How long is a KYC valid? When does it need to be redone?
Between 1-3 years; ARNECC's 2-year window applies to property transactions and aligns with easyAML, while other sectors follow a risk-based cadence.
AUSTRAC guidance recommends a re-verification of your customers every 1- 3 years depending on their risk rating. AUSTRAC takes a risk-based approach - you must "review and update" KYC information at an appropriate frequency. In practice:
- Property transactions (conveyancers, real estate, lawyers): ARNECC's VOI standard treats a verification as valid for two years. easyAML aligns with this for property-related work.
- Other sectors (accountants, legal, trust/corporate services): the platform applies a risk-based cadence will allow re-use of a verification as valid for two years
Within the validity period you can reuse the existing KYC for the same person - you don't redo it for every new transaction. - In the background, every engagement, easyAML automatically re-runs PEP, sanctions and adverse-media screening. There is no extra charge for this.
- A fresh KYC is required if: the validity period has lapsed, the customer's risk rating has changed materially, identity details have changed, or you form a suspicion.
For background, see AUSTRAC's Overview of ongoing customer due diligence and Overview of customer due diligence (Reform).
Related articles
- What's the difference between CDD, KYC and KYB - and when does each apply?
- How does CDD work for an off-the-plan purchase where settlement is years away?
- Does the platform automatically determine the customer's risk rating?
- Are periodic reviews after settlement relevant for conveyancers?
- For a buyer's agent with 50 recurring clients, do they need a fresh KYC each purchase?