Skip to content

Law Enforcement and Regulatory Request Policy

Last Updated: 19 May 2026 | Version 2.0

As a provider of Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) compliance infrastructure, duely may periodically receive requests for data from law enforcement agencies, regulatory bodies (such as AUSTRAC), or via civil subpoenas.

This policy outlines how duely handles such requests, with particular attention to our obligations and our Subscribers' obligations under Section 123 of the AML/CTF Act 2006 (Cth) ("Tipping Off").

1. Our Role as a Data Processor

duely operates as a Data Processor. The Subscriber (the Firm) is the Data Controller and the primary owner of the matter data, verification records, and compliance logs held within the platform.

Our baseline policy is that law enforcement and regulatory agencies should seek data directly from the Firm concerned. duely will not voluntarily disclose a Firm's data to third parties without a valid and binding legal demand, except as required to prevent imminent death or serious physical harm.

2. Handling Legal Demands

If duely receives a valid subpoena, warrant, court order, or formal statutory notice (for example, an AUSTRAC Section 167 notice) demanding access to a Firm's data, the following applies.

2.1 Standard Procedure (Notice to Subscriber)

Unless prohibited by law, our standard procedure is to:

  1. promptly notify the Firm's designated Administrator or AMLCO of the request;
  2. provide the Firm with a copy of the legal demand;
  3. allow the Firm a reasonable opportunity (typically 7-14 days, depending on the demand's deadline) to seek a protective order, quash the subpoena, or otherwise object to the disclosure in court; and
  4. if the Firm successfully quashes the demand, duely will not turn over the data. If the Firm cannot quash the demand by the deadline, duely will comply and provide the requested data.

2.2 Gag Orders and Non-Disclosure Requirements

Law enforcement requests in the AML/CTF context are frequently accompanied by non-disclosure orders (gag orders) prohibiting duely from notifying the Firm that data has been requested.

  • Compliance. duely will comply with valid gag orders issued by a competent court or statutory authority. We will not notify the Firm in these circumstances.
  • Scrutiny. Our legal counsel reviews all gag orders to confirm they are legally valid and properly scoped.

3. The Tipping Off Offence (s123 AML/CTF Act)

Section 123 of the AML/CTF Act creates a strict liability criminal offence for "tipping off". A person must not disclose to any person (including the customer) that a suspicion has been formed, that a Suspicious Matter Report (SMR) has been submitted to AUSTRAC, or that a Section 167 statutory notice has been received.

If duely receives a regulatory request for data that touches on SMRs or suspicious activity:

  • duely acknowledges the sensitivity of this data;
  • our internal legal team will review the request for s123 compliance; and
  • in scenarios involving gag orders or specific AUSTRAC notices, duely will work directly with the requesting authority to provide the data without tipping off the Firm (so the Firm is not placed at risk of inadvertently tipping off the subject).

4. Format of Disclosed Data

When legally compelled to disclose data, duely will provide it in standard, reasonably usable formats (for example, PDF Evidence Packs, CSV audit logs, or JSON data exports). duely is not obligated to build custom reports or undertake forensic data analysis on behalf of the requesting agency unless specifically ordered by a court and compensated accordingly.

5. Contact for Law Enforcement

Law enforcement agencies and regulatory bodies seeking to serve legal process should direct inquiries and formal notices to our legal department:

Email: legal@duely.com.au
(Service of legal process is only accepted via email if explicitly acknowledged by our legal counsel.)

Mail:
Duely Compliance Pty Ltd
Attn: Legal Department
Sydney, New South Wales, Australia

(Formal service of legal process may be effected by registered mail to the above address or by email where explicitly acknowledged by our legal counsel.)

6. Governing Law

This Law Enforcement and Regulatory Request Policy is governed by the laws of New South Wales, Australia.