1. Help
  2. Sending Requests
  3. Request Deep Dive
  4. What to Do When a Verification Check Fails
Searching...

What to Do When a Verification Check Fails

Contents

A practical guide for Australian accounting firms using Content Snare’s ID verification and AML screening. This covers every individual check, what it means when it fails or flags a match, and what steps to consider next.

Important: This guide is not legal advice.

The information in this guide is based on Content Snare’s interpretation of publicly available AUSTRAC guidance and the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) as at March 2026. It is intended as a general reference only and does not constitute legal, compliance, or professional advice.

Your firm’s specific obligations depend on the designated services you provide, your client base, your AML/CTF program, and your risk assessment framework. AML/CTF law and AUSTRAC guidance are subject to change.

Content Snare is not a law firm, a compliance consultancy, or a regulated adviser. We do not accept liability for any actions taken or not taken based on this guide. You should obtain independent legal advice from a qualified professional before making compliance decisions for your firm.

Where this guide references AUSTRAC guidance or legislation, those references are provided for convenience and should be verified against the current versions at austrac.gov.au and legislation.gov.au.

How to read this guide

When you view a verification result in Content Snare, each individual check shows one of three statuses:

  • Green tick (pass): The check was processed and cleared
  • Red X (fail): The check was processed and found an issue or potential match
  • Grey icon (not processed): The check was not included in the screening level you selected

This guide covers what to do when a check shows a red X.

If all checks show green ticks, the verification passed. Record the outcome in your client file and proceed with your normal customer due diligence process.

A note on false positives

Screening checks match against names and personal details. A red flag does not necessarily mean your client is the person in the database. Name matches are common, especially for common names. Always review the full report details before drawing conclusions.1

Identity checks

These checks confirm that the person completing the verification is who they say they are.

Authenticity Analysis

Liveness Check

What it checks: Whether the selfie or video was taken by a live person (not a photo of a photo, a video replay, or a mask).

If it fails:

  1. Ask the client to retry in good lighting, looking directly at the camera. Poor conditions are the most common cause of failure
  2. If it fails again, you cannot complete identity verification digitally. Under the AML/CTF Act, you must not provide a designated service unless applicable customer identification procedures (ACIP) have been carried out2
  3. Consider whether alternative verification methods are available under your AML/CTF program (e.g. in-person verification)
  4. If you suspect the failure was a deliberate attempt to use a fake image, assess whether you have reasonable grounds for suspicion and whether an SMR is required3
  5. Record the failure and your assessment in your risk notes

Spoofed Image Analysis

What it checks: Whether the submitted image has been digitally manipulated, sourced from the internet, or artificially generated.

If it fails:

  1. This indicates the image may be fake or tampered with, which is a strong indicator of attempted identity fraud
  2. AUSTRAC guidance states that if you suspect documents or information presented by a customer are fraudulent, you should submit an SMR4
  3. Assess whether reasonable grounds for suspicion exist. If so, submit an SMR within the required timeframes5
  4. You cannot complete ACIP if the client’s identity cannot be verified. Do not provide designated services until ACIP is satisfied2
  5. Escalate to your AML/CTF compliance officer
  6. Record the failure and your assessment

Face Analysis

Facial Similarity Check

What it checks: Whether the face in the selfie matches the face on the identity document. Returns a confidence score.

If it fails:

  1. Ask the client to retry. Common innocent causes include bad lighting, glasses, significant change in appearance since the ID photo was taken, or poor camera quality
  2. If the retry fails, request an alternative form of ID (e.g. passport instead of driver’s licence)
  3. If it continues to fail, you cannot verify identity digitally. Consider whether alternative verification methods are available under your AML/CTF program2
  4. A persistent mismatch could indicate someone other than the document holder is attempting verification. Assess whether reasonable grounds for suspicion exist3
  5. Record the outcome and your reasoning, whether you proceed via alternative means or decline

Banned Faces Analysis

What it checks: Whether the face has been previously flagged in the verification provider’s database (e.g. from prior fraud attempts across other organisations using the same system).

If it fails:

  1. This is a significant risk indicator. Someone using this face has been flagged for suspicious activity elsewhere
  2. Escalate to your AML/CTF compliance officer
  3. Assess whether reasonable grounds for suspicion exist. If so, submit an SMR3
  4. Apply your firm’s ECDD procedures6
  5. A decision to proceed or decline should be made by your compliance officer or senior management, based on the full circumstances
  6. Record the flag and your assessment

Integrity Analysis

Face Detection Check

What it checks: Whether the image quality is sufficient and the correct number of faces are present (exactly one face, clearly visible).

If it fails:

  1. Ask the client to retry with a clear, well-lit selfie showing only their face
  2. This is almost always a technical issue, not a fraud indicator
  3. If the client cannot produce a usable image after multiple attempts, consider alternative verification methods available under your AML/CTF program

Document check

This check verifies the identity document itself (passport, driver’s licence, or national ID card).

Document Authenticity Check

What it checks: Whether the document is genuine. The system checks for signs of tampering, forgery, or manipulation.

If it fails:

  1. Check whether the failure was due to image quality (blurry photo, glare, cropped edges). If so, ask the client to retake the photo
  2. If the document is expired, ask the client to provide a current document. Note: passports may be used up to two years past expiry for identity verification purposes7
  3. If the document appears tampered with or forged, AUSTRAC guidance states you should submit an SMR4
  4. If the client provides an alternative document that passes, you can proceed, but record the initial failure
  5. If no valid document can be provided, ACIP cannot be completed and you must not provide designated services2

Screening checks: Watchlist Analysis

These checks screen against sanctions and government watchlists.

Sanctions Lists Check

What it checks: Global sanctions lists including DFAT (Australia), OFAC (US), EU, UN, and other national sanctions programs.

If it flags:

  1. Download the full bundle report and review the match details. Check whether the match is based on exact details or just a similar name
  2. If the name matches but other details (date of birth, country, aliases) do not match, it may be a false positive. Document your analysis
  3. If the match is confirmed: It is a criminal offence under Australian law to make assets available to, or provide services for the benefit of, a sanctioned person or entity. This applies under the Autonomous Sanctions Act 2011 (Cth) and the Charter of the United Nations Act 1945 (Cth)8
  4. Submit an SMR to AUSTRAC3
  5. Seek legal advice before making any decision about the engagement
  6. Record all details, including your analysis of whether the match is a true positive or false positive

Official Lists Check

What it checks: Official government lists beyond sanctions (e.g. law enforcement lists, regulatory enforcement actions, disqualified directors).

If it flags:

  1. Download the bundle report and review the specific list and match details
  2. Determine which list triggered the match and whether it is relevant to the designated service you are providing
  3. Some official list entries may not prevent you from acting (e.g. a disqualified director may still need personal tax services). Assess based on the designated service and your risk assessment
  4. If the match relates to financial crime or money laundering indicators, assess whether reasonable grounds for suspicion exist3
  5. Record the match and your assessment in your risk notes

War Crime Check

What it checks: International war crime designations and tribunals.

If it flags:

  1. Persons designated under war crime lists are typically also subject to sanctions. The same legal prohibitions apply8
  2. Submit an SMR to AUSTRAC3
  3. Seek legal advice before making any decision about the engagement
  4. Record all details

Sanctions Control Check

What it checks: Sanctions control and ownership mechanisms (e.g. entities controlled by sanctioned persons).

If it flags:

  1. Download the bundle report and review the nature of the association
  2. Australian sanctions law extends to entities owned or controlled by sanctioned persons8
  3. If the association is confirmed, the same legal prohibitions that apply to directly sanctioned persons may apply
  4. Submit an SMR to AUSTRAC3
  5. Seek legal advice
  6. Record all details and your analysis

Child Sexual Exploitation Check (extensive screening only)

What it flags: Databases related to child sexual exploitation and abuse material.

If it flags:

  1. Submit an SMR to AUSTRAC immediately (within 24 hours if terrorism-related, otherwise within 3 business days)5
  2. Seek legal advice
  3. Consider whether you have mandatory reporting obligations to police in your state or territory (these exist separately from AML/CTF obligations)
  4. Record all details

Terror Check (extensive screening only)

What it checks: Terror designation lists and databases.

If it flags:

  1. It is a criminal offence under the Charter of the United Nations Act 1945 (Cth) and the Criminal Code Act 1995 (Cth) to provide assets or services to a person or entity designated as a terrorist8
  2. Submit an SMR to AUSTRAC within 24 hours. The 24-hour reporting deadline applies specifically to terrorism financing suspicions5
  3. Seek legal advice
  4. Record all details

Other Exclusion Lists Check (extensive screening only)

What it checks: Other exclusion and debarment lists not covered by the categories above.

If it flags:

  1. Download the bundle report and review which specific list triggered the match
  2. Assess whether the exclusion is relevant to the services you are providing
  3. If the exclusion relates to financial crime, fraud, or money laundering, assess whether reasonable grounds for suspicion exist3
  4. Record the match and your risk assessment

Screening checks: PEP Analysis

PEP (Politically Exposed Person) checks identify individuals who hold or have held prominent public positions. A PEP match is not a reason to decline a client. AUSTRAC guidance explicitly states: “being a PEP doesn’t automatically mean someone is involved in criminal activities.”9

However, PEP status does require additional steps under your AML/CTF program.

Key distinction: foreign PEPs vs domestic PEPs

AUSTRAC identifies three types of PEPs: domestic, foreign, and international organisation. You must treat every foreign PEP as a high-risk customer. Domestic and international organisation PEPs may be low, medium, or high risk depending on your assessment.9

This distinction matters because high-risk PEPs (including all foreign PEPs) require your full ECDD program, while medium or low-risk PEPs require standard customer identification procedures.9

PEP Level 1 Check (standard and extensive)

Who it covers: Heads of state, national government ministers, members of national legislatures.

If it flags:

  1. Determine whether the PEP is domestic, foreign, or international organisation9
  2. If the PEP is foreign: you must treat them as high-risk and apply your ECDD program6
  3. For all PEPs at this level, apply ECDD:
    • Obtain senior management approval before establishing or continuing the business relationship6
    • Take reasonable measures to establish the source of the client’s wealth and funds6
    • Conduct enhanced ongoing monitoring of the relationship
  4. Update the client’s risk rating. PEP Level 1 status will typically result in a high risk rating
  5. Record the PEP status, the PEP type (domestic/foreign/international), and your ECDD steps

PEP Level 2 Check (extensive screening only)

Who it covers: Regional government officials, civil servants, armed forces senior officers, judiciary members, central bank board members.

If it flags:

  1. Determine whether the PEP is domestic, foreign, or international organisation
  2. Apply the same process as PEP Level 1. AUSTRAC’s ECDD obligations apply equally regardless of PEP level6
  3. The risk level may be lower than Level 1 depending on the specific role, but use your risk-based assessment to determine
  4. Record the PEP status and level

PEP Level 3 Check (extensive screening only)

Who it covers: Religious leaders, state corporation executives, political party officials, international organisation officials.

If it flags:

  1. Determine whether the PEP is domestic, foreign, or international organisation
  2. Apply ECDD as above
  3. Pay particular attention to source of funds for state corporation executives, as AUSTRAC notes PEPs may use corporate vehicles to conceal proceeds of crime9
  4. Record the PEP status and level

PEP Level 4 Check (extensive screening only)

Who it covers: Mayors, local government officials, other locally prominent public figures.

If it flags:

  1. Determine whether the PEP is domestic, foreign, or international organisation
  2. Apply ECDD as above
  3. The risk profile for Level 4 PEPs is generally lower, but the ECDD obligation still applies for high-risk PEPs6
  4. Use your risk-based assessment to determine the extent of enhanced measures required
  5. Record the PEP status and level

PEP matches: family members and close associates

PEP databases may also flag family members or known close associates of PEPs. AUSTRAC guidance defines PEPs to include “immediate family members and/or close associates,” and the same identification and due diligence obligations apply.9

When a PEP leaves their position

A person is no longer considered a PEP after leaving their position. However, AUSTRAC guidance states that former PEPs “may still maintain a degree of influence and therefore pose a money laundering/terrorism financing risk.” If you assess a former PEP as high-risk, you must apply your ECDD program.9

Screening checks: Adverse Media Analysis (extensive screening only)

Adverse media checks search for negative news coverage about your client. A match means relevant media coverage was found, not that the person has been convicted of or is necessarily involved in anything.

Important context

AUSTRAC’s worked example for high-risk clients shows a firm that found adverse media about a client’s involvement in drug trafficking. The firm escalated to the AML/CTF compliance officer, conducted enhanced due diligence, filed an SMR, and then, with senior management approval, proceeded with the engagement under enhanced monitoring. The adverse media finding triggered additional steps, but did not automatically prevent the firm from providing services.10

This is the general pattern for adverse media: investigate, escalate, apply ECDD, file an SMR if reasonable grounds for suspicion exist, and make a risk-based decision with senior management.

Environment and Production Check

What it checks: Media coverage related to environmental violations, pollution, illegal resource extraction, or production-related offences.

If it flags:

  1. Review the match details in the bundle report
  2. Assess whether the media coverage is relevant to money laundering, terrorism financing, or fraud risk
  3. For most accounting engagements, environmental media may not directly affect your AML risk assessment, but consider it as part of your overall risk profile
  4. If the coverage relates to fines, criminal proceedings, or proceeds of crime, increase the client’s risk rating and apply ECDD6
  5. Record the match and your assessment

Social and Labour Check

What it checks: Media coverage related to labour violations, human rights issues, modern slavery, or social misconduct.

If it flags:

  1. Review the match details
  2. Assess whether the issues could indicate exploitation, trafficking, or other predicate offences for money laundering
  3. If the coverage relates to trafficking or modern slavery, these are serious predicate offences. Escalate to your AML/CTF compliance officer and assess whether reasonable grounds for suspicion exist3
  4. Record the match and your assessment

Competitive and Financial Check

What it checks: Media coverage related to financial misconduct, fraud, market manipulation, insider trading, bribery, or corruption.

If it flags:

  1. This is the most directly relevant adverse media category for accounting firms
  2. Review the match details carefully. Determine whether the coverage relates to allegations, charges, or convictions
  3. Increase the client’s risk rating and apply ECDD6
  4. Escalate to your AML/CTF compliance officer
  5. Assess whether reasonable grounds for suspicion exist. If so, submit an SMR3
  6. A decision to proceed or decline should be made by your compliance officer or senior management based on the full circumstances10
  7. Record all details

Regulatory Check

What it checks: Media coverage related to regulatory actions, fines, licence revocations, or compliance failures.

If it flags:

  1. Review the specific regulatory action
  2. Assess whether it relates to financial services, tax, or AML compliance (high relevance) or other regulatory domains (lower relevance)
  3. If the client has had a licence revoked or been fined by a financial regulator, increase the risk rating and apply ECDD6
  4. Record the match and your assessment

Screening checks: Other Lists Analysis (extensive screening only)

These checks cover specific crime and association databases.

Organised Crime Check

What it checks: Databases of known or suspected organised crime figures and networks.

If it flags:

  1. Escalate to your AML/CTF compliance officer immediately
  2. Download the bundle report and review the match details
  3. Assess whether reasonable grounds for suspicion exist. If so, submit an SMR3
  4. Apply your ECDD program6
  5. A decision to proceed or decline should be made by senior management with full knowledge of the match and your ECDD findings10
  6. Record all details

Financial Crime Check

What it checks: Databases related to financial crime including money laundering, fraud, and embezzlement.

If it flags:

  1. This is directly relevant to your AML obligations
  2. Escalate to your AML/CTF compliance officer
  3. Assess whether reasonable grounds for suspicion exist. If so, submit an SMR3
  4. If you determine the match is a false positive (different person, same name), document your reasoning thoroughly
  5. If the match is credible, apply ECDD and seek senior management approval before proceeding or declining6
  6. Record all details

Tax Crime and Corruption Check

What it checks: Databases related to tax evasion, tax fraud, and corruption.

If it flags:

  1. This is highly relevant for accounting firms. Tax evasion is specifically listed as a ground for submitting an SMR3
  2. Escalate to your AML/CTF compliance officer
  3. Assess whether reasonable grounds for suspicion exist. If so, submit an SMR
  4. Consider whether providing tax services to this client creates risk for your firm
  5. Apply ECDD and seek senior management approval before deciding whether to proceed or decline6
  6. Record all details

Trafficking Check

What it checks: Databases related to human trafficking, drug trafficking, and arms trafficking.

If it flags:

  1. Trafficking is a serious predicate offence for money laundering
  2. Escalate to your AML/CTF compliance officer immediately
  3. Assess whether reasonable grounds for suspicion exist. If so, submit an SMR3
  4. Apply ECDD and seek senior management approval6
  5. Record all details

Associated Entity Check

What it checks: Databases of entities known to be associated with sanctioned, criminal, or high-risk persons or organisations.

If it flags:

  1. Review the nature of the association. Is the client a director, shareholder, employee, or family member of the flagged entity?
  2. If the association is with a sanctioned entity, the same legal prohibitions may apply as for a direct sanctions match8
  3. If the association is with a criminal entity, increase the risk rating, apply ECDD, and escalate6
  4. Assess whether the association is current or historical
  5. Record the association and your assessment

Proof of address check

Address Verification Check

What it checks: Whether the name, address, and date on the proof of address document match the details the client provided.

If it fails:

  1. Check whether the failure was due to image quality (blurry, cropped, unreadable). If so, ask the client to upload a clearer copy
  2. If the address does not match, ask the client to provide a current proof of address document. Acceptable documents include utility bills and bank statements less than 3 months old, or government notices less than 12 months old7
  3. If the name does not match, determine whether there is a reasonable explanation (e.g. maiden name, recently changed name). Request supporting documentation
  4. Persistent discrepancies in customer information should be investigated under your risk-based procedures11
  5. Record the outcome

Age estimation check

Age Estimation Check

What it checks: Estimates the client’s age from their selfie using facial analysis.

If it fails or shows a significant discrepancy:

  1. This check is not typically relevant for AML/CTF compliance in accounting
  2. A significant age discrepancy between the selfie estimate and the date of birth on the identity document may indicate the wrong person completed the verification. Cross-reference with the identity check results
  3. If you enabled it for a specific reason (e.g. age-restricted service eligibility), review the estimated age range against your requirements

General principles

Escalation and ECDD

Most screening matches (other than confirmed sanctions hits) do not automatically require you to decline a client. AUSTRAC’s guidance and worked examples show that the expected process is:10

  1. Escalate to your AML/CTF compliance officer
  2. Apply ECDD: collect additional information, verify source of funds and wealth, conduct enhanced monitoring6
  3. Assess whether reasonable grounds for suspicion exist
  4. File an SMR if suspicion is formed3
  5. Seek senior management approval before proceeding or declining the engagement6
  6. Record everything: the match, your analysis, your ECDD steps, and the decision

The decision to proceed or decline is a risk-based judgment made by your firm, not an automatic outcome of a screening match.

When you must not provide services

There are specific situations where providing services is prohibited by law:

  • Sanctions: It is a criminal offence to provide assets or services to a sanctioned person or entity8
  • ACIP not completed: You must not provide a designated service unless applicable customer identification procedures have been carried out2
  • Terror designations: Providing services to designated terrorist persons or entities is a criminal offence8

Suspicious matter reports (SMRs)

You must submit an SMR if you or anyone in your firm suspects on reasonable grounds that a customer is not who they claim to be, or that a designated service relates to money laundering, terrorism financing, proceeds of crime, tax evasion, or any other offence against Commonwealth, state or territory law.3

Timing:5

  • Within 24 hours if the suspicion relates to terrorism financing
  • Within 3 business days if the suspicion relates to any other matter

You do not need to know exactly what criminal activity may be involved. If you have reasonable grounds for suspicion, file the report.3

Penalties for not reporting: Up to 20,000 penalty units (100,000 for bodies corporate) in the Federal Court.12

Tipping off

It is a criminal offence to disclose information about an SMR or a suspicion where it would or could reasonably be expected to prejudice an investigation. The maximum penalty is 2 years imprisonment or 120 penalty units, or both.13

If you decline an engagement for compliance reasons, AUSTRAC recommends providing genuine reasons that do not indicate you are suspicious of the client’s conduct. For example: “the nature of the activities fall outside our business’s risk appetite” or “the client has failed to respond to requests for further information.”13

Exception for accountants: Under s 123(4) of the AML/CTF Act, qualified accountants may disclose information to a client in good faith to dissuade them from activities that could be a criminal offence. However, you must not disclose the existence of an SMR or that you have reported their activities.13

Record keeping

Regardless of the outcome, record:14

  • Which checks were performed and their results
  • Your assessment of any matches or failures
  • The ECDD steps you took (if applicable)
  • The actions you took and the decision made
  • Your reasoning for proceeding or declining

Retain customer identification records for the duration of your relationship with the customer, plus 7 years after you stop providing any designated services to them.

Footnotes

  1. AUSTRAC, “Politically exposed persons (PEPs)”: “Don’t assume that a customer is not a PEP just because their name does not appear in a database search.” The same principle applies in reverse: a name match is not confirmation of identity. Source: austrac.gov.au/business/core-guidance/customer-identification-and-verification/politically-exposed-persons-peps
  2. AML/CTF Act 2006 (Cth), s 32. “You must not provide a designated service to a customer unless applicable customer identification procedures have been carried out.” Source: AUSTRAC, “Customer identification and verification” at austrac.gov.au/business/core-guidance/customer-identification-and-verification
  3. AML/CTF Act 2006 (Cth), ss 41-42. You must submit an SMR if you suspect on reasonable grounds that a customer is not who they claim to be, or the designated service relates to terrorism financing, money laundering, an offence against Commonwealth/state/territory law, proceeds of crime, or tax evasion. Source: AUSTRAC, “Your SMR reporting obligations” at austrac.gov.au/business/core-guidance/reporting/suspicious-matter-reports-smrs/your-smr-reporting-obligations
  4. AUSTRAC, “Customer identification and verification”: “If you suspect that documents presented by a customer are fraudulent or stolen, submit an SMR to AUSTRAC.” Source: austrac.gov.au/business/core-guidance/customer-identification-and-verification
  5. AML/CTF Act 2006 (Cth), ss 41-42. SMR deadlines: within 24 hours if related to terrorism financing; within 3 business days for all other matters. Source: AUSTRAC, “Submitting your SMR” at austrac.gov.au/business/core-guidance/reporting/suspicious-matter-reports-smrs/submitting-your-smr
  6. AML/CTF Act 2006 (Cth), s 36. AML/CTF Rules, Parts 15.8-15.11. ECDD measures include: collecting additional information, establishing source of wealth and funds, verifying or re-verifying customer information, enhanced transaction monitoring, and obtaining senior management approval. Source: AUSTRAC, “Enhanced customer due diligence (ECDD) program” at austrac.gov.au/business/core-guidance/amlctf-programs/enhanced-customer-due-diligence-ecdd-program
  7. AUSTRAC, “Reliable and independent documentation and electronic data”: Passports may be used up to two years past expiry. Acceptable secondary documents include government notices (12 months), utility bills and bank statements (3 months). Source: austrac.gov.au/business/core-guidance/customer-identification-and-verification/reliable-and-independent-documentation-and-electronic-data
  8. Autonomous Sanctions Act 2011 (Cth); Autonomous Sanctions Regulations 2011 (Cth); Charter of the United Nations Act 1945 (Cth), s 20-21 (UN sanctions); Criminal Code Act 1995 (Cth), Division 102 (terrorism). It is a criminal offence to directly or indirectly make an asset available to, or provide a service for the benefit of, a designated/sanctioned person or entity. DFAT maintains the Consolidated List of sanctioned persons at dfat.gov.au/international-relations/security/sanctions/consolidated-list.
  9. AUSTRAC, “Politically exposed persons (PEPs)”. Key points: “being a PEP doesn’t automatically mean someone is involved in criminal activities”; “You must treat every foreign PEP as a high-risk customer”; PEPs include family members and close associates; former PEPs may still be high-risk. AML/CTF Rules, Part 4.13. Source: austrac.gov.au/business/core-guidance/customer-identification-and-verification/politically-exposed-persons-peps
  10. AUSTRAC, “Accounting program starter kit: examples of dealing with clients”. The high-risk worked example shows a firm that identified adverse media (drug trafficking), escalated to the compliance officer, conducted ECDD (source of funds, adverse media checks), filed an SMR, obtained senior management approval, and then proceeded with the engagement under enhanced monitoring. Source: austrac.gov.au/reforms/program-starter-kits/accountant-guidance/accounting-program-starter-kit/accounting-program-starter-kit-examples-dealing-clients
  11. AUSTRAC, “Customer identification: Know your customer (KYC)”: “You must have risk-based systems and controls in place to deal with discrepancies you notice while verifying customer information.” Source: austrac.gov.au/business/core-guidance/customer-identification-and-verification/customer-identification-know-your-customer-kyc
  12. AML/CTF Act 2006 (Cth), Part 15. Penalties for non-compliance: up to 20,000 penalty units (individual) or 100,000 penalty units (body corporate). One penalty unit = $330 (as at November 2024). Source: AUSTRAC, “Consequences of not complying” at austrac.gov.au/business/core-guidance/consequences-not-complying
  13. AML/CTF Act 2006 (Cth), s 123 (tipping off offence). Maximum penalty: 2 years imprisonment or 120 penalty units, or both. Exception for accountants at s 123(4). Source: AUSTRAC, “Tipping off” at austrac.gov.au/amlctf-reform/current-reporting-entities/tipping
  14. AML/CTF Rules, Chapter 20 (record-keeping obligations). Customer identification records must be retained for the duration of the relationship plus 7 years after ceasing to provide any designated services. Source: AUSTRAC, “Record-keeping” at austrac.gov.au/business/core-guidance/record-keeping
Updated on April 6, 2026
Was this article helpful?
Yes No

Related Articles

© Copyright 2026 Content Snare All Rights Reserved