While ‘Safe Harbour’ is a streamlined customer identity verification process under AUSTRAC’s AML/CTF rules, law firms and other reporting entities can choose alternative methods depending on their risk assessment and compliance needs.
1. Standard Customer Due Diligence (CDD) (Non-Safe Harbour Approach)
✅ What It Is:
A broader customer verification process that does not follow Safe Harbour’s simplified steps.
Law firms must take reasonable steps to verify the identity of clients but have more flexibility in how they do so.
✅ Key Differences from Safe Harbour:
More flexible verification options (e.g., manual document review, in-person checks).
Does not require electronic verification but still must meet AUSTRAC’s risk-based approach.
Can be slower than Safe Harbour, as law firms must determine what constitutes sufficient verification for each case.
🔗 Relevant AUSTRAC Resource:
📄 Customer Identification and Verification
2. Enhanced Customer Due Diligence (ECDD) (For High-Risk Clients)
⚠️ What It Is:
A stricter, more in-depth identity verification process required when a client is high risk (e.g., a PEP, has complex corporate structures, or is from a high-risk jurisdiction).
Often includes verifying the source of funds, source of wealth, and conducting additional background checks.
⚠️ Key Differences from Safe Harbour:
More extensive identity checks, including document authentication and transaction monitoring.
Stronger fraud prevention measures (e.g., requiring biometric facial recognition or in-person identity confirmation).
Mandatory for high-risk clients, such as PEPs, those with suspicious activity, or complex ownership structures.
🔗 Relevant AUSTRAC Resource:
📄 Enhanced Customer Due Diligence (ECDD) Program
3. Manual In-Person Verification
🛂 What It Is:
Traditional method where the law firm manually verifies identity documents in person.
Often used in cases where electronic verification is not preferred or where the client lacks standard ID documents.
🛂 Key Differences from Safe Harbour:
More time-consuming than digital methods.
Greater control over document verification but less scalable for firms handling high volumes.
Not required by AUSTRAC but may be used in exceptional cases.
🔗 Relevant AUSTRAC Resource:
📄 Customer Due Diligence Requirements
4. Third-Party Verification Services
🔍 What It Is:
Law firms can outsource identity verification to an external AML-compliant verification provider.
Can involve a mix of document checks, database lookups, and biometric verification.
🔍 Key Differences from Safe Harbour:
More comprehensive options but may incur additional costs.
May include manual review services for complex cases.
Still must align with AUSTRAC’s compliance requirements.
🔗 Relevant AUSTRAC Resource:
📄 Reliance Under Customer Due Diligence Arrangements
Which Option Should a Law Firm Use?
✔ For Low-to-Medium Risk Clients – Safe Harbour (Quick IDV or Face IDV) is the easiest and fastest method.
✔ For High-Risk Clients – Enhanced Customer Due Diligence (ECDD) is required, and Face IDV or other biometric verification may be necessary.
✔ For Unique Cases (No Electronic ID) – Manual verification or third-party verification services may be needed.
How Realaml Helps
✅ Quick IDV (Safe Harbour) – A fast, document-based ID verification that can be completed by the law firm or sent to the client.
✅ Face IDV (Safe Harbour + Biometrics) – Adds biometric facial recognition for extra security, useful for higher-risk cases.
✅ ECDD Support – Realaml’s solutions integrate with PEP & Sanctions Screening for cases that require Enhanced Customer Due Diligence.
🔗 Learn More:
📄 FAQ: Quick IDV vs. Face IDV – Which One to Use?