Record-Keeping for Precious Metals Dealers: 2026 Guide

From 1 July 2026, dealers in precious metals and precious stones who conduct cash transactions of AUD 10,000 or more become reporting entities under Australia's AML/CTF Act 2006. That status triggers a range of obligations—and one of the most operationally demanding is record-keeping. Under Part 10 of the AML/CTF Act, reporting entities must retain specific records for a minimum of seven years. With just 57 days until the Tranche 2 deadline, now is the time to build compliant record-keeping systems before AUSTRAC comes looking.

Why Does Record-Keeping Matter for Precious Metals Dealers?

Record-keeping is the backbone of any AML/CTF compliance programme. Without accurate, accessible records, you cannot demonstrate to AUSTRAC that you have fulfilled your obligations—and in an audit or investigation, the absence of records is treated as a compliance failure in its own right. For precious metals and stones dealers, the stakes are particularly high. AUSTRAC and the Financial Action Task Force (FATF) consistently flag this industry as high-risk for money laundering, citing the high value density of goods, the prevalence of cash transactions, and the anonymity that can surround private sales. Thorough records are your primary defence if AUSTRAC ever scrutinises a transaction.

What Records Are Precious Metals Dealers Required to Keep?

Under the AML/CTF Act 2006, precious metals and stones dealers who are reporting entities must keep records across six key categories: 1. Customer identification records — All information collected to verify a customer's identity, including documents sighted, the verification method used, and the date verification was completed. 2. Transaction records — Details of each designated service transaction, including amount, currency, date, and parties involved. 3. Threshold Transaction Report (TTR) records — A copy of every TTR submitted to AUSTRAC for cash transactions at or above AUD 10,000. 4. Suspicious Matter Report (SMR) records — Records confirming that an SMR was submitted, including the date of submission. Do not retain details that could tip off the subject of an SMR. 5. AML/CTF programme records — Documentation of your AML/CTF programme itself, including risk assessments, policies, procedures, and any amendments made over time. 6. Employee training records — Evidence that all relevant staff have completed AML/CTF training, including dates, topics covered, and the names of staff who attended.

How Long Must Records Be Kept?

The AML/CTF Act sets a minimum retention period of seven years from the date the record was created or the transaction occurred. This is a hard floor—there is no discretion to dispose of records earlier. Where a record relates to a customer relationship that is still ongoing, the seven-year clock runs from the date the relationship ends, not the date of the original transaction. In practice, this means active customer files may need to be retained indefinitely until the relationship concludes, then held for a further seven years.

What Format Must Records Be Stored In?

Records may be kept in physical or electronic format, provided they: - Are in English, or can be readily converted to English on request - Are accessible to AUSTRAC within a reasonable timeframe (AUSTRAC typically expects production within five business days) - Are stored securely with appropriate access controls to prevent tampering or unauthorised access - Can be reproduced accurately and completely if requested Electronic records are strongly recommended for most businesses—they are easier to search, back up, and produce for an audit. If you use cloud-based systems, confirm that your provider stores data in Australia or in a jurisdiction that will not restrict disclosure to Australian regulators.

What Information Must Be Captured for Each Transaction?

For each transaction constituting a designated service, your transaction records should capture at minimum: - Date and time of the transaction - Amount and currency, including the AUD equivalent for any foreign currency transactions - Type of transaction (e.g. purchase of gold bullion, sale of loose diamonds, exchange of jewellery) - Method of payment (cash, bank transfer, card, cryptocurrency) - Parties to the transaction — name, address, and identification details of the customer - Goods description — sufficient detail to identify what was bought or sold, including weight, purity, carat, or other relevant specifications - Any third parties involved in or instructing the transaction For high-value or elevated-risk transactions, additional Enhanced Due Diligence (EDD) documentation may also need to be retained. Browse our Compliance Guides for guidance on when EDD applies to your transactions.

What Customer Identification and Due Diligence Records Must Be Kept?

Your KYC records form a critical subset of your record-keeping obligations. Every time you conduct customer due diligence (CDD) or enhanced due diligence (EDD), you must document: - The customer's full legal name, date of birth (for individuals), and residential or business address - The type and details of the identification document sighted—for example, passport number, expiry date, and issuing country - The verification method used (e.g. in-person sighting, accredited electronic verification service) - For corporate customers: beneficial ownership information, including the identity of any individual owning or controlling 25% or more of the entity - The date CDD was conducted and which staff member conducted it - Any updates to customer information identified during ongoing CDD reviews These records must be linked to the relevant transactions so that AUSTRAC can trace the full history of a customer relationship if an investigation is opened.

What AML/CTF Programme and Training Records Must Be Retained?

Your AML/CTF programme documentation must be maintained as a living record. This means keeping not just the current version of your programme, but previous versions and a log of when and why changes were made. Specifically, retain: - Your current AML/CTF programme document - All previous versions, with effective dates clearly noted - Risk assessment results and the methodology used to reach your conclusions - Records of your programme review schedule and the outcomes of each review - Training materials delivered to staff, in the format they were delivered - Individual training completion records: name, date, and content covered AUSTRAC expects your programme records to tell a coherent story: here is the risk we identified, here is how we responded, here is how we trained our people, and here is how we reviewed and improved over time. AMLify's compliance platform helps precious metals and stones dealers maintain all of this documentation in one place—see how AMLify works to learn more.

What Are the Penalties for Failing to Keep Records?

Failure to meet record-keeping obligations under the AML/CTF Act is a civil penalty offence. AUSTRAC can issue infringement notices, accept enforceable undertakings, or apply to the Federal Court for civil penalty orders against non-compliant reporting entities. Beyond financial penalties, AUSTRAC can publicly name businesses that fail to comply—reputational damage that can be especially harmful for dealers whose trade depends on trust and discretion. AUSTRAC has signalled consistently that Tranche 2 entities will face the same regulatory scrutiny as Tranche 1 financial institutions from day one of their obligations. Starting without robust record-keeping systems is not a safe option.

How Can AMLify Help Manage Record-Keeping Obligations?

Manual record-keeping—spreadsheets, filing cabinets, disconnected email threads—is a compliance risk in itself. Records stored across inconsistent formats are harder to produce under pressure, easier to lose, and more likely to contain gaps that AUSTRAC will notice. AMLify provides precious metals and stones dealers with a purpose-built compliance platform that: - Stores all customer identification and CDD records securely and searchably - Automatically timestamps and archives transaction records at point of entry - Generates and maintains AML/CTF programme documentation with version history - Tracks staff training completion and sends renewal reminders - Produces records in formats ready for AUSTRAC review With 57 days until the Tranche 2 deadline, there is still time to implement a compliant system before your obligations begin. Visit /pricing to find the plan that fits your dealership.

Key Takeaways

• Seven-year minimum retention applies to all AML/CTF records from the date of the transaction or the end of the customer relationship—whichever is later.
• Records must be kept across six categories: customer identification, transactions, TTRs, SMRs, your AML/CTF programme, and staff training.
• Electronic records are preferred—ensure they are secure, in English, and producible within five business days of an AUSTRAC request.
• Customer identification records must capture verification method, document details, and beneficial ownership information for any corporate customers.
• AML/CTF programme records must include previous versions, risk assessment results, and individual training logs—not just your current policy document.

Frequently Asked Questions

Q: Do all precious metals dealers need to keep AML/CTF records under Tranche 2?

Only precious metals and stones dealers who become reporting entities under the AML/CTF Act 2006 are subject to the Part 10 record-keeping obligations. You become a reporting entity when you provide designated services—most commonly, accepting cash of AUD 10,000 or more from a customer. If your business exclusively processes electronic payments, seek independent legal advice to confirm your status before assuming you are outside the regime.

Q: Can AML/CTF records be stored on overseas servers?

Records may be stored in overseas systems provided they can be produced to AUSTRAC within a reasonable timeframe and are not subject to foreign laws that would prevent their disclosure to Australian regulators. In practice, most compliance software vendors offer Australian data residency options—this is worth confirming with any platform you engage before storing sensitive customer records.

Q: What if a customer refuses to provide identification for a high-value transaction?

If a customer refuses to provide the identification required for CDD, you must not proceed with the transaction. You should also consider whether the refusal itself warrants the submission of a Suspicious Matter Report (SMR) to AUSTRAC. Record the refusal in full, including the date, the identification requested, the customer's stated reason for refusing (if given), and the decision made by your staff.

Q: Do I need to keep records of transactions below the AUD 10,000 cash threshold?

The designated service trigger for precious metals and stones dealers is generally linked to cash transactions at or above AUD 10,000. However, your AML/CTF programme may require CDD and record-keeping for lower-value transactions where your risk assessment identifies elevated risk factors. It is also worth noting that structuring—deliberately splitting transactions to remain below the threshold—is a criminal offence under the AML/CTF Act, and records of lower-value transactions can be important evidence if structuring is suspected.

Q: What happens to records when a staff member who conducted CDD leaves the business?

Records do not belong to individual employees—they belong to the reporting entity. All transaction records, CDD documentation, and training records associated with a departing staff member must be retained by the business for the full seven-year period. Ensure all records are stored in systems controlled by the business, not in individual staff members' personal email accounts, local drives, or personal cloud storage.

This is general information only and not a substitute for legal advice.