Know Your Client Under the AML/CTF Act: CDD Obligations for Australian Accountants 2026
For accountants, customer due diligence (CDD) is the obligation that bites hardest — because the clients you work with every day are exactly the structures the AML/CTF regime scrutinises most closely. Discretionary trusts, SMSFs, unit trusts and companies with layered ownership are precisely where "who is the real customer here?" gets complicated.
Here's how CDD works under the reforms for the structures accountants deal with, and what it takes to do it defensibly.
CDD is a process, not a form
CDD is the process of knowing who your client is, verifying it from reliable sources, understanding the risk they present, and keeping that picture current. It's the equivalent of the know-your-customer (KYC) discipline banks have run for years — now applied to accounting practices that provide designated services.
The reforms put CDD on a risk-based footing. The depth of your checks scales to the risk of each client: lighter for genuinely low-risk, heavier for high-risk. And it's ongoing — not a one-time gate at onboarding, but a relationship you keep monitoring.
The hard part: beneficial ownership
When your client is a trust, SMSF or company, the law looks through the structure to the beneficial owners — the real individuals who ultimately own or control it. Identifying the entity is not enough; you need the humans behind it.
What that means in practice:
- Discretionary (family) trusts — identify the trustee(s), the appointor (who can control the trustee), the settlor, and the beneficiaries or class of beneficiaries. Discretionary structures are scrutinised because control and benefit can be diffuse.
- SMSFs — identify the members and the trustee structure (individual trustees or a corporate trustee and its directors). Watch for changes in membership or control.
- Unit trusts — identify the trustee and the unitholders, including those holding a controlling interest.
- Companies — identify the directors and the individuals who ultimately own or control the company (typically those holding more than 25%, but control can exist below that threshold through other means).
Where a structure is layered — entities owning entities — you trace the chain until you reach the natural persons in control.
What you collect and verify
For an individual (whether the client or a beneficial owner), standard CDD generally establishes and verifies full legal name, date of birth and residential address, using reliable and independent sources — government-issued ID or, increasingly, accredited electronic/digital identity verification, which is faster and leaves a cleaner audit trail. For an entity, you collect its details and registration, and identify its beneficial owners and control structure.
When enhanced CDD applies
You step up to enhanced customer due diligence (EDD) where a client or transaction presents higher risk. Common triggers for accountants include:
- Politically exposed persons (PEPs) — domestic or foreign senior officials, their family and close associates.
- Offshore beneficial owners or funds from higher-risk jurisdictions.
- Complex or opaque structures with no clear commercial rationale, or nominee arrangements.
- Source-of-funds or source-of-wealth concerns — wealth inconsistent with the client's known profile.
Keep it current
Because CDD is ongoing, you keep client information up to date and watch for activity that doesn't fit what you'd expect — a trust suddenly moving large sums, a new offshore party appearing in a structure, a change of control. If the picture shifts and something starts to look suspicious, that may trigger a Suspicious Matter Report. And whatever you do, you keep records of it — generally for seven years.
How Veriqua helps
Veriqua's KYC module is designed to be customer-type-aware — it knows a trust is not an SMSF is not a company, and walks you through the right identification path for each. It is designed to trigger identity verification through accredited channels, map beneficial ownership chains through layered structures, flag when enhanced (or simplified) due diligence applies, run PEP and sanctions screening, and keep an auditable, timestamped record for every client.
Veriqua supports your CDD; the responsibility to assess and manage client risk stays with your practice.
Frequently Asked Questions
What structures must accountants look through to identify beneficial owners?↓
When does enhanced due diligence (ECDD) apply for accountants?↓
Is customer due diligence a one-time check at the start of a client relationship?↓
Do accountants need to lodge Threshold Transaction Reports (TTRs) with AUSTRAC?↓
Related articles
Am I Even Captured? Scope for Accountants
Which accounting services are designated services and trigger the AML/CTF regime.
Business-Wide Risk Assessment for Accountants
The ML/TF risk assessment — what AUSTRAC expects and how to complete one.
SMR and TTR Guide for Accountants
The trigger, deadlines, and consequences for failing to report.
See how Veriqua handles this
Veriqua is an Australian compliance operating system for AFSL holders and AUSTRAC reporting entities — automating AML/CTF programs, customer due diligence, transaction monitoring, SMR lodgement and board reporting.
Disclaimer: This article is general information only and is current as at March 2026. It reflects our understanding of the AML/CTF reforms, the AML/CTF Rules 2025 and AUSTRAC guidance as at that date, all of which may change. Verification and beneficial-ownership requirements depend on your circumstances and the structures involved. This is not legal, financial or compliance advice. Obtain advice from a qualified professional and refer to current AUSTRAC guidance before acting.