Know Your Client, Not Just Your Matter: CDD Obligations for Australian Solicitors | AML/CTF Solicitors Australia 2026
A solicitor's instinct is to know the matter inside out. From 1 July 2026, Australian legal practices that provide designated services also have to know the client — formally, and on the record. That obligation is called customer due diligence (CDD), and it is the part of the AML/CTF regime that touches the most files.
This is a plain-English practice guide, not legal advice. The detail of what your firm must collect should be set in your own AML/CTF Program, based on your risk assessment and current AUSTRAC guidance.
CDD is risk-based — three levels, not one
The regime is deliberately risk-based. You do not apply the same intensity to every client. In broad terms there are three levels:
- Standard CDD — the default. You identify the client and verify their identity from reliable, independent information before you provide the designated service, and you understand the nature and purpose of the matter.
- Simplified CDD — a lighter approach available where the money-laundering and terrorism-financing risk is genuinely low. It still requires you to be satisfied the risk is low and to keep monitoring; it is not a free pass.
- Enhanced CDD (ECDD) — a deeper level for higher-risk clients and matters: closer verification, scrutiny of source of funds and source of wealth, and senior sign-off before proceeding.
What to collect — individuals, companies and trusts
The information you gather scales with the type of client. As a general guide to the kind of detail typically expected:
- Individuals — full name, date of birth and residential address, verified against reliable and independent sources (for example, government-issued identification).
- Companies — the company's full name and registration details and registered office, plus the people behind it: the beneficial owners (broadly, the individuals who ultimately own or control the company, commonly assessed against a 25% ownership or control threshold) and anyone authorised to act for the company.
- Trusts — the trust's name and type, and details of the trustee(s), the settlor, and the beneficiaries or class of beneficiaries, so you can see who ultimately benefits and controls the arrangement.
The recurring theme for company and trust clients is looking past the entity to the natural persons behind it — which is exactly where launderers rely on professionals not to look. Treat the items above as the kind of detail required rather than a fixed legal checklist; the precise requirements sit in the AML/CTF Rules and AUSTRAC guidance and should be reflected in your program.
The obligation does not stop at onboarding
CDD is not a one-off gate at the start of a matter. Once a client is onboarded you have an ongoing monitoring obligation: keep your understanding of the client current, watch for activity that does not fit what you know about them, and keep their information up to date. If the risk picture changes — new parties, unusual fund flows, a shift in instructions — you may need to step up to enhanced CDD or review the relationship.
Where the operational burden really lands — and where Veriqua helps
In a typical practice, the work that explodes the compliance overhead is verification at scale: every property settlement means verifying the buyer, the seller, and the beneficial owners behind any corporate trustees, before the matter opens. Multiplied across every conveyancing file, trust formation and company incorporation, that load adds up fast.
Veriqua is built to absorb it. The platform's KYC and customer onboarding is customer-type-aware — individual, company, trust, SMSF and partnership — with identity verification for individuals and ASIC Registry and ABN/trust verification for entities, and a client portal so customers complete identity submission themselves. A beneficial-ownership register captures the ownership chain and tracks the 25% threshold; a customer risk register holds each client's CDD tier, review date and status. Two minutes, no login: demo.veriqua.com.au/start.
Frequently Asked Questions
When must a law firm carry out CDD on a client?↓
What is 'simplified CDD' and when can a law firm use it?↓
What triggers enhanced CDD for a law firm?↓
Does a law firm need to identify the beneficial owner of a corporate client?↓
Related articles
Is Your Law Firm an AUSTRAC Reporting Entity?
Which legal services are designated, and the three foundational steps every practice must take.
When Does a Law Firm Have to Lodge an SMR?
The 24-hour and 3-business-day rules, tipping-off, and red flags in conveyancing and trust matters.
Building an AML/CTF Program for a Legal Practice
The ML/TF Risk Assessment and AML/CTF Policies: how the two parts fit together.
See how Veriqua handles this
Veriqua is an Australian compliance operating system for AFSL holders and AUSTRAC reporting entities — automating AML/CTF programs, customer due diligence, transaction monitoring, SMR lodgement and board reporting.
Disclaimer: This article is general information only and is current as at February 2026. It reflects our understanding of the AML/CTF reforms and AUSTRAC guidance as at that date, all of which may change. It is not legal, financial or compliance advice and must not be relied on as such. The identification and verification your firm must perform depends on your designated services and your own risk assessment. Please confirm your requirements against current AUSTRAC guidance and the AML/CTF Act and Rules, and with your professional body and advisers, before acting.