How are ID documents stored?

Encrypted at rest and securely stored for 7 years in AWS Sydney. Encryption uses AES-256 (industry standard); access controls restrict viewing to:

• The original Compliance Officer / CDD User who initiated or reviewed the transaction.
• The customer's external auditor (read-only) during the retention period.
• easyAML support staff under formal access-control procedures, audit-logged, and only where required to resolve a specific support request.

Subscribers don't need to retain client passports/licences in their own systems. easyAML is the system of record for the CDD evidence - holding copies of ID documents on the firm's own servers, in email, or in shared drives isn't required and is generally a privacy and security liability. AUSTRAC's record-keeping obligation is satisfied by the data being held by easyAML on the firm's behalf.

This is one of the often-overlooked advantages of using a compliance platform vs. running CDD manually: firms that previously kept scanned passports in their document management systems can confidently delete those copies once the easyAML record exists, reducing their own privacy exposure.

Related articles

• Client Verification FAQs
• How long do I need to keep records for?
• If a customer cancels, can they still access their records?
• Does easyAML support foreign-language passports?
• What is the difference between the CDD role and the front-line staff role?