AUSTRAC Customer Due Diligence Checklist for Small Business
Complete step-by-step checklist for verifying customers under AUSTRAC Tranche 2 requirements. Covers individuals, companies, trusts, and SMSFs. Print-friendly format for easy reference.
Download PDF Checklist
Get a printable PDF version for your office.
What is Customer Due Diligence (CDD)?
Customer Due Diligence (CDD) is the process of verifying a customer's identity and assessing their money laundering risk before providing designated services. Under AUSTRAC Tranche 2 (starting July 1, 2026), all real estate agents, accountants, lawyers, and other covered businesses must complete CDD for every client.
CDD Requirements at a Glance:
- Verify customer identity BEFORE providing services
- Collect and verify identity documents
- Screen against AML watchlists (PEPs, sanctions)
- Assess money laundering risk
- Keep records for 7 years
- Re-verify customers at appropriate intervals
Individual Customer Checklist
For sole traders and individual clients
1Collect Basic Information
- Full legal name (as shown on ID)
- Date of birth
- Residential address (not PO Box)
- Contact number and email
2Verify Identity Documents
Choose ONE primary document:
- Australian driver licence (check expiry, photo, address)
- Australian passport (valid, check photo matches)
- Medicare card (current, check name and number)
- Foreign passport (for non-residents)
3Verify Document Authenticity
- Check document not expired
- Verify security features (holograms, watermarks)
- Compare photo on ID to person (or live selfie)
- Check against DVS (Document Verification Service) if possible
4Biometric Verification
- Capture live selfie of customer
- Perform liveness check (ensure not a photo/video)
- Compare selfie to photo ID (minimum 80% match)
5AML Watchlist Screening
- Screen against DFAT sanctions list
- Check Politically Exposed Persons (PEP) databases
- Search adverse media (if high-risk customer)
- Document screening results and date
6Risk Assessment
- Assess customer risk level (Low / Medium / High)
- Consider transaction type and amount
- Check source of funds if high-value transaction
- Document risk rating and justification
7Record Keeping
- Store copy of identity documents (7 years)
- Save verification results and timestamps
- Document risk assessment outcome
- Create CDD completion certificate/report
⏱️ Time required: 10-15 minutes per customer manually
💡 With FreeAML: 60 seconds automated verification
Company/Trust/SMSF Checklist
For entity customers
1Collect Entity Information
- Full legal entity name
- ACN (Australian Company Number) - 9 digits
- ABN (Australian Business Number) - 11 digits
- Registered office address
- Principal place of business
2Verify Entity Registration
- Obtain ASIC company extract (for companies)
- Obtain trust deed (for trusts)
- Check Super Fund Lookup (for SMSFs)
- Verify ABN on ABN Lookup
3Identify Beneficial Owners (UBOs)
- Identify all persons with 25%+ ownership
- Identify persons with effective control
- Trace ownership through corporate structures
- Document ownership chain/structure
4Verify Each Beneficial Owner
- Complete individual CDD for EACH UBO (see checklist above)
- Collect photo ID from each UBO
- Biometric verification for each UBO
- AML screening for each UBO
5Entity AML Screening
- Screen entity against sanctions lists
- Check for adverse media on entity
- Verify entity not under investigation/deregistered
6Record Keeping
- Store ASIC extract/trust deed (7 years)
- Save UBO identification documents (7 years)
- Document ownership structure diagram
- Create entity CDD completion report
⏱️ Time required: 30-60 minutes per entity manually
💡 With FreeAML: 60-90 seconds automated verification + UBO detection
Common CDD Mistakes to Avoid
Accepting expired ID documents
✓ Always check expiry date. Expired documents are not valid for CDD.
Not verifying document authenticity
✓ Check security features, holograms, and use DVS where possible.
Skipping biometric verification
✓ Selfie + liveness check is required. Photo ID alone is insufficient.
Missing beneficial owners in entity verification
✓ Must identify and verify ALL persons with 25%+ ownership.
Not screening against AML watchlists
✓ Screen every customer against sanctions, PEPs, and adverse media.
Poor record keeping
✓ Store all documents for 7 years. Include timestamps and verification results.
Accepting PO Box addresses
✓ Must collect residential address (not PO Box). Can be different from mailing address.
Skip Manual Checklists Forever
FreeAML automates every step of this checklist. Send a link, get an AUSTRAC-compliant CDD report in 60 seconds. No manual paperwork, no room for error.
Individual
$15
Company/Trust
$35
Client Pays
FREE
Frequently Asked Questions
Do I need to complete this checklist for every customer?
Yes. CDD is required for EVERY customer before providing designated services. No exceptions, even for small transactions or repeat customers (unless recently verified).
How often do I need to re-verify existing customers?
Low-risk customers: every 3 years. Medium-risk: every 2 years. High-risk: annually. Also re-verify if customer circumstances change significantly.
Can I accept scanned or photocopied ID documents?
Only if verified via DVS (Document Verification Service) or with biometric matching. Original document inspection is preferred.
What if my customer refuses to provide documents?
You CANNOT provide designated services without completing CDD. If a customer refuses, you must decline the engagement.