AML/CTF · Accountants

Know Your Client Under the AML/CTF Act: CDD Obligations for Australian Accountants 2026

Published 11 March 2026Last reviewed March 20265 min readBy Paul Wise

For accountants, customer due diligence (CDD) is the obligation that bites hardest — because the clients you work with every day are exactly the structures the AML/CTF regime scrutinises most closely. Discretionary trusts, SMSFs, unit trusts and companies with layered ownership are precisely where "who is the real customer here?" gets complicated.

Here's how CDD works under the reforms for the structures accountants deal with, and what it takes to do it defensibly.

CDD is a process, not a form

CDD is the process of knowing who your client is, verifying it from reliable sources, understanding the risk they present, and keeping that picture current. It's the equivalent of the know-your-customer (KYC) discipline banks have run for years — now applied to accounting practices that provide designated services.

The reforms put CDD on a risk-based footing. The depth of your checks scales to the risk of each client: lighter for genuinely low-risk, heavier for high-risk. And it's ongoing — not a one-time gate at onboarding, but a relationship you keep monitoring.

The hard part: beneficial ownership

When your client is a trust, SMSF or company, the law looks through the structure to the beneficial owners — the real individuals who ultimately own or control it. Identifying the entity is not enough; you need the humans behind it.

What that means in practice:

  • Discretionary (family) trusts — identify the trustee(s), the appointor (who can control the trustee), the settlor, and the beneficiaries or class of beneficiaries. Discretionary structures are scrutinised because control and benefit can be diffuse.
  • SMSFs — identify the members and the trustee structure (individual trustees or a corporate trustee and its directors). Watch for changes in membership or control.
  • Unit trusts — identify the trustee and the unitholders, including those holding a controlling interest.
  • Companies — identify the directors and the individuals who ultimately own or control the company (typically those holding more than 25%, but control can exist below that threshold through other means).

Where a structure is layered — entities owning entities — you trace the chain until you reach the natural persons in control.

What you collect and verify

For an individual (whether the client or a beneficial owner), standard CDD generally establishes and verifies full legal name, date of birth and residential address, using reliable and independent sources — government-issued ID or, increasingly, accredited electronic/digital identity verification, which is faster and leaves a cleaner audit trail. For an entity, you collect its details and registration, and identify its beneficial owners and control structure.

When enhanced CDD applies

You step up to enhanced customer due diligence (EDD) where a client or transaction presents higher risk. Common triggers for accountants include:

  • Politically exposed persons (PEPs) — domestic or foreign senior officials, their family and close associates.
  • Offshore beneficial owners or funds from higher-risk jurisdictions.
  • Complex or opaque structures with no clear commercial rationale, or nominee arrangements.
  • Source-of-funds or source-of-wealth concerns — wealth inconsistent with the client's known profile.
Conversely, simplified due diligence is available for clients you've assessed and documented as genuinely low-risk — so not every client needs the heaviest treatment. The watchword is proportionality.

Keep it current

Because CDD is ongoing, you keep client information up to date and watch for activity that doesn't fit what you'd expect — a trust suddenly moving large sums, a new offshore party appearing in a structure, a change of control. If the picture shifts and something starts to look suspicious, that may trigger a Suspicious Matter Report. And whatever you do, you keep records of it — generally for seven years.

How Veriqua helps

Veriqua's KYC module is designed to be customer-type-aware — it knows a trust is not an SMSF is not a company, and walks you through the right identification path for each. It is designed to trigger identity verification through accredited channels, map beneficial ownership chains through layered structures, flag when enhanced (or simplified) due diligence applies, run PEP and sanctions screening, and keep an auditable, timestamped record for every client.

Veriqua supports your CDD; the responsibility to assess and manage client risk stays with your practice.

Frequently Asked Questions

What structures must accountants look through to identify beneficial owners?
Discretionary trusts (identify the trustee, appointor, settlor and beneficiaries), SMSFs (members and trustee structure), unit trusts (trustee and controlling unitholders), and companies (directors and those with more than 25% ownership or effective control). Where structures are layered — entities owning entities — trace the chain until you reach the natural persons in control.
When does enhanced due diligence (ECDD) apply for accountants?
When client or transaction risk is elevated — offshore clients, politically exposed persons, clients reluctant to explain their structures, complex layered arrangements, or information that conflicts with what you already hold. Enhanced CDD means gathering more information and scrutinising it more carefully before proceeding.
Is customer due diligence a one-time check at the start of a client relationship?
No. CDD is ongoing. You must monitor the relationship and update your verification when circumstances change — ownership changes, new structures introduced, or information that conflicts with what you hold. The obligation continues throughout the relationship, not just at onboarding.
Do accountants need to lodge Threshold Transaction Reports (TTRs) with AUSTRAC?
Yes, where physical cash of A$10,000 or more is received in a single or related transaction. TTRs must be lodged with AUSTRAC within 10 business days. The obligation is threshold-based — it applies regardless of suspicion, automatically when the cash amount is met.

See how Veriqua handles this

Veriqua is an Australian compliance operating system for AFSL holders and AUSTRAC reporting entities — automating AML/CTF programs, customer due diligence, transaction monitoring, SMR lodgement and board reporting.

Disclaimer: This article is general information only and is current as at March 2026. It reflects our understanding of the AML/CTF reforms, the AML/CTF Rules 2025 and AUSTRAC guidance as at that date, all of which may change. Verification and beneficial-ownership requirements depend on your circumstances and the structures involved. This is not legal, financial or compliance advice. Obtain advice from a qualified professional and refer to current AUSTRAC guidance before acting.