf of the customer is low; and (d) has collected KYC information about the customer, relating to the person acting on behalf of the customer, that is appropriate to the ML/TF risk of the customer; and (e) there are no reasonable grounds for the reporting entity to doubt the adequacy or veracity of that KYC information. Division 4—Enhanced customer due diligence 6-20 Enhanced customer due diligence required when customer seeks unusual services For the purposes of paragraph 32(f) of the Act, enhanced customer due diligence measures must be applied to a customer who requests the provision of designated services that: (a) have no apparent economic or legal purpose; or (b) would involve unusually complex or large transactions; or (c) would involve an unusual pattern of transactions. 6-21 Establishing source of wealth and source of funds when enhanced due diligence required in certain circumstances (1) For the purposes of paragraph 28(2)(g) of the Act, a matter in subsection (3) of this section is specified in relation to a customer if: (a) the reporting entity must apply enhanced customer due diligence measures in relation to the customer because paragraph 32(a), (b) or (d) of the Act applies to the customer; and (b) the matter is relevant to the nature of the ML/TF risk of the customer. (2) For the purposes of paragraph 30(2)(e) of the Act, a reporting entity must, in the course of reviewing, updating and reverifying KYC information as required by paragraph 30(2)(c) of the Act, ensure that it holds information on a matter in subsection (3) of this section if: (a) the reporting entity must apply enhanced customer due diligence measures in relation to the customer because paragraph 32(a), (b) or (d) of the Act applies to the customer; and (b) the matter is relevant to the nature of the ML/TF risk of the customer. (3) The matters are: (a) the source of the customer’s wealth; and (b) the source of the customer’s funds. 6-22 Enhanced customer due diligence requirements for certain virtual asset services (1) For the purposes of paragraph 32(f) of the Act, enhanced customer due diligence must be applied to a customer who deposits or receives physical currency in the course of receiving a designated service covered by item 50A of table 1 in section 6 of the Act. (2) For the purposes of paragraph 30(2)(e) of the Act, a reporting entity must collect and verify information about the source of funds of a customer who deposits or receives physical currency in the course of receiving a designated service covered by item 50A of table 1 in section 6 of the Act. (3) For the purposes of paragraph 30(2)(e) of the Act, a reporting entity must, in the course of reviewing, updating and reverifying KYC information as required by paragraph 30(2)(c) of the Act, ensure that it holds information on the source of a customer’s wealth if the reporting entity must apply enhanced customer due diligence measures in relation to the customer because of subsection (1) of this section. Division 5—Politically exposed persons 6-23 Matters for initial customer due diligence—politically exposed person (1) For the purposes of paragraph 28(2)(g) of the Act, the matters in subsection (2) of this section are specified in relation to a customer if: (a) the reporting entity has established on reasonable grounds that the customer, any beneficial owner of the customer or any person on whose behalf the customer is receiving the designated service is a foreign politically exposed person; or (b) both: (i) the reporting entity has established on reasonable grounds that the customer, any beneficial owner of the customer or any person on whose behalf the customer is receiving the designated service is a domestic politically exposed person; and (ii) the ML/TF risk of the customer is high; or (c) both: (i) the reporting entity has established on reasonable grounds that the customer, any beneficial owner of the customer or any person on whose behalf the customer is receiving the designated service is an international organisation politically exposed person; and (ii) the ML/TF risk of the customer is high. (2) The matters are: (a) the source of the politically exposed person’s wealth; and (b) the source of the politically exposed person’s funds. (3) A foreign politically exposed person is to be treated as a domestic politically exposed person for the purposes of subsection (1) if: (a) the designated service is being provided to the customer at or through a permanent establishment in a foreign country; and (b) the foreign politically exposed person has that status because of the person’s connection to the same foreign country. 6-24 Ongoing customer due diligence—politically exposed person (1) For the purposes of subparagraph 30(2)(c)(ii) of the Act, the reporting entity must review, and where appropriate, update and reverify KYC information relating to the customer if: (a) the customer, a beneficial owner of the customer or a person on whose behalf the customer is receiving the designated service becomes a foreign politically exposed person; or (b) both: (i) the customer, a beneficial owner of the customer or a person on whose behalf the customer is receiving the designated service becomes a domestic politically exposed person; and (ii) the ML/TF risk of the customer is high; or (c) both: (i) the customer, a beneficial owner of the customer or a person on whose behalf the customer is receiving the designated service becomes an international organisation politically exposed person; and (ii) the ML/TF risk of the customer is high. Note: In these circumstances, section 28 of the Act and section 6-23 of this instrument set out matters that (subject to any relevant exceptions) must be established before the reporting entity commences to provide a designated service to the customer. (2) A foreign politically exposed person is to be treated as a domestic politically exposed person for the purposes of subsection (1) if: (a) the designated service is being provided to the customer at or through a permanent establishment in a foreign country; and (b) the foreign politically exposed person has that status because of the person’s connection to the same foreign country. Division 6—Nested services relationships 6-25 Matters for initial customer due diligence—nested services relationship For the purposes of paragraph 28(2)(g) of the Act, the following matters are specified in relation to a customer of a reporting entity when a designated service is proposed to be provided to the customer as part of a nested services relationship: (a) the ownership, control and management structures of: (i) the customer; and (ii) the ultimate parent of the customer (if any); (b) the nature, size and complexity of the customer’s business, including: (i) the products and services offered by the customer, and the delivery channels by which it provides services; and (ii) the kinds of customers that the customer of the reporting entity has; and (iii) the kinds of transactions that would be carried out on behalf of the customer’s own customers as part of the nested services relationship and the services that would be provided to those customers that relate to such transactions; (c) the country or countries: (i) in which the customer operates or of which it is a resident; and (ii) if the ultimate parent of the customer (if any) has group-wide anti-money laundering and counter-terrorism financing policies, procedures, systems and controls, and the customer operates within those group-wide requirements—in which the ultimate parent operates or of which it is a resident; (d) the existence and quality of any anti-money laundering and counter-terrorism financing regulation and supervision in the country or countries identified under paragraph (c) and the customer’s compliance practices in relation to those regulations; (e) the appropriateness of the customer’s anti-money laundering and counter-terrorism financing systems and controls; (f) the reputation, based on publicly available information, of the customer and the members (if any) of the business group of which the customer is a member that are a remitter, virtual asset service provider or financial institution, including whether the customer or any of those members has been the subject of: (i) a regulatory investigation relating to implementation of anti-money laundering, counter-terrorism financing or sanctions obligations; or (ii) adverse regulatory action relating to implementation of anti-money laundering, counter-terrorism financing or sanctions obligations; or (iii) an investigation or criminal or civil proceedings relating to money laundering, financing of terrorism or other serious crimes; (g) whether the customer of the reporting entity: (i) would undertake initial customer due diligence and ongoing customer due diligence in relation to its own customers who would be provided services as part of the nested services relationship; and (ii) would be able to provide to the reporting entity, on request, information collected when the customer of the reporting entity undertakes initial customer due diligence and ongoing customer due diligence in relation to its own customers, and the reliable and independent data used to verify the information; (h) whether the customer allows shell banks to receive services; (i) whether the customer of the reporting entity ensures that it does not provide services to its own customers in circumstances where those customers have a nested services relationship or correspondent banking relationship with a shell bank. 6-26 Ongoing customer due diligence—nested services relationship (1) For the purposes of subparagraph 30(2)(b)(iii) of the Act, the reporting entity must review, and where appropriate, update the reporting entity’s identification and assessment of the ML/TF risk of a customer if: (a) the reporting entity provides designated services to the customer as part of a nested services relationship; and (b) 2 years have elapsed since the reporting entity last identified and assessed the ML/TF risk of the customer. (2) For the purposes of subparagraph 30(2)(c)(ii) of the Act, the reporting entity must review and, where appropriate, update and reverify KYC information relating to a customer if: (a) the reporting entity provides designated services to the customer as part of a nested services relationship; and (b) 2 years have elapsed since the reporting entity last collected or reviewed the KYC information relating to the customer. (3) For the purposes of subparagraph 30(2)(c)(ii) of the Act, the reporting entity must review, and where appropriate, update and reverify KYC information relating to the customer if: (a) the reporting entity commences to provide a designated service to the customer as part of a nested services relationship; and (b) the reporting entity has not previously provided that kind of designated service to the customer as part of such a relationship. Division 7—Transferred customers 6-27 Initial customer due diligence—transferred customer For the purposes of paragraph 28(6)(b) of the Act, a reporting entity is taken to have established on reasonable grounds each of the matters mentioned in subsection 28(2) in relation to a customer if: (a) the customer became a customer of the reporting entity as a result of any of the following events occurring: (i) another reporting entity (the prior entity) has assigned, conveyed, sold or transferred the whole or a part of its business to the reporting entity; (ii) all or part of the assets and liabilities of another reporting entity (the prior entity) have become the assets and liabilities of the reporting entity as a result of a voluntary transfer that has taken effect under Part 3 of the Financial Sector (Transfer and Restructure) Act 1999; (iii) all or part of the assets and liabilities of another reporting entity (the prior entity) have become the assets and liabilities of the reporting entity as a result of a compulsory transfer that has taken effect under an Act; and (b) the reporting entity has obtained copies of the records that the prior entity kept under sections 107, 108, 111 and 114 of the Act in relation to the customer. Note: This section relates to initial customer due diligence under section 28 of the Act. The reporting entity is also required to undertake ongoing customer due diligence under section 30 of the Act. 6-28 Ongoing customer due diligence—transferred pre-commencement customer (1) For the purposes of paragraph 30(3)(b) of the Act, a reporting entity is taken to comply with the matters mentioned in paragraphs 30(2)(b) and (c) of the Act in relation to a customer if: (a) the customer became a customer of the reporting entity as a result of any of the following events occurring: (i) another reporting entity (the prior entity) has assigned, conveyed, sold or transferred the whole or a part of its business to the reporting entity; (ii) all or part of the assets and liabilities of another reporting entity (the prior entity) have become the assets and liabilities of the reporting entity as a result of a voluntary transfer that has taken effect under Part 3 of the Financial Sector (Transfer and Restructure) Act 1999; (iii) all or part of the assets and liabilities of another reporting entity (the prior entity) have become the assets and liabilities of the reporting entity as a result of a compulsory transfer that has taken effect under an Act; and (b) immediately before that event, the customer was a pre-commencement customer of the prior entity; and (c) the reporting entity has obtained copies of the records that the prior entity kept under sections 107, 108, 111 and 114 of the Act in relation to the customer; and (d) the reporting entity monitors for significant changes in the nature and purpose of the reporting entity’s business relationship with the customer that may result in the ML/TF risk of the customer being medium or high. (2) However, subsection (1) ceases to apply in relation to the customer if: (a) a suspicious matter reporting obligation arises for the reporting entity in relation the customer; or (b) there is a significant change in the nature and purpose of the business relationship with the customer which results in the ML/TF risk of the customer being medium or high. Division 8—Reliance on collection and verification of KYC information 6-29 Requirements for agreement or arrangement on collection and verification of KYC information (1) For the purposes of paragraph 37A(1)(b) of the Act, the following requirements are prescribed in relation to an agreement or arrangement of the kind referred to in paragraph 37A(1)(a) of the Act: (a) the other party to the agreement or arrangement must be: (i) a reporting entity; or (ii) a person regulated by one or more laws of a foreign country that give effect to the FATF Recommendations relating to customer due diligence and record-keeping; (ab) the other person has in place measures to ensure compliance with: (i) if the other person is a reporting entity—the other person’s obligations under Part 2 (Customer due diligence) and Part 10 (Record-keeping requirements) of the Act; or (ii) if the other person is a person mentioned in subparagraph (a)(ii)—the equivalent laws of the foreign country; (b) the agreement or arrangement must be appropriate to the risks of money laundering, financing of terrorism and proliferation financing that the first entity may reasonably face in providing its designated services, taking into account the matters mentioned in subsection (2) of this section; (c) the agreement or arrangement must enable the first entity to obtain all of the KYC information collected by the other person in accordance with paragraph 28(3)(c) of the Act: (i) before the first entity commences to provide a designated service; or (ii) if section 29 of the Act applies to the provision of a designated service—within the period mentioned in paragraph 29(c) of the Act; (d) the agreement or arrangement must enable the first entity to obtain copies of the data used by the other person to verify KYC information in accordance with paragraph 28(3)(d) of the Act immediately or as soon as practicable following a request from the first entity; (e) the agreement or arrangement must document the responsibilities of each party, including responsibilities for record-keeping. (2) For the purposes of paragraph (1)(b), the matters are as follows: (a) the nature, size and complexity of the other person’s business, including: (i) the products and services offered by the other person, and the delivery channels by which it provides services; and (ii) the kinds of customers that the other person has; (b) the level of the risks of money laundering, financing of terrorism and proliferation financing in the country or countries in which the other person operates or of which the other person is a resident. 6-30 Regular assessment of agreement or arrangement (1) For the purposes of paragraph 37B(1)(a) of the Act, a reporting entity carrying out an assessment of an agreement or arrangement must assess whether the agreement or arrangement continues to meet the requirements of section 6-29 of this instrument. (2) For the purposes of paragraph 37B(1)(b) of the Act, a reporting entity must carry out assessments of an agreement or arrangement at intervals: (a) that take into account the type and level of risks of money laundering, financing of terrorism and proliferation financing that the reporting entity may reasonably face in providing its designated services; and (b) of not more than 2 years. (3) A reporting entity must also carry out an assessment if there is a significant change in circumstances that may affect whether the agreement or arrangement continues to meet the requirements of section 6-29 of this instrument. 6-31 Requirements for reliance on collection and verification of KYC information For the purposes of paragraph 38(e) of the Act, the following requirements are prescribed: (a) the other person must be: (i) a reporting entity; or (ii) a person regulated by one or more laws of a foreign country that give effect to the FATF Recommendations relating to customer due diligence and record-keeping; (ab) the other person has in place measures to ensure compliance with: (i) if the other person is a reporting entity—the other person’s obligations under Part 2 (Customer due diligence) and Part 10 (Record-keeping requirements) of the Act; or (ii) if the other person is a person mentioned in subparagraph (a)(ii)—the equivalent laws of the foreign country; (b) reliance on that procedure must be appropriate to the risks of money laundering, financing of terrorism and proliferation financing that the first entity may reasonably face in providing its designated services, taking into account: (i) the nature, size and complexity of the other person’s business; and (ii) the kinds of services provided by the other person; and (iii) the kinds of customers to whom the other person’s services are provided; and (iv) the delivery channels by which the other person’s services are provided; and (v) the level of the risks of money laundering, financing of terrorism and proliferation financing in the country or countries in which the other person operates or of which the other person is a resident; (c) for compliance with paragraph 28(3)(c) of the Act—the first entity has reasonable grounds to believe that it can obtain all of the KYC information collected by the other person in accordance with that paragraph: (i) before the first entity commences to provide a designated service; or (ii) if section 29 of the Act applies to the provision of a designated service—within the period mentioned in paragraph 29(c) of the Act; (d) for compliance with paragraph 28(3)(d) of the Act—the first entity has reasonable grounds to believe that it can obtain copies of the data used by the other person to verify KYC information in accordance with that paragraph immediately or as soon as practicable following a request from the first entity; (e) the first entity documents the reasons for the first entity concluding that the requirements of paragraphs (b) to (d) of this section are met. Division 9—Real estate transactions 6-32 Delayed initial customer due diligence—real estate transactions Permitted circumstances (1) For the purposes of paragraph 29(a) of the Act, a reporting entity may commence to provide a designated service to a customer (subject to the requirements of section 29 of the Act and this section) if: (a) the designated service is covered by item 1 of table 5 in section 6 of the Act (brokering the sale, purchase or transfer of real estate); and (b) the customer is the buyer or transferee of the real estate; and (c) the designated service is provided at or through a permanent establishment of the reporting entity in Australia; and (d) the reporting entity has commenced to provide a designated service covered by item 1 of table 5 in section 6 of the Act to the seller or transferor of the real estate. (2) For the purposes of paragraph 29(a) of the Act, a reporting entity may commence to provide a designated service to a customer (subject to the requirements of section 29 of the Act and this section) if: (a) the designated service is covered by item 1 of table 5 in section 6 of the Act (brokering the sale, purchase or transfer of real estate); and (b) the customer is the seller or transferor of the real estate; and (c) the designated service is provided at or through a permanent establishment of the reporting entity in Australia; and (d) the reporting entity has commenced to provide a designated service covered by item 1 of table 5 in section 6 of the Act to the buyer or transferee of the real estate. (3) For the purposes of paragraph 29(a) of the Act a reporting entity may commence to provide a designated service to a customer (subject to the requirements of section 29 of the Act and this section) if: (a) the designated service is covered by item 1 of table 6 in section 6 of the Act (assisting a person in a transaction to sell, buy or otherwise transfer real estate); and (b) the customer is or is to be the buyer or transferee in the transaction; and (c) the designated service is provided at or through a permanent establishment of the reporting entity in Australia. Specified period (4) For the purposes of subparagraph 29(c)(ii) of the Act, in each of the circumstances mentioned in subsections (1) to (3) of this section the specified period is the period ending at the earlier of: (a) 28 days after the exchange of contracts for the sale, purchase or transfer; and (b) 3 days before the initially agreed day for the settlement of the sale, purchase or transfer of the real estate. 6-33 Initial customer due diligence—real estate transactions Reliance on arrangement for collecting and verifying KYC information (1) For the purposes of paragraph 28(6)(b) of the Act, a reporting entity is taken to have established on reasonable grounds a matter mentioned in paragraph 28(2)(b), (d), (e) or (g) of the Act in relation to a customer if: (a) the only kind of designated service the reporting entity is proposing to provide to the customer is a designated service covered by: (i) item 1 of table 5 in section 6 of the Act (brokering the sale, purchase or transfer of real estate); or (ii) item 1 of table 6 in section 6 of the Act (assisting a person in a transaction to sell, buy or otherwise transfer real estate); and (b) the designated service is proposed to be provided by the reporting entity to the customer at or through a permanent establishment of the reporting entity in Australia; and (c) where the customer is an individual—the reporting entity has taken reasonable steps to establish that the customer is the person the customer claims to be; and (d) the reporting entity has identified the ML/TF risk of the customer, based on KYC information about the customer that is reasonably available to the reporting entity before commencing to provide the designated service; and (e) the reporting entity has collected KYC information about the customer relating to the matter that is appropriate to the ML/TF risk of the customer; and (f) the reporting entity is a participant in an arrangement in which another participating reporting entity that will provide a designated service related to the sale, purchase or transfer of the real estate will be able to collect and verify KYC information about the customer in accordance with paragraphs 28(3)(c) and (d) of the Act no later than 28 days after the exchange of contracts for the sale, purchase or transfer; and (g) the arrangement enables the reporting entity to obtain the KYC information collected by another participating reporting entity, and copies of the data used by the other entity to verify the KYC information, at least 3 days before the initially agreed day for the settlement of the sale, purchase or transfer; and (h) the arrangement documents the responsibilities of each participant, including responsibilities for record-keeping. Note: Section 5-20 of this instrument requires the AML/CTF policies of the reporting entity to deal with how the reporting entity will verify KYC information, if it does not obtain KYC information and data under the arrangement. Customer of brokering service does not cooperate (2) For the purposes of paragraph 28(6)(b) of the Act, a reporting entity is taken to have established on reasonable grounds a matter mentioned in subsection 28(2) of the Act in relation to a customer if: (a) the designated service is covered by item 1 of table 5 in section 6 of the Act (brokering the sale, purchase or transfer of real estate); and (b) the customer is the buyer or transferee of the real estate; and (c) the reporting entity has commenced to provide a designated service covered by item 1 of table 5 in section 6 of the Act to the seller or transferor of the real estate; and (d) the reporting entity has taken all reasonable steps to establish the matter in in relation to the customer, but has been unable to do so because the customer has not cooperated; and (e) the reporting entity has recorded the steps taken and any difficulties encountered in attempting to establish the matter; and (f) the reporting entity has made a record of its consideration of whether there is a suspicious matter reporting obligation for the reporting entity in relation to the customer. Note: The reporting entity must take into account the customer’s failure to cooperate in determining whether a suspicious matter reporting obligation arises—see section 9-4A of this instrument. (3) For the purposes of paragraph 28(6)(b) of the Act, a reporting entity is taken to have established on reasonable grounds a matter mentioned in subsection 28(2) of the Act in relation to a customer if: (a) the designated service is covered by item 1 of table 5 in section 6 of the Act (brokering the sale, purchase or transfer of real estate); and (b) the customer is the seller or transferor of the real estate; and (c) the reporting entity has commenced to provide a designated service covered by item 1 of table 5 in section 6 of the Act to the buyer or transferee of the real estate; and (d) the reporting entity has taken all reasonable steps to establish the matter in in relation to the customer, but has been unable to do so because the customer has not cooperated; and (e) the reporting entity has recorded the steps taken and any difficulties encountered in attempting to establish the matter; and (f) the reporting entity has made a record of its consideration whether the customer’s failure to cooperate gives rise to a suspicious matter reporting obligation for the reporting entity in relation to the customer. Note: The reporting entity must take into account the customer’s failure to cooperate in determining whether a suspicious matter reporting obligation arises—see section 9-4A of this instrument. Division 10—Life policies and sinking fund policies 6-34 Initial customer due diligence—life policies and sinking fund policies For purposes of paragraph 28(6)(b) of the Act, a reporting entity is taken to have established on reasonable grounds the matter mentioned in paragraph 28(2)(b) of the Act in relation to a customer if: (a) the designated service proposed to be provided by the reporting entity to the customer is covered by item 37 or 38 of table 1 in section 6 of the Act (services relating to a life policy or sinking fund policy); and (b) the reporting entity has: (i) collected the full name of any person who may be entitled to receive a payment under the policy; or (ii) if the nature of the policy means that it is not possible to identify each such person—collected information describing each class of persons that may be entitled to a payment under the policy. Division 11—Ongoing customer due diligence 6-35 Monitoring for unusual transactions and behaviours For the purposes of paragraph 30(3)(b) of the Act, a reporting entity is taken to comply with the matter mentioned in paragraph 30(2)(a) of the Act if: (a) the reporting entity monitors its customers in relation to the provision of its designated services for unusual transactions and behaviours that may give rise to a suspicious matter reporting obligation because of the operation of paragraphs 41(1)(d) to (j) of the Act (other than subparagraph 41(1)(f)(iii)); and (b) the reporting entity monitors its customers in relation to the provision of its designated services for unusual transactions and behaviours that may give rise to a suspicious matter reporting obligation because of the operation of subparagraph 41(1)(f)(iii) of the Act in relation to an offence against the Act, the regulations, or a law of the Commonwealth or of a State or Territory of any of the following kinds: (i) money laundering; (ii) financing of terrorism; (iii) proliferation financing; (iiia) offences relating to the breach of sanctions; (iv) participation in organised crime or racketeering; (v) terrorism; (va) offences involving prohibited hate groups; (vi) human trafficking or people smuggling; (vii) sexual exploitation (including exploitation of children); (viii) trafficking of illicit substances; (ix) arms trafficking; (x) other goods trafficking (including stolen goods); (xi) corruption; (xii) bribery; (xiii) counterfeiting currency; (xiv) fraud (including identity theft and scams); (xv) counterfeiting or piracy of products; (xvi) crimes relating to taxation; (xvii) extortion; (xviii) forgery; (xix) piracy; (xx) insider trading and market manipulation; (xxi) environmental crime; (xxii) robbery or theft; (xxiii) kidnapping, illegal restraint or taking hostages; (xxiv) smuggling (including offences in relation to customs and excise); (xxv) murder or grievous bodily harm; (xxvi) cybercrime; (xxvii) any other kind of offence that the reporting entity has identified in its AML/CTF program as presenting a high risk in relation to the occurrence of money laundering. Note: Subparagraph 41(1)(f)(iii) of the Act refers to the reporting entity suspecting on reasonable grounds that information it has may be relevant to investigation of, or prosecution of a person for, an offence against a law of the Commonwealth or of a State or Territory. Division 12—Keep open notices 6-36 Senior member of agency—superintendent For the purposes of subparagraph 39B(3)(c)(iii) of the Act, the position of superintendent of either of the following is prescribed: (a) the Australian Federal Police; (b) the police force or police service of a State or the Northern Territory. 6-37 Prescribed agencies For the purposes of paragraph 39B(4)(g) of the Act, the following Commonwealth, State or Territory agencies are prescribed: (a) the Independent Broad-based Anti-corruption Commission of Victoria; (b) the Crime and Corruption Commission of Queensland; (c) the Corruption and Crime Commission of Western Australia; (d) the Independent Commission Against Corruption of South Australia; (e) the Office of the Independent Commissioner Against Corruption of the Northern Territory. 6-38 Form of keep open notice For the purposes of paragraph 39B(5)(a) of the Act, Form 1 in Schedule 1 to this instrument is prescribed as the form for a keep open notice. 6-39 Information and documents required to be contained in or to accompany keep open notice (1) For the purposes of paragraph 39B(5)(b) of the Act, this section sets out the information required to be contained in, and the documents required to accompany, a keep open notice issued by a senior member of an agency mentioned in subsection 39B(3) of the Act to a reporting entity. (2) The keep open notice must contain the following information: (a) the name of the agency; (b) the senior member’s full name and position; (c) the full name of the reporting entity; (d) for each customer in relation to whom the keep open notice is issued: (i) the customer’s full name; and (ii) the customer’s date of birth, or an ACN or ABN of the customer (if known); and (iii) any other known details of the customer that the senior member considers are necessary to provide to assist the reporting entity to identify the customer; (e) a day specified for the purposes of paragraph 39B(6)(a) of the Act as the day on which the notice commences; (f) a declaration by the senior member stating that the senior member reasonably believes that the provision of a designated service by the reporting entity to the customer or customers would assist in the investigation by the agency of a serious offence. Note: For subparagraph (d)(iii), details that may assist the reporting entity to identify the customer could include: (a) the customer’s address; and (b) bank account details of the customer; and (c) the wallet address for the customer’s virtual asset holdings. (3) The keep open notice must be accompanied by any documents that the senior member considers are necessary to provide to assist the reporting entity to identify the customer or customers. 6-40 Extension notices For the purposes of subsection 39B(7) of the Act, Form 2 in Schedule 1 to this instrument is prescribed as the form for an extension notice. 6-41 Further extension application For the purposes of paragraph 39B(8)(b) of the Act, Form 3 in Schedule 1 to this instrument is prescribed as the form for an application to the AUSTRAC CEO for a notice under paragraph 39B(8)(d). Division 13—Transitional 6-42 Initial customer due diligence—previous carrying out of applicable customer identification procedure For the purposes of paragraph 28(6)(b) of the Act, a reporting entity is taken to have established on reasonable grounds each of the matters mentioned in subsection 28(2) in relation to a customer if the reporting entity had, before 31 March 2026, carried out the applicable customer identification procedure (within the meaning of the Act as in force immediately before that date) in respect of the customer or in respect of the trustee of the customer. 6-43 Initial customer due diligence—service provided in a foreign country For the purposes of paragraph 28(6)(b) of the Act, a reporting entity is taken to have established on reasonable grounds each of the matters mentioned in subsection 28(2) in relation to a customer if: (a) a designated service is proposed to be provided by the reporting entity to the customer at or through a permanent establishment of the reporting entity in a foreign country; and (b) the reporting entity had, before 31 March 2026, complied with the laws of that country giving effect to the FATF Recommendations relating to customer due diligence and record-keeping in relation to that customer. Part 7—Correspondent banking Division 1—Due diligence assessment for entry into correspondent banking relationship 7-1 Requirements for due diligence assessment (1) For the purposes of paragraph 96(1)(a) of the Act, this section sets out requirements for the due diligence assessment to be carried out by a financial institution (the correspondent) in relation to an entry into a correspondent banking relationship with another financial institution (the respondent) that will involve a vostro account. (2) The due diligence assessment required to be carried out is an assessment of the risks of money laundering, financing of terrorism, proliferation financing and other serious crimes associated with the entry into the correspondent banking relationship. (3) In carrying out the due diligence assessment, the correspondent must consider the following matters: (a) the ownership, control and management structures of: (i) the respondent; and (ii) the ultimate parent of the respondent (if any); (b) the nature, size and complexity of the respondent’s business, including: (i) the products and services offered by the respondent, and the delivery channels by which it provides services; and (ii) the kinds of customers that the respondent has; and (iii) the kinds of transactions that would be carried out on behalf of the respondent’s customers as part of the correspondent banking relationship and the services that would be provided to the respondent’s customers that relate to such transactions; (c) the country or countries: (i) in which the respondent operates or of which it is a resident; and (ii) if the ultimate parent of the respondent (if any) has group-wide anti-money laundering and counter-terrorism financing systems and controls, and the respondent operates within the requirements of those controls—in which the ultimate parent operates or of which it is a resident; (d) the existence and quality of any anti-money laundering and counter-terrorism financing regulation and supervision in the country or countries identified under paragraph (c) and the respondent’s compliance practices in relation to those regulations; (e) the appropriateness of the respondent’s anti-money laundering and counter-terrorism financing policies, procedures, systems and controls; (f) publicly available information relating to the reputation of the respondent and the members (if any) of the business group of which the respondent is a member that are a remitter, virtual asset service provider or financial institution, including whether the respondent or any of those members has been the subject of: (i) a regulatory investigation relating to implementation of anti-money laundering, counter-terrorism financing or sanctions obligations; or (ii) adverse regulatory action relating to implementation of anti-money laundering, counter-terrorism financing or sanctions obligations; or (iii) an investigation or criminal or civil proceedings relating to money laundering, financing of terrorism or other serious crimes; (g) if the correspondent is to maintain vostro accounts that can be accessed directly by the customers of the respondent (payable-through accounts)—whether the respondent: (i) would undertake initial customer due diligence and ongoing customer due diligence in relation to those customers; and (ii) would be able to provide to the correspondent, on request, information collected when the respondent undertakes initial customer due diligence and ongoing customer due diligence in relation to those customers and the reliable and independent data used to verify the information. 7-2 Matters to which a senior officer must have regard before giving approval (1) For the purposes of paragraph 96(1)(b) of the Act, this section sets out the matters that a senior officer of a financial institution (the correspondent) must have regard to before approving the entry by the correspondent into a correspondent banking relationship with another financial institution (the respondent) that will involve a vostro account. (2) The senior officer must have regard to: (a) the risks of money laundering, financing of terrorism, proliferation financing and other serious crimes assessed in the written record of the due diligence assessment carried out in relation to the entry into the correspondent banking relationship; and (b) the appropriateness of the correspondent’s AML/CTF program to manage and mitigate those risks. (3) If the correspondent is to maintain payable-through accounts, the senior officer must also have regard to the following: (a) whether the senior officer is satisfied that the respondent will undertake initial customer due diligence and ongoing customer due diligence in relation to customers that have access to the payable-through accounts; (b) whether the senior officer is satisfied that the respondent would be able to provide the correspondent, on request, information collected when the respondent undertakes initial customer due diligence and ongoing customer due diligence in relation to the customers that have access to the payable-through accounts and the reliable and independent data used to verify the information. Division 2—Requirements for ongoing due diligence assessments 7-3 Requirements for ongoing due diligence assessments (1) For the purposes of paragraph 96(3)(a) of the Act, this section sets out the requirements for the due diligence assessments that a financial institution (the correspondent) must carry out if it is in a correspondent banking relationship with another financial institution (the respondent) that involves a vostro account. (2) The due diligence assessments required to be carried out are assessments of the risks of money laundering, financing of terrorism, proliferation financing and other serious crimes associated with the correspondent banking relationship. (3) In carrying out the due diligence assessments, the correspondent must consider the matters set out in paragraphs 7-1(3)(a) to (g). Note: Paragraphs 7-1(3)(a) to (g) set out matters that the correspondent must consider in carrying out a due diligence assessment in relation to an entry into a correspondent banking relationship with the respondent that will involve a vostro account. 7-4 Timing of ongoing due diligence assessments (1) For the purposes of paragraph 96(3)(b) of the Act, this section sets out when a financial institution (the correspondent) must carry out due diligence assessments if it is in a correspondent banking relationship with another financial institution that involves a vostro account. (2) The correspondent must carry out due diligence assessments: (a) at times determined appropriate by the correspondent, based on consideration of: (i) the level of risk of money laundering, financing of terrorism, proliferation financing and other serious crimes associated with the correspondent banking relationship; and (ii) any material change in respect of those risks; and (b) in any event—at least every 2 years. Part 8—Transfers of value Division 1—Ordering institutions and beneficiary institutions 8-1 Determination of who is an ordering institution (1) For the purposes of subsection 63A(1) of the Act, this section provides for the determination of whether a person is an ordering institution. Note: Subsection 63A(4) of the Act sets out circumstances in which a person is not an ordering institution. (2) A person is an ordering institution if: (a) the person accepts an instruction for a transfer of value on behalf of a payer; and (b) the person does so in the course of carrying on a business. (3) Circumstances in which a person may be an ordering institution under subsection (2) of this section include the following: (a) the person receives, from the payer or a person acting on behalf of the payer, the value that is to be transferred; (b) the person holds the value to be transferred in an account provided to the payer or otherwise on deposit from the payer (including in a virtual asset wallet); (c) the person is authorised under an arrangement with the payer to transfer the value from a third-party deposit-taker or credit provider; (d) the person arranges for the transfer of value from the payer under an offsetting arrangement with the beneficiary institution. (4) To avoid doubt, subsection (3) does not affect the requirement for a person to satisfy subsection (2) to be an ordering institution. 8-2 Determination of who is a beneficiary institution (1) For the purposes of subsection 63A(5) of the Act, this section provides for the determination of whether a person is a beneficiary institution. Note: Subsection 63A(8) of the Act sets out circumstances in which a person is not a beneficiary institution. (2) A person is a beneficiary institution if: (a) the person, in relation to a transfer of value, makes the value transferred available to a payee; and (b) the person does so in the course of carrying on a business. (3) Circumstances in which a person may be a beneficiary institution under subsection (2) of this section include the following: (a) the person makes the transferred value available to the payee directly, or to a person acting on behalf of the payee; (b) the person makes the transferred value available to the payee by depositing the value into an account held by the payee with the person (including in a virtual asset wallet), or otherwise holding the value on deposit for the payee; (c) the person makes the transferred value available to the payee, under an arrangement with the payee, by depositing the value with a third-party deposit-taker or credit provider; (d) the person arranges for the transferred value to be made available to the payee under an offsetting arrangement with the ordering institution. (4) To avoid doubt, subsection (3) does not affect the requirement for a person to satisfy subsection (2) to be a beneficiary institution. Division 2—Transfers of value 8-3 Obligations of ordering institutions—collecting, verifying and passing on information If the circumstances mentioned in column 1 of an item in the following table apply in relation to a transfer of value: (a) for the purposes of paragraph 64(2)(a) of the Act, the information that the ordering institution must collect is such information as is set out in column 2 of the item; and (b) for the purposes of paragraph 64(2)(b) of the Act, the ordering institution must verify such information as is set out in column 3 of the item in accordance with sections 28 and 30 of the Act (as applicable); and (c) for the purposes of subsection 64(3) of the Act, the information that the ordering institution must pass on to the next institution in the value transfer chain is such information as is set out in column 4 of the item.

Obligations of ordering institutions—collecting, verifying and passing on information | Obligations of ordering institutions—collecting, verifying and passing on information | Obligations of ordering institutions—collecting, verifying and passing on information | Obligations of ordering institutions—collecting, verifying and passing on information | Item | Column 1 | Column 2 | Column 3 | Column 4 | Circumstances | Information to be collected | Information to be verified | Information to be passed on 1 | none of the circumstances mentioned in items 2 to 7 apply | (a) payer information; and (b) the payee’s full name | payer information | (a) payer information; and (b) the payee’s full name; and (c) tracing information 2 | (a) the transfer of value is a domestic transfer of value; and (b) the ordering institution passes on the transfer message for the transfer of value through BECS, BPAY or DEFT | (a) payer information; and (b) the payee’s full name | payer information | tracing information 3 | (a) the transfer message for the transfer of value contains information relating to multiple transfers of value from a payer; and (b) the circumstances mentioned in item 2 do not apply | (a) payer information; and (b) the payee’s full name | payer information | (a) payer information; and (b) for each transfer of value in the transfer message: (i) the payee’s full name; and (ii) tracing information 4 | the transfer of value is a merchant payment | not applicable | not applicable | card number of the card the payer used in relation to the merchant payment 5 | the transfer of value is a refund of a merchant payment | not applicable | not applicable | card number of the card the payer used in relation to the merchant payment that is refunded 6 | (a) the transfer of value is the withdrawal of money from an account held with a financial institution; and (b) the instruction for the transfer is given by the use of an ATM; and (c) the value will be made available to the payee as physical currency | the payer’s full name | the payer’s full name | card number of the card the payer used in relation to the withdrawal 7 | the value is being transferred to a self-hosted virtual asset wallet | (a) payer information; and (b) the payee’s full name | payer information | not applicable Note 1: For columns 2 and 3 of items 4 and 5 of the table, subsection 8-8(5) provides that paragraphs 64(2)(a) and (b) of the Act do not apply to a transfer of value that is a merchant payment. Note 2: For column 4 of item 7 of the table, subsection 8-8(6) provides that subsection 64(2)(b) of the Act does not apply to a transfer of value if the value is being transferred to a self-hosted virtual asset wallet. Note 3: Obligations on reporting entities also arise under sections 28 (initial customer due diligence) and 30 (ongoing customer due diligence) of the Act. 8-4 Obligations of beneficiary institutions—monitoring for receipt of information For the purposes of paragraph 65(2)(a) of the Act, if the circumstances mentioned in column 1 of an item of the following table apply in relation to a transfer of value, the information that the beneficiary institution must take reasonable steps to monitor whether it has received is such information relating to the transfer of value as is set out in column 2 of the item.

Obligations of beneficiary institutions—monitoring for receipt of information | Obligations of beneficiary institutions—monitoring for receipt of information | Obligations of beneficiary institutions—monitoring for receipt of information Item | Colum 1 | Column 2 | Circumstances | Information to monitor 1 | none of the circumstances mentioned in items 2 to 8 apply | (a) payer information; and (b) the payee’s full name; and (c) tracing information 2 | (a) the transfer of value is a domestic transfer of value; and (b) the beneficiary institution receives the transfer message for the transfer of value through BECS, BPAY or DEFT | tracing information 3 | (a) the transfer message for the transfer of value contains information relating to multiple transfers of value from a payer; and (b) the circumstances mentioned in item 2 do not apply | (a) payer information; and (b) for each transfer of value in the transfer message: (i) the payee’s full name; and (ii) tracing information 4 | the transfer of value is a merchant payment | card number of the card the payer used in relation to the merchant payment 5 | the transfer of value is a refund of a merchant payment | card number of the card the payer used in relation to the merchant payment that is refunded 6 | (a) the transfer of value is the withdrawal of money from an account held with a financial institution; and (b) the instruction for the transfer is given by the use of an ATM; and (c) the value will be made available to the payee as physical currency | card number of the card the payer used in relation to the withdrawal 7 | (a) the value being transferred is money; and (b) the money is in a foreign country and, as a result of the provision of an international value transfer service, the money will be in Australia; and (c) the beneficiary institution receives the transfer message for the transfer of value through BECS | tracing information 8 | the value is transferred from a self-hosted virtual asset wallet | (a) payer information; and (b) the payee’s full name; and (c) tracing information 8-5 Obligations of intermediary institutions—monitoring for receipt of information and passing on information If the circumstances mentioned in column 1 of an item in the following table apply in relation to a transfer of value: (a) for the purposes of subsection 66(2) of the Act, the information that an intermediary institution must take reasonable steps to monitor whether it has received is such information relating to the transfer of value as is set out in column 2 of the item; and (b) for the purposes of paragraph 66(4)(a) of the Act, the information the intermediary institution must include is such information set out in column 3 of the item as is received from the previous institution in the value transfer chain.

Obligations of intermediary institutions—monitoring for receipt of information and passing on information | Obligations of intermediary institutions—monitoring for receipt of information and passing on information | Obligations of intermediary institutions—monitoring for receipt of information and passing on information | Obligations of intermediary institutions—monitoring for receipt of information and passing on information Item | Column 1 | Column 2 | Column 3 | Circumstances | Information to monitor | Information to pass on 1 | none of the circumstances mentioned in items 2 to 7 apply | (a) payer information; and (b) the payee’s full name; and (c) tracing information | (a) payer information, and (b) the payee’s full name; and (c) tracing information 2 | (a) the transfer of value is a domestic transfer of value; and (b) the transfer message for the transfer of value is passed on through BECS, BPAY or DEFT | tracing information | tracing information 3 | (a) the transfer message for the transfer of value contains information relating to multiple transfers of value from a payer; and (b) the circumstances mentioned in item 2 do not apply | (a) payer information, and (b) for each transfer of value in the transfer message: (i) the payee’s full name; and (ii) tracing information | (a) payer information, and (b) for each transfer of value in the transfer message: (i) the payee’s full name; and (ii) tracing information 4 | the transfer of value is a merchant payment | card number of the card the payer used in relation to the merchant payment | card number of the card the payer used in relation to the merchant payment 5 | the transfer of value is a refund of a merchant payment | card number of the card the payer used in relation to the merchant payment that is refunded | card number of the card the payer used in relation to the merchant payment that is refunded 6 | (a) the transfer of value is the withdrawal of money from an account held with a financial institution; and (b) the instruction for the transfer is given by the use of an ATM; and (c) the value will be made available to the payee as physical currency | card number of the card the payer used in relation to the withdrawal | card number of the card the payer used in relation to the withdrawal 7 | (a) the value being transferred is money; and (b) the money is in a foreign country and, as a result of the provision of an international value transfer service, the money will be in Australia; and (c) the intermediary institution passes on the transfer message for the transfer of value through BECS | (a) payer information; and (b) the payee’s full name; and (c) tracing information | tracing information 8-6 Payment transparency—transition to revised FATF Recommendations (1) In complying with an obligation in relation to payer information under section 8-3, 8-4 or 8-5, a reporting entity may do so using all of the following information in to relation the payer: (a) the payer’s full name; (b) if the payer is a body corporate—a unique identifier for the payer (if any); (c) if the payer is an individual—the payer’s date of birth; (d) the payer’s full business or residential address (not being a post box). (2) A reporting entity that uses subsection (1) must, in complying with an obligation to provide the payee’s full name under section 8-3, 8-4 or 8-5, collect, verify, pass on or monitor (as applicable) the following information: (a) the payee’s full name; (b) if the payee is an individual: (i) the town or locality in which the payee ordinarily resides; and (ii) the country in which the payee ordinarily resides; (c) if the payee is a body corporate: (i) the town or locality of the payee’s place of business or operations; and (ii) the country of the payee’s place of business or operations; and (iii) a unique identifier for the payee (if any). Note: This section relates to payer information and the obligation to provide the payee’s full name only. It does not affect an obligation on a reporting entity to collect, verify, pass on or monitor other information specified in section 8-3, 8-4 or 8-5 (such as tracing information). Division 3—Exemptions from obligations relating to transfers of value 8-7 Exemptions—designated services provided at or through foreign permanent establishments (1) This section is made for the purposes of paragraph 67(1)(a) of the Act. Designated services provided at or through foreign permanent establishments (2) Part 5 of the Act does not apply to a designated service if: (a) the service is covered by item 29, 30 or 31 of table 1 in section 6 of the Act; and (b) the service relates to a transfer of money or property (but not a virtual asset); and (c) the service is provided at or through a permanent establishment in a foreign country; and (d) the service is provided in accordance with a law of the foreign country that give effect to the FATF Recommendations that apply in the place where the permanent establishment is located; and (e) either: (i) the value to be transferred is in a foreign country that is a Member State of the European Economic Area and, as a result of the provision of the service, the value will be in a foreign country that is a Member State of the European Economic Area; or (ii) in any other case—the value to be transferred is in a foreign country and, as a result of the provision of the service, the value will be in that foreign country. 8-8 Exemptions—transfers of value occurring in specified circumstances (1) This section is made for the purposes of paragraph 67(1)(b) of the Act. Inter-financial institution transfers (2) Part 5 of the Act does not apply to a transfer of value if the payer and the payee are: (a) financial institutions; and (b) acting on their own behalf. (3) Part 5 of the Act does not apply to a transfer of value if: (a) the transfer message for the transfer of value is sent using the Society for Worldwide Interbank Financial Telecommunication payment delivery system; and (b) the payer and the payee are: (i) Supervised Financial Institutions within the meaning of the document titled SWIFT Corporate Rules, published by the Society for Worldwide Interbank Financial Telecommunication, as that document exists at the commencement of this instrument; and (ii) acting on their own behalf. Note: The SWIFT Corporate Rules could in 2025 be viewed on the Society for Worldwide Interbank Financial Telecommunication website (https://www.swift.com). Cheques (4) Part 5 of the Act does not apply to a transfer of value if: (a) the instruction for the transfer of value is given to the ordering institution by way of a cheque; and (b) the cheque is drawn on the ordering institution. Merchant payments—ordering institution obligations (5) Paragraphs 64(2)(a) and (b) and (5)(a) of the Act do not apply to a transfer of value if the transfer of value is: (a) a merchant payment; or (b) a refund of a merchant payment. Pre-commencement customers—ordering institution obligations (6) Paragraph 64(2)(b) of the Act does not apply to a transfer of value if: (a) a reporting entity provides a designated service covered by item 29 of table 1 in section 6 of the Act, as an ordering institution for the transfer of value; and (b) the reporting entity provides the service to a pre-commencement customer; and (c) there are no reasonable grounds for the reporting entity to doubt the adequacy or veracity of the payer information in relation to the transfer of value. Certain existing customers—ordering institution obligations (7) Paragraph 64(2)(b) of the Act does not apply to a transfer of value if: (a) a reporting entity provides a designated service covered by item 29 of table 1 in section 6 of the Act, as an ordering institution for the transfer of value; and (b) the reporting entity provides the service to a customer in relation to whom the reporting entity has met, or is taken to have met, the requirements of sections 28 and 30 of the Act; and (c) the reporting entity commences to provide the service before 1 July 2030; and (d) there are no reasonable grounds for the reporting entity to doubt the adequacy or veracity of the payer information in relation to the transfer of value. Transfers to a self-hosted virtual asset wallet (8) Subsection 64(3) of the Act and paragraph 64(5)(b) of the Act do not apply to a transfer of value if the value is being transferred to a self-hosted virtual asset wallet. Division 4—International value transfer services 8-9 When value is in a country For the purposes of subsection 45(2) of the Act, each of the following is a circumstance in which value, in relation to a transfer of value, is in a country: (a) the payer provides the value to the ordering institution at or through a permanent establishment of the ordering institution in the country; (b) the ordering institution holds the value to be transferred in an account provided to the payer or otherwise on deposit for the payer (including in a virtual asset wallet) at or through a permanent establishment of the ordering institution in the country; (c) the ordering institution is authorised under an arrangement with the payer to transfer the value from another person at or through a permanent establishment of the other person in the country; (d) the ordering institution or beneficiary institution initiates an offsetting arrangement that includes transferring the value within the country; (e) the beneficiary institution makes the value available to the payee: (i) at or through a permanent establishment of the beneficiary institution in the country; or (ii) by depositing the value with a person at or through a permanent establishment of the person in the country; or (iii) by depositing the value into an account held by the payee with the beneficiary institution or otherwise holding the value on deposit for the payee (including in a virtual asset wallet) at or through a permanent establishment of the beneficiary institution in the country. Part 9—Reporting Division 1—Reports of suspicious matters 9-1 Purpose of this Division For the purposes of paragraph 41(3)(b) of the Act, this Division sets out the information that must be contained in a report under subsection 41(2) of the Act in relation to a suspicious matter reporting obligation that has arisen for a reporting entity in relation to a person. Note: There are transitional arrangements relating to reports of suspicious matters (see sections 12-1 and 12-2 of this instrument). 9-2 Reports of suspicious matters—general information (1) The report must contain the following information: (a) the reporting entity’s full name and the identifier assigned to the entity by AUSTRAC; (b) the date the report is given to the AUSTRAC CEO; (c) the date the suspicious matter reporting obligation arose for the reporting entity; (d) whether paragraph 41(2)(aa) of the Act (which deals with the timeframe for giving a report in certain circumstances relating to legal professional privilege) applies in relation to the report; (e) if the reporting entity considers that a report it has previously given to the AUSTRAC CEO under the Act (the previous report) is relevant to the matter—the following information about the previous report: (i) the date the previous report was given to the AUSTRAC CEO; (ii) the identifier given to the previous report by AUSTRAC (if any). Information about the individual completing the report (2) The report must contain the following information about the individual completing the report: (a) the individual’s full name; (b) the individual’s position with the reporting entity; (c) the individual’s contact details. Information about an individual with information about the formation of the suspicion (3) The report must contain the following information about an individual who can provide information about the reporting entity forming the suspicion mentioned in any of paragraphs 41(1)(d) to (j) of the Act that apply to the matter: (a) the individual’s full name; (b) the individual’s position with the reporting entity; (c) the individual’s contact details. Information about report to Commonwealth, State or Territory agencies (4) If the matter has been reported to a Commonwealth, State or Territory agency, the report must include the following information: (a) the name of the agency; (b) the part of, or unit in, the agency the matter was reported to (to the extent that the information is known); (c) the identifier given to the matter by the agency (if any); (d) the full name and contact details of an individual at the agency who can be contacted in relation to the report made to the agency (to the extent that the information is known, and subject to the agency’s requirements about disclosure of these details); (e) a description of the information about the matter provided to the agency; (f) the date the matter was reported to the agency. 9-3 Reports of suspicious matters—information about persons Reportable information—individuals (1) A reference in this section to reportable information means, in relation to an individual, the following information: (a) the individual’s full name; (b) any other names the individual is commonly known by (such as an Anglicised name, former name or business name); (c) the individual’s date of birth; (d) the individual’s gender; (e) the country or countries of which the individual is a citizen; (f) the country or countries the individual is treated as being a resident of for the purposes of that country’s tax laws; (g) the individual’s residential address; (h) the individual’s postal addresses; (i) if the individual is a sole trader—the individual’s business addresses; (j) the individual’s telephone number; (k) the individual’s email address; (l) information on the individual’s occupation, business or principal activity; (m) a unique identifier for the individual; (n) a description of the reliable and independent data, if any, used by the reporting entity to verify KYC information relating to the individual in accordance with paragraph 28(3)(d) of the Act; (o) a reference number, if any, associated with the individual provided by an accredited entity (within the meaning of the Digital ID Act 2024) in the course of verifying KYC information relating to the individual in accordance with paragraph 28(3)(d) of the Act; (p) if the individual’s identity cannot be established by the reporting entity—the following information: (i) a description of the individual; (ii) whether any still or moving image or any recording of the individual is held by the reporting entity. Reportable information—non-individuals (2) A reference in this section to reportable information means, in relation to a person who is not an individual, the following information: (a) the person’s full name; (b) other names used by the person (such as a former name or business name); (c) the country or countries in which the person was incorporated, formed or registered; (d) the country or countries the person is treated as being a resident of for the purposes of that country’s tax laws; (e) the address of the person’s registered office; (f) the address at which the person’s business or principal activity is conducted; (g) the person’s postal address; (h) the person’s telephone number; (i) the person’s email address; (j) information on the person’s business or principal activity; (k) information about the legal form of the person (such as a partnership, company or trust); (l) the details of the person’s beneficial owners; (m) if the person is a body corporate—the full name and, if applicable, director identification number of the individual, or each member of the group of individuals, with primary responsibility for the governance and executive decisions of the body corporate; (n) if the person is an express trust, the following information: (i) the kind of trust (such as discretionary trust, bare trust or unit trust); (ii) the details of the trustee; (iii) the details of any settlor, appointor, guardian or protector of the trust; (iv) for a trust with no more than 10 identifiable beneficiaries—the details of the beneficiaries of the trust; (v) for a trust with more than 10 beneficiaries—a description of each type or class of beneficiary; (o) a unique identifier for the person; (p) a description of the reliable and independent data, if any, used by the reporting entity to verify KYC information relating to the person in accordance with paragraph 28(3)(d) of the Act. Content of suspicious matter reports (3) The report must contain the following information, to the extent it is applicable and known to the reporting entity: (a) reportable information about the person in relation to whom the suspicious matter reporting obligation arose for the reporting entity; (b) information on the person’s involvement in the matter. (4) If the report is required to contain the details of another person (for example, a beneficial owner or trust) as part of the reportable information under subsection (1) or (2), then the report must also contain: (a) reportable information about that other person; and (b) if the application of paragraph (a) requires the report to contain the details of any other individual or non-individual—reportable information about that other individual or non-individual. Information about involved persons (5) Each of the following persons is an involved person in relation to the provision of a designated service for the purposes of subsections (6) and (7): (a) a person (other than the person in relation to whom the suspicious matter reporting obligation arose) who is involved in facilitating, funding, contributing to, or benefitting from, the matter the subject of the report; (b) a person who is adversely affected or impacted by the matter; (c) a person on whose behalf the customer is receiving the designated service; (d) a person acting on behalf of the customer in relation to the designated service. (6) The report must contain reportable information about the involved person to the extent that: (a) the information is applicable and known to the reporting entity; and (b) the information has not already been reported under subsection (3) or (4). (7) The report must also contain, to the extent it is known to the reporting entity, a description of the relationship between the involved person and the person in relation to whom the suspicious matter reporting obligation arose. 9-4 Reports of suspicious matters—information about the matter (1) The report must contain the following information about the matter: (a) a description of the circumstances in paragraphs 41(1)(a) to (c) of the Act that apply to the matter; (b) a description of the conditions in paragraphs 41(1)(d) to (j) of the Act that are satisfied in respect of the matter, and how those conditions relate to the persons about whom information is included in the report; (c) the following circumstances in relation to the matter: (i) if paragraph 41(1)(a) of the Act applies in relation to the matter—the date and time the reporting entity commenced to provide, or proposed to provide, the designated service to the first person; (ii) if paragraph 41(1)(b) of the Act applies in relation to the matter—the date and time the first person requested the reporting entity to provide the designated service to the first person; (iii) if paragraph 41(1)(c) of the Act applies in relation to the matter—the date and time the first person inquired of the reporting entity whether the reporting entity would be willing or prepared to provide the designated service to the first person; (d) if the conditions in subparagraph 41(1)(f)(iii) of the Act are satisfied in respect of the matter—information on the offence against a law of the Commonwealth or of a State or Territory that is relevant to the matter; (e) any addresses or locations that are relevant to the matter; (f) the reporting entity’s reference number relating to the provision or proposed provision of the designated service to which the matter relates. Information about designated services (2) The report must contain a description of each designated service that relates to the matter. Information about an account (3) If the matter involves an account provided by the reporting entity or another person, the report must contain the following information about the account (as applicable and to the extent that the information is known): (a) the full name of the person providing the account; (b) the information about the account holder that would be required under subsection 9-3(3) if the account holder were the person in relation to whom the suspicious matter reporting obligation arose; (c) the kind of account (such as a savings account, loan account or credit card account); (d) the unique identification details assigned to the account (such as the BSB and account number); (e) for each signatory to whom the matter relates—the information that would be required under subsection 9-3(3) if the signatory were the person in relation to whom the suspicious matter reporting obligation arose; (f) the full name of the other signatories to the account or, if there are more than 10 signatories, a description of each type or class of signatory; (f) the date the account was opened; (g) the balance of the account on dates relevant to the matter. Information about transactions (4) If the matter involves transactions, the report must contain the following information about each transaction (as applicable and to the extent that the information is known): (a) a description of the transaction; (b) the value associated with the transaction (in Australian dollars or a foreign currency, as appropriate); (c) if the transaction involved foreign currency—the kind and amount of the foreign currency involved and the exchange rate used; (d) if the transaction involves products or instruments—the following information: (i) a description of the products or instruments; (ii) the value of the products or instruments (in Australian dollars or a foreign currency, as appropriate); (iii) for each payer or transferor of the products or instruments—the information that would be required under subsection 9-3(3) if the payer or transferor were the person in relation to whom the suspicious matter reporting obligation arose; (vi) where the issuer of the products or instruments is not the reporting entity—the full name of the issuer and the address or location where the products or instruments were issued; (e) for each payee, transferee or beneficiary of the transaction—the information that would be required under subsection 9-3(3) if that person were the person in relation to whom the suspicious matter reporting obligation arose; (f) the date and time when the transaction took place; (g) if the transaction is a transfer of value—the following information: (i) the value of the money, virtual assets or property that is the subject of the transfer of value (in Australian dollars or a foreign currency, as appropriate); (ii) a unique transaction reference number. Note: Examples of products and instruments include the following: (a) a cheque or travellers cheque; (b) a stored value card; (c) a precious metal; (d) a gaming chip or token. Information about transfers of property (5) If the matter involves a transfer of property, the report must contain the following information about the transfer (as applicable and to the extent that the information is known): (a) any unique reference number applicable to the transfer provided by the reporting entity or another person; (b) the value of the property (in Australian dollars or a foreign currency, as appropriate); (c) for each person involved in the transfer—the information that would be required under subsection 9-3(3) if the person were the person in relation to whom the suspicious matter reporting obligation arose; (d) details of the property, including any unique identification details for the property. Note: Examples of unique identification details include: (a) for real estate—the plan and lot numbers for the real estate; and (b) for bullion—the serial number on the bullion. Information about virtual assets (6) If the matter involves virtual assets, the report must contain the following information about the virtual assets (as applicable and to the extent that the information is known): (a) information on the kind of virtual assets, including details of the backing asset (if any); (b) the full name of any person who controls, or controlled, the virtual asset (including a decentralised autonomous organisation, if applicable); (c) the full name of any person in whose name the assets are, or were, held; (d) the number of virtual asset units; (e) the value of the virtual assets in Australian dollars; (f) the exchange rate used in determining the value; (g) the unique transaction reference number, including a transaction hash; (h) any virtual asset wallet addresses, including destination tags or memo details. Information about another person providing a designated service (7) If a person other than the reporting entity provided or proposed to provide a designated service that relates to the matter, the report must contain the following information about the person (to the extent that the information is known): (a) the full name of the person; (b) the address or location where the person provided or proposed to provide a designated service that relates to the matter; (c) the kind of designated service provided or proposed to be provided by the person. Information about online activity (8) If the matter involves online activity by any person involved in the matter, including for the purpose of providing a designated service, the report must contain the following information about the online activity (as applicable and to the extent that the information is known): (a) unique network identification numbers for the networks used by the person, such as an Internet Protocol (IP) address; (b) the date and time that online activity was recorded occurring, if different from the date and time when a transaction took place as reported under subsection (4); (c) unique identification numbers for the relevant devices involved, such as an International Mobile Equipment Identity (IMEI); (d) a description of the software or application being used by the person; (e) the full name, and any user name, used by the person for the purposes of the software or application. 9-4A Matters to be taken into account—real estate brokering For the purposes of subsection 41(5) of the Act, in the circumstances described in paragraphs 6-33(2)(a) to (d) or 6-33(3)(a) to (d) of this instrument, the failure of the customer to cooperate is a matter to be taken into account in determining whether there are reasonable grounds for the reporting entity to form a suspicion of a kind mentioned in paragraph 41(1)(f), (g), (h), (i) or (j) of the Act. Division 2—Reports of threshold transactions 9-5 Purpose of this Division For the purposes of paragraph 43(3)(b) of the Act, this Division sets out the information that must be contained in a report made by a reporting entity under subsection 43(2) of the Act in relation to a threshold transaction. Note: There are transitional arrangements relating to reports of threshold transactions (see sections 12-3 and 12-4 of this instrument). 9-6 Reports of threshold transactions—general information (1) The report must contain the following information: (a) the reporting entity’s full name and the identifier assigned to the entity by AUSTRAC; (b) the date the report is given to the AUSTRAC CEO. (2) The report must contain the following information about the individual completing the report: (a) the individual’s full name; (b) the individual’s position with the reporting entity; (c) the individual’s contact details. 9-7 Reports of threshold transactions—information about the customer and other persons Reportable information—individuals (1) A reference in this section to reportable information means, in relation to an individual, the following information: (a) the individual’s full name; (b) any other names the individual is commonly known by (such as an Anglicised name, former name or business name); (c) the individual’s date of birth; (d) the individual’s gender; (e) the country or countries of which the individual is a citizen; (f) the country or countries the individual is treated as being a resident of for the purposes of that country’s tax laws. (g) the individual’s residential address; (h) the individual’s business addresses and postal addresses; (i) the individual’s telephone number; (j) the individual’s email address; (k) information on the individual’s occupation, business or principal activity; (l) a unique identifier for the individual; (m) a description of the reliable and independent data, if any, used by the reporting entity to verify KYC information relating to the individual in accordance with paragraph 28(3)(d) of the Act; (n) a reference number, if any, associated with the individual provided by an accredited entity (within the meaning of the Digital ID Act 2024) in the course of verifying KYC information relating to the individual in accordance with paragraph 28(3)(d) of the Act. Reportable information—non-individuals (2) A reference to reportable information in this section means, in relation to a person who is not an individual, the following information: (a) the person’s full name; (b) other names used by the person (such as a former name or business name); (c) the country or countries in which the person was incorporated, formed or registered; (d) the country or countries the person is treated as being a resident of for the purposes of that country’s tax laws; (e) the address of the customer’s registered office; (f) the address at which the person’s business or principal activity is conducted; (g) the person’s postal address; (h) the person’s telephone number; (i) the person’s email address; (j) information on the person’s business or principal activity; (k) information about the legal form of the person (such as a partnership, company or trust); (l) the details of the person’s beneficial owners; (m) if the person is a body corporate—the full name and, if applicable, director identification number of the individual, or each member of the group of individuals, with primary responsibility for the governance and executive decisions of the body corporate; (n) if the person is an express trust, the following information: (i) the kind of trust (such as discretionary trust, bare trust or unit trust); (ii) the details of the trustee; (iii) the details of any settlor, appointor, guardian or protector of the trust; (iv) for a trust with no more than 10 identifiable beneficiaries—the details of the beneficiaries of the trust; (v) for a trust with more than 10 beneficiaries—a description of each type or class of beneficiary; (o) a unique identifier for the person; (p) a description of the reliable and independent data, if any, used by the reporting entity to verify KYC information relating to the customer in accordance with paragraph 28(3)(d) of the Act. Content of threshold transaction reports (3) The report must contain reportable information, to the extent it is applicable and known to the reporting entity, about the following persons: (a) the customer to whom the designated service was provided; (b) the transferor or transferee in the transaction (if different to the customer); (c) if the customer received the designated service on behalf of another person—that other person. (4) If the report is required to contain the details of another person (for example, a beneficial owner or trust) as part of the reportable information under subsection (1) or (2), then the report must also contain: (a) reportable information about that other person; and (b) if the application of paragraph (a) requires the report to contain the details of any other individual or non-individual—reportable information about that other individual or non-individual. Information about other persons acting on behalf of the customer (5) If the customer was represented in relation to the provision of the designated service by another person authorised to act on behalf of the customer, the report must (subject to subsections (6) and (7)) contain the following information: (a) a description of the relationship between the person and the customer; (b) a description of the authority for the person to act on behalf of the customer; (c) reportable information about the person. (6) Subsection (5) does not apply if the customer was represented by a person in the following circumstances: (a) the threshold transaction was a deposit in circumstances where there was no personal contact (such as using an automated teller machine or express deposit facility); (b) the transaction did not involve a virtual asset; (c) the person was acting in the course of a business of collecting, holding or delivering physical currency (such as payroll or cash courier services, but not including collection of donations for a registered charity). (7) If subsection (5) does not apply because the designated service occurred in the circumstances mentioned in subsection (6), the report must contain a statement as to the circumstances of the designated service. 9-8 Reports of threshold transactions—information about the transaction Standard information (1) The report must contain the following information about the threshold transaction: (a) the date and time when the transaction took place; (b) the address or location where the transaction took place; (c) for each person in relation to whom information is reportable under section 9-7—the person’s role in the transaction (to the extent known); (d) a description of the purpose of the transaction (to the extent known); (e) the kind of designated service that was provided and that involved the transaction; (f) the reporting entity’s reference number relating to the provision of the designated service that involved the transaction (including, but not limited to, a transaction reference number); (g) the value, in Australian dollars, of the physical currency involved in the transaction; (h) if the transaction involves foreign currency—the kind and amount of the foreign currency involved and the exchange rate used. Information about an account (2) If the threshold transaction involves an account provided by the reporting entity or another person, the report must contain the following information about the account (as applicable and to the extent the information is known): (a) the full name of the person providing the account; (b) the full name of each account holder; (c) the kind of account (such as a savings account, loan account or credit card account); (d) the unique identification details assigned to the account (such as the BSB and account number); (e) the full name of the signatory to the account who is conducting the transaction; (f) the date the account was opened. Information about products or instruments (3) If the threshold transaction involves products or instruments, the report must contain a description of the products or instruments and their value (in Australian dollars or a foreign currency, as appropriate). Note: Examples of products and instruments include the following: (a) a cheque or travellers cheque; (b) a stored value card; (c) a precious metal; (d) a gaming chip or token. Information about transfers of property (4) If the threshold transaction relates to a transfer of property, the report must contain the following information about the transfer (as applicable and to the extent that the information is known): (a) any unique reference number applicable to the transfer provided by the reporting entity or another person; (b) the value of the property (in Australian dollars or a foreign currency, as appropriate); (c) details of the property, including any unique identification details for the property. Note: Examples of unique identification details include: (a) for real estate—the plan and lot numbers for the real estate; and (b) for bullion—the serial number on the bullion. Information about virtual assets (5) If the threshold transaction relates to virtual assets, the report must contain the following information about the virtual assets (as applicable and to the extent that the information is known): (a) information on the kind of virtual assets, including details of the backing asset (if any); (b) the full name of any person who controls, or controlled, the virtual asset (including a decentralised autonomous organisation, if applicable); (c) the full name of any person in whose name the assets are, or were, held; (d) the number of virtual asset units; (e) the value of the virtual assets in Australian dollars; (f) the exchange rate used in determining the value; (g) the unique transaction reference number, including a transaction hash; (h) any virtual asset wallet addresses, including destination tags or memo details. Information about another person providing a designated service (6) If the threshold transaction relates to a person other than the reporting entity providing a designated service, the report must contain the following information about the person: (a) the full name of the person; (b) the address or location where the person was involved in the provision of the designated service; (c) the kind of designated service provided by the person. Information about online activity (7) If the threshold transaction relates to, or involves, the provision of a designated service online, the report must contain the following information about the online activity (as applicable and to the extent that the information is known): (a) unique network identification numbers for the networks used by the person, such as an Internet Protocol (IP) address; (b) the date and time that online activity was recorded occurring, if different from the date and time when the transaction took place as reported under subsection (1); (c) unique identification numbers for the relevant devices involved, such as an International Mobile Equipment Identity (IMEI); (d) a description of the software or application being used by the person; (e) the full name, and any user name, used by the person for the purposes of the software or application. Division 3—AML/CTF compliance reports 9-9 Reporting and lodgement periods for AML/CTF compliance reports For the purposes of section 47 of the Act: (a) the first reporting period after the commencement of this instrument is the period beginning on 1 July 2026 and ending on 30 June 2027; and (b) each subsequent financial year is a reporting period; and (c) the period of 3 months beginning after the end of a reporting period mentioned in paragraph (a) or (b) is the lodgement period for that reporting period. Division 3A—Amending or withdrawing reports 9-9A Purpose of this Division This Division is made for the purposes of subsection 48A(1) of the Act. 9-9B Reporting entity may amend or withdraw if requested by AUSTRAC CEO (1) A reporting entity may amend or withdraw a report submitted under section 41, 43 or 46 of the Act only if the AUSTRAC CEO requests that the reporting entity do so. (2) The AUSTRAC CEO may request a reporting entity to amend or withdraw a report if the AUSTRAC CEO believes that: (a) the report contains an error; or (b) the report is a duplicate of another report; or (c) the report should not have been submitted; or (d) there are operational reasons for amending or withdrawing the report. Division 4—Registered remittance affiliates 9-10 Reporting obligations of registered remittance affiliates (1) This section is made for the purposes of section 49A of the Act. Reports of suspicious matters (2) An obligation imposed by subsection 41(2) of the Act (which deals with reports of suspicious matters) upon a registered remittance affiliate of a registered remittance network provider to give a report may be discharged by the network provider if there is a written agreement between the affiliate and the network provider that provides for the network provider to do so. Reports of threshold transactions or international funds transfer instructions (3) An obligation imposed by subsection 43(2) of the Act (which deals with reports of threshold transaction) or subsection 46(2) of the Act (which deals with reports of international funds transfer instructions) upon a registered remittance affiliate of a registered remittance network provider to give a report is taken instead to be an obligation imposed on the network provider. Division 5—Cross-border movement reports 9-11 Purpose of this Division This Division is made for the purposes of the following provisions of the Act: (a) paragraph 53(7)(b); (b) paragraph 53(7)(d); (c) paragraph 54(4)(b); (d) paragraph 61(1)(b); (e) paragraph 61(2)(b). 9-12 Reports about moving monetary instruments into or out of Australia (1) If a person moves a monetary instrument into or out of Australia, a report under section 53 of the Act (reports about movements of monetary instruments into or out of Australia) must: (a) contain the information specified in subsection (2) (to the extent the information is known); and (b) be given in accordance with the applicable timing rule specified in subsection (3). Note: The report must also be given in the approved form (see paragraph 53(7)(a) of the Act). (2) For the purposes of paragraph (1)(a), the information is as follows: (a) if the person is an individual: (i) the person’s full name; and (ii) the person’s date and place of birth; and (iii) the country or countries of which the person is a citizen; and (iv) the person’s residential address; and (v) the person’s telephone number; and (vi) whether the person is an Australian resident; and (vii) if the person is bringing the monetary instrument into Australia and is not an Australian resident—the person’s address and telephone number while in Australia; and (viii) the person’s occupation, business or principal activity; and (ix) the person’s ABN (if any); (b) if the person is not an individual: (i) the person’s full name; and (ii) the person’s business or principal activity; and (iii) the address at which the person’s business or principal activity is conducted; and (iv) the person’s telephone number; and (v) the person’s ABN, ACN and ARBN (as applicable); (c) if the person is moving the monetary instrument on behalf of another person (the other person)—the following details of the other person: (i) if the other person is an individual—the details mentioned in subparagraphs (a)(i), (iv), (v), (viii) and (ix); (ii) if the other person is not an individual—the details mentioned in subparagraphs (b)(i) to (v); (d) if the person is delivering the monetary instrument to another person (the other person)—the following details of the other person: (i) if the other person is an individual—the details mentioned in subparagraphs (a)(i), (iv), (v), (viii) and (ix); (ii) if the other person is not an individual—the details mentioned in subparagraphs (b)(i) to (v); (e) whether the monetary instrument is being moved into or out of Australia; (f) the kind of monetary instrument being moved into or out of Australia; (g) the monetary instrument amount being moved into or out of Australia; (h) the currency of the monetary instrument being moved into or out of Australia; (i) if the monetary instrument is a bearer negotiable instrument: (i) the issuer or drawer of the monetary instrument; and (ii) the payee, favouree or beneficiary of the monetary instrument; and (iii) the full name of the bearer of the monetary instrument; and (iv) the city and country of issue of the monetary instrument; and (v) any reference numbers of the monetary instrument; (j) if the person is an individual and is bringing the monetary instrument into Australia or taking the instrument out of Australia: (i) whether the person is travelling into or out of Australia; and (ii) the town or city at which the person is entering or leaving Australia; and (iii) the person’s date of arrival in or departure from Australia; and (iv) the number and country of issue of the passport on which the person is travelling; and (v) where practicable—the number of each other passport held by the person and the country of issue for each passport; and (vi) the number of the flight or name of the vessel on which the person is bringing in or taking out the instrument; and (vii) if the person is taking the monetary instrument out of Australia—the city and country to which the monetary instrument is being taken; and (viii) if the person is bringing the monetary instrument into Australia—the city and country from which the monetary instrument is being brought; (k) if the monetary instrument is being sent into or out of Australia: (i) the means by which the monetary instrument is being sent; and (ii) the full name, address and telephone number of the individual or service provider carrying the monetary instrument into or out of Australia; and (iii) if the monetary instrument is to be shipped—the name of the vessel on which it is to be shipped; and (iv) the city and country from which the monetary instrument is being sent; and (v) the city and country to which the monetary instrument is being sent; and (vi) the date the monetary instrument is being sent; (l) if the monetary instrument is being sent into or out of Australia—the following details of the person to whom the monetary instrument is being sent: (i) the person’s full name; (ii) the person’s telephone number; (iii) if the person is an individual—the person’s residential address; (iv) if the person is not an individual—the address at which the person’s business or principal activity is conducted; (v) if the person is not an individual—the person’s ABN, ACN and ARBN (as applicable); (m) a declaration that the information provided in the approved form is true and correct. (3) For the purposes of paragraph (1)(b): (a) if the person moves a monetary instrument into Australia by bringing the instrument into Australia—the report must be given: (i) no later than when the person reaches the place at which customs officers examine baggage; or (ii) if there is no such place, at the first opportunity that the person has to give the report after arrival in Australia; and (b) if the person moves a monetary instrument into Australia by sending the instrument into Australia—the report must be given before the movement of the instrument takes place; and (c) if the person moves a monetary instrument out of Australia by taking the instrument out of Australia—the report must be given: (i) no later than when the person reaches the customs officer who is to examine the person’s passport in relation to the person leaving Australia; or (ii) if there is no such examination, at any time before the last opportunity that the person has to give the report before leaving Australia; and (d) if the person (the first person) moves a monetary instrument out of Australia by sending the instrument out of Australia by consignment, either through the post to a place outside Australia or to another person for carriage to a place outside Australia—the report must be given before the time when the instrument is irrevocably committed by the first person to a postal service or to the other person (as the case may be). 9-13 Reports about receiving monetary instruments moved into Australia If a person receives a monetary instrument moved into Australia, a report under section 54 of the Act (reports about receipts of monetary instruments moved into Australia) must contain the following information (to the extent the information is known): (a) if the person is an individual—the details mentioned in subparagraphs 9-12(2)(a)(i) to (ix); (b) if the person is not an individual—the details mentioned in subparagraphs 9-12(2)(b)(i) to (v); (c) if the person received the monetary instrument on behalf of another person (the other person)—the following details of the other person: (i) if the other person is an individual—the details mentioned in subparagraphs 9-12(2)(a)(i), (iv), (v), (viii) and (ix); (ii) if the other person is not an individual—the details mentioned in subparagraphs 9-12(2)(b)(i) to (v); (d) if the person is delivering the monetary instrument to another person (the other person)—the following details of the other person: (i) if the other person is an individual—the details mentioned in subparagraphs 9-12(2)(a)(i), (iv), (v), (viii) and (ix); (ii) if the other person is not an individual—the details mentioned in subparagraphs 9-12(2)(b)(i) to (v); (e) the kind of monetary instrument moved into Australia; (f) the monetary instrument amount moved into Australia; (g) the currency of the monetary instrument; (h) if the monetary instrument is a bearer negotiable instrument: (i) the issuer or drawer of the monetary instrument; and (ii) the payee, favouree or beneficiary of the monetary instrument; and (iii) the full name of the bearer of the monetary instrument; and (iv) the city and country of issue of the monetary instrument; and (v) any reference numbers of the monetary instrument; (i) the means by which the monetary instrument was moved into Australia; (j) the full name of the individual or service provider who moved the monetary instrument into Australia; (k) if the monetary instrument was sent into Australia—the following details of the person who sent the monetary instrument (the sender) to the person: (i) the sender’s full name; (ii) the sender’s telephone number; (iii) if the sender is an individual—the sender’s residential address; (iv) if the sender is not an individual—the address at which the sender’s business or principal activity is conducted; (v) if the sender is not an individual—the sender’s ABN, ACN and ARBN (as applicable); (l) the city and country from which the monetary instrument was moved; (m) the city, town or port in which the monetary instrument was received by the person; (n) the date the monetary instrument was received by the person; (o) a declaration that the information provided in the approved form is true and correct. Note: The report must be given in the approved form before the end of 5 business days beginning on the day of receipt (see paragraphs 54(4)(a) and (d) of the Act). 9-14 Affixing of notices about cross-border movement reporting obligations (1) This section applies to a written notice that relates to reporting obligations under Part 4 of the Act (reports about cross-border movements of monetary instruments). (2) The written notice: (a) must be in one of the following forms: (i) a self-standing sign; (ii) a digital or electronic sign; (iii) a sign in any other material form; and (b) must contain the following content (with or without the inclusion of any other words): Australian Government Australian Transaction Reports and Analysis Centre Carrying $10,000 or more into or out of Australia? You must report: cash, traveller’s cheques, cheques, money orders, or other bearer negotiable instruments These are monetary instruments. By law you must report the movement of monetary instruments if the sum of the monetary instrument amount is AUD$10,000 or more (or foreign currency equivalent). Note there is no limit to the sum of monetary instruments amounts you can carry in and out of Australia. (3) The written notice may be affixed at: (a) any port, airport, wharf, or boarding station that is appointed under section 15 of the Customs Act 1901; or (b) a place to which section 234AA of the Customs Act 1901 applies that is not a place, or a part of a place, referred to in paragraph (a). Part 10—Secrecy and access 10-1 Disclosure of AUSTRAC information to foreign countries or agencies For the purposes of paragraph 127(2)(a) of the Act, the following Commonwealth, State or Territory agencies are prescribed: (a) the Attorney-General’s Department; (b) the Foreign Affairs Department; (c) the Home Affairs Department; (d) that part of the Defence Department known as the Australian Geospatial-Intelligence Organisation, and includes any part of the Defence Force that performs functions on behalf of that part of the Department; (e) that part of the Defence Department known as the Defence Intelligence Organisation, and includes any part of the Defence Force that performs functions on behalf of that part of the Department; (f) the Australian Crime Commission; (g) the Australian Federal Police; (h) the Australian Prudential Regulation Authority; (i) the Australian Secret Intelligence Service; (j) the Australian Securities and Investments Commission; (k) the Australian Security Intelligence Organisation; (l) the Australian Signals Directorate; (m) the Australian Taxation Office; (n) the National Anti-Corruption Commission; (o) the Office of National Intelligence. Part 11—Other matters 11-1 False or misleading information or documents For the purposes of subparagraphs 136(1)(c)(ii) and 137(1)(c)(ii) of the Act, sections 136 and 137 of the Act (which deal with giving or producing false or misleading information or documents) apply in relation to a provision of this instrument in the following: (a) Part 3 (enrolment); (b) Part 4 (registration); (c) Part 6 (customer due diligence); (d) Part 8 (transfers of value); (e) Part 9 (reporting). 11-2 Use of computers to take administrative action—prescribed provisions For the purposes of subsection 228A(1) of the Act, the following provisions of the Act are prescribed: (a) section 51D; (b) subsection 75K(2); (c) subsection 76M(2). 11-3 Applications for reconsideration of decisions made by delegates of the AUSTRAC CEO For the purposes of paragraph 233D(3)(b) of the Act, an application for reconsideration of a reviewable decision must contain the following information: (a) the name of the applicant; (b) the applicant’s ABN, ACN, ARBN and ARSN (as applicable); (c) the applicant’s telephone number; (d) the applicant’s email address; (e) the applicant’s postal address; (f) the following information about the individual completing the application: (i) the individual’s full name; (ii) the individual’s job title or position; (iii) if the individual is not the applicant—information on the individual’s role or relationship in relation to the applicant; (iv) the individual’s telephone number; (v) the individual’s email address; (g) details of the decision that the applicant is seeking reconsideration of, including the following information (to the extent it is known to the applicant): (i) the date of the decision; (ii) the name of the delegate of the AUSTRAC CEO who made the decision; (iii) the AUSTRAC decision reference number; (h) the date the applicant was informed of the decision; (i) the reasons why the applicant is seeking reconsideration of the decision. Part 12—Application, saving and transitional provisions 12-1 Transitional—reports of suspicious matters to be in old form for first 3 months after commencement (1) Subsections (2) and (3) apply if: (a) a suspicious matter reporting obligation arises for a reporting entity in relation to a person; and (b) the reporting entity is required under subsection 41(2) of the Act to give a report about the matter to the AUSTRAC CEO at any time in the period: (i) beginning at the commencement of this instrument; and (ii) ending on 30 June 2026. (2) The report must: (a) be in the form that was the approved form for the purposes of paragraph 41(3)(a) of the Act immediately before the commencement of this instrument; and (b) comply with Chapter 18 of the Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No. 1), as in force immediately before the commencement of this instrument. (3) A report that complies with subsection (2) is taken to include the information that must, under Division 1 of Part 9 of this instrument, be contained in a report under subsection 41(2) of the Act in relation to the suspicious matter reporting obligation. 12-2 Transitional—reports of suspicious matters by entities on Reporting Entities Roll at commencement (1) Subsection (2) applies if: (a) at the commencement of this instrument, a reporting entity is entered on the Reporting Entities Roll; and (b) a suspicious matter reporting obligation arises for the reporting entity in relation to a person; and (c) the reporting entity gives a report about the matter that complies with Chapter 18 of the Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No. 1), as in force immediately before the commencement of this instrument; and (d) the report is given on or after 1 July 2026 and before the earlier of: (i) 30 March 2029; or (ii) the day specified in an instrument made under subsection (3). (2) The report is taken to include the information that must, under Division 1 of Part 9 of this instrument, be contained in a report under subsection 41(2) of the Act in relation to the suspicious matter reporting obligation. (3) The AUSTRAC CEO may, by notifiable instrument, specify a day for the purposes of subparagraph (1)(d)(ii). 12-3 Transitional—reports of threshold transactions to be in old form for first 3 months after commencement (1) Subsections (2) and (3) apply if: (a) a reporting entity commences to provide, or provides, a designated service to a customer; and (b) the provision of the service involves a threshold transaction; and (c) the reporting entity is required under subsection 43(2) of the Act to give the AUSTRAC CEO a report of the transaction at any time during the period: (i) beginning at the commencement of this instrument; and (ii) ending on 30 June 2026. (2) The report must: (a) be in the form that was the approved form for the purposes of paragraph 43(3)(a) of the Act immediately before the commencement of this instrument; and (b) comply with Chapter 19 of the Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No. 1), as in force immediately before the commencement of this instrument. (3) A report that complies with subsection (2) is taken to include the information that must, under Division 2 of Part 9 of this instrument, be contained in a report under subsection 43(2) of the Act in relation to the threshold transaction. 12-4 Transitional—reports of threshold transactions by entities on Reporting Entities Roll at commencement (1) Subsection (2) applies if: (a) at the commencement of this instrument, a reporting entity is entered on the Reporting Entities Roll; and (b) the reporting entity commences to provide, or provides, a designated service to a customer; and (c) the provision of the service involves a threshold transaction; and (d) the reporting entity gives a report about the threshold transaction that complies with Chapter 19 of the Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No. 1), as in force immediately before the commencement of this instrument; and (e) the report is given on or after 1 July 2026 and before the earlier of: (i) 30 March 2029; or (ii) the day specified in an instrument made under subsection (3). (2) The report is taken to include the information that must, under Division 2 of Part 9 of this instrument, be contained in a report under subsection 43(2) of the Act in relation to the threshold transaction. (3) The AUSTRAC CEO may, by notifiable instrument, specify a day for the purposes of subparagraph (1)(e)(ii). 12-5 Transitional—keep open notices (1) Subsections (2) and (3) apply if an exemption granted to a reporting entity in respect of a customer under Chapter 75 of the Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No. 1) was in force immediately before the commencement of this instrument. (2) Subject to subsection (3), the exemption continues in force on and after that commencement, and may be dealt with, as if it were a keep open notice issued under subsection 39B(1) of the Act by a senior member of the eligible agency that requested the exemption. (3) The exemption continues in force until the earlier of the following: (a) the expiry of: (i) the period for which the exemption was granted; or (ii) if that period was extended under section 75.9 of the Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No. 1)—the expiry of that period as extended; (b) the time the agency that requested the exemption notifies the reporting entity and the AUSTRAC CEO that the relevant investigation has ended. (4) To avoid doubt, subsections 39B(7) and (8) of the Act (which deal with extensions) apply to an exemption continued in force under this section.

Schedule 1—Forms Note: See sections 6-38 to 6-41. Form 1—Keep open notice

KEEP OPEN NOTICE Subsection 39B(1) of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006

Explanation of this notice

1 | This keep open notice (Notice) is issued pursuant to subsection 39B(1) of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act). 2 | A senior member of an agency of the kind listed in subsection 39B(3) of the AML/CTF Act reasonably believes that the provision of a designated service by the reporting entity to whom this Notice is issued to the customer(s) specified in this Notice would assist in the investigation by the agency of a serious offence. 3 | Pursuant to subsection 39A(2) of the AML/CTF Act, the reporting entity is exempt from section 26G, 28 or 30 of the AML/CTF Act in respect of the provision of a designated service to a customer specified in this Notice to the extent that the reporting entity reasonably believes that compliance with that section would or could reasonably be expected to alert the customer to the existence of a criminal investigation. 4 | If the exemption referred to in paragraph 3 applies in relation to the provision by the reporting entity of a designated service to the customer, section 139 of the AML/CTF Act (providing a designated service using a false customer name or customer anonymity) does not apply in relation to the provision by the reporting entity of that designated service to the customer. 5 | This Notice remains in force for the period starting on the commencement date specified in this Notice (Commencement Date) and ending on the earlier of the following: (a) the day that is 6 months after the Commencement Date; (b) the day that the agency that issued the Notice notifies the reporting entity and the AUSTRAC CEO that the relevant investigation has ended. 6 | The AUSTRAC CEO has been sent a copy of this Notice. 7 | This Notice does not compel a reporting entity to provide a designated service to the customer specified in this Notice. 8 | A suspicious matter reporting obligation does not arise for a reporting entity in relation to a customer upon the receipt of this Notice. However, a suspicious matter reporting obligation may otherwise arise for the reporting entity in relation to the customer in accordance with section 41 of the AML/CTF Act.

Full name of reporting entity to whom this Notice is issued

Commencement date of this Notice

Details of the customer(s) to whom this Notice applies | Details of the customer(s) to whom this Notice applies | Details of the customer(s) to whom this Notice applies Full name of customer(s) | Date of birth or Australian Business Number/Australian Company Number (if known) | Additional details of customer(s) to whom this Notice applies (if known) | | | | | |

Do any attachments accompany this Notice? No Yes Number of attachments

Details of senior member | Details of senior member Full name | Position | Agency |

Declaration

I am the senior member specified above and reasonably believe that the provision of a designated service by the reporting entity to the customer(s) specified in this Notice would assist in the investigation by the agency of a serious offence.

Signed | | Date | | Form 2—Extension notice

KEEP OPEN NOTICE—EXTENSION NOTICE Subsection 39B(7) of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006

Explanation of this notice

1 | This extension notice is issued pursuant to subsection 39B(7) of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act). 2 | This extension notice extends the period that a keep open notice remains in force for a further period of 6 months. 3 | This extension notice must be issued to the reporting entity to whom the keep open notice was issued before the expiry of the keep open notice. 4 | A senior member of the agency of the kind listed in subsection 39B(3) of the AML/CTF Act reasonably believes that the continued provision of a designated service by the reporting entity to the customer(s) specified in the keep open notice would assist in the investigation by the agency of a serious offence. 5 | Pursuant to subsection 39A(2) of the AML/CTF Act, the reporting entity continues to be exempt from section 26G, 28 or 30 of the AML/CTF Act in respect of the continued provision of a designated service to a customer specified in the keep open notice to the extent that the reporting entity reasonably believes that compliance with that section would or could reasonably be expected to alert the customer to the existence of a criminal investigation. 6 | If the exemption referred to in paragraph 5 applies in relation to the continued provision by the reporting entity of a designated service to the customer, section 139 of the AML/CTF Act (providing a designated service using a false customer name or customer anonymity) does not apply in relation to the continued provision by the reporting entity of that designated service to the customer. 7 | The AUSTRAC CEO has been sent a copy of this extension notice. 8 | This extension notice does not compel the reporting entity to continue to provide a designated service to a customer specified in this extension notice. 9 | A suspicious matter reporting obligation does not arise for a reporting entity in relation to a customer upon the receipt of this extension notice. However, a suspicious matter reporting obligation may otherwise arise for the reporting entity in relation to the customer in accordance with section 41 of the AML/CTF Act. 10 | The period for which the keep open notice remains in force may be extended for a further period of 6 months if a senior member of the issuing agency issues an extension notice under subsection 39B(7) of the AML/CTF Act.

Full name of reporting entity to whom the keep open notice was issued

Commencement date of the keep open notice

Commencement date of the extension period [State the date that is the day after the expiry of the following (as applicable): (a) the keep open notice; (b) the previous extension period.]

Previous extension notices (if any) issued in relation to the keep open notice | Previous extension notices (if any) issued in relation to the keep open notice Have any extension notices previously been issued in relation to the keep open notice? | How many extension notices have been issued prior to this extension notice? |

Details of the customer(s) to whom the keep open notice applies [List all customers included in the keep open notice] | Details of the customer(s) to whom the keep open notice applies [List all customers included in the keep open notice] Full name of customer(s) | Date of birth or Australian Business Number/Australian Company Number (if known) | | |

Details of senior member | Details of senior member Full name | Position | Agency |

Declaration

I am the senior member specified above and reasonably believe that the continued provision of a designated service by the reporting entity to the customer(s) specified in this extension notice would assist in the investigation by the agency of a serious offence.

Signed | | Date | | Form 3—Application to issue extension notice

APPLICATION TO ISSUE EXTENSION NOTICE TO FURTHER EXTEND THE PERIOD OF A KEEP OPEN NOTICE Paragraph 39B(8)(b) of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006

This is the prescribed form for an application to the AUSTRAC CEO under paragraph 39B(8)(b) of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (the AML/CTF Act) to disapply paragraph 39B(7)(b) of that Act for the purpose of issuing a further extension notice in relation to a keep open notice.

Full name of reporting entity to whom the keep open notice was issued

Commencement date of the keep open notice

Previous extension notices issued under subsection 39B(7) of the AML/CTF Act | Previous extension notices issued under subsection 39B(7) of the AML/CTF Act How many extension notices have been issued in relation to the keep open notice prior to this application? |

Previous applications to the AUSTRAC CEO | Previous applications to the AUSTRAC CEO How many notices have been given by the AUSTRAC CEO under paragraph 39B(8)(d) of the AML/CTF Act in relation to the keep open notice? |

Details of the customer(s) to whom the keep open notice applies List all customers included in the keep open notice | Details of the customer(s) to whom the keep open notice applies List all customers included in the keep open notice Full name of customer(s) | Date of birth or Australian Business Number/Australian Company Number (if known) | | |

Reasons a further extension of the keep open notice is required

Serious offence(s) under investigation by the agency

Details of senior member | Details of senior member Full name | Position | Agency |

Declaration

I am the senior member specified above and I reasonably believe that the continued provision of a designated service by the reporting entity to the customer(s) specified in the keep open notice would assist in the continued investigation by the agency of the serious offence(s) described in this application.

Signed | | Date | |

Endnotes Endnote 1—About the endnotes The endnotes provide information about this compilation and the compiled law. The following endnotes are included in every compilation: Endnote 1—About the endnotes Endnote 2—Abbreviation key Endnote 3—Legislation history Endnote 4—Amendment history Abbreviation key—Endnote 2 The abbreviation key sets out abbreviations that may be used in the endnotes. Legislation history and amendment history—Endnotes 3 and 4 Amending laws are annotated in the legislation history and amendment history. The legislation history in endnote 3 provides information about each law that has amended (or will amend) the compiled law. The information includes commencement details for amending laws and details of any application, saving or transitional provisions that are not included in this compilation. The amendment history in endnote 4 provides information about amendments at the provision (generally section or equivalent) level. It also includes information about any provision of the compiled law that has been repealed in accordance with a provision of the law. Editorial changes The Legislation Act 2003 authorises First Parliamentary Counsel to make editorial and presentational changes to a compiled law in preparing a compilation of the law for registration. The changes must not change the effect of the law. Editorial changes take effect from the compilation registration date. If the compilation includes editorial changes, the endnotes include a brief outline of the changes in general terms. Full details of any changes can be obtained from the Office of Parliamentary Counsel. Misdescribed amendments A misdescribed amendment is an amendment that does not accurately describe how an amendment is to be made. If, despite the misdescription, the amendment can be given effect as intended, then the misdescribed amendment can be incorporated through an editorial change made under section 15V of the Legislation Act 2003. If a misdescribed amendment cannot be given effect as intended, the amendment is not incorporated and “(md not incorp)” is added to the amendment history.

Endnote 2—Abbreviation key

ad = added or inserted | orig = original am = amended | p = page(s) amdt = amendment | para = paragraph(s)/subparagraph(s) C[x] = Compilation No. x | /sub-subparagraph(s) ch = Chapter(s) | pres = present cl = clause(s) | prev = previous cont. = continued | (prev…) = previously def = definition(s) | pt = Part(s) Dict = Dictionary | r = regulation(s)/Court rule(s) disallowed = disallowed by Parliament | reloc = relocated div = Division(s) | renum = renumbered ed = editorial change | rep = repealed exp = expires/expired or ceases/ceased to have | rs = repealed and substituted effect | s = section(s)/subsection(s) gaz = gazette | /rule(s)/subrule(s)/order(s)/suborder(s) LA = Legislation Act 2003 | sch = Schedule(s) LIA = Legislative Instruments Act 2003 | SLI = Select Legislative Instrument (md) = misdescribed amendment can be given | SR = Statutory Rules effect | sub ch = Sub-Chapter(s) (md not incorp) = misdescribed amendment | sub div = Subdivision(s) cannot be given effect | sub pt = Subpart(s) mod = modified/modification | underlining = whole or part not No. = Number(s) | commenced or to be commenced Ord = Ordinance |

Endnote 3—Legislation history

Name | Registration | Commencement | Application, saving and transitional provisions Anti-Money Laundering and Counter-Terrorism Financing Rules 2025 | 29 Aug 2025 (F2025L01026) | 31 Mar 2026 (s 1-2(1) item 1) | Anti‑Money Laundering and Counter‑Terrorism Financing (2025 Rules) Amendment Rules 2026 | 24 Mar 2026 (F2026L00353) | 31 Mar 2026 (s 2(1) item 1) | —

Endnote 4—Amendment history

Provision affected | How affected Part 1 | s 1-2 | rep LA s 48D s 1-4 | am F2026L00353 Part 2 | s 2-1 | am F2026L00353 s 2-2 | am F2026L00353 Part 3 | Division 1 | s 3-3 | am F2026L00353 Part 4 | Division 2 | s 4-3 | am F2026L00353 s 4-4 | am F2026L00353 s 4-7 | am F2026L00353 s 4-9 | am F2026L00353 s 4-9A | ad F2026L00353 s 4-12 | am F2026L00353 Part 5 | Division 2 | s 5-5 | am F2026L00353 Part 6 | Division 1 | s 6-6 | am F2026L00353 s 6-7 | am F2026L00353 s 6-10 | am F2026L00353 s 6-11 | am F2026L00353 Division 3 | s 6-18 | am F2026L00353 Division 5 | s 6-24 | am F2026L00353 Division 8 | s 6-29 | am F2026L00353 s 6-31 | am F2026L00353 Division 9 | s 6-32 | am F2026L00353 s 6-33 | am F2026L00353 Division 11 | s 6-35 | am F2026L00353 Division 12 | s 6-37 | am F2026L00353 Part 8 | Division 2 | s 8-3 | am F2026L00353 s 8-4 | am F2026L00353 s 8-5 | am F2026L00353 Division 3 | s 8-8 | am F2026L00353 Part 9 | Division 1 | s 9-4A | ad F2026L00353 Division 3 | s 9-9 | rs F2026L00353 Division 3A | Division 3A | ad F2026L00353 s 9-9A | ad F2026L00353 s 9-9B | ad F2026L00353 Part 11 | s 11-2 | ad F2026L00353 s 11-3 | ad F2026L00353

Concept tags derived · unofficial · model · unreviewed

ProvisionConcepts
Part 1—Preliminarycustomer_due_diligence beneficial_ownership threshold_transaction_reporting funds_transfer_reporting designated_services enrolment_registration politically_exposed_persons virtual_assets definitions_and_interpretation
Part 2—Reporting groupsdesignated_services enrolment_registration definitions_and_interpretation
Part 3—Enrolmentenrolment_registration
Division 1—Application for enrolmentbeneficial_ownership designated_services enrolment_registration virtual_assets definitions_and_interpretation
Division 2—Correction and removal of enrolment detailsthreshold_transaction_reporting designated_services enrolment_registration virtual_assets supervisory_architecture
Division 3—Changes in enrolment detailsenrolment_registration
Part 4—Registrationenrolment_registration
Division 1—Management of the Remittance Sector Register and the Virtual Asset Service Provider Registerenrolment_registration virtual_assets supervisory_architecture
Division 2—Information requirements for registration applicationscustomer_due_diligence beneficial_ownership risk_based_approach suspicious_matter_reporting designated_services enrolment_registration politically_exposed_persons virtual_assets proliferation_financing enforcement_and_offences
Division 3—Registration decisionsbeneficial_ownership enrolment_registration proliferation_financing enforcement_and_offences definitions_and_interpretation
Division 4—Suspension of registrationrisk_based_approach enrolment_registration virtual_assets proliferation_financing enforcement_and_offences supervisory_architecture
Division 5—Cancellation of registrationrisk_based_approach enrolment_registration virtual_assets proliferation_financing enforcement_and_offences
Division 6—Renewal of registrationenrolment_registration virtual_assets supervisory_architecture
Division 7—Matters registered persons required to advisebeneficial_ownership enrolment_registration supervisory_architecture
Division 8—Other mattersamlctf_program
Part 5—AML/CTF programsamlctf_program
Division 1—ML/TF risk assessmentrisk_based_approach designated_services
Division 2—AML/CTF policies related to ML/TF risk mitigationcustomer_due_diligence beneficial_ownership risk_based_approach designated_services politically_exposed_persons sanctions_prohibitions un_and_autonomous_sanctions
Division 3—AML/CTF policies related to governance and compliance managementrisk_based_approach amlctf_program suspicious_matter_reporting tipping_off designated_services proliferation_financing
Division 4—AML/CTF compliance officersthreshold_transaction_reporting designated_services enforcement_and_offences
Division 5—AML/CTF program documentationrisk_based_approach amlctf_program designated_services
Division 6—AML/CTF policies related to lead entitiesrecord_keeping designated_services
Division 7—AML/CTF policies related to transfers of valuerisk_based_approach designated_services enrolment_registration virtual_assets
Division 8—AML/CTF policies related to real estate transactionscustomer_due_diligence designated_services
Part 6—Customer due diligencecustomer_due_diligence
Division 1—Initial customer due diligencecustomer_due_diligence beneficial_ownership risk_based_approach record_keeping designated_services enrolment_registration politically_exposed_persons sanctions_prohibitions proliferation_financing
Division 2—Providing services before completion of initial customer due diligencecustomer_due_diligence risk_based_approach threshold_transaction_reporting designated_services virtual_assets proliferation_financing definitions_and_interpretation
Division 3—Simplified customer due diligencecustomer_due_diligence beneficial_ownership risk_based_approach designated_services enrolment_registration politically_exposed_persons sanctions_prohibitions proliferation_financing
Division 4—Enhanced customer due diligencecustomer_due_diligence risk_based_approach threshold_transaction_reporting designated_services virtual_assets
Division 5—Politically exposed personscustomer_due_diligence beneficial_ownership risk_based_approach designated_services politically_exposed_persons
Division 6—Nested services relationshipscustomer_due_diligence risk_based_approach designated_services correspondent_banking virtual_assets supervisory_architecture
Division 7—Transferred customerscustomer_due_diligence risk_based_approach suspicious_matter_reporting designated_services
Division 8—Reliance on collection and verification of KYC informationcustomer_due_diligence record_keeping designated_services proliferation_financing
Division 9—Real estate transactionscustomer_due_diligence risk_based_approach suspicious_matter_reporting record_keeping designated_services
Division 10—Life policies and sinking fund policiescustomer_due_diligence designated_services
Division 11—Ongoing customer due diligencecustomer_due_diligence amlctf_program suspicious_matter_reporting designated_services proliferation_financing enforcement_and_offences
Division 12—Keep open noticesdesignated_services virtual_assets enforcement_and_offences supervisory_architecture
Division 13—Transitionalcustomer_due_diligence record_keeping designated_services definitions_and_interpretation
Part 7—Correspondent bankingcorrespondent_banking
Division 1—Due diligence assessment for entry into correspondent banking relationshipcustomer_due_diligence amlctf_program correspondent_banking virtual_assets proliferation_financing supervisory_architecture
Division 2—Requirements for ongoing due diligence assessmentscorrespondent_banking proliferation_financing
Division 1—Ordering institutions and beneficiary institutionsvirtual_assets
Division 2—Transfers of valuecustomer_due_diligence threshold_transaction_reporting designated_services virtual_assets
Division 3—Exemptions from obligations relating to transfers of valuedesignated_services virtual_assets supervisory_architecture definitions_and_interpretation
Division 4—International value transfer servicesvirtual_assets
Division 1—Reports of suspicious matterscustomer_due_diligence beneficial_ownership suspicious_matter_reporting designated_services enrolment_registration virtual_assets enforcement_and_offences supervisory_architecture definitions_and_interpretation
Division 2—Reports of threshold transactionscustomer_due_diligence beneficial_ownership threshold_transaction_reporting designated_services enrolment_registration virtual_assets supervisory_architecture definitions_and_interpretation
Division 3A—Amending or withdrawing reportsdesignated_services supervisory_architecture
Division 4—Registered remittance affiliatessuspicious_matter_reporting threshold_transaction_reporting funds_transfer_reporting enrolment_registration
Division 5—Cross-border movement reportscash_couriers scope_and_application
Part 11—Other matterscustomer_due_diligence enrolment_registration supervisory_architecture
Part 12—Application, saving and transitional provisionssuspicious_matter_reporting threshold_transaction_reporting designated_services supervisory_architecture
Schedule 1—Formssuspicious_matter_reporting designated_services enrolment_registration enforcement_and_offences supervisory_architecture