Select another region to view local content

You are on the Australia website
Australia
New Zealand
United Kingdom
Primary Logo

Blogs

AUSTRAC's step 1.3: Defining your Customer Process

AUSTRAC's step 1.3: defining your customer process

Once you’ve completed your Risk Assessment and Personnel Policy documents, there's one more document standing between you and a complete AML/CTF program: your Customer Process.

This document will set out the “rules of engagement” for how you deal with clients safely and consistently, and if you’re using a tech partner like APLYiD - this part is simple. We’ll give you the rundown of what your Customer Process document is and what it needs to cover below. 

Your process document must be completed, reviewed and approved by senior management - along with your Risk Assessment and Personnel Policy - before 1st July 2026, so we recommend getting started as soon as you can. 

What is a Customer Process document?

Your Customer Process is a high-level document that explains what your business procedures are for handling customers/clients, when it will take certain actions, and why.

AUSTRAC expects this to be tailored specifically for your business, and it should be practical and aligned with your Risk Assessment and Personnel Policy that you’ve already completed.

What should your Customer Process cover?

what your AUSTRAC-approved customer process should cover

Here’s a breakdown of what your Customer Process should cover:

1. Your customer types and risk profile

This is where your Customer Process connects directly to your Risk Assessment - so if you haven't completed that yet, it's worth doing first. AUSTRAC wants to see that you understand:

  • The types of clients you deal with (individuals, companies, trusts, overseas clients, PEPs)
  • Which types of clients pose a higher risk and why
  • How your business identifies and manages those risks

It’s important that this part is tailored to your business so that AUSTRAC can see your process is grounded in reality and not copied from a template or AI. 

2. Your customer obligations under the AML/CTF Act

This section covers how your business meets its AML/CTF obligations in plain language - if you've already worked through our previous article on the process document, a lot of this groundwork is already done - your Customer Process just needs to reflect it at a high level. This includes:

  • When you must identify a client and how you will do this (customer due diligence)
  • What information you will be collecting
  • When and how you will identify beneficial owners
  • When and how you will screen for PEPs and sanctions
  • When you will apply enhanced due diligence and how
  • When you will report suspicious matters and what your process is.

3. Your screening, escalation and refusal

AUSTRAC expects your process to explain your PEP and screening process:

  • How and when high-risk clients are approved
  • How you continue to monitor high-risk clients
  • What your business’ escalation processes are
  • When staff should escalate concerns
  • Who reviews escalations
  • When your business must refuse a client
  • How your decisions are documented
  • How and when you re-screen clients

4. Record-keeping

AUSTRAC expects you to safely store all records for at least 7 years - they can (and do) conduct audits, so it’s important you have a record keeping plan that can safely and securely store your documents. 

These records include:

  • Customer Due Diligence (CDD) records – i.e. customer ID checks and verification
  • Outcomes of PEP/sanctions screenings
  • Enhanced Due Diligence (EDD) records
  • AML/CTF programme and risk assessment
  • Reliance/third-party checks
  • Transaction records

Using automated systems or tools 

Your Customer Process document also needs to explain where your business uses - or plans to use - automated systems instead of manual processes.

AUSTRAC expects you to clearly identify which AML/CTF activities are handled by technology, and to confirm that those systems meet (or ideally exceed) the minimum standards set out in the AML/CTF Act.

This is particularly relevant for businesses using compliance platforms to manage their obligations. Common examples include:

  • Electronic identity verification (eIDV) instead of manually checking documents
  • Automated PEP and sanctions screening, rather than trawling through lists yourself
  • Automated risk scoring applied at onboarding and during ongoing monitoring
  • Digital record storage and audit trails for CDD and EDD documentation

If you’re using an automated system, your Customer Process should name the tool, explain what it does, and confirm that its outputs meet your obligations.

Importantly, responsibility for compliance doesn’t get outsourced to your software. Your business remains accountable, and your process document is where you demonstrate that the technology you rely on is actually fit for purpose.

If an automated system can’t fully meet the minimum requirements for a particular process, you’ll need to back it up with manual steps - and clearly document how that works in your Customer Process.

Where APLYiD makes this easier

APLYiD's AML/CTF Policy Builder lets you generate all four required program documents - your Risk Assessment, AML/CTF Policy, Processes & Procedures, and Governance & Personnel documents - from a single short form. These are built on AUSTRAC-approved templates, reviewed by our compliance experts, so you're not starting from scratch or guessing what AUSTRAC wants to see.

  • AML/CTF risk assessment
  • AML/CTF policy
  • AML/CTF processes & procedures
  • Governance and personnel

And once your documents are in place, APLYiD handles the day-to-day operational side too - CDD, EDD, PEP and sanctions screening, risk scoring, and all your record-keeping - in one platform, with everything time-stamped and audit-ready. You can reference APLYiD directly in your Customer Process to show AUSTRAC that your controls are consistent, repeatable, and actually being followed.

Less scrambling, less second-guessing, and more confidence that you're covered.

Resources

Ready to get started? Download the AUSTRAC template below, or use APLYiD's AML/CTF Policy Builder to generate your full program documents in one go. If you'd rather talk it through, get in touch with our team today.

Download AUSTRAC’s real estate process document

Download AUSTRAC’s legal profession process document

Download AUSTRAC’s conveyancing process document

Contact Us
Loading...
AUSTRAC's Step 1.3: Defining your Customer Process | No-nonsense AML platform for your business | Trusted AML & KYC for Real Estate, Legal & Finance