Back to Knowledge Base
Beginner Guide7 min read

CDD Doesn't Mean You're a Cop — What AUSTRAC Actually Expects

AUSTRAC's CEO said it plainly: "We don't expect you to be police officers." Here's what Customer Due Diligence really looks like for most practices.

SA
Sumit Arora·GetPost Labs
Brisbane, Australia·February 2026·7 min read

Customer Due Diligence (CDD) is probably the obligation that worries practitioners most. It sounds like you're being asked to investigate your own clients. You're not. AUSTRAC's CEO said it directly: "We don't expect you to be police officers or investigators."

AUSTRAC has been regulating banks for 20 years. "We don't require them to stop transactions to comply with their obligations." The same applies to you. CDD is about knowing who you're dealing with — not stopping the work.

What CDD actually involves

At its core, CDD means establishing three things about your client:

Are they who they say they are?
Verify identity — for individuals, this might be as simple as checking a driver's licence against the information they've given you.
Are they subject to any financial sanctions?
A couple of internet searches — Australia's consolidated sanctions list is publicly available.
Are they a Politically Exposed Person (PEP)?
PEPs are people who hold or have held prominent public functions. They're not automatically suspicious — but they carry higher risk and require closer attention.

It's risk-based — not one-size-fits-all

The level of CDD you do depends on the risk the client poses. AUSTRAC's CEO made a key point: most of your clients will be low risk. For these clients, you apply what's called "simplified due diligence" — lighter checks that are proportionate to the risk.

Risk LevelWhat You DoExample
LowSimplified CDD — basic identity checksGather basic info, check driver's licence, quick sanctions search
MediumStandard CDD — verify and understand the relationshipFull identity verification, understand the purpose of the transaction
HighEnhanced CDD — deeper investigationSource of wealth, source of funds, senior management approval

What you DON'T need to do

×You don't need to stop transactions to comply with AML obligations
×You don't need to do CDD on existing clients (pre-1 July 2026) unless a trigger event occurs
×You don't need to assume your client is a criminal — you're entitled to take their explanations at face value unless something doesn't add up
×You don't need to duplicate CDD already done by another entity in the same transaction (reliance arrangements exist)

Red flags — when to pay closer attention

You're not expected to be a detective. But AUSTRAC wants you to recognise when something doesn't feel right. These are the common red flags:

Client is evasive about the nature and purpose of the transaction
Client appears reluctant to provide information
Client seems unconcerned or lacks knowledge about the transaction
Transaction is unusual for this type of client or business
Unexplained payments from third parties
Large cash payments
Connections with sanctioned jurisdictions
Links to countries with high drug production, terrorism, or corruption

The overseas money question

A practitioner at the panel event asked: "How do I check that money from Thailand to buy real estate is clean?" Juliana Warner from the Law Council responded with a practical example: a conveyancer who received funds said to come from a UK estate settlement felt uncomfortable, so she contacted the UK solicitors to verify. That's a reasonable step.

The approach: Make reasonable inquiries about the source of funds. Ask the client where the money comes from. Verify where you can. You're entitled to take explanations at face value — you don't have to assume they're crooks just because the money comes from overseas. But if you've made inquiries and still can't satisfy yourself, that's when you file a suspicious matter report.

Remember: The vast majority of your clients are legitimate. CDD is a proportionate, risk-based process — not an interrogation. For most clients, it will be a simple, quick process that formalises checks you may already be doing informally.

Sources

This article draws on public statements by AUSTRAC's CEO Brendan Thomas and industry experts across multiple events. Key sources:

NSW Bar Association Panel — Australia's New AML/CTF Regime (17 Feb 2026)Settlement Day Special Update — AML/CTF, AUSTRAC & Tranche 2 (4 Feb 2026)Settlement Day Ep.1 — AUSTRAC Chief Unpacks the Changes (6 Nov 2025)
Continue reading
What Is Money Laundering and Why Should You Care?
7 min read
Am I Caught? A Plain-English Guide for Small Practices
8 min read
The Privacy Act Trap — Why AML Also Triggers Privacy Obligations
6 min read
Myths, Vendors & What AUSTRAC Won't Do to You
8 min read

Disclaimer: This article is published by GetPost Labs Pty Ltd, a technology company building compliance software. All content is for educational purposes only and does not constitute legal, financial, or compliance advice. While we make every effort to ensure accuracy, this article may contain errors or omissions. Always refer to the authoritative text on legislation.gov.au and seek professional advice for your specific circumstances. If you spot an error or have a suggestion, please reach out to sumit@getpostlabs.io.