Glossary / Compliance & regulation
Record Keeping (Seven-Year Rule)
The seven-year rule is the AML/CTF requirement that reporting entities keep customer identification and transaction records for at least seven years after the relevant service or transaction ends.
What it means
Under Australia’s AML/CTF regime, reporting entities must keep customer identification and transaction records for at least seven years after the relevant service or transaction ends. The rule exists so that identity and payment evidence is still available years later for AUSTRAC or an investigation. Example: a business that verified a customer in 2026 must be able to produce those identity records well into the 2030s.
Why it matters for Australian finance teams
Seven years is a long time to hold evidence in a way that stays retrievable and intact. Teams that rely on scattered emails and spreadsheets often cannot find the right record when AUSTRAC or an auditor asks. A structured, durable log of each verification makes meeting the obligation far less painful, and it protects you if a past payment is later challenged.
How ezyshield helps
As ezyshield confirms the person, the business via ABN and ASIC, and bank account ownership before money moves, it records each check in an append-only audit trail that is added to but never edited or deleted, giving you a durable, retrievable history of the checks you performed. ezyshield supports your record-keeping rather than replacing your own retention policy, so confirm the retention periods that apply to your obligations. See AML/CTF compliance in Australia and AUSTRAC compliance for payments 2026.
Also known as: seven-year rule, 7-year record keeping
Last updated: 7 July 2026
Related terms
- Append-Only Audit Trail An append-only audit trail is a record where new entries are added but existing entries are never edited or deleted, so every verification and change is logged in sequence as evidence.
- AML/CTF Program An AML/CTF program is the documented framework a reporting entity must maintain to identify, mitigate, and manage money laundering and terrorism financing risks across its designated services.
- AUSTRAC AUSTRAC is Australia's financial intelligence agency and AML/CTF regulator, which supervises reporting entities and collects transaction and suspicious matter reports to combat financial crime.
See also: AML/CTF compliance in Australia , AUSTRAC compliance for payments 2026
Stop payment fraud before money moves
Verify the person, business, and bank account before any payment leaves your account.