Australia's leading AML compliance solution for Tranche 2 entities.

Contact Info

Free Trial

AML/CTF Privacy Collection Notice

Last updated: June 2026

This notice explains how personal information is collected for customer due diligence under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act). It supports privacy collection notice requirements under the Privacy Act 1988.

Why This Information Is Collected

A business using AML Shield may ask you to provide personal information so it can meet customer due diligence obligations under the AML/CTF Act. This can include confirming who you are, understanding who owns or controls an entity, assessing financial crime risk, and keeping required records.

AML Shield's Role

AML Shield provides the onboarding, evidence, workflow, and recordkeeping platform. The requesting business remains responsible for its AML/CTF obligations and decisions.

Information That May Be Collected

  • name, date of birth, residential address, email address, phone number, and role or relationship to the customer;
  • identity document details and, where required, document images or verification outputs;
  • selfie, liveness, face-match, NFC, or biometric verification outputs where a hosted identity provider is used;
  • company, trust, partnership, beneficial owner, controller, and representative information;
  • source of funds, source of wealth, politically exposed person, sanctions, adverse-media, service, and risk-assessment information; and
  • declarations, timestamps, audit events, and supporting notes needed for review and recordkeeping.

Third-Party Verification Providers

Where hosted verification is used, you may be redirected to a provider such as Didit to complete document, NFC, selfie/liveness, KYB, UBO, or Australian DVS checks. AML Shield receives verification outcomes and relevant evidence so the requesting business can review and complete its CDD process.

If you do not consent to hosted document, selfie/liveness, or biometric verification, contact the requesting business to ask about an in-person or staff-approved alternative.

Who Receives the Information

The information may be available to the requesting business, AML Shield, identity verification and screening providers, communications providers, hosting providers, support and security providers, professional advisers, AUSTRAC, and regulators or law enforcement where required or authorised by law.

If Information Is Not Provided

The requesting business may be unable to verify identity, complete customer due diligence, or provide the requested service.

Overseas Processing

AML Shield's Google Cloud infrastructure is configured in Australian regions: Sydney and Melbourne. Third-party providers are listed on our subprocessors and service providers page.

More Information

Read the Privacy Policy for more detail about access, correction, complaints, retention, security, and overseas disclosure. For questions, contact support@amlshield.com.au.

Legal Documents