30Undertaking ongoing customer due diligence

#### 30 Undertaking ongoing customer due diligence (1) A reporting entity must monitor its customers in relation to the provision of its designated services to appropriately identify, assess, manage and mitigate the risks of money laundering, financing of terrorism and proliferation financing that the reporting entity may reasonably face in providing designated services. > Note 1: See also section 31 (simplified customer due diligence). > Note 2: See also section 32 (enhanced customer due diligence). > Note 3: See section 36 for rules that apply to pre‑commencement customers. (2) Without limiting subsection (1), if the reporting entity provides its designated services at or through a permanent establishment of the reporting entity in Australia, the reporting entity must: (a) monitor for unusual transactions and behaviours of customers that may give rise to a suspicious matter reporting obligation; and (b) if the reporting entity has a business relationship with a customer—review and, where appropriate, update the reporting entity’s identification and assessment of the ML/TF risk of the customer in the following circumstances: (i) if there is a significant change to any of the matters mentioned in subsection 28(4); (ii) if there are unusual transactions and behaviours in relation to the customer that may give rise to a suspicious matter reporting obligation; (iii) circumstances specified in the AML/CTF Rules; and (c) if the reporting entity has a business relationship with a customer—review and, where appropriate, update and reverify KYC information relating to the customer at a frequency appropriate to the ML/TF risk of the customer, and if either of the following occur: (i) the reporting entity has doubts about the adequacy or veracity of the KYC information relating to the customer; (ii) circumstances specified in the AML/CTF Rules; and (d) if the reporting entity has a business relationship with a customer that is a pre‑commencement customer—monitor for significant changes in the nature and purpose of the business relationship that may result in the ML/TF risk of the customer being medium or high; and (e) comply with any other requirements specified in the AML/CTF Rules. > Note: For suspicious matter reporting obligation, see section 41. (3) The AML/CTF Rules may do either or both of the following: (a) specify requirements that must be complied with in relation to the matters mentioned in subsection (2); (b) set out circumstances in which a reporting entity is taken to comply with a matter mentioned in that subsection. (4) Without limiting subparagraph (2)(b)(iii) or (2)(c)(ii), paragraph (2)(e) or subsection (3), AML/CTF Rules made for the purposes of any of those provisions may make different provision in relation to different classes of customers, including: (a) customers in relation to whom simplified due diligence measures may be taken in accordance with section 31; and (b) customers in relation to whom enhanced customer due diligence measures must be undertaken in accordance with section 32. > Note: This subsection also does not limit subsection 13(3) of the Legislation Act 2003 or subsection 33(3AB) of the Acts Interpretation Act 1901: see section 249. (5) For the purposes of this section, unusual transactions and behaviours of a customer include the following: (a) unusually large or complex transactions relating to the customer; (b) transactions and behaviours that are part of an unusual pattern of transactions and behaviours relating to the customer; (c) transactions and behaviours that have no apparent economic or lawful purpose; (d) transactions and behaviours that are inconsistent with what the reporting entity reasonably knows about any of the following: (i) the customer; (ii) the nature and purpose of the business relationship; (iii) the ML/TF risk of the customer; (iv) where relevant, the customer’s source of funds or source of wealth. (6) Subsection (1) is a civil penalty provision. (7) A reporting entity that contravenes subsection (1) in relation to a customer commits a separate contravention of that subsection in respect of each designated service that the reporting entity provides to the customer at or through a permanent establishment of the reporting entity in Australia. (8) A reporting entity that contravenes subsection (1) in relation to a customer commits a separate contravention of that subsection on each day that the reporting entity provides designated services to the customer at or through a permanent establishment of the reporting entity in a foreign country. Registered remittance affiliates (9) If an obligation is imposed by subsection (1) on a reporting entity in its capacity as a registered remittance affiliate of a registered remittance network provider, the obligation may be discharged by the registered remittance network provider. Exemption (10) This section does not apply to a designated service covered by item 54 of table 1 in section 6. > Note: Item 54 of table 1 in section 6 covers a holder of an Australian financial services licence who arranges for a person to receive a designated service.