Find answers to all frequently
asked questions here.


Find answers to all frequently asked questions here.


What does KYC stand for?

KYC means Know Your Customer and sometimes Know Your Client. KYC or KYC check is the mandatory process of identifying and verifying the identity of the client when opening an account and periodically over time. Financial Services may refuse to open an account or halt business relationship if the customer fails to meet minimum KYC requirements.

What are KYC requirements?

The process of “knowing your customer” ensures identity is verified either before or during the time that a financial institution starts doing business with an individual or entity and can also reference the regulated financial services practices that are used to verify clients’ identities.


It is up to financial institutions that issue credit or allow customers to open accounts to practice enhanced due diligence and verify customers to ensure they are not taking part in a money laundering scheme. They must verify where large sums of money originated, monitor suspicious activities and report material cash transactions.


Many financial institutions begin their KYC procedures by collecting basic data and information about their customers, ideally using electronic identity verification. Pieces of information such as names, passport, Medicare card, phone numbers, birthdays, and addresses can be very useful when determining whether an individual is involved in a financial crime. This verification process can go further to include facial verification and biometric verification.

Is KYC mandatory?

The KYC process is a legal requirement intended as an Anti-money laundering and Counter Terrorism Financing measure. KYC policies require “reasonable due diligence” to know (and retain) the essential data concerning every customer.


What is AML?

Anti-money laundering (AML) and Counter Terrorism Financing (CTF) describes the legal controls that require financial institutions and other regulated entities to prevent, detect and report money laundering activities. Laws against money laundering were created as far back as the 1930’s.


Directives such as the Bank Secrecy Act (BSA) of 1970 and the more recent legislation in Australia, the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 regulate the set of procedures, laws and regulations designed to stop the practice of generating income through illegal actions.

What is RegTech?

RegTech (Regulatory Technology) is the application of emerging technology to improve the way businesses manage regulatory compliance. RegTech companies can engage machine learning, natural language processing, blockchain, AI, and other technologies in order to bring the power of digital transformation to the world of regulatory compliance.

Electronic Identity Verification

How do the Electronic Identity Verifications work?

Electronic identity verification is used to match particular electronic data sources to customer details. To comply with the AUSTRAC ‘safe harbour’ rules you must verify at a minimum Name, Address and Date of Birth on two independent data sources. The AFSL may choose to apply greater rigour and additional checks as part of their KYC Program.


For example, while verifying Name, Address and Date of Birth on two independent data sources such as electoral roll and credit bureau will meet the minimum requirements, many organisations also require at least one government source such as a driver’s license, Medicare, or passport (known as the Document Verification Service or DVS).


The most common approach is to establish a ‘scorecard’ for verification against a source like electoral roll AND a government source.

What types of data sources are used for Electronic Identity Verification and how do they match our AML/KYC program?

The LAB dynamic Onboarding Framework performs electronic verification on individuals based on the IDMatrix profile selected by your organisation (sometimes referred to as an organisation’s Scorecard).


All individuals in an application that are required to be electronically verified are identified in accordance with the selected IDMatrix profile.


For a comprehensive list please visit the LAB Community Knowledge Base here.

What are PEPs?

A PEP is an individual who holds a prominent public position or role in a government body or international organisation, either in Australia or overseas. Immediate family members and/or close associates of these individuals are also considered PEPs.


PEPs often have power over government spending and budgets, procurement processes, development approvals and grants. Examples of PEPs include government ministers or equivalent politicians, senior government executives, high ranking judges, high-ranking military officers, or board members or executives of an international organisation. This is not a complete list of PEPs.


Because PEPs hold positions of power and influence they can be a target for corruption and bribery attempts, and ultimately for money laundering or terrorism financing activities. This is why it’s important to use AML/CTF measures to identify and manage any such potential risks. However, you should remember that being a PEP doesn’t automatically mean someone is involved in criminal activities.


As part of your AML/CTF program, you must outline how you identify PEPs and what steps you take when dealing with them.


LAB Group Products

Is branding customisable for the LAB dynamic Onboarding Framework?

Yes! Customers apply from your website to your branded version of the LAB dynamic Onboarding Framework to provide a seamless customer journey.

What integrations are available?

The LAB dynamic Onboarding Framework integrates with a number of industry systems and organisations including HiTrust, Pershing, Macquarie, AusieX, IRESS Xplan, Accuity, FinClear, Trulioo, Praemium, Hub24, M2, Open Markets and Pacific Systems.


We are almost always introducing new integrations and partners. For the most up to date list or to speak to us about an integration request, contact us.

Can my business integrate with an API?

LAB Group has API’s and webhooks available to integrate with your current systems, including:


  • Triggering an action to your system based on events
  • Our Initiate API allows businesses to initiate and pre populate aspects of an application through the LAB dynamic Onboarding Framework independent of the online application form
  • LAB Group’s Completion API allows organisations to extract application data entered into an online application through the LAB dynamic Onboarding Framework. Organisations can extract application data via the Completion API and then use this to load application data into their account management, registry system or CRM.
  • The Federated Identity API allows organisations to utilise LAB Groups Federated Identity capability to seamlessly log into the LAB Application Manager without a user needing to provide additional credentials.
  • The Application Maintenance API allows organisations to update an application through the LAB dynamic Onboarding Framework with specific details, such as setting an account number or setting a specific label.


What languages does your technology support?

The LAB dynamic Onboarding Framework is a multi-lingual platform and can support multiple languages. Default translations of core field are supplied to the client for review however any translations for client specific application wording must be provided by the client.


Currently the following languages are supported/activated in the LAB dynamic Onboarding Framework:


  • English
  • Spanish
  • Chinese
  • Japanese
  • Russian
  • Bahasa
  • Portuguese
  • German


Does LAB Group keep data and can my company do an audit trail?

LAB Group stores information under a robust information security framework reinforced by a comprehensive information security management system that is externally audited under the globally recognised ISO/IEC 27001:2013 certification.


The following types of information are stored by LAB Group:


  • Customer information that is input, such as personally identifiable information (PII)
  • Interaction information such as user activity on a form
  • Information about a user’s location such as their Internet Protocol (IP) address
  • Artefacts that are generated such as electronic identity verification Adobe PDFs
  • Records of system communication such as copies of emails linking to product disclosure statements
  • Artefacts uploaded such as scans of passports


As of 1st August 2018, LAB Group’s default record retention limit is as follows:


  • 90 days from the creation date for incomplete applications
  • 90 days from the completion date for completed applications
  • 0 days after the termination of LAB Group’s services


After the 90 days, or in the event of a discontinuation of LABform subscription, LAB Group is under no obligation to continue to retain the data. In addition, data can be anonymised earlier than 90 days if requested.


Since organisations are subject to record-keeping obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act), LAB Group offers a Record Retention service which will retain records beyond this default limit for an additional fee.


Other stored data including email, internal sales and marketing information, HR, legal, and financial information, and contracts are currently kept indefinitely to ensure that LAB Group is able to enforce confidentiality and other legal terms even after termination of staff or services.


Personally Identifiable Information (PII) Controls


Personal Identifiable Information (PII) is protected in the following ways:


  • Forbidding the communication of PII via email and internal messaging applications
  • Restricting access to personal information
  • Encrypting PII at rest and in transit
  • Securely destroying or masking personal information when it is no longer needed for record retention purposes


Privacy laws state that organisations should not retain personally identifiable information (PII) beyond what is reasonably necessary to provide their services.


In some cases, customers prefer to remove PII while retaining other LABform data. In these cases, LAB Group pseudonymises the PII by replacing specific data with generic data.


Once an application reaches the predefined threshold, PII can be programmatically replaced with generic values.

Where is my customer data stored?

LAB Group stores information under a robust information security framework reinforced by a comprehensive information security management system that is externally audited under the globally recognised ISO/IEC 27001:2013 certification.

Customer Support

Who do I contact if I have a problem?

We have a support desk available for you to submit cases in our LAB Community with the option for technical support. This is a central location for resources, Frequently Asked Questions, Guides and a place to monitor the progress of your support cases. Go to the LAB Community here to view our Knowledge Base, Request Access, or Submit a Case.

Can I give team members different access levels?

Yes. We have different levels of access available for managing and monitoring applications within LAB’s Application Manager ensuring  staff get the correct authorised access and permissions.

We can help, get in touch

“LAB Group is detailed-oriented and produced great results for the company.”