Individual Client Onboarding
CDD requirements for natural persons — including sole traders and individual beneficial owners
Standard CDD ThresholdAll individual clients must complete standard CDD before services are provided. EDD is required if any high-risk indicators are present.
1
Client Identification
| # Required Action | Evidence to Collect | Doc Type | Status | Staff Member | Date | Comments |
|---|---|---|---|---|---|---|
| 1 Collect full legal name | As per primary photo ID | Photo ID | ||||
| 2 Date of birth | As per primary photo ID | Photo ID | ||||
| 3 Current residential address | Utility bill, bank statement or rates notice (< 3 months) | Address Doc | ||||
| 4 Primary photo ID (one required) | Australian passport, driver licence, or Medicare card + secondary ID | Primary ID | ||||
| 5 Nationality / citizenship | Passport or citizenship documentation | Photo ID | ||||
| 6 Occupation and employer details | Self-declaration, payslip, or LinkedIn | Declaration |
2
Screening Checks
| # Required Action | Evidence to Collect | Doc Type | Status | Staff Member | Date | Comments |
|---|---|---|---|---|---|---|
| 7 PEP screening | Screening result (pass/flag) — record date and source | Screening | ||||
| 8 Sanctions screening (DFAT / OFAC / UN) | Screening result — record source and outcome | Screening | ||||
| 9 Adverse media check | Search result summary — note any flags | Screening |
3
Risk Assessment & Outcome
| # Required Action | Evidence to Collect | Doc Type | Status | Staff Member | Date | Comments |
|---|---|---|---|---|---|---|
| 10 Assign risk rating (Low / Medium / High) | Risk scoring rationale documented | Risk Record | ||||
| 11 Conduct EDD if High risk | Source of funds, source of wealth, purpose of relationship | EDD | ||||
| 12 Compliance Officer approval (High risk) | Sign-off documented | Approval | ||||
| 13 Generate evidence pack | PDF export of all CDD records for this client | Evidence Pack | ||||
| 14 Set next review date | Monitoring schedule recorded in system | Review Schedule |
Company Onboarding (Pty Ltd / Ltd)
CDD requirements for Australian companies, including beneficial owner identification
Beneficial Owner RuleYou must identify and verify all individuals who own or control more than 25% of the company. If no individual meets this threshold, identify the senior managing official.
1
Company Verification
| # Required Action | Evidence to Collect | Doc Type | Status | Staff Member | Date | Comments |
|---|---|---|---|---|---|---|
| 1 Full company legal name | ASIC Company Extract (current) | Corporate | ||||
| 2 ACN / ABN | ASIC extract or ABR search | Corporate | ||||
| 3 Registered address | ASIC extract | Corporate | ||||
| 4 Nature of business | Self-declaration or ASIC extract | Declaration | ||||
| 5 List of all directors | ASIC extract — full names, dates of birth | Corporate | ||||
| 6 Share register — identify >25% shareholders | ASIC extract or self-declared register | Corporate |
2
Beneficial Owner Verification (per individual)
| # Required Action | Evidence to Collect | Doc Type | Status | Staff Member | Date | Comments |
|---|---|---|---|---|---|---|
| 7 Full legal name of each BO | Photo ID for each beneficial owner | Photo ID | ||||
| 8 Date of birth (each BO) | Photo ID | Photo ID | ||||
| 9 Residential address (each BO) | Address verification document | Address Doc | ||||
| 10 PEP & sanctions screening (each BO) | Screening results for each individual | Screening |
3
Screening & Risk Assessment
| # Required Action | Evidence to Collect | Doc Type | Status | Staff Member | Date | Comments |
|---|---|---|---|---|---|---|
| 11 Sanctions screening (entity name) | DFAT/OFAC/UN screening result | Screening | ||||
| 12 Adverse media check | Google / media search summary | Screening | ||||
| 13 Assign risk rating | Risk scoring rationale | Risk Record | ||||
| 14 EDD if high risk (source of funds, ownership chain) | EDD documentation | EDD | ||||
| 15 Generate evidence pack & set review date | PDF evidence pack exported | Evidence Pack |
Trust Onboarding
CDD requirements for discretionary trusts, unit trusts, and hybrid trusts
Discretionary Trusts — Extra Care RequiredWhere no beneficiary holds a fixed entitlement of more than 25%, you must identify the class of beneficiaries AND the senior managing trustee as the beneficial owner. Document your rationale clearly.
1
Trust Verification
| # Required Action | Evidence to Collect | Doc Type | Status | Staff Member | Date | Comments |
|---|---|---|---|---|---|---|
| 1 Full name of trust | Trust deed — front page | Trust Deed | ||||
| 2 Type of trust (discretionary, unit, hybrid) | Trust deed — operative clauses | Trust Deed | ||||
| 3 Date of establishment | Trust deed — execution date | Trust Deed | ||||
| 4 Settlor identity | Trust deed, photo ID of settlor if natural person | Trust Deed | ||||
| 5 Trustee identity and verification | Corporate trustee: ASIC extract + director IDs; Individual trustee: photo ID | Corporate/ID | ||||
| 6 Beneficiaries — identify all with >25% interest | Trust deed — schedule of beneficiaries | Trust Deed | ||||
| 7 Verify beneficial owners (photo ID + address) | Photo ID for each BO with >25% interest | Photo ID |
2
Screening & Risk Assessment
| # Required Action | Evidence to Collect | Doc Type | Status | Staff Member | Date | Comments |
|---|---|---|---|---|---|---|
| 8 PEP screening — trustee & all BOs | Screening results per individual | Screening | ||||
| 9 Sanctions screening — trustee & all BOs | DFAT/OFAC/UN results | Screening | ||||
| 10 Assign risk rating | Risk scoring rationale — note complexity of structure | Risk Record | ||||
| 11 EDD if high risk | Source of funds, purpose of relationship, structure rationale | EDD | ||||
| 12 Generate evidence pack & set review date | PDF evidence pack exported | Evidence Pack |
SMSF Onboarding
CDD requirements for Self-Managed Superannuation Funds
SMSF Structure NoteSMSFs may have individual trustees or a corporate trustee. Identify and verify all members/directors. Most SMSFs are lower risk but related-party transactions may elevate risk rating.
1
SMSF Entity Verification
| # Required Action | Evidence to Collect | Doc Type | Status | Staff Member | Date | Comments |
|---|---|---|---|---|---|---|
| 1 Full name of SMSF | ATO Super Fund Lookup or trust deed | Trust Deed | ||||
| 2 ABN of SMSF | ATO Super Fund Lookup | ATO Lookup | ||||
| 3 Confirm regulated status with ATO | ATO Super Fund Lookup — status: Registered/Complying | ATO Lookup | ||||
| 4 Type of trustee (individual or corporate) | Trust deed — trustee clause | Trust Deed | ||||
| 5 List all members | Trust deed — schedule of members | Trust Deed | ||||
| 6 Corporate trustee: ASIC extract + director IDs | ASIC extract (current), photo ID each director | Corporate |
2
Member / Trustee Verification
| # Required Action | Evidence to Collect | Doc Type | Status | Staff Member | Date | Comments |
|---|---|---|---|---|---|---|
| 7 Photo ID — each member/trustee | Passport, driver licence | Photo ID | ||||
| 8 Residential address — each member | Address verification document | Address Doc | ||||
| 9 PEP screening — all members | Screening results | Screening | ||||
| 10 Sanctions screening — all members | DFAT/OFAC/UN results | Screening | ||||
| 11 Note any related-party transaction exposure | Self-declaration or transaction history | Declaration |
3
Risk Assessment & Outcome
| # Required Action | Evidence to Collect | Doc Type | Status | Staff Member | Date | Comments |
|---|---|---|---|---|---|---|
| 12 Assign risk rating | Risk rationale — note related-party exposure if applicable | Risk Record | ||||
| 13 EDD if elevated risk | Source of funds documentation | EDD | ||||
| 14 Generate evidence pack & set review date | PDF evidence pack exported | Evidence Pack |
Risk Rating Guide
Reference guide for assigning and documenting client risk ratings under your AML/CTF program
The Risk-Based ApproachAUSTRAC requires a risk-based approach — you must assess the ML/TF risk posed by each client and apply proportionate CDD measures. Documenting your rationale is as important as the rating itself.
1
Risk Factor Matrix
| Risk Factor | Low Risk Indicators | Medium Risk Indicators | High Risk Indicators |
|---|---|---|---|
| Client Type | Australian resident individual, domestic company with known owners | Foreign national, trust with complex structure | PEP, high-risk country national, anonymous beneficial owner |
| Geography | Australia, NZ, UK, US, Canada | Eastern Europe, some SE Asian countries | FATF grey list / black list countries, sanctions targets |
| Service Type | Tax compliance, audit, general advice | Trust formation, asset management | Cash-intensive business, real estate >$5M, complex offshore structures |
| Transaction Size | Typical for client type and industry | Above industry average, inconsistent with stated income | Large unexplained cash, structuring behaviour, rapid movement of funds |
| Business Purpose | Clear, consistent business purpose | Unusual but explainable purpose | No clear business purpose, inconsistent explanations |
| PEP / Sanctions | No match on any screening list | Family member or associate of a PEP | Direct PEP match or sanctions list match |
2
Risk Rating Definitions & Actions
| Rating | Definition | Required CDD | Review Frequency |
|---|---|---|---|
| Low | Client presents minimal ML/TF risk. Stable, transparent, well-known entity or individual with clear purpose. | Standard CDD only. Photo ID, address, basic screening. | Every 3 years or on material change |
| Medium | Client presents moderate ML/TF risk due to complexity, unusual activity, or incomplete information. | Standard CDD plus enhanced documentation. Additional source of funds questions. | Every 2 years or on material change |
| High | Client presents elevated ML/TF risk. PEP match, high-risk geography, unusual activity, or complex structure. | Full EDD required: source of funds, source of wealth, ownership chain. Compliance Officer sign-off. | Every 12 months or on any suspicious activity |
3
Enhanced Due Diligence (EDD) Checklist
| EDD Requirement | Evidence / Document | Obtained |
|---|---|---|
| Source of funds — what generates the funds being used? | Payslips, tax returns, business financials, sale documents | |
| Source of wealth — how did the client accumulate their overall wealth? | Personal statement, business ownership records, inheritance documents | |
| Purpose of the business relationship | Written declaration, engagement letter scope | |
| Explanation of complex or unusual structure | Written rationale from client, legal advice | |
| Ongoing enhanced monitoring agreed | Noted in file / system | |
| Compliance Officer sign-off obtained | Documented approval |
4
When to File a Suspicious Matter Report (SMR)
| Trigger | Action | Timeframe |
|---|---|---|
| Suspicion that a matter may be related to ML/TF or other serious crime | File SMR via AUSTRAC Online | As soon as practicable — no later than 24 hours for terrorism financing suspicion; 3 business days for other ML suspicion |
| Client structures transactions to avoid reporting thresholds | File SMR and note structuring behaviour | As soon as practicable |
| Client provides false or inconsistent identification documents | File SMR and cease services if appropriate | Immediately |
| Unusual cash activity inconsistent with stated business purpose | Investigate, document, and file SMR if suspicion remains | As soon as practicable |
| Client requests unusual secrecy or asks about reporting obligations | Document and consider SMR — do not "tip off" the client | As soon as practicable |
Tipping Off: It is a criminal offence under the AML/CTF Act to disclose to a client that a suspicious matter report has been or may be filed, or to disclose the contents of such a report. Never inform a client you are filing or considering an SMR.