International KYC and CDD regulations: UK, AU, and NZ

20 June, 2022
KYC (Know Your Customer) is a cornerstone of international money laundering laws. We examine KYC/CDD laws across regions (UK, AU, NZ).

What is KYC and CCD?

KYC (Know Your Customer) is a cornerstone of international money laundering laws. KYC is the process of retrieving identification documents in order to figure out the identity of your clients before you deal with them. 

Although often used interchangeably, a KYC risk assessment is part of what you do in order to carry out Customer Due Diligence (CDD) – i.e verifying that the information they’ve given you is the complete picture. 

Doing CDD involves assessing the risks associated with doing business with a client within the framework of AML laws and regulations.

When is CDD and KYC required? 

According to money laundering laws and regulations, CDD and KYC is typically required when: 

  • Establishing a new business relationship: you must ensure identities stack up.
  • For occasional transactions: for example, when you’re dealing with high-value transactions or transactions made with high-risk countries.
  • The documentation provided is questionable: companies should undertake further CDD measures if identification documents are inadequate
  • There is suspicion of money laundering

AML standards also require you to carry out ongoing customer due diligence (OCDD) and to have a customer identification programme. OCDD is the process of ongoing monitoring the transactions in a customer’s account to ensure those transactions are consistent with the risk profile that was established at the beginning of the business relationship.  

By carrying out OCDD, you can understand what is normal and reasonable for a customer and can be more alert to transactions that fall outside the scope of normal activity. 

KYC/CDD laws in United Kingdom

There are multiple pieces of legislation within the UK that relate to KYC and CDD. The main UK anti-money laundering regulations is a mouthful: The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017).   

MLR 2017 

The aim of these regulations is to set out guidance on when to perform KYC and CDD on customers, how to carry out KYC and CDD on customers, reporting, and ensuring the UK meets the requirements set out by the Financial Action Task Force, a global working group responsible for the creation of most AML regulation. 

Proceeds of Crimes Act 2002 (POCA)

POCA criminalises money laundering as a criminal and prosecutable offence. 

The Terrorism Act 2000

Terrorists need funds to carry out their attacks. Given that AML and CFT (counter financing of terrorism) are closely linked, this ensures the financing of terrorism (via money laundering) is an offence.  

Click here for more details on UK KYC/CDD laws.

Who is covered by the regulations? 

The regulations apply to a number of different business sectors, including accountants, financial service businesses, estate agents and solicitors.  

Who is the regulatory body responsible for AML compliance? 

Every business covered by anti-money laundering regulations must be monitored by a supervisory authority.  

Your business may already be supervised, for example, because you’re authorised by the Financial Conduct Authority (FCA) or belong to a professional body like the Law Society

The HMRC is the supervisory authority for other businesses such as high value dealers, accountant service providers not supervised by a professional body, art market participants, or letting agency businesses that are covered by anti money laundering regulations.

KYC/CDD laws in Australia 

AML/CFT Act 2006

The main AML rules and regulations in Australia are found in the Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Act 2006. It covers both money laundering and the related act of terrorism financing, which also often uses money laundering as a means to disguise their activity.

Who is covered by the regulations?

The Act requires businesses in certain sectors such as the financial and gambling sector to collect and verify specific information about their customers.  

Currently Australia is discussing ‘Tranche 2’, which would strengthen the country’s money laundering laws by broadening their scope to cover lawyers, accountants, dealers in high-value items (eg jewellery, fine art and precious stones), and real estate professionals. 

Who is the regulatory body responsible for AML compliance? 

Businesses in the financial sector and those providing any of the services listed in the Act must register with AUSTRAC (Australian Transaction Records and Analysis Centre), the government agency responsible for deterring financial crime. 

KYC/CDD laws in New Zealand 

New Zealand’s main anti-money laundering regulations are found in the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (AML/CFT). 

Who is covered by the regulations? 

New Zealand’s AML regulations place obligations on New Zealand’s financial institutions, casinos, virtual assets service providers, accountants, lawyers, conveyancers and high value dealers to detect and deter money laundering and terrorism financing. Anti-money regulations are centred on the idea of a ‘risk-based approach’, which ensures that actions taken

Who is the regulatory body responsible for AML compliance?

There are three main agencies that are tasked with supervising the AML/CFT regime are: 

  • The Reserve Bank of New Zealand – banks, life insurers and non-bank deposit takers.
  • The Financial Markets Authority (FMA) – issuers of securities, trustee companies, futures dealers, collective investment schemes, brokers, and financial advisers.
  • The Department of Internal Affairs (DIA) – casinos, non-deposit taking lenders, money changers, and any other financial institutions not supervised by the Reserve Bank of New Zealand or the Financial Markets Authority. 


Though the details of KYC and CDD legislation differs from country to country, each country shares thematic similarities. Carrying out CDD and KYC, wherever you are, helps determine the suitability and risks involved in onboarding clients. Such activity offers a layer of protection ensuring that your transactions are not being used to facilitate money laundering and that you are only in business with legitimate entities.

About First AML

First AML simplifies the entire anti-money laundering onboarding and compliance process. Its SaaS platform, Source, stands out as a leading solution for organisations with complex or international onboarding needs. It provides streamlined collaboration and ensures uniformity in all AML practices.

First AML transforms an otherwise complex and manual process into one that is simple, cost-effective, and compliant for businesses. By delivering efficiency and time savings, it protects reputations and enables companies to stay on the right side of history in the face of global threats.

Keen to find out more? Book a demo today! No time for a long demo? No problem. See what Source by First AML can do for your business in 2 minutes – watch the short demo here.