Home Features Client Risk Profiling
👤

Client Risk Profiling
& Due Diligence

Know your client — and prove it. The foundation of every AML/CTF program under Tranche 2.

The Requirement

What is Client Due Diligence under Tranche 2?

Client Due Diligence (CDD) is the process of identifying your clients, verifying their identity, and assessing the money laundering and terrorism financing (ML/TF) risk they represent to your practice. Under the AML/CTF Act 2006 (as amended by Tranche 2 reforms), accountants providing designated services must apply CDD to every client.

CDD is not a one-off exercise. AUSTRAC requires you to maintain up-to-date records on every client, reassess their risk profile at regular intervals, and apply enhanced scrutiny to higher-risk clients.

Designated services trigger CDD. If you provide a service covered by the AML/CTF Act — such as managing client funds, preparing for business transactions, or conveyancing — you must complete CDD before providing that service. No CDD, no service.

At a minimum, your CDD process must capture:

Why AUSTRAC Requires It

Why does the law require this?

Money laundering frequently occurs through professional service providers — accountants are often unwitting intermediaries. Criminals use legitimate businesses to move and conceal illicit funds. AUSTRAC's position is that if you know your client and understand the nature of funds flowing through your practice, you are far less likely to be exploited.

Australia's AML/CTF framework is modelled on the Financial Action Task Force (FATF) recommendations, which Australia is legally obligated to follow as a member. Tranche 2 brings Australia into line with comparable jurisdictions including the UK, EU, Canada and New Zealand — all of which already require CDD from professional service providers.

FATF grey-listing risk. Australia has faced international pressure over its delayed Tranche 2 implementation. Non-compliance at a sector level risks Australia's standing with FATF, which has consequences for Australian businesses operating internationally.

Consequences of Non-Compliance

What happens if you don't have it?

Failing to complete and document CDD is not a technical oversight — it is a breach of the AML/CTF Act and carries serious consequences.

Civil penalties for failing to carry out CDD can reach up to $22 million for corporations and $4.4 million for individuals per breach under the AML/CTF Act. Each client without adequate CDD documentation is a separate potential breach.

Beyond financial penalties, AUSTRAC can issue formal warnings, require enforceable undertakings, appoint external auditors at your cost, and refer matters to the Australian Federal Police. In serious cases, AUSTRAC has the power to cancel or suspend registration.

There is also professional liability exposure. If your practice facilitates money laundering — even unknowingly — because you failed to conduct adequate CDD, you may face action from your professional body (CPA Australia, CA ANZ, or the Law Society) in addition to AUSTRAC.

How SimpleAML Handles It

How SimpleAML manages Client Risk Profiling

What the app does for you

  • Four-part CDD form — Part A (customer information), Part B (ML/TF risk assessment), Part C (beneficial owners, controllers and representatives), and Part D (CDD completion declaration) — structured to match AUSTRAC's requirements
  • Entity-type-specific forms — the fields shown change based on whether the client is an individual, private company, trust, SMSF, partnership, or other — so you capture exactly what's required for each structure
  • Individual identity verification for each person recorded — ID type, ID number, country of issue, verification method (original sighted, certified copy, or electronic), date verified, verifying staff member, and outcome
  • Auto-suggested ML/TF risk rating derived from entity type, designated service, jurisdiction, and risk flags — overridable with documented justification
  • NameScan integration for PEP and sanctions screening — log the provider, date, result (Clear, PEP, Sanctions, Adverse), and reference ID for each individual
  • Add service — record each new designated service provided to an existing client, with automatic risk impact assessment and a flag if the new service changes the client's risk rating
  • Client register showing all clients with risk rating, CDD status, individual count, verification and screening progress, and last review date
  • Change history — every edit to a client record preserves the previous version, so you have a documented trail of how CDD has evolved over the relationship

SimpleAML stores records locally in your browser on your device. It does not currently provide multi-user cloud sync. You should export and back up your records regularly.

Ready to profile your clients?

SimpleAML's client risk profiler walks you through every step. No account needed — open it in your browser right now.

Open SimpleAML Free →

Related features

🏢
Firm Risk Assessment

Document your firm-level ML/TF risk across all client types and services.

 🎓
Training Register

Staff who conduct CDD must be trained — keep both records current.

 📋
AML/CTF Program

Your CDD procedures are a required element of your AML/CTF program.
Important: SimpleAML is a compliance assistance tool only and does not constitute legal advice. Users are responsible for ensuring their own compliance with AUSTRAC requirements. Seek independent legal advice where required. Developed by Click Seed Pty Ltd ABN 87 656 256 567.