Skip to content
English - Australia
More support
Contact us
  • There are no suggestions because the search field is empty.

How long do I need to keep records for?

Under AML/CTF regulations, you must retain specific records for set periods to demonstrate compliance and assist with investigations. The standard retention period is 7 years, but when the clock starts varies by record type.

Important: Failing to maintain required records for the mandated periods can result in significant penalties. easyAML helps you track and manage these requirements automatically.

Record Retention Requirements

Customer Identification Records: 7 years after relationship ends

What to keep:

  • Customer identification documents (driver's license, passport, etc.)
  • Verification records and beneficial owner information
  • Due diligence documentation and risk assessments
  • Updates to customer information

Critical detail: The 7 years starts after the customer relationship ends, not when you first verified their identity.

Example: Customer opens account in January 2020, closes it in June 2026. You must keep records until June 2033.

Transaction Records: 7 years from transaction date

What to keep:

  • All transaction records (including below-threshold transactions)
  • International funds transfer instructions (IFTIs)
  • Threshold transaction reports (TTRs)
  • Suspicious matter reports (SMRs) and supporting documentation
  • Transaction monitoring alerts and investigations

Critical detail: Each transaction has its own 7-year countdown from the date it occurred.

AML/CTF Program Documents: 7 years after superseded

What to keep:

  • Current program (keep indefinitely while operating)
  • Previous program versions (7 years after being replaced)
  • Risk assessments and reviews
  • Board approvals and independent review reports

Training Records: 7 years from completion or departure

What to keep:

  • Training certificates and attendance records
  • Course materials and assessments

For current staff: 7 years from training completion For former staff: 7 years after they leave the organization

Suspicious Matter Reports: 7 years from submission

What to keep:

  • The SMR and all supporting documentation
  • Internal investigation notes and analysis
  • Related transaction records

Never notify customers about SMRs - tipping off is illegal.

Storage and Access Requirements

Records must be:

  • Easily retrievable when needed
  • Protected against loss, theft, or damage
  • In original format or reliable equivalent (scanned copies acceptable if complete and legible)
  • Secured with appropriate access controls
  • Regularly backed up

Acceptable storage:

  • Digital records (including cloud storage with appropriate security)
  • Scanned documents
  • Original paper documents in secure storage

Special Circumstances

Business closure: Records must still be kept for full retention periods. Appoint a custodian and notify AUSTRAC.

Under investigation: Do not destroy any records regardless of retention period. Legal hold overrides standard schedules.

Business sale: Record keeping obligations transfer to new owner. Document the handover clearly.

Common Mistakes to Avoid

Don't start the clock too early: Customer records must be kept for 7 years after the relationship ends, not from when it began.

Keep all transaction records: Not just those you reported to AUSTRAC - all transactions must be retained.

Respect legal holds: If under investigation, don't destroy records even if retention period has expired.

Document everything: Including when relationships end, when reviews occur, and when records are destroyed.

Need help managing your records? easyAML's built-in record keeping features automatically track retention requirements and alert you to compliance obligations.

Questions about specific records? Contact easyAML support or consult with a compliance professional for guidance tailored to your business.

Remember: Proper record keeping is your proof of compliance and your protection against allegations. When in doubt, keep it.