In Australia, Know Your Customer (KYC) regulations for online and mobile payments are primarily governed by the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act), overseen by AUSTRAC (Australian Transaction Reports and Analysis Centre). While the Act came into effect in 2006, it evolved to encompass digital payment services in line with financial innovation.
Key KYC Requirements for Online and Mobile Payments:
- Customer Identification Program (CIP): Reporting entities—including fintechs, neobanks, and payment service providers—must verify the identity of their customers before providing designated services. For online and mobile payments, this includes verifying full name, date of birth, and residential address using reliable and independent documents (e.g., government-issued ID, utility bills) or electronic data sources.
- Ongoing Customer Due Diligence (CDD): Entities must maintain updated customer records and monitor transactions for consistency with the customer’s profile. Any deviation may trigger enhanced due diligence or suspicious matter reporting.
- Risk-Based Approach: Entities are required to assess and mitigate money laundering and terrorism financing risks based on customer types, delivery channels (including mobile platforms), geographic exposure, and transaction patterns.
- Use of Digital Identity: AUSTRAC supports the use of digital identity verification (e.g., Document Verification Service, biometric tools) under specific conditions, ensuring that tech-driven onboarding meets compliance standards.
- Third-Party Arrangements: If KYC is outsourced to a third party (e.g., onboarding platforms), the entity remains liable and must ensure compliance with AML/CTF obligations.
- Reporting Obligations: Online payment providers must report suspicious matters, threshold transactions (cash > AUD 10,000), and international funds transfers to AUSTRAC.
Recent Developments: With the rapid growth of mobile and online payments, AUSTRAC has emphasized compliance by fintechs and digital wallets. Entities like Afterpay and other BNPL providers have been increasingly brought under the regulatory spotlight to ensure robust KYC frameworks.
Let me know if you’d like a breakdown tailored to a specific use case or institution.