All posts
cddcompliancereal-estate

Customer due diligence for real estate: a plain-English guide

What does customer due diligence actually mean in practice? This plain-English guide explains what you must collect, how to verify it, and what initial, ongoing, enhanced and simplified CDD require.

By AML Simple Team

Customer due diligence for real estate: a plain-English guide

When a buyer walks into your office for the first time, what do you actually have to do under the new AML/CTF rules? That question — "what does CDD really require?" — is the most common one we hear from agency principals.

This post answers it in plain English. No jargon, no dense legislation summaries. Just a clear explanation of what customer due diligence involves and how it applies to your day-to-day work.

Important: This post explains what the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 and AUSTRAC guidance require. It is general information only — not compliance advice, and not a substitute for professional guidance specific to your agency's circumstances. If you need tailored advice, speak with a qualified AML/CTF compliance professional, or consider our Expert Advice service.

What is customer due diligence?

Customer due diligence — CDD — is the process of identifying your clients and verifying that they are who they say they are. It is the cornerstone of Australia's AML/CTF framework, and from 1 July 2026, it applies to every client involved in a real estate sale or purchase where your agency is providing a designated service.

CDD has one core purpose: know your customer. If you cannot confirm who you are dealing with, you cannot assess the risk they pose, and you cannot spot suspicious behaviour.

The AML/CTF regime covers four distinct types of CDD. They are not interchangeable — each applies in different circumstances. Let's work through each one.

1. Initial CDD: the first step with every client

When it applies: Before you start providing a designated service to a customer — in practice, before you formally act as their agent in a property transaction.

Initial CDD applies to every client in a designated service transaction: your vendor clients, your buyer clients, and anyone acting on behalf of a buyer or seller. If someone tells you they are acting for another party, you need to identify both people.

What to collect (for individuals)

For individual clients, you must collect:

| Information | Required | |-------------|----------| | Full legal name | Yes — as it appears on their identity document | | Date of birth | Yes | | Residential address | Yes — a physical address, not a PO Box | | Whether acting for another party | Yes — if so, identify the other party too |

These four fields are the minimum for individual clients. Companies, trusts, and other entities have different requirements beyond the scope of this guide — if you deal with complex structures, seek specific guidance.

What to collect vs. what to verify — a critical distinction

Here is the distinction that catches many agencies out: collecting information is not the same as verifying it.

A buyer typing their passport number into an online form is collection. It tells you what they claim their details are. It does not tell you whether that passport is real, current, or actually belongs to the person sitting across from you.

Verification means checking the information against something reliable and independent — a source that cannot simply be self-reported by the customer. Verification is the step that closes the loop.

How to verify identity

AUSTRAC requires verification using reliable and independent means. There are several acceptable methods — and importantly, no single method is mandatory. All of the following satisfy the requirement when properly performed:

  1. Physical inspection — you inspect the original identity document in person (for example, at a meeting or open home) and confirm the client's face matches the photo.
  2. Video call — a live video call where you can see the client and their document simultaneously, and confirm the face matches the ID.
  3. DVS (Document Verification Service) — electronic matching against issuing-authority records via the Department of Home Affairs. Confirms the document is current and not reported lost or stolen.
  4. Accredited third-party electronic verification — providers that access DVS or equivalent authoritative data sources.
  5. Biometric verification — comparing the client's appearance against their photo ID using biometric technology.

DVS is not mandatory. An agent physically inspecting a passport at a listing appointment satisfies the verification requirement just as DVS does. What matters is that you use a reliable, independent method — and that you record what you did, when, and by what method.

Acceptable identity documents

Primary photographic ID (preferred — one is sufficient):

  • Australian driver's licence
  • Australian passport
  • Foreign passport
  • State-issued proof of age card

This list is based on AUSTRAC's standard guidance. Note that the definition of acceptable photographic identification is not entirely closed — the AML/CTF Rules allow for other documents — but the four above are the standard documents AUSTRAC names and accepting anything outside this list requires a positive risk-based decision by your agency.

If a client has no photographic ID: You need a combination: one primary non-photographic document (birth certificate, citizenship certificate, or Centrelink/DVA concession card) plus one secondary document (a government-issued document showing name and address, a utility bill less than three months old, or an ATO notice less than 12 months old).

What to record

You do not need to keep copies of identity documents. You must record:

  • Document type, number, issuing authority, and expiry date
  • Who verified the document, when, and by what method

2. Ongoing CDD: maintaining what you know

When it applies: Throughout the business relationship — from initial CDD to the completion of the transaction and beyond.

Ongoing CDD means you must monitor your clients to identify, assess, and manage ML/TF risks over time. In a real estate transaction, the relationship is typically transaction-based, but that still means:

  • Staying alert to changes in client circumstances or behaviour that could affect risk
  • Updating client information if it changes during the transaction
  • Treating new red flags as triggers to review what you know about a client

Ongoing CDD is proportionate to the nature and duration of the relationship. For a straightforward residential sale completed over a few weeks, the ongoing obligation is relatively light. For longer or more complex transactions, it is more active.

3. Enhanced CDD: when more is required

Some clients and transactions require a deeper level of scrutiny. AUSTRAC calls this enhanced CDD (ECDD).

ECDD is triggered when any of the following apply:

  1. The customer is a foreign Politically Exposed Person (PEP) — a senior foreign government official, politician, judge, military officer, or state-owned enterprise executive, or their family or close associates
  2. A Suspicious Matter Report has been or will be filed in relation to the client
  3. Your agency's risk assessment rates the client as high risk
  4. The client is from a high-risk jurisdiction (countries on the FATF grey or black list)
  5. The transaction involves a high-risk country
  6. The transaction involves complex ownership structures with no clear legitimate purpose

When ECDD is triggered, you must go further than standard CDD. The additional measures required include (but are not limited to):

  • Senior management approval for the relationship or transaction
  • Enhanced ongoing monitoring throughout the relationship
  • Additional identity verification steps
  • Source of funds and source of wealth verification
  • Understanding the purpose of the transaction

ECDD is not optional when a trigger applies. If one of the above circumstances exists, standard CDD is insufficient.

4. Simplified CDD: a streamlined option for low-risk scenarios

Not every client presents the same level of risk. AUSTRAC recognises this and allows for a streamlined CDD process — simplified CDD — in genuinely low-risk situations.

Important: simplified CDD is not an exemption from CDD obligations. You must still collect all required customer information. What simplified CDD allows is a lighter-touch approach to verification steps where your risk assessment supports it.

Whether simplified CDD applies to a specific client is determined by your agency's own risk assessment — not by a client's characteristics alone. Your program must document when and how simplified CDD is used. This is not a decision to make ad hoc for individual clients.

For further guidance on AUSTRAC's simplified CDD framework, see AUSTRAC's CDD guidance.

A real-world example: the first meeting

Let's put this together with a concrete scenario.

A buyer contacts your office about a property listed at $850,000. This is their first enquiry, and they want to make an offer. Before you formally act as their buyer's agent, you need to complete initial CDD.

You ask them to bring a driver's licence or passport to the appointment. At the meeting, you inspect the licence in person, confirm their face matches the photo, and record the document details — number, expiry, and that you inspected it on this date.

You also ask whether they are buying in their own name or on behalf of someone else. They confirm it is their own name. You note their full name, date of birth, and residential address.

That is initial CDD complete. The buyer has been identified and verified using a reliable method. You can now act as their agent.

If during the transaction you discover the buyer is a foreign PEP — say, a relative of a senior overseas government official — that triggers enhanced CDD, and you would need to take the additional steps outlined above.

Putting it all together

CDD is not a one-off form. It is an ongoing obligation that runs across the lifecycle of every client relationship in a designated service transaction. The four types — initial, ongoing, enhanced, and simplified — form a complete picture:

| CDD type | When | Purpose | |----------|------|---------| | Initial | Before providing designated service | Establish who the client is | | Ongoing | Throughout the relationship | Stay informed as circumstances change | | Enhanced | When risk triggers are present | Go deeper for higher-risk clients or transactions | | Simplified | For low-risk clients (per your risk assessment) | Streamline verification steps where warranted |

The key habits to build: collect the right information before you start, verify it using an acceptable method, record what you did, and stay alert throughout the transaction.

AML Simple guides you through CDD — start free

AML Simple guides you through CDD for every client — collecting the right information, prompting the right verification steps, and keeping compliant records throughout the transaction.

AML Simple guides you through CDD — start free at app.amlsimple.com

About AML Simple: AML Simple is a workflow tool that helps Australian real estate agencies build and maintain their AML/CTF compliance program. It is not a compliance advisory service and does not provide legal, financial, or regulatory advice. Nothing on this site constitutes advice about your specific compliance obligations. Always consult a qualified AML/CTF compliance professional for advice tailored to your agency's circumstances.

Back to all posts

We use cookies from LinkedIn and Facebook to measure our ad performance. Your account data is never shared with advertisers.