Skip to content

Customer due diligence — what you collect and verify

Plain-English breakdown of CDD obligations for real estate agencies: who, what, when, and the delayed-CDD window under the amended Rules.

In short

Before providing a designated service, you identify each customer and verify that identity with reliable, independent evidence. Real estate has a delayed-CDD window: the earlier of 28 calendar days after exchange of contracts, or 3 days before the initial settlement day. ECDD applies in six specific situations set out in the Act and Rules.

Customer due diligence is the operational core of the AML/CTF regime. Before providing a designated service — or within the delayed-CDD window where that applies — you identify the customer and verify the identity using reliable and independent sources.

Individuals. Collect and verify:

  • Full name
  • Date of birth
  • Residential address

Verification typically runs through the Document Verification Service (DVS) against a passport, driver's licence, Medicare card, or birth certificate. A single primary photographic document, or a defined combination of non-photographic documents, satisfies the requirement.

Companies. Collect and verify:

  • Full company name and ACN
  • Registered office address
  • Names of directors, with identity verification for each
  • Names of beneficial owners (25% threshold), with identity verification for each

Verification runs against the ASIC register for the entity and the standard individual process for each director and beneficial owner.

Trusts. Collect:

  • Trust name and type (discretionary, unit, testamentary, charitable, fixed)
  • The trust deed or a certified extract
  • Names of trustees, settlor, appointor, and beneficiaries (or class of beneficiaries where naming each is not practicable, per Rules s 6-3(3))
  • Identity verification of the trustee, and beneficial-owner verification of the controlling parties

Partnerships, incorporated associations, and government bodies have their own analogous requirements.

Beneficial ownership. The threshold is 25%. Where no single individual holds 25% or more, identify the natural person who exercises control through some other means — voting rights, contractual arrangements, or the right to appoint directors.

Timing. The default rule (Act s 28) is that CDD is completed before the designated service is provided. The Act allows delayed CDD in defined circumstances (s 29). For real estate, AML/CTF Rules 2025 s 6-32(4), as amended by F2026L00353 from 31 March 2026, sets the delayed-CDD window as the earlier of 28 calendar days after exchange of contracts, or 3 days before the initially agreed settlement day. The clock runs in calendar days. Missing it is a standalone contravention.

For a seller's agent dealing with a buyer who arrives mid-listing, AUSTRAC's guidance is that you start providing the designated service to that buyer when their offer is accepted or the contract is signed — and the delayed-CDD clock starts there.

Three intensities. Standard CDD is the default. Simplified CDD is available for certain low-risk customer categories — listed public companies, government bodies. Enhanced CDD (ECDD) is mandatory in six situations under Act s 32 and Rules s 6-20:

  1. The customer is high ML/TF/PF risk (the risk-assessment rating that includes proliferation financing as a third leg)
  2. An SMR is required for the customer
  3. The transaction is unusual, large, or complex
  4. The relationship involves nested services
  5. The customer, a beneficial owner, or the person on whose behalf the service is being received is a foreign PEP
  6. The customer is in a FATF Call-for-Action jurisdiction

ECDD layers in additional verification, source-of-funds and source-of-wealth checks, and senior-manager approval. Domestic PEPs and international-organisation PEPs do not, on their own, trigger ECDD — they trigger senior-manager approval under Rules s 5-5(1) only when paired with high risk.

Record retention. Verification records must be retained for seven years from the end of the customer relationship and produced in a form AUSTRAC can audit.

What to do next. Build a CDD checklist for each customer type — individual, company, trust — and embed it as a gating step in your listing and buyer-acceptance workflows. Time the buyer clock from offer acceptance, not from contract exchange.

Frequently asked questions

When does CDD apply to buyers?
When you start providing the designated service to a buyer — generally when an offer is accepted or a contract signed. You then have until the earlier of 28 calendar days after exchange, or 3 days before the agreed settlement, to finish CDD under the delayed-CDD provision.
What triggers ECDD?
Six situations: high ML/TF/PF risk, an SMR is required, unusual/large/complex transactions, nested-services relationships, foreign PEPs, and customers in FATF Call-for-Action jurisdictions.
Do we need to identify every beneficiary of a discretionary trust?
No. Identify each beneficiary, or where that is not practicable, identify the class. Verify the trustee and the beneficial owners who control the trust.
What is the beneficial ownership threshold?
25%. Where no single individual holds 25% or more, you fall back to identifying the natural person who exercises control.

Sources

  1. AML/CTF Act 2006 (Cth) ss 28, 29, 32
  2. AML/CTF Rules 2025 ss 6-3, 6-20, 6-32

This is general guidance for Australian real estate professionals. It does not constitute legal advice. Consult a qualified AML/CTF practitioner before relying on it for your agency.