Customer Due Diligence

What is customer due diligence

Customer due diligence, often called CDD, is how you establish who your customer is and whether their behaviour and funding make sense. It typically covers four core areas:

1. Identifying the customer and verifying their identity using reliable, independent sources.

2. Identifying the beneficial owner and taking reasonable measures to verify who that is, including understanding ownership and control for legal persons and legal arrangements.

3. Understanding the purpose and intended nature of the business relationship.

4. Conducting ongoing due diligence and transaction scrutiny so activity remains consistent with what you know about the customer and their risk profile, including source of funds where needed.

AUSTRAC provides guidance on customer due diligence before providing a designated service and points to section 32 of the AML and CTF Act and Chapter 6 of the AML and CTF Rules as key legislation.

Why customer due diligence matters for Tranche 2 entities

Tranche 2 businesses often sit close to high value assets and complex structures. Property, companies, trusts, and client funds are all attractive to criminals because they can be used to disguise ownership, move value, and create legitimacy.

Australia’s reforms make the expectation clearer. Reporting entities must take measures focused on identifying, assessing, and mitigating money laundering, terrorism financing, and proliferation financing risk. This is not meant to be a box ticking document exercise. It is meant to be practical and proportionate to risk.

CDD is where that practical approach becomes real.

When customer due diligence must happen

AUSTRAC’s professional services reform guidance is direct. If you provide designated services from 1 July 2026, you must comply with the Act and Rules from that date, and you must complete the necessary steps to know your customer before you start to provide them with a designated service.

AUSTRAC also provides dedicated guidance on CDD reforms that came into effect in 2021 for existing reporting entities, including how AUSTRAC interprets the obligation to verify a customer before providing a designated service and the exceptions.

Customer due diligence in Tranche 2 professional services

Under the reforms, certain professional services become designated services. Examples include assisting in planning or executing real estate transactions, buying or selling bodies corporate or legal arrangements, receiving or managing a person’s property to help execute a transaction, and providing registered office services.

For these services, CDD is not optional. It is a gatekeeper. You do it before you start the regulated service.

Practical customer due diligence examples

Example 1: Real estate transaction support

A professional assists in a real estate sale or purchase. CDD should cover who the buyer is, who ultimately owns or controls the buyer if it is a company or trust, and why the transaction makes sense. If funding comes from a third party, document the relationship and reason.

Example 2: Receiving and holding client funds

A firm is asked to receive and hold funds to help execute a transaction. This is high risk in practice because funds can be layered through professional accounts. CDD should include stronger source of funds questions and clear purpose.

Example 3: Corporate restructuring

A professional helps create or restructure a body corporate or legal arrangement. CDD should focus on beneficial ownership, control, and whether the structure has a legitimate rationale.

Best practice CDD controls for Tranche 2 readiness

1. Build a clear CDD standard that matches customer types. Individuals, companies, partnerships, and trusts do not present the same risks. Your procedures should reflect the differences, especially on beneficial ownership and control.
2. Make beneficial ownership workable. FATF standards expect reasonable measures to verify beneficial owners and understand ownership and control structures. Do not stop at the first layer of shareholding if it is clearly a front.
3. Capture purpose and intended nature in plain English. A short, well written file note often carries more value than pages of documents with no narrative.
4. Apply enhanced steps where risk is higher. Higher risk indicators include complex structures, unusual jurisdictions, politically exposed persons, unexplained third party funding, and urgency that does not fit the customer profile.
5. Make ongoing monitoring realistic. Ongoing due diligence does not always mean software. It can mean periodic reviews, matter based triggers, and a culture of escalation where staff raise concerns early.
6. Train staff early, not in June 2026. AUSTRAC expects that by 1 July 2026 newly regulated entities are enrolled, have an AML and CTF program, have a compliance officer, have trained staff, and are ready to report suspicious matters.

Common challenges

1. Treating CDD as document collection rather than understanding.

2. Weak beneficial ownership checks for trusts and layered companies.

3. Over reliance on customer explanations without corroboration.

4. Inconsistent staff decisions, especially on third party payments and unusual funding.

5. Poor record keeping that does not show why the firm was comfortable to proceed.

How Tranche 2 Consultants can help

Tranche 2 Consultants can build your CDD framework from the ground up, including customer type checklists, beneficial ownership templates, escalation pathways, training, and file review processes. We focus on practical workflows that staff can apply consistently, not policy documents that sit on a shelf.

Final Thoughts on CDD

Customer due diligence is the heart of an effective AML and CTF program. Done well, it reduces exposure to illicit finance, protects your firm’s reputation, and helps you meet AUSTRAC expectations from day one of regulation.