From 1 July 2026, every client you onboard for a designated service will need to go through a customer due diligence process. For most firms, that means rethinking what client intake looks like. A lot of what’s required is an extension of what many firms are already doing, the obligation is to formalise and document it as part of a consistent, auditable workflow.
We covered exactly what that process involves in our recent webinar, Customer Due Diligence for Conveyancers, with Maria Kontorigas, Major Accounts Manager at triSearch, and Mateus MacKenzie, our Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Product Specialist.
Here’s the recap.
What Customer Due Diligence actually means
Customer due diligence, or CDD, is the process of verifying that your client is who they say they are. A lot of what’s required under the new legislation is an extension of what many firms are already doing.
If you’re currently using triVOI for property matters, you’re already completing the first step. The obligation from 1 July is to formalise and document the remaining steps as part of a consistent, auditable onboarding process.
The five steps of CDD
The triSearch Compliance Centre is built around five distinct steps:
- Verification of identity (VOI): collecting and verifying identity documents to confirm your client is who they say they are. This can be completed remotely or in person.
- PEPs, Sanctions, and Adverse Media screening: a background check that runs automatically through the Compliance Centre. Your client doesn’t need to do anything. The system searches publicly available databases and returns any results for your review.
- KYC or KYB onboarding form: a digital questionnaire drawn directly from the AUSTRAC Starter Kits. It collects information about your client and the transaction, including how the property is being funded.
- Risk assessment: a set of scenario-based yes/no questions that calculate a risk rating for the onboarding. The questions come from AUSTRAC and are already built into the platform.
- Final onboarding checks: a short internal checklist confirming you’ve completed all necessary CDD steps and are comfortable proceeding with the client relationship.
These five steps form the standard workflow for every client you onboard from 1 July.
KYC and KYB: what's the difference?
For individual clients, the standard CDD process covers everything. When you’re onboarding a company, trust, or other entity, there’s an additional layer.
KYC, or Know Your Customer, focuses on the individual in front of you. KYB, or Know Your Business, focuses on the entity behind them.
If a representative is instructing your firm on behalf of a company, verifying that person alone doesn’t satisfy your obligations. You also need to establish who owns and controls the company. The triSearch Compliance Centre integrates directly with the Australian Securities and Investments Commission (ASIC) to pull verified entity data automatically. For trusts, the trust deed and any amendment deeds are the source of truth. We covered non-individual onboarding in detail in a previous post.
Ultimate Beneficial Ownership
Once you’ve identified the entity, you need to identify the individuals who ultimately own or control it. These are known as ultimate beneficial owners, or UBOs.
In practical terms, that means natural persons with 25% or more of the shares or voting rights, or those who exercise effective control even where direct ownership is less clear. If there’s a chain of holding companies, you’ll need to trace through the structure to find the actual individual at the end of it.
Once those individuals are identified, they each require their own KYC process, including VOI, PEPs and Sanctions screening, and the onboarding form.
When Enhanced Due Diligence applies
In most onboardings, the standard five-step CDD process is sufficient.
Enhanced Customer Due Diligence (ECDD) is triggered when a client presents a higher risk profile. That might be a positive result on the risk assessment, a true positive on the PEPs screening, or simply a situation where something about the transaction gives your firm pause.
When ECDD is triggered, the Compliance Centre sends a source of funds and wealth request directly to the client. They upload supporting documents, such as bank statements, through a secure client portal. The platform then produces a summarised report for your review. If needed, the onboarding can also be escalated to your compliance officer from within the same workflow.
Triggers for ECDD will be detailed in your firm’s AML/CTF program. What they are, and how your firm responds to them, is an internal decision based on your risk appetite.
What happens when a client is flagged as high risk
If a client is assessed as high risk, the onboarding must be escalated to your compliance officer. From there, your firm has two options.
You can choose to onboard the client, in which case you’re required to report them to AUSTRAC. Or you can choose not to act, in which case you don’t need to report, but you also can’t proceed with the transaction.
There’s no middle path: declining to onboard doesn’t mean you can continue acting and skip the report.
The value of starting now
Everything in the Compliance Centre is already live in your triConvey account. The firms that operate most confidently from day one will be the ones that have already run real onboardings through the system, worked through the edge cases, and made sure their team is familiar with the workflow before obligations begin.
Even with a well-designed platform, building a new process takes time. The earlier you start, the more confident your team will be when the first client walks through the door in July.
Frequently asked questions
- Do I need to complete CDD for every client from 1 July?
- Yes. From 1 July 2026, CDD is mandatory for every client you onboard for a designated service. That includes verification of identity, PEPs and Sanctions screening, the KYC onboarding form, a risk assessment, and final onboarding checks.
- What’s the difference between CDD and enhanced due diligence?
- Standard CDD applies to all clients. Enhanced Customer Due Diligence (ECDD) is triggered when a client presents a higher risk profile, such as a positive result on the risk assessment or a PEPs flag. It requires additional steps, including a source of funds and wealth check, and in some cases senior management approval before you proceed.
- Is there an extra cost for KYC, KYB, or PEPs checks in the triSearch Compliance Centre?
- No. KYC, KYB, PEPs, Sanctions, and Adverse Media checks are all included in the bundled cost of the AML onboarding workflow. You can also go back into an existing onboarding and add checks later without incurring additional charges.
- Does the compliance officer need to review every onboarding?
- No. The compliance officer’s role is to handle high-risk and escalated onboardings. For standard, low-risk clients, it’s a firm decision whether to give client-facing staff autonomy to complete the process, or to build in additional oversight.
What's coming next
Watch the full recording of the session below.
To access the triSearch Compliance Centre or book a demonstration, visit the AML/CTF Compliance Centre page.
For access issues, please submit a ticket here.
