Understanding Simplified Customer Due Diligence for AML Compliance

Introduction

Reforms under the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 (Cth) (‘AML/CTF Amendment Act‘), which commenced on 31 March 2026, introduced new customer due diligence requirements in Australia. Managing money laundering and terrorism financing risks remains a core obligation for reporting entities when they provide a designated service. Simplified customer due diligence allows them to simplify their customer identification procedures for low-risk customers, reducing compliance burdens while maintaining market integrity.

This article explains simplified customer due diligence for reporting entities so you can appropriately manage low customer risk. It outlines the specific conditions for applying these measures, practical examples for initial customer due diligence and ongoing customer due diligence, and how to integrate these procedures into your anti-money laundering and counter-terrorism financing policies.

Interactive Tool: See If You Qualify for Simplified Customer Due Diligence

What is Simplified Customer Due Diligence for Reporting Entities?

The Purpose of Streamlined Identification & Verification

Simplified customer due diligence (simplified CDD) allows reporting entities to streamline the customer identification and verification process for certain low-risk customers. Ultimately, it is a proportionate, risk-based approach to managing low money laundering and terrorism financing (ML/TF) risks. This framework enables reporting entities to adjust their customer due diligence measures to match the lower risk profile of a particular customer.

The primary purpose is to reduce the compliance burden in situations where the potential for money laundering or terrorism financing is minimal. Instead of applying the full scope of initial customer due diligence, a reporting entity can use more streamlined methods, including:

• Reducing the amount of evidence required for identity verification; or
• Not seeking specific information on the nature and purpose of the business relationship, if it can be inferred from the service being provided.

How Simplified Measures Differ from Exemptions

Applying simplified CDD is not an exemption from anti-money laundering and counter-terrorism financing obligations. Therefore, reporting entities must still conduct both initial and ongoing customer due diligence. The “simplified” aspect refers to the methods used, not the removal of the core requirement.

Even under this approach, reporting entities must collect all required know your customer (KYC) information. They also need to verify enough of that information to be satisfied on reasonable grounds about the customer’s identity and their ML/TF risk. Consequently, the fundamental CDD obligation to KYC remains, ensuring that even low-risk customers are properly identified and understood.

When Reporting Entities Can Apply Simplified Measures

Assessing Low Money Laundering & Terrorism Financing Risk

Reporting entities can apply simplified CDD measures only when a customer presents a low ML/TF risk. This assessment must be based on an objective evaluation of the KYC information that is reasonably available before providing a designated service. Furthermore, your AML/CTF compliance policies must outline how you will apply these simplified measures.

Under Anti-Money Laundering and Counter-Terrorism Financing Rules 2025 (Cth) (‘AML/CTF Rules‘), this involves:

• Identifying the customer’s ML/TF risk based on KYC information available before the service begins;
• Collecting KYC information that is appropriate for that low-risk profile; and
• Ensuring there are no reasonable grounds to doubt the accuracy of the information collected.

The decision to classify a customer as low-risk must be defensible and documented as part of your customer due diligence obligations.

Ensuring Enhanced Due Diligence Triggers Do Not Apply

Simplified CDD is not permissible if any circumstances requiring enhanced customer due diligence (enhanced CDD) are present. Even if a customer initially appears to have a low ML/TF risk, the presence of a single trigger for enhanced CDD means simplified measures cannot be used. Therefore, reporting entities must ensure their customer risk assessment process screens for these triggers.

Triggers that mandate the application of enhanced CDD include situations where:

• The customer or their beneficial owner is identified as a foreign politically exposed person (PEP);
• A transaction involves a high-risk jurisdiction as identified by the Financial Action Task Force (FATF);
• There is a suspicion of money laundering, terrorism financing, or identity fraud; or
• The designated service is part of a nested services relationship.

Practical Examples of Simplified Measures for Reporting Entities

Streamlining Initial Identification & Verification

When reporting entities determine a customer poses a low ML/TF risk, they can apply simplified CDD measures during the initial onboarding phase. This approach allows for a more streamlined process for collecting and verifying KYC information.

Practical examples of simplified measures during initial identification include:

• Reduced evidence for identity verification: Reporting entities may require less documentation to verify a customer’s identity based on the assessment that the customer is low risk.
• Inferring the purpose of the business relationship: It may not be necessary to explicitly ask for information on the nature and purpose of the business relationship, as this can often be understood from the type of designated service being provided and other details collected during onboarding.

Adjusting Ongoing Monitoring & Re-verification

Simplified CDD measures can also be applied to ongoing customer due diligence, provided the customer’s risk profile remains low. This allows reporting entities to adjust their monitoring and review processes to be proportionate to the identified risk.

For low-risk customers, ongoing monitoring can be modified in several ways:

• Less frequent re-verification of KYC information: The schedule for re-verifying a customer’s identity and other KYC information can be extended to reflect the lower risk associated with the customer relationship.
• Different thresholds for transaction monitoring alerts: Automated transaction monitoring systems can be calibrated with different thresholds, meaning alerts for review might be triggered by higher transaction values or different patterns of activity than those set for medium or high-risk customers.

However, if a low-risk customer’s behaviour changes or their transactions become unusual, reporting entities must reassess their ML/TF risk. If the risk level increases, simplified measures will no longer be appropriate, and standard or enhanced CDD must be applied.

Simplified Verification Rules for Complex Customer Types

Establishing Matters for Trusts & Bodies Corporate

Under simplified CDD, reporting entities can streamline how they establish key information for low-risk customers that are trusts or bodies corporate.

According to Rule 6-17, a reporting entity is considered to have established the identity of certain individuals without needing to formally verify their details, including:

• Representatives: any person acting on behalf of the customer;
• Service recipients: any person receiving designated services on behalf of the customer; and
• Beneficial owners: the beneficial owner of the customer.

This simplified verification is permitted only when the previously outlined conditions are met—namely, the customer maintains a low risk profile, appropriate KYC information has been collected, and there are no reasonable grounds to doubt its accuracy.

Exceptions for Regulated Entities & Strata Title Associations

Specific exceptions exist that remove the need to identify the beneficial owners of certain low-risk customers. These exceptions apply when the customer is a complex entity but is subject to other forms of oversight or has a very low risk profile.

Under AML/CTF Rules, reporting entities are not required to check for a beneficial owner if the customer has a low ML/TF risk and is controlled by one of the following:

• Regulated entities: an entity that is subject to regulatory oversight by a prudential, insurance, or investor protection regulator; or
• Homeowner associations: a corporation or association of homeowners in a strata title or community title scheme.

If these conditions are satisfied, the reporting entity is also taken to have established whether any beneficial owner is a politically exposed person (PEP) or is designated for targeted financial sanctions. Ultimately, this exception significantly reduces the customer due diligence burden for these specific low-risk customer types.

Integrating Simplified Measures into AML & CTF Policies

Documenting Low-Risk Customer Profiles & Procedures

Reporting entities must ensure their anti-money laundering and counter-terrorism financing policies explicitly detail how and when simplified CDD will be applied. These policies are a legal requirement and form the foundation of a compliant, risk-based approach that is subject to independent AML/CTF program reviews. Furthermore, they must provide clear guidance for staff to follow consistently.

Your policies should clearly define:

• Low-risk customer types: Specify the characteristics of customers that your business considers to be low ML/TF risk.
• Eligible products and services: Identify which of your designated services are considered low-risk and therefore eligible for simplified CDD measures.
• Information to be collected and verified: Outline the specific KYC information that must be gathered and checked for these low-risk profiles.
• Ongoing checks: Describe the procedures for ensuring the simplified CDD approach remains appropriate for the customer over time.

Transitioning to Enhanced Measures if Risk Levels Change

Your anti-money laundering and counter-terrorism financing policies must also include procedures for ongoing customer due diligence, even for customers who initially qualify for simplified CDD. A customer’s risk profile is not static and can change based on their behaviour or transaction patterns. Therefore, the policies must outline a clear process for monitoring and reassessing customer risk.

If a customer’s behaviour changes or suspicious activity occurs, you must reassess their ML/TF risk. As a result, your policies must detail the steps to take if a customer’s risk level increases. This includes transitioning from simplified CDD to standard or enhanced CDD to ensure you continue to manage and mitigate the identified risk appropriately.

Conclusion

Simplified customer due diligence allows reporting entities to streamline identification procedures for low-risk customers, reducing compliance burdens without compromising core anti-money laundering and counter-terrorism financing obligations. This risk-based approach requires a clear assessment of low customer risk, the absence of enhanced due diligence triggers, and documented procedures within your AML/CTF policies.

Ensuring your anti-money laundering and counter-terrorism financing policies correctly implement these measures is vital for compliance. If you need assistance navigating your customer due diligence requirements, contact our AML/CTF compliance lawyers at Click Legal today to discuss how we can support your business.

Frequently Asked Questions