KYC for Precious Metals & Stones Dealers in 2026

From 1 July 2026, dealers in precious metals and precious stones in Australia will be required to conduct Know Your Customer (KYC) checks — verifying customer identity and assessing risk before completing designated transactions. Under the AML/CTF Act 2006 as amended by the Tranche 2 reforms, failing to comply can result in civil penalties of up to $22 million for serious contraventions. With just 62 days until the deadline, this guide explains what KYC actually looks like on the dealership floor — and what you need to have in place before the clock runs out.

Why Are Precious Metals and Stones Dealers High-Risk for Money Laundering?

AUSTRAC has long identified dealers in precious metals and precious stones as a high-risk sector. Luxury assets like gold bullion, diamonds, and platinum are portable, retain their value, and can be converted back to cash with relative ease — characteristics that make them attractive vehicles for the placement and layering stages of money laundering. The sector also tends to involve high-value cash transactions and, in some cases, walk-in customers with no prior business relationship. These risk factors were central to the decision to include dealers in precious metals and stones within the Tranche 2 reforms.

Which Transactions Trigger KYC Obligations Under Tranche 2?

Under the expanded AML/CTF Act 2006, dealers in precious metals and precious stones will be required to conduct customer due diligence (CDD) when providing a designated service. For this sector, that includes:

• Buying or selling precious metals — gold, silver, platinum, palladium — where the transaction meets or exceeds the applicable threshold

• Buying or selling precious stones — diamonds, rubies, sapphires, emeralds, and other gemstones — at or above the threshold

• Aggregated transactions — multiple related transactions that collectively meet the threshold, even where each individual transaction does not

The relevant threshold for cash transactions under the AML/CTF Act 2006 is AUD $10,000. However, your obligations do not disappear below this threshold. If risk indicators are present — for example, a customer making repeated sub-threshold purchases over a short period — your risk-based programme should trigger a review regardless of transaction size.

What Does Standard Customer Due Diligence Involve?

Standard CDD requires you to collect and verify information that establishes who your customer is before or during a transaction. For an individual customer, this means:

1. Collect identifying information — full legal name, date of birth, and residential address

2. Verify that information against a reliable and independent source, such as a current Australian passport, driver's licence, or another AUSTRAC-approved document

3. Assess the purpose and nature of the transaction — does the customer's stated reason make sense given their profile and the transaction value?

4. Record the outcome of your CDD checks and retain all documentation for at least seven years

CDD is not required for every customer interaction. The obligation applies to designated services at or above the applicable threshold, and to any transaction where risk indicators are present regardless of value.

When Is Enhanced Due Diligence Required?

Enhanced due diligence (EDD) applies when the risk profile of a customer or transaction is elevated beyond what standard CDD can adequately address. Under your AML/CTF programme, you must apply EDD when:

• The customer is a politically exposed person (PEP) — a foreign official, or their close associate or immediate family member

• The customer or transaction is linked to a high-risk jurisdiction identified in AUSTRAC guidance or FATF mutual evaluation reports

• The transaction is unusually large or structured without a clear commercial rationale

• The customer is reluctant to provide information or offers explanations that are inconsistent or implausible

• Your risk assessment has classified the customer relationship as high risk

EDD typically means obtaining additional information about the customer's source of funds, source of wealth, and the business rationale behind the transaction. You should also apply more frequent ongoing monitoring to high-risk customer relationships.

How Do You Handle Business Customers and Beneficial Ownership?

If a customer is a company, trust, or other legal entity, standard CDD is not sufficient on its own. You must also identify and verify the beneficial owners — the natural persons who ultimately own or control the entity. Under the AML/CTF Act 2006, a beneficial owner is generally any individual holding a direct or indirect ownership or control interest of 25% or more.

For a wholesale trade customer — such as a jewellery manufacturer that purchases gold from your business regularly — you will need to collect the company's registration details (ABN or ACN), verify the legal entity, and identify the individuals behind it. Compliance platforms like AMLify can automate beneficial ownership lookups against ASIC and international registries, cutting what would otherwise be a time-consuming manual process down to minutes.

What Records Must You Keep — and For How Long?

Dealers in precious metals and stones will be required to retain CDD records for a minimum of seven years from the date the customer relationship ends or the transaction is completed. Your records must include:

• Copies of identity documents collected during the verification process

• Transaction records including the date, value, description of goods, and the parties involved

• Risk assessment notes and the basis on which you determined the applicable level of CDD

• Suspicious matter report (SMR) records, where a report has been lodged with AUSTRAC

Digital record-keeping systems that automatically timestamp and store CDD data are strongly recommended — not only for compliance purposes, but because paper-based records are difficult to locate and produce when AUSTRAC requests them.

With 62 Days Until the Deadline, Where Do You Start?

If you have not yet begun preparing for Tranche 2, here is a prioritised action plan:

1. Conduct a risk assessment of your customer base, transaction types, products, and delivery channels — this is the foundation of your entire AML/CTF programme

2. Draft or update your AML/CTF programme to reflect the specific designated services your business provides

3. Train your staff on how to conduct CDD, what triggers an EDD requirement, and how to identify and escalate potentially suspicious behaviour

4. Implement record-keeping systems that meet the seven-year retention requirement — ideally a digital platform with automated document storage and audit trails

5. Appoint an AML/CTF compliance officer — even in a small business, a designated person must own this responsibility

6. Enrol with AUSTRAC as a reporting entity before 1 July 2026 — enrolment must be completed before you begin providing designated services

AMLify's compliance platform is purpose-built for Tranche 2 entities, including dealers in precious metals and precious stones. Guided onboarding, automated CDD workflows, AI-powered risk assessments, and seven-year digital record retention mean you can build a compliant programme in days rather than months. Visit our features page to see how it works.

Key Takeaways

• Dealers in precious metals and precious stones become reporting entities under the AML/CTF Act 2006 from 1 July 2026 — AUSTRAC enrolment is mandatory before that date

• KYC obligations apply to designated transactions at or above the $10,000 cash threshold, and to any transaction where risk indicators are present regardless of value

• Standard CDD requires identity verification; enhanced CDD applies when customers are PEPs, linked to high-risk jurisdictions, or involved in unusually large or complex transactions

• Beneficial ownership must be identified and verified for business customers, with a 25% ownership or control threshold as the general benchmark

• CDD records must be retained for a minimum of seven years — a digital compliance platform makes this significantly more manageable for small and medium-sized dealers

Frequently Asked Questions

Q: Do precious metals and stones dealers need to register with AUSTRAC?

Yes. From 1 July 2026, dealers in precious metals and precious stones that provide designated services will be required to enrol with AUSTRAC as reporting entities. Failure to enrol is a strict liability offence under the AML/CTF Act 2006. If your business is already operating, you should prioritise AUSTRAC enrolment now — do not wait until June or July.

Q: What are the penalties for failing to conduct KYC checks?

AUSTRAC can issue civil penalties of up to $22 million per contravention for serious non-compliance under the AML/CTF Act 2006. In addition, AUSTRAC has powers to issue infringement notices, accept enforceable undertakings, and — in the most serious cases — refer matters for criminal prosecution. Non-compliance also carries significant reputational risk and can jeopardise banking relationships essential to daily operations.

Q: Do I need to verify every customer who buys from me?

Not every transaction triggers a CDD requirement — the obligation applies to designated services at or above the applicable threshold, and to any situation where risk indicators are present. However, your AML/CTF programme must clearly define when CDD is required so that staff know exactly what to do. A risk-based approach allows you to apply proportionate effort, reserving enhanced due diligence for higher-risk customers and transactions.

Q: What counts as a 'designated service' for a precious stones or metals dealer?

Under the Tranche 2 reforms, designated services for this sector include the buying and selling of precious metals and precious stones at or above the applicable transaction threshold. The precise definitions will be set out in the amended AML/CTF Act 2006 and supporting Rules. Dealers should monitor AUSTRAC's website for final guidance and seek advice from a qualified AML compliance adviser for advice specific to their business model.

Q: Can compliance software help manage KYC for a small dealership?

Yes — and for most small to medium-sized precious metals and stones dealers, purpose-built compliance software is the most practical solution. Manual KYC processes are time-consuming, prone to human error, and difficult to audit under regulatory scrutiny. Platforms like AMLify automate identity verification, risk scoring, beneficial ownership checks, and record retention in a single guided workflow, significantly reducing the compliance burden on your team.

This is general information only and not a substitute for legal advice.