A practical guide for Australian accounting firms using Content Snare’s ID verification and AML screening. This covers every individual check, what it means when it fails or flags a match, and what steps to consider next.<\/p>\n\n\n\n
\nImportant: This guide is not legal advice.<\/strong><\/p>\n\n\n\n
The information in this guide is based on Content Snare’s interpretation of publicly available AUSTRAC guidance and the Anti-Money Laundering and Counter-Terrorism Financing Act 2006<\/em> (Cth) as at March 2026. It is intended as a general reference only and does not constitute legal, compliance, or professional advice.<\/p>\n\n\n\n
Your firm’s specific obligations depend on the designated services you provide, your client base, your AML\/CTF program, and your risk assessment framework. AML\/CTF law and AUSTRAC guidance are subject to change.<\/p>\n\n\n\n
Content Snare is not a law firm, a compliance consultancy, or a regulated adviser.<\/strong> We do not accept liability for any actions taken or not taken based on this guide. You should obtain independent legal advice from a qualified professional before making compliance decisions for your firm.<\/p>\n\n\n\n
Where this guide references AUSTRAC guidance or legislation, those references are provided for convenience and should be verified against the current versions at austrac.gov.au<\/a> and legislation.gov.au<\/a>.<\/p>\n<\/blockquote>\n\n\n\n
How to read this guide<\/h2>\n\n\n\n
When you view a verification result in Content Snare, each individual check shows one of three statuses:<\/p>\n\n\n\n
\n
- Green tick (pass)<\/strong>: The check was processed and cleared<\/li>\n\n\n\n
- Red X (fail)<\/strong>: The check was processed and found an issue or potential match<\/li>\n\n\n\n
- Grey icon (not processed)<\/strong>: The check was not included in the screening level you selected<\/li>\n<\/ul>\n\n\n\n
This guide covers what to do when a check shows a red X<\/strong>.<\/p>\n\n\n\n
If all checks show green ticks, the verification passed. Record the outcome in your client file and proceed with your normal customer due diligence process.<\/p>\n\n\n\n
A note on false positives<\/h3>\n\n\n\n
Screening checks match against names and personal details. A red flag does not necessarily mean your client is the person in the database. Name matches are common, especially for common names. Always review the full report details before drawing conclusions.1<\/a><\/sup><\/p>\n\n\n\n
Identity checks<\/h2>\n\n\n\n
These checks confirm that the person completing the verification is who they say they are.<\/p>\n\n\n\n
Authenticity Analysis<\/h3>\n\n\n\n
Liveness Check<\/h4>\n\n\n\n
What it checks<\/strong>: Whether the selfie or video was taken by a live person (not a photo of a photo, a video replay, or a mask).<\/p>\n\n\n\n
If it fails<\/strong>:<\/p>\n\n\n\n
\n
- Ask the client to retry in good lighting, looking directly at the camera. Poor conditions are the most common cause of failure<\/li>\n\n\n\n
- If it fails again, you cannot complete identity verification digitally. Under the AML\/CTF Act, you must not provide a designated service unless applicable customer identification procedures (ACIP) have been carried out2<\/a><\/sup><\/li>\n\n\n\n
- Consider whether alternative verification methods are available under your AML\/CTF program (e.g. in-person verification)<\/li>\n\n\n\n
- If you suspect the failure was a deliberate attempt to use a fake image, assess whether you have reasonable grounds for suspicion and whether an SMR is required3<\/a><\/sup><\/li>\n\n\n\n
- Record the failure and your assessment in your risk notes<\/li>\n<\/ol>\n\n\n\n
Spoofed Image Analysis<\/h4>\n\n\n\n
What it checks<\/strong>: Whether the submitted image has been digitally manipulated, sourced from the internet, or artificially generated.<\/p>\n\n\n\n
If it fails<\/strong>:<\/p>\n\n\n\n
\n
- This indicates the image may be fake or tampered with, which is a strong indicator of attempted identity fraud<\/li>\n\n\n\n
- AUSTRAC guidance states that if you suspect documents or information presented by a customer are fraudulent, you should submit an SMR4<\/a><\/sup><\/li>\n\n\n\n
- Assess whether reasonable grounds for suspicion exist. If so, submit an SMR within the required timeframes5<\/a><\/sup><\/li>\n\n\n\n
- You cannot complete ACIP if the client’s identity cannot be verified. Do not provide designated services until ACIP is satisfied2<\/a><\/sup><\/li>\n\n\n\n
- Escalate to your AML\/CTF compliance officer<\/li>\n\n\n\n
- Record the failure and your assessment<\/li>\n<\/ol>\n\n\n\n
Face Analysis<\/h3>\n\n\n\n
Facial Similarity Check<\/h4>\n\n\n\n
What it checks<\/strong>: Whether the face in the selfie matches the face on the identity document. Returns a confidence score.<\/p>\n\n\n\n
If it fails<\/strong>:<\/p>\n\n\n\n
\n
- Ask the client to retry. Common innocent causes include bad lighting, glasses, significant change in appearance since the ID photo was taken, or poor camera quality<\/li>\n\n\n\n
- If the retry fails, request an alternative form of ID (e.g. passport instead of driver’s licence)<\/li>\n\n\n\n
- If it continues to fail, you cannot verify identity digitally. Consider whether alternative verification methods are available under your AML\/CTF program2<\/a><\/sup><\/li>\n\n\n\n
- A persistent mismatch could indicate someone other than the document holder is attempting verification. Assess whether reasonable grounds for suspicion exist3<\/a><\/sup><\/li>\n\n\n\n
- Record the outcome and your reasoning, whether you proceed via alternative means or decline<\/li>\n<\/ol>\n\n\n\n
Banned Faces Analysis<\/h4>\n\n\n\n
What it checks<\/strong>: Whether the face has been previously flagged in the verification provider’s database (e.g. from prior fraud attempts across other organisations using the same system).<\/p>\n\n\n\n
If it fails<\/strong>:<\/p>\n\n\n\n
\n
- This is a significant risk indicator. Someone using this face has been flagged for suspicious activity elsewhere<\/li>\n\n\n\n
- Escalate to your AML\/CTF compliance officer<\/li>\n\n\n\n
- Assess whether reasonable grounds for suspicion exist. If so, submit an SMR3<\/a><\/sup><\/li>\n\n\n\n
- Apply your firm’s ECDD procedures6<\/a><\/sup><\/li>\n\n\n\n
- A decision to proceed or decline should be made by your compliance officer or senior management, based on the full circumstances<\/li>\n\n\n\n
- Record the flag and your assessment<\/li>\n<\/ol>\n\n\n\n
Integrity Analysis<\/h3>\n\n\n\n
Face Detection Check<\/h4>\n\n\n\n
What it checks<\/strong>: Whether the image quality is sufficient and the correct number of faces are present (exactly one face, clearly visible).<\/p>\n\n\n\n
If it fails<\/strong>:<\/p>\n\n\n\n
\n
- Ask the client to retry with a clear, well-lit selfie showing only their face<\/li>\n\n\n\n
- This is almost always a technical issue, not a fraud indicator<\/li>\n\n\n\n
- If the client cannot produce a usable image after multiple attempts, consider alternative verification methods available under your AML\/CTF program<\/li>\n<\/ol>\n\n\n\n
Document check<\/h2>\n\n\n\n
This check verifies the identity document itself (passport, driver’s licence, or national ID card).<\/p>\n\n\n\n
Document Authenticity Check<\/h4>\n\n\n\n
What it checks<\/strong>: Whether the document is genuine. The system checks for signs of tampering, forgery, or manipulation.<\/p>\n\n\n\n
If it fails<\/strong>:<\/p>\n\n\n\n
\n
- Check whether the failure was due to image quality (blurry photo, glare, cropped edges). If so, ask the client to retake the photo<\/li>\n\n\n\n
- If the document is expired, ask the client to provide a current document. Note: passports may be used up to two years past expiry for identity verification purposes7<\/a><\/sup><\/li>\n\n\n\n
- If the document appears tampered with or forged, AUSTRAC guidance states you should submit an SMR4<\/a><\/sup><\/li>\n\n\n\n
- If the client provides an alternative document that passes, you can proceed, but record the initial failure<\/li>\n\n\n\n
- If no valid document can be provided, ACIP cannot be completed and you must not provide designated services2<\/a><\/sup><\/li>\n<\/ol>\n\n\n\n
Screening checks: Watchlist Analysis<\/h2>\n\n\n\n
These checks screen against sanctions and government watchlists.<\/p>\n\n\n\n
Sanctions Lists Check<\/h4>\n\n\n\n
What it checks<\/strong>: Global sanctions lists including DFAT (Australia), OFAC (US), EU, UN, and other national sanctions programs.<\/p>\n\n\n\n
If it flags<\/strong>:<\/p>\n\n\n\n
\n
- Download the full bundle report and review the match details. Check whether the match is based on exact details or just a similar name<\/li>\n\n\n\n
- If the name matches but other details (date of birth, country, aliases) do not match, it may be a false positive. Document your analysis<\/li>\n\n\n\n
- If the match is confirmed<\/strong>: It is a criminal offence under Australian law to make assets available to, or provide services for the benefit of, a sanctioned person or entity. This applies under the\u00a0Autonomous Sanctions Act 2011<\/em>\u00a0(Cth) and the\u00a0Charter of the United Nations Act 1945<\/em>\u00a0(Cth)8<\/a><\/sup><\/li>\n\n\n\n
- Submit an SMR to AUSTRAC3<\/a><\/sup><\/li>\n\n\n\n
- Seek legal advice before making any decision about the engagement<\/li>\n\n\n\n
- Record all details, including your analysis of whether the match is a true positive or false positive<\/li>\n<\/ol>\n\n\n\n
Official Lists Check<\/h4>\n\n\n\n
What it checks<\/strong>: Official government lists beyond sanctions (e.g. law enforcement lists, regulatory enforcement actions, disqualified directors).<\/p>\n\n\n\n
If it flags<\/strong>:<\/p>\n\n\n\n
\n
- Download the bundle report and review the specific list and match details<\/li>\n\n\n\n
- Determine which list triggered the match and whether it is relevant to the designated service you are providing<\/li>\n\n\n\n
- Some official list entries may not prevent you from acting (e.g. a disqualified director may still need personal tax services). Assess based on the designated service and your risk assessment<\/li>\n\n\n\n
- If the match relates to financial crime or money laundering indicators, assess whether reasonable grounds for suspicion exist3<\/a><\/sup><\/li>\n\n\n\n
- Record the match and your assessment in your risk notes<\/li>\n<\/ol>\n\n\n\n
War Crime Check<\/h4>\n\n\n\n
What it checks<\/strong>: International war crime designations and tribunals.<\/p>\n\n\n\n
If it flags<\/strong>:<\/p>\n\n\n\n
\n
- Persons designated under war crime lists are typically also subject to sanctions. The same legal prohibitions apply8<\/a><\/sup><\/li>\n\n\n\n
- Submit an SMR to AUSTRAC3<\/a><\/sup><\/li>\n\n\n\n
- Seek legal advice before making any decision about the engagement<\/li>\n\n\n\n
- Record all details<\/li>\n<\/ol>\n\n\n\n
Sanctions Control Check<\/h4>\n\n\n\n
What it checks<\/strong>: Sanctions control and ownership mechanisms (e.g. entities controlled by sanctioned persons).<\/p>\n\n\n\n
If it flags<\/strong>:<\/p>\n\n\n\n
\n
- Download the bundle report and review the nature of the association<\/li>\n\n\n\n
- Australian sanctions law extends to entities owned or controlled by sanctioned persons8<\/a><\/sup><\/li>\n\n\n\n
- If the association is confirmed, the same legal prohibitions that apply to directly sanctioned persons may apply<\/li>\n\n\n\n
- Submit an SMR to AUSTRAC3<\/a><\/sup><\/li>\n\n\n\n
- Seek legal advice<\/li>\n\n\n\n
- Record all details and your analysis<\/li>\n<\/ol>\n\n\n\n
Child Sexual Exploitation Check (extensive screening only)<\/h4>\n\n\n\n
What it flags<\/strong>: Databases related to child sexual exploitation and abuse material.<\/p>\n\n\n\n
If it flags<\/strong>:<\/p>\n\n\n\n
\n
- Submit an SMR to AUSTRAC immediately (within 24 hours if terrorism-related, otherwise within 3 business days)5<\/a><\/sup><\/li>\n\n\n\n
- Seek legal advice<\/li>\n\n\n\n
- Consider whether you have mandatory reporting obligations to police in your state or territory (these exist separately from AML\/CTF obligations)<\/li>\n\n\n\n
- Record all details<\/li>\n<\/ol>\n\n\n\n
Terror Check (extensive screening only)<\/h4>\n\n\n\n
What it checks<\/strong>: Terror designation lists and databases.<\/p>\n\n\n\n
If it flags<\/strong>:<\/p>\n\n\n\n
\n
- It is a criminal offence under the\u00a0Charter of the United Nations Act 1945<\/em>\u00a0(Cth) and the\u00a0Criminal Code Act 1995<\/em>\u00a0(Cth) to provide assets or services to a person or entity designated as a terrorist8<\/a><\/sup><\/li>\n\n\n\n
- Submit an SMR to AUSTRAC within\u00a024 hours<\/strong>. The 24-hour reporting deadline applies specifically to terrorism financing suspicions5<\/a><\/sup><\/li>\n\n\n\n
- Seek legal advice<\/li>\n\n\n\n
- Record all details<\/li>\n<\/ol>\n\n\n\n
Other Exclusion Lists Check (extensive screening only)<\/h4>\n\n\n\n
What it checks<\/strong>: Other exclusion and debarment lists not covered by the categories above.<\/p>\n\n\n\n
If it flags<\/strong>:<\/p>\n\n\n\n
\n
- Download the bundle report and review which specific list triggered the match<\/li>\n\n\n\n
- Assess whether the exclusion is relevant to the services you are providing<\/li>\n\n\n\n
- If the exclusion relates to financial crime, fraud, or money laundering, assess whether reasonable grounds for suspicion exist3<\/a><\/sup><\/li>\n\n\n\n
- Record the match and your risk assessment<\/li>\n<\/ol>\n\n\n\n
Screening checks: PEP Analysis<\/h2>\n\n\n\n
PEP (Politically Exposed Person) checks identify individuals who hold or have held prominent public positions. A PEP match is not a reason to decline a client.<\/strong> AUSTRAC guidance explicitly states: “being a PEP doesn’t automatically mean someone is involved in criminal activities.”9<\/a><\/sup><\/p>\n\n\n\n
However, PEP status does require additional steps under your AML\/CTF program.<\/p>\n\n\n\n
Key distinction: foreign PEPs vs domestic PEPs<\/h3>\n\n\n\n
AUSTRAC identifies three types of PEPs: domestic, foreign, and international organisation. You must treat every foreign PEP as a high-risk customer.<\/strong> Domestic and international organisation PEPs may be low, medium, or high risk depending on your assessment.9<\/a><\/sup><\/p>\n\n\n\n
This distinction matters because high-risk PEPs (including all foreign PEPs) require your full ECDD program, while medium or low-risk PEPs require standard customer identification procedures.9<\/a><\/sup><\/p>\n\n\n\n
PEP Level 1 Check (standard and extensive)<\/h4>\n\n\n\n
Who it covers<\/strong>: Heads of state, national government ministers, members of national legislatures.<\/p>\n\n\n\n
If it flags<\/strong>:<\/p>\n\n\n\n
\n
- Determine whether the PEP is domestic, foreign, or international organisation9<\/a><\/sup><\/li>\n\n\n\n
- If the PEP is\u00a0foreign<\/strong>: you must treat them as high-risk and apply your ECDD program6<\/a><\/sup><\/li>\n\n\n\n
- For\u00a0all PEPs at this level<\/strong>, apply ECDD:\n
\n
- Obtain senior management approval before establishing or continuing the business relationship6<\/a><\/sup><\/li>\n\n\n\n
- Take reasonable measures to establish the source of the client’s wealth and funds6<\/a><\/sup><\/li>\n\n\n\n
- Conduct enhanced ongoing monitoring of the relationship<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Update the client’s risk rating. PEP Level 1 status will typically result in a high risk rating<\/li>\n\n\n\n
- Record the PEP status, the PEP type (domestic\/foreign\/international), and your ECDD steps<\/li>\n<\/ol>\n\n\n\n
PEP Level 2 Check (extensive screening only)<\/h4>\n\n\n\n
Who it covers<\/strong>: Regional government officials, civil servants, armed forces senior officers, judiciary members, central bank board members.<\/p>\n\n\n\n
If it flags<\/strong>:<\/p>\n\n\n\n
\n
- Determine whether the PEP is domestic, foreign, or international organisation<\/li>\n\n\n\n
- Apply the same process as PEP Level 1. AUSTRAC’s ECDD obligations apply equally regardless of PEP level6<\/a><\/sup><\/li>\n\n\n\n
- The risk level may be lower than Level 1 depending on the specific role, but use your risk-based assessment to determine<\/li>\n\n\n\n
- Record the PEP status and level<\/li>\n<\/ol>\n\n\n\n
PEP Level 3 Check (extensive screening only)<\/h4>\n\n\n\n
Who it covers<\/strong>: Religious leaders, state corporation executives, political party officials, international organisation officials.<\/p>\n\n\n\n
If it flags<\/strong>:<\/p>\n\n\n\n
\n
- Determine whether the PEP is domestic, foreign, or international organisation<\/li>\n\n\n\n
- Apply ECDD as above<\/li>\n\n\n\n
- Pay particular attention to source of funds for state corporation executives, as AUSTRAC notes PEPs may use corporate vehicles to conceal proceeds of crime9<\/a><\/sup><\/li>\n\n\n\n
- Record the PEP status and level<\/li>\n<\/ol>\n\n\n\n
PEP Level 4 Check (extensive screening only)<\/h4>\n\n\n\n
Who it covers<\/strong>: Mayors, local government officials, other locally prominent public figures.<\/p>\n\n\n\n
If it flags<\/strong>:<\/p>\n\n\n\n
\n
- Determine whether the PEP is domestic, foreign, or international organisation<\/li>\n\n\n\n
- Apply ECDD as above<\/li>\n\n\n\n
- The risk profile for Level 4 PEPs is generally lower, but the ECDD obligation still applies for high-risk PEPs6<\/a><\/sup><\/li>\n\n\n\n
- Use your risk-based assessment to determine the extent of enhanced measures required<\/li>\n\n\n\n
- Record the PEP status and level<\/li>\n<\/ol>\n\n\n\n
PEP matches: family members and close associates<\/h3>\n\n\n\n
PEP databases may also flag family members or known close associates of PEPs. AUSTRAC guidance defines PEPs to include “immediate family members and\/or close associates,” and the same identification and due diligence obligations apply.9<\/a><\/sup><\/p>\n\n\n\n
When a PEP leaves their position<\/h3>\n\n\n\n
A person is no longer considered a PEP after leaving their position. However, AUSTRAC guidance states that former PEPs “may still maintain a degree of influence and therefore pose a money laundering\/terrorism financing risk.” If you assess a former PEP as high-risk, you must apply your ECDD program.9<\/a><\/sup><\/p>\n\n\n\n
Screening checks: Adverse Media Analysis (extensive screening only)<\/h2>\n\n\n\n
Adverse media checks search for negative news coverage about your client. A match means relevant media coverage was found, not that the person has been convicted of or is necessarily involved in anything.<\/p>\n\n\n\n
Important context<\/h3>\n\n\n\n
AUSTRAC’s worked example for high-risk clients shows a firm that found adverse media about a client’s involvement in drug trafficking. The firm escalated to the AML\/CTF compliance officer, conducted enhanced due diligence, filed an SMR, and then, with senior management approval, proceeded with the engagement under enhanced monitoring. The adverse media finding triggered additional steps, but did not automatically prevent the firm from providing services.10<\/a><\/sup><\/p>\n\n\n\n
This is the general pattern for adverse media: investigate, escalate, apply ECDD, file an SMR if reasonable grounds for suspicion exist, and make a risk-based decision with senior management.<\/p>\n\n\n\n
Environment and Production Check<\/h4>\n\n\n\n
What it checks<\/strong>: Media coverage related to environmental violations, pollution, illegal resource extraction, or production-related offences.<\/p>\n\n\n\n
If it flags<\/strong>:<\/p>\n\n\n\n
\n
- Review the match details in the bundle report<\/li>\n\n\n\n
- Assess whether the media coverage is relevant to money laundering, terrorism financing, or fraud risk<\/li>\n\n\n\n
- For most accounting engagements, environmental media may not directly affect your AML risk assessment, but consider it as part of your overall risk profile<\/li>\n\n\n\n
- If the coverage relates to fines, criminal proceedings, or proceeds of crime, increase the client’s risk rating and apply ECDD6<\/a><\/sup><\/li>\n\n\n\n
- Record the match and your assessment<\/li>\n<\/ol>\n\n\n\n
Social and Labour Check<\/h4>\n\n\n\n
What it checks<\/strong>: Media coverage related to labour violations, human rights issues, modern slavery, or social misconduct.<\/p>\n\n\n\n