top of page
FAQ AML Client Due Diligence_1920x800px.jpg

FAQs - AML Client Due Diligence

What is Customer Due Diligence (CDD)? 

CDD means verifying who your client is (and if it’s a company/trust who the beneficial owners are), understanding the nature and purpose of the service you’re providing and assessing the risk that the client or service might be used for money-laundering or terrorism-financing.

When do I need to apply CDD?

You need to apply CDD:

  • Before providing the designated regulated service to a new client (or as soon as possible thereafter) - Initial CDD.

  • During the designated service when you have a business relationship (ongoing client) with a client, not just one-off transactions - Ongoing CDD.

  • Whenever there is a change in risk profile or you suspect something is different - Ongoing CDD.

What is Enhanced Customer Due Diligence (ECDD)? 

You should review it regularly and update it when there are changes in your firm, your services, your clients or your operating environment. 

If you introduce a new service, expand into a new jurisdiction, start working with new types of clients (for example higher risk ones) you should revisit the assessment.

It also needs to be updated when information is communicated by AUSTRAC that identifies or assesses ML/TF risks related to your designated services. 

When do I need to apply ECDD? 

You need to apply ECDD when your risk assessment shows a client or transaction is high risk. 

Examples include: dealing with foreign politically exposed persons (PEPs), clients with complex ownership structures, large property transactions, unusual transactions, or where you cannot verify usual information easily.

What is ongoing due diligence? 

Ongoing due diligence means you keep checking your client relationship over time. It is not just a one-time check with the onboarding of the new client. It involves monitoring transactions, updating the client’s information if things change, and reassessing risk as you go.

Do I need to check every client’s ID for CDD?  

Yes. Generally you must collect and verify identity information for all clients before you provide the regulated service (or as soon as possible thereafter). However, how much verification depends on the risk: simpler checks may be acceptable for low-risk clients, more intensive checks for higher-risk clients.

Need Experts on Your Side?

Get in touch with our experts today to find out how we can help you.

What is Simplified Customer Due Diligence (SCDD)?

Under the AML/CTF reform guidance from AUSTRAC, simplified CDD is a streamlined set of checks you can apply when a customer’s money-laundering / terrorism-financing (ML/TF) risk is assessed as low. 

 

Key features:

 

You still must identify the customer, gather “know-your-customer” (KYC) information and determine their ML/TF risk. 

The simplified route is not a waiver of your obligations. You must still satisfy the core duties of initial CDD (identity, risk assessment, verification where needed). 

 

You can only use simplified CDD if:

  • You have assessed the customer’s ML/TF risk as low;

  • You are not required to apply the higher standard of enhanced CDD; and 

  • Your internal AML/CTF policies state when and how simplified CDD will be used. 

 

For firms in legal, conveyancing or property sectors this means you’ll still check who the client is, what they’re doing, maybe source of funds, etc., but you might be able to apply fewer or less intensive verification steps compared to a higher-risk transaction or client (e.g., foreign PEP, complex trust, large value high-risk property acquisition).

Need Answers to More Questions?

bottom of page