Actually looks like it could be legit.
I wasn't doubting the legitimacy of the email, although they could have done more to make it not set off my immediate reaction of "phishing scam".
If this request is driven by the requirements of the
Anti-Money Laundering and Counter-Terrorism Financing Act 2006, I will await with interest to see whether Tradehill is considered to be a reporting entity under that act.
They're all going to have the same issues because the banks are legally bound to require the information. They're also all going to have to get financial services licences and register for GST eventually too.
For comparison, here's a link to Paypal Australia's proof of identity requirements (they hold a financial services licence as an authorised deposit taker).
https://www.paypal-education.com.au/aml/personal/index.htmlClause 12 of their Product Disclosure Statement addresses the issue of customers who need to verify their identity.
12.4 If we are required to verify your identity, we are not permitted to provide some or all of our services to you until your identity has been verified in accordance with our obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) and Anti-Money Laundering and Counter-Terrorism Financing Rules 2007 (Cth).
12.5 While your identity is being verified, or if we are unable to verify your identity, for example, you have not provided us with documentation to assist us in verifying your identity, we are unable to provide any further services to you. This may mean that:
your ability to send, receive or withdraw funds from your PayPal Account is limited; and
access to your PayPal Account and the funds in your PayPal Account is limited for an extensive period or indefinitely; and
the funds in your PayPal Account are returned to the sender; or
the funds will be subject to the applicable laws regarding unclaimed monies.
https://cms.paypal.com/au/cgi-bin/?cmd=_render-content&content_ID=ua/ProductDisclosure_full&locale.x=en_AUIt's a clause which appears in the PDS of every financial service provider in one form or another.
So what's the problem? If some time ever later authorities want to investigate the transfer which came into some account in New Zealand, and they see it came from the account of the Exchange, they just ask the Exchange about it, and Exchange gives them the account data of where funds came to this account. Each bank transfer has data of the source account, so the Exchange just looks it up in the bank statement. Problem solved, authorities can go on asking the source Russian bank about it. No need to impose additional restrictions on traders.
Verifying the funding account and verifying customer identity are two different things. The exchanges aren't just arbitrarily imposing "additional restrictions" on traders. They are required to do this under Australian law and should have been doing so all along. I'm quite sure that if their accounts holding customer deposits get frozen because they're non-compliant, people will be screaming blue murder about being unable to access their money.