TABLE OF CONTENTS



The Data Deletion feature allows your organization to automatically purge sensitive client information once it is no longer required for compliance purposes. By configuring customized timelines for identity documents, biometric videos, and full AML records, the platform seamlessly tracks and destroys data at specified intervals after a case is finalized or a document is collected.


This feature gives you the tools to ensure you are meeting your responsibilities and legal obligations under applicable AML/CFT legislation and privacy law.


Data Categories Eligible for Deletion


First AML categorizes data into three distinct buckets for automated deletion. Each category can be configured independently by your compliance administrator.

  • Identity Document Images: This includes original images and files of identity documents where metadata is extracted, such as Passports, Driver Licences, National ID cards, and accompanying anti-tampering reference images.
  • Biometric Video Recordings: This encompasses the video recordings captured during electronic identity verification checks.
  • AML Records: This represents the core compliance history, including the entire case file, profile records, verification outcomes, case histories, and risk assessments.


What is excluded?

  • Documents collected without extracted metadata—such as Birth Certificates or generic Certified ID documents—are excluded from automatic file deletion. These documents are permanently retained alongside the core AML record to ensure you maintain the mandatory evidence of how an identity was verified.


How the Deletion Timeline Works


The automated deletion cycle is governed by the retention periods you configure in your platform settings. Data will be deleted at the end of the retention period.


Triggers


For ID Documents and Biometrics, the platform supports the option of two distinct triggers to start the retention period:

  • Case Completion: The retention period begins counting as soon as a case reaches a terminal status. The specific statuses that trigger the retention period are Completed, Abandoned, Deleted, and Rejected. Active case statuses—such as Draft, In Progress, or Ready For Review—will not trigger the retention period countdown.
  • Document Collection: Alternatively, you can start the retention period from the date each ID Document or Biometric was collected, independent of the case status. This can result in a document being deleted while the case is still being worked on.


For AML Records, the retention period begins counting down once a case reaches a terminal status, such as Completed, Abandoned, Deleted, or Rejected.


Once the specified deletion period is reached, the data is permanently and irrecoverably deleted from the platform.


Ongoing Business Relationships

To ensure AML Records are retained for ongoing business relationships, AML Records are only deleted once all records for all individuals/entities associated with a case have reached the end of the AML Records retention period. For example, if an individual is retrieved into a newer case, the system automatically extends the retention period for their older case to align with the newer case. This prevents the accidental removal of an active customer's historical profile and ensures entire cases are preserved as long as the business relationship remains active.


Legislation and jurisdiction-specific behaviour


Australian organisations


ID Document images collected before 31 March 2026 will be excluded from automatic deletion; these records are authorised for retention for 7 years from the end of the business relationship or from the date of the last occasional transaction, as permitted under the AML/CTF Act. ID document images collected on or after 31 March 2026 are deleted once the configured retention period expires.


Office-Level Overrides


If your organization operates multiple offices with distinct regional compliance mandates, administrators can set organization-level defaults and explicitly override those retention rules on a per-office basis.



How to Configure Data Deletion


If you would like to enable this feature, please contact your Customer Success Manager or email support@firstaml.com.



Frequently Asked Questions


What happens when an individual's document is retrieved into a new case?

  • When an individual is retrieved, their documents are linked between cases, rather than copied into the new case. So:
    • If the individual is added to the second case before their document has been deleted: When the retention period is reached for Case A, the document will also be deleted from Case B.
    • If the individual is added after their document has been deleted: The individual will be retrieved into the new case without their ID Document images / Biometric videos. Their document metadata will still be available.


What happens if we change the AML record retention period in our settings?

  • Configuration changes take effect on the very next scheduled run of the automated background job. The platform applies the updated duration live at run time, meaning there is no backend data recomputation step required for your historical backlog.



How does the system behave if an individual is shared across multiple office profiles with different deletion rules?

  • Deletion remains strictly constrained to the client and office scope of the case. Storing the retention parameters at the localized case level allows the platform to safely clear data for one office that has reached its deletion criteria, while leaving the records completely intact for another office that is required to maintain them.