Can the customer skip selfies for a "low risk" individual?
Only for in-person VOI where the customer is physically present and staff witness the document capture; remote VOI always requires the selfie and liveness step.
Remote VOI always requires the selfie / liveness step - that's where the residual identity-fraud risk sits, and AUSTRAC's reliable-and-independent-source standard expects biometric verification for remote channels.
The two paths:
- VOI mode: In-person (staff present); Selfie / liveness: Optional; Why: Staff are witnessing the customer; biometric proof of liveness is redundant
- VOI mode: Remote (link to customer's phone); Selfie / liveness: Required; Why: Without staff witness, biometrics is the only proof the customer is the live person whose ID was captured
For in-person VOI, what staff still need to do regardless of the selfie being skipped:
- Capture the original ID document image (still required for the audit record - the platform stores it).
- Run PEPs, sanctions and adverse-media screening - this is electronic regardless of capture mode and isn't optional.
- Record the in-person verification with the witnessing staff member's name and time.
Why even "low risk" remote customers need the selfie. AUSTRAC's risk-based approach permits firms to vary the depth of CDD by customer risk - but liveness isn't about depth, it's about confirming the document presented matches the live person. A document captured remotely without liveness could have been provided by anyone with access to the customer's ID. The selfie + liveness step prevents that failure mode regardless of customer risk.
Other AUSTRAC-acceptable variations for low-risk customers (real estate sales agents, low-value transactions, very long-standing clients): simpler ECDD evidence requirements, less frequent re-screening (annually vs 6-monthly / quarterly), reduced source-of-funds depth. None of these touch the basic identity verification step - they sit on top of it.
See AUSTRAC's Overview of initial customer due diligence page.