Customer Due Diligence for Real Estate Transactions: AML/CTF Practical Guide for Agents Australia 2026
From 1 July 2026, real estate agents must perform customer due diligence (CDD) before or while providing a designated service. If you've ever wondered exactly how to identify clients for real estate AML purposes — who you verify, what you collect, and when you need to dig deeper — this is the practical walkthrough.
CDD is the part of the regime agents interact with most. Done well, it's a few minutes of friction at onboarding. Done badly, it's the gap an AUSTRAC review will find first.
What CDD actually is
CDD is the process of knowing who your customer is, confirming they are who they say they are, and understanding enough about them to assess money-laundering risk. It is the real estate equivalent of KYC ("know your customer") that Australian banks have run for years.
The 2024 reforms move Australia to risk-based CDD, replacing the old "verify two documents against two data sources and you're done" safe harbour. Instead, the depth of your verification must match the actual risk of each customer: lighter for low-risk, heavier for high-risk.
Who do you need to identify?
For a property transaction, you generally identify and verify the customers to whom you provide the designated service. In practice that means:
- The buyer — where you act for them.
- The seller / vendor — where you act for them.
- Beneficial owners — the real people who ultimately own or control a customer that is a company, trust or other structure.
- Anyone acting on the customer's behalf — for example under a power of attorney — and their authority to do so.
The beneficial-owner point is the one agents most often miss. If your "client" is a company or a trust, the law looks through the structure to the individuals who own or control it. Identifying a Pty Ltd by its ACN is not enough — you need to know the humans behind it.
What information and documents to collect
For an individual customer, standard CDD typically establishes and verifies:
- Full legal name
- Date of birth
- Residential address
Verification can be done using reliable, independent sources — government-issued identity documents (such as a passport or driver licence) or, increasingly, electronic/digital identity verification against trusted data sources. The reforms actively encourage accredited digital verification, which is faster and creates a cleaner audit trail than photocopied licences.
For a customer that is a company or trust, you'll generally collect the entity's details (name, registration/ABN/ACN, registered office), identify its beneficial owners, and understand its ownership and control structure. For trusts, that includes understanding the trustee and the beneficiaries or class of beneficiaries.
Whatever you collect, you keep records of it — generally for seven years.
When does enhanced due diligence apply?
Enhanced customer due diligence (EDD) is the "dig deeper" tier. You step up to EDD when a customer or transaction presents higher money-laundering risk. Common triggers in property include:
- Politically exposed persons (PEPs) — senior public officials, their family members and close associates, whether foreign or domestic.
- Overseas buyers and offshore funding — particularly where funds come from, or pass through, higher-risk jurisdictions or multiple offshore accounts.
- High-value or unusual cash arrangements — large cash components, or payment structures with no obvious commercial rationale.
- Complex or opaque ownership — layered company/trust structures, nominee arrangements, or beneficial owners who are difficult to identify.
- Third-party purchasers — where someone other than the buyer appears to be providing the funds.
- Sanctions and adverse-media matches — where screening returns a hit.
EDD can include taking reasonable steps to understand the customer's source of funds or source of wealth, additional verification, senior-management sign-off, and closer ongoing monitoring. The point is proportionality: more risk, more scrutiny.
CDD doesn't stop at onboarding
CDD is not a one-time gate. You also have ongoing CDD obligations — keeping customer information current and monitoring the relationship for activity that doesn't fit what you'd expect. If something shifts and a transaction starts to look suspicious, that may trigger a Suspicious Matter Report.
A simple way to think about it
- Identify the customer (and beneficial owners).
- Verify that identity from reliable, independent sources.
- Assess the risk the customer and transaction present.
- Step up to enhanced due diligence where the risk is higher.
- Record what you did and why, and keep watching through the engagement.
How Veriqua handles CDD
Manually chasing identity documents, looking through trust structures and remembering which clients need EDD is where small agencies lose hours and create gaps. Veriqua's CDD portal is designed to assist with this workflow: it captures and verifies buyer and seller identity, walks through beneficial-owner identification, applies a risk-based assessment that flags when enhanced due diligence is required, runs PEP and sanctions screening, and stores a timestamped record for each customer.
The result is a consistent, repeatable CDD process your whole team can follow — and an evidence trail you can hand to a reviewer. Veriqua supports your CDD obligations; the responsibility to assess and manage risk remains with your agency as the reporting entity.
Frequently Asked Questions
What is customer due diligence for real estate agents?↓
Who counts as a beneficial owner in a real estate transaction?↓
When does enhanced due diligence (ECDD) apply to real estate transactions?↓
Do real estate agents need to verify both the buyer and the seller?↓
Related articles
AML/CTF Compliance Checklist for Real Estate Agents
The full obligations map — enrolment, program, CDD, SMRs and training.
The CDD Transition Myth — Corrected
Why real estate agents don't get the 3-year phase-in, and what actually applies.
SMR and TTR Guide for Real Estate Agents
The trigger, deadlines, and what you cannot say to the client.
See how Veriqua handles this
Veriqua is an Australian compliance operating system for AFSL holders and AUSTRAC reporting entities — automating AML/CTF programs, customer due diligence, transaction monitoring, SMR lodgement and board reporting.
Disclaimer: This article is general information only and is current as at March 2026. It reflects our understanding of the AML/CTF reforms, the AML/CTF Rules 2025 and AUSTRAC guidance as at that date, all of which may change. It is not legal, financial or compliance advice and must not be relied on as such. Your CDD obligations depend on the designated services you provide and your own circumstances. Obtain advice from a qualified professional and refer to current AUSTRAC guidance before acting.