There appears to be an increase in the acceptance of scanned copies of certified documents in recent years. This is understandable as it is much faster and easier to obtain a scanned copy than waiting for the physical certified document to arrive. However, I would be inclined to think that a scanned copy of a certified document is no longer a ‘certified copy’. I share my thoughts on the topic and what reporting entities need to consider in deciding their own approach in this article below.
What is a ‘certified copy’?
The term ‘certified copy’ is defined in Part 1.2 of the Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No. 1) (Cth) (the ‘AML/CTF Rules’, the ‘Rules’) to refer to ‘a document that has been certified as a true copy of an original document…’. The provision then goes on to provide a list of persons authorised to certify documents under the Rules.
Certified copy vs scanned copy
The rationale behind obtaining a certified copy of a document is that a person authorised by the Rules has sighted the original document and the copy, and has confirmed that the copy is the same as the original. Therefore, a reporting entity can be reasonably certain that the ‘certified copy’ is the same as the original document without signs of manipulation, and can rely on the information in the certified copy for KYC purposes.
In contrast, a scanned version of a ‘certified copy’ is no longer the very copy that has been sighted and confirmed as a true copy of the original by an authorised person. It is just as prone to manipulation as a scanned copy of any other document. A certification, in this case, loses its utility value.
How do I reduce risks?
One way to potentially mitigate the risk of manipulation is to contact the person that has certified the document in question to confirm the details in the document and the fact that they have indeed certified it. However, our experience shows that this method is impractical. The authorised individuals usually cannot recall these details due to the large number of documents they certify daily.
An alternative is to consider to proceed with KYC on the assumption that the scanned copy is the same as the actual certified copy and requiring the customer to mail the certified copy to the reporting entity within a certain period. Care needs to be taken to ensure that a certified copy will indeed be received, and the customer in question satisfies the reporting entity’s KYC requirements before any designated services are provided to them.
The most risk-averse option is to wait until the certified copy is received to proceed with further KYC processes.
Do I have to get a ‘certified copy’ of documents?
It depends. The detailed KYC procedures are set out in Chapter 4 of the Rules. The precious wording for different types of customers varies, but the general gist is that reporting entities are required to have “appropriate risk-based systems and controls” in place so that they can be “reasonably satisfied” that a customer is who they claim to be.
An original document and a certified copy are examples of how such a goal may be achieved, but they are not necessarily the only means. What it comes down to is the reporting entity’s risk appetite, the nature, size and complexity of its business, and the factors that need to be considered when risk-rating customers under Part 4.1 of the Rules.
The bottom line is that whatever “systems and controls” that a reporting entity decides to adopt, it needs to be able to justify why it considers them to be appropriate.
Thank you for taking the time to read this article. Please get in touch if you have any questions, comments or if you need assistance. Please also see the AML/CTF Compliance page for details on how we can assist with your AML/CTF compliance requirements.
Note: Xiaoshu is not a legal practitioner. This article has been provided for general purposes only and cannot be construed as legal advice.