Customer due diligence — what you collect and verify
Plain-English breakdown of CDD obligations for real estate agencies: who, what, when, and the delayed-CDD window under the amended Rules.
In short
Before providing a designated service, you identify each customer and verify that identity with reliable, independent evidence. Real estate has a delayed-CDD window: the earlier of 28 calendar days after exchange of contracts, or 3 days before the initial settlement day. ECDD applies in six specific situations set out in the Act and Rules.
Customer due diligence is the operational core of the AML/CTF regime. Before providing a designated service — or within the delayed-CDD window where that applies — you identify the customer and verify the identity using reliable and independent sources.
Individuals. Collect and verify:
- Full name
- Date of birth
- Residential address
Verification typically runs through the Document Verification Service (DVS) against a passport, driver's licence, Medicare card, or birth certificate. A single primary photographic document, or a defined combination of non-photographic documents, satisfies the requirement.
Companies. Collect and verify:
- Full company name and ACN
- Registered office address
- Names of directors, with identity verification for each
- Names of beneficial owners (25% threshold), with identity verification for each
Verification runs against the ASIC register for the entity and the standard individual process for each director and beneficial owner.
Trusts. Collect:
- Trust name and type (discretionary, unit, testamentary, charitable, fixed)
- The trust deed or a certified extract
- Names of trustees, settlor, appointor, and beneficiaries (or class of beneficiaries where naming each is not practicable, per Rules s 6-3(3))
- Identity verification of the trustee, and beneficial-owner verification of the controlling parties
Partnerships, incorporated associations, and government bodies have their own analogous requirements.
Beneficial ownership. The threshold is 25%. Where no single individual holds 25% or more, identify the natural person who exercises control through some other means — voting rights, contractual arrangements, or the right to appoint directors.
Timing. The default rule (Act s 28) is that CDD is completed before the designated service is provided. The Act allows delayed CDD in defined circumstances (s 29). For real estate, AML/CTF Rules 2025 s 6-32(4), as amended by F2026L00353 from 31 March 2026, sets the delayed-CDD window as the earlier of 28 calendar days after exchange of contracts, or 3 days before the initially agreed settlement day. The clock runs in calendar days. Missing it is a standalone contravention.
For a seller's agent dealing with a buyer who arrives mid-listing, AUSTRAC's guidance is that you start providing the designated service to that buyer when their offer is accepted or the contract is signed — and the delayed-CDD clock starts there.
Three intensities. Standard CDD is the default. Simplified CDD is available for certain low-risk customer categories — listed public companies, government bodies. Enhanced CDD (ECDD) is mandatory in six situations under Act s 32 and Rules s 6-20:
- The customer is high ML/TF/PF risk (the risk-assessment rating that includes proliferation financing as a third leg)
- An SMR is required for the customer
- The transaction is unusual, large, or complex
- The relationship involves nested services
- The customer, a beneficial owner, or the person on whose behalf the service is being received is a foreign PEP
- The customer is in a FATF Call-for-Action jurisdiction
ECDD layers in additional verification, source-of-funds and source-of-wealth checks, and senior-manager approval. Domestic PEPs and international-organisation PEPs do not, on their own, trigger ECDD — they trigger senior-manager approval under Rules s 5-5(1) only when paired with high risk.
Record retention. Verification records must be retained for seven years from the end of the customer relationship and produced in a form AUSTRAC can audit.
What to do next. Build a CDD checklist for each customer type — individual, company, trust — and embed it as a gating step in your listing and buyer-acceptance workflows. Time the buyer clock from offer acceptance, not from contract exchange.
Frequently asked questions
- When does CDD apply to buyers?
- When you start providing the designated service to a buyer — generally when an offer is accepted or a contract signed. You then have until the earlier of 28 calendar days after exchange, or 3 days before the agreed settlement, to finish CDD under the delayed-CDD provision.
- What triggers ECDD?
- Six situations: high ML/TF/PF risk, an SMR is required, unusual/large/complex transactions, nested-services relationships, foreign PEPs, and customers in FATF Call-for-Action jurisdictions.
- Do we need to identify every beneficiary of a discretionary trust?
- No. Identify each beneficiary, or where that is not practicable, identify the class. Verify the trustee and the beneficial owners who control the trust.
- What is the beneficial ownership threshold?
- 25%. Where no single individual holds 25% or more, you fall back to identifying the natural person who exercises control.