Does relying on another firm's KYC/KYB absolve the relying entity from their AML & CDD obligations?
No, reliance reduces duplicate work but does not transfer the legal obligation; the relying entity remains responsible for the customer's ML/TF risk and the integrity of its own Program.
AUSTRAC is explicit: the relying reporting entity remains responsible for understanding the customer's ML/TF risk and for the integrity of its own AML/CTF program. If the third party fails to verify properly, the relying entity is still on the hook.
There are two reliance models: an ongoing CDD arrangement (a written agreement between the parties, with regular review), or case-by-case reliance (no agreement - but you carry full liability for each customer). Both are covered by sections 37A and 38 of the AML/CTF Act.
See AUSTRAC's Overview of reliance on customer identification by a third party (Reform).
For the customer-facing summary of when reliance is permitted, what needs to be in place, and what doesn't transfer to the upstream party, see HubSpot KB: https://knowledge.easyaml.com/what-if-someone-else-has-done-the-cdd-on-my-client
Related articles
- What are the critical limits on using Deemed Compliance provision?
- Does easyAML accept externally-provided VOI evidence (KYC done by another provider)?
- What if someone else has done the CDD on my client?
- Can a firm rely on the buyer's conveyancer to do CDD on the purchaser?
- How does CDD work between a real estate agent and a conveyancer - does each party do their own checks?