Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF)
Australia’s Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) framework is undergoing substantial reform to strengthen and modernise the regulatory regime. The changes are designed to better align Australia’s framework with international standards while expanding regulatory obligations to additional professional sectors that have not previously been subject to AML/CTF oversight.
From 1 July, as part of these regulatory changes, you may notice changes to our procedures and customer verification processes. This may include requests for additional information or documentation to help us meet our legal obligations.
Examples of information we may request include:
Identification documents, such as a driver’s licence or passport, or completion of electronic identity verification checks;
Information about the purpose and nature of your transactions, the source of funds, or the ownership and control structure of a business or other entity;
Updating of your personal, business, related information where required.
These measures are required to comply with AML/CTF. Any information you provide will be handled in accordance with our privacy policy.
Australian Privacy Principles
Our AML/CTF Privacy Policy sets out how we will manage your personal information collected by us for the purpose of complying with the anti-money laundering (AML) and counter-terrorism financing (CTF) laws (“AML/CTF laws”),in accordance with the Australian Privacy Principles (“the APPs”) established by the Privacy Act 1988 (“the Act”).
Your privacy is important to us and we will manage your personal information in an open and transparent manner in accordance with the APPs.
The APPs are available at http://www.oaic.gov.au/privacy/privacy-act/australian-privacy-principles and guidelines and information are available from the Office of the Australian Information Commissioner at http://www.oaic.gov.au/.
The APPs establish standards for the way we must deal with personal information including:
our openness about our AML/CTF Privacy Policy;
the way we collect your personal information;
the way we use and disclose your personal information;
our data quality and security for storage and integrity of your personal information;
your right of access to, and correction of, your personal information; and
any international transfer of information.
Confidentiality
Apart from the APPs, we may have obligations of confidentiality in relation to information provided to us in the course of providing legal services. We will comply with our obligations to keep information confidential.
What constitutes “Personal Information”?
Personal Information is any information or opinion (whether fact or not) which either identifies you or from which your identity can reasonably be determined. Personal Information can only relate to human beings and information about companies and other legal entities is not covered by the provisions of the Act.
What constitutes “Sensitive Information”?
A higher level of privacy protection is generally afforded to sensitive information, as this is defined. Sensitive Information is personal information that includes information about your:
race or ethnic origin;
membership of political association;
political opinions;
religious beliefs or affiliations;
philosophical beliefs;
sexual preferences or practices;
criminal record;
membership of professional or trade association;
membership of a trade union;
health;
other genetic information;
biometric information for automated biometric verification or biometric identification;
biometric templates.
Why do we collect personal information?
Where we provide (or propose to provide) services that are ‘designated services’ under the AML/CTF laws, we are required to collect your personal information where reasonably necessary to comply with our customer due diligence and risk assessments obligations. This may include:
Identity Verification: identity and contact details (such as name, date of birth and residential address) and identification documents (like a passport or driver’s licence) to confirm your identity. You may also need to provide information about your vocation and some other personal information.
Business Structure: Details of companies and trusts and beneficial owners of your business may be required and, unless you are a sole trader, you will need to verify your authority to act on behalf of the business. Verification of persons who are beneficial owners will require identification documents.
Sources of Funds and Wealth: You might be asked about the purpose of your transaction or the source of funds for transactions or overall wealth, particularly where there are higher risks or high amounts or complex arrangements. This helps us better understand your needs and meet our legal obligations.
Other Questions: We may need to ask if you, or a beneficial owner, is a “politically exposed person”, that is someone who holds, or has held, a prominent public position. This may mean a higher degree of care is required in assessing risk.
Ongoing Checks: Due diligence is ongoing. For some matters, we will have to monitor transactions to keep an eye out for anything unusual. If something looks unusual, you may be contacted for clarification.
Reporting: In some cases, we are legally required to use your personal information to report suspicious activities or large cash transactions (over $10,000) to AUSTRAC (the government agency overseeing these laws).
By engaging our firm, you consent to us collecting and using personal information for these purposes. This is a standard term of our Retainer Agreement.
Can you object to giving your personal information?
Should you choose to engage us to provide legal services, we will require personal information so that we are able to comply with our obligations under the AML/CTF laws. If you are making initial enquiries in relation to our services or other matters, it may be possible for you to deal with us anonymously or by a pseudonym, but if you wish to engage us to provide legal services, it will be necessary for your identity to be disclosed to us.
How do we collect personal information?
We may collect personal information about you through a variety of means, including:
through EasyAML, a purpose-built AML/CTF platform used by professional services firms across accounting, legal, and financial services;
when you meet with us (including face-to-face meetings and remote or online meetings), when you communicate with us via email or over the phone, or when you otherwise engage with us or with any of our staff; and
when you or the organisation or entity with which you are associated engage us to provide legal services.
Will your personal information be disclosed to anyone?
We will only use or disclose personal information for the primary purpose for which the information has been provided to us, or for other purposes with your consent.
In certain circumstances, we will be required to disclose your personal information, to the extent necessary, to AUSTRAC (the government agency overseeing the AML/CTF laws), as we are legally required to report suspicious activities or large cash transactions (over $10,000). We are prohibited from informing you if such a disclosure is made.
Keeping your personal information up-to-date
While we will endeavour to ensure that the personal information collected from you is up to date and complete, we will assume that any personal information provided by you is free from errors and omissions, is not misleading or deceptive and complies with all relevant laws.
We rely on the personal information provided by you. We will not check or verify the accuracy of any personal information we obtain from you or other persons.
To ensure we can provide you with the best possible service, it is important to ensure your information is accurate, up to date and complete. You should provide us with details of any changes to your personal information as soon as reasonably practicable following such change.
How safe is your personal information?
Douglas Hoskins Legal will endeavour to take all reasonable steps to protect your personal information:
from misuse, interference and loss; and
from unauthorised access, modification or disclosure.
Some examples of the steps include:
installing, maintaining and upgrading appropriate firewalls and security measures for electronic data storage;
ensuring the maintenance of our building security;
utilising secure document destruction service; and
ensuring are staff are trained and adhere to our security protocols.
How long will personal information be kept?
We retain personal information only for as long as it is required for the purpose of demonstrating our compliance with the AML/CTF laws or as required or authorised by law, and we take reasonable steps to destroy or de-identify personal information that we no longer need for this purpose.
Where the AML/CTF laws applies, we may be required to keep certain records for prescribed periods (for example, generally for 7 years after the end of a business relationship or after an occasional transaction).
If collection of your personal information is completed using the EasyAML platform, your personal information will be retained by EasyAML in accordance with their Privacy Policy. EasyAML’s Privacy Policy is available at: https://easyaml.com/privacy-policy/#information-we-collect.
If collection of your personal information is not completed using the EasyAML platform, where possible, the personal information we have collected from you for the purpose of complying with the AML/CTF laws, will be stored separately to your matter’s file.
Where we collect copies of identification documents to verify identity, we take reasonable steps to limit retention of those copies to what is required or reasonably necessary. In particular, we may retain a record of the relevant details from an identification document (such as name, date of birth, residential address, document type, document number and expiry date) and information about the verification process and outcome, rather than retaining a full copy of the identification document, except where retaining a copy is required or authorised by law or reasonably necessary for another permitted purpose.
Can you access your personal information?
You may request access to your personal information at any time, and we will provide access to your information unless this is contrary to the APPs. In order to respond to your request we may require the following information to be provided:
your name and address;
your contact telephone number(s); and
the basis of our relationship (i.e. legal services provided currently or historically).
This service is usually provided free of charge and we ask that the request be made in writing. Should the information you require be held in our archives, there may be a small administration fee charged to assist with meeting this cost. Prior to acting upon your request we will advise you of any fees which may be payable. We will act on all such requests as soon as reasonably possible on receipt of the request.
Can you be denied access to your personal information?
In certain circumstances, we may not be required by the APPs to give you access to your personal information where doing so would in inconsistent without our legal obligations, including obligations under the AML/CTF laws. The circumstances in which we may not be required to give access to your personal information are set out in APP 12.3. Should your request to access personal information be denied, we will advise you in writing:
the reasons for the refusal, except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so; and
the mechanisms that you have available to complain about the refusal.
Correction of your personal information?
You may at any time, by notice to Douglas Hoskins Legal, request correction of any personal information that we hold about you, and we will take such steps as are reasonable in the circumstances to correct the information to ensure that, having regard to the purpose for which it is held, the information is accurate, up to date, complete and relevant and not misleading. If we do not believe that it is reasonable to correct information that you request, we will advise you in writing of:
the reasons that we decline to make the correction that has been requested, except to the extent that it would be unreasonable to do so; and
the mechanisms available to you to complain about the refusal.
If we have declined to correct personal information as requested by you, you may also request us to associate with the information a statement by you that you believe that the information is inaccurate, out of date, incomplete, irrelevant or misleading, as the case may be. We will deal with all requests for correction of your personal information as soon as reasonably possible, and will not make any charge for correcting information or associating a statement by you. There may be times, when information, which is commercially sensitive, is involved. In these circumstances, we may provide you with an explanation of the decision instead of direct access to the information.
Can you complain about a breach of your privacy?
If you believe that we have not protected your personal information in line with our Privacy Policy you may lodge a request or complaint with our AML Compliance Officer. The request or complaint should be in writing or by email and should contain sufficient information in order for us to identify the person or information concerned and any issues that you have in relation to the protection of the information.
We will deal with your inquiry or complaint in accordance with the Privacy Act. You can also contact the Office of the Australian Information Commissioner by visiting oaic.gov.au/privacy/privacy complaints
Contact Us
If you have any privacy issue or concern, you may contact our AML Compliance Officer by:
Telephone: (08) 8298 2066;
Email: anunan@douglashoskinslegal.com.au; or
Post: 333 Brighton Road, North Brighton SA t Adelaide SA 5000
Copies of this Privacy Policy
You may obtain a copy of this Privacy Policy free of charge on request to our AML Compliance Officer.
My Approach
What began as a passion project has evolved into something more. We’re proud of where we’ve been and even more excited for what’s ahead. What sets us apart isn’t just our process—it’s the intention behind it. We take time to understand, explore, and create with purpose at every turn.
Simple ideas
Through every step, we've focused on staying true to our values and making space for thoughtful, lasting work.
Lasting impact
We build with clarity, act with integrity, and always stay curious.