Glossary / Compliance & regulation

Record Keeping (Seven-Year Rule)

The seven-year rule is the AML/CTF requirement that reporting entities keep customer identification and transaction records for at least seven years after the relevant service or transaction ends.

What it means

Under Australia’s AML/CTF regime, reporting entities must keep customer identification and transaction records for at least seven years after the relevant service or transaction ends. The rule exists so that identity and payment evidence is still available years later for AUSTRAC or an investigation. Example: a business that verified a customer in 2026 must be able to produce those identity records well into the 2030s.

Why it matters for Australian finance teams

Seven years is a long time to hold evidence in a way that stays retrievable and intact. Teams that rely on scattered emails and spreadsheets often cannot find the right record when AUSTRAC or an auditor asks. A structured, durable log of each verification makes meeting the obligation far less painful, and it protects you if a past payment is later challenged.

How ezyshield helps

As ezyshield confirms the person, the business via ABN and ASIC, and bank account ownership before money moves, it records each check in an append-only audit trail that is added to but never edited or deleted, giving you a durable, retrievable history of the checks you performed. ezyshield supports your record-keeping rather than replacing your own retention policy, so confirm the retention periods that apply to your obligations. See AML/CTF compliance in Australia and AUSTRAC compliance for payments 2026.

Also known as: seven-year rule, 7-year record keeping

Last updated: 7 July 2026

Stop payment fraud before money moves

Verify the person, business, and bank account before any payment leaves your account.