Key Takeaways
- CDD identifies the customer entity, the directors or trustees, and the beneficial owners (natural persons at 25% or more, or those who otherwise control the entity).
- For discretionary trusts, identify the trustee, the appointor or principal, and the named beneficiaries or classes.
- For SMSFs, identify the fund, the trustee (corporate or individual) and the members.
- Source-of-funds work applies for higher-risk clients and is mandatory under Enhanced CDD.
- CDD does not stop at onboarding. Ongoing monitoring picks up changes in beneficial ownership, unusual transactions and sanctions hits.
In this guide
Why CDD looks different for accountants Identifying the customer when it is an entity Beneficial ownership for complex structures Family trust CDD walk-through SMSF CDD walk-through Source of funds and source of wealth Ongoing monitoring triggers Common mistakes How AMLTranche handles entity CDD Frequently asked questionsWhy CDD Looks Different for Accountants
Most CDD guidance is written with a bank in mind. A bank's customer is almost always an individual, identified by a driver licence, a phone number and a residential address. Accountants live on the other side of that picture. The customer is usually a non-individual: a company, a discretionary trust, a unit trust, an SMSF or a layered combination of all four. The natural persons sitting behind the customer matter just as much as the customer itself, and the practitioner has to identify, verify and risk-rate each of them.
That changes the practical shape of CDD. You collect a trust deed, not just a driver licence. You read the directors out of an ASIC search, but you also work out which natural persons ultimately own or control the company. You assess whether the structure makes sense for the client's stated purpose, and whether the size of the transaction is consistent with the client's known position. AUSTRAC's customer due diligence guidance is the source of truth for the standard. Our wider AML software for accountants page sets out the AMLTranche workflow that mirrors the standard for accounting firms.
Identifying the Customer When It Is an Entity
The first step on every CDD file is to work out who the customer is. AUSTRAC's definition is straightforward: the customer is the person, company or trust on whose behalf you provide the designated service. When you set up a Pty Ltd for John and Jane, the new company is the customer, not John or Jane personally. When you establish a discretionary trust with a corporate trustee, the trust is the customer, with the trustee identified as a related party.
Identification documents are different by entity type. The table below shows the typical AUSTRAC-aligned identification package by structure. The exact requirements live in the AML/CTF Rules and AUSTRAC guidance; treat this table as a starting point, not as a substitute for the underlying rules.
| Entity type | Identify the entity | Identify the controllers and beneficial owners |
|---|---|---|
| Pty Ltd (proprietary company) | ASIC company search; ACN; registered address | Directors; natural persons owning 25%+ of shares; any other person who controls the company |
| Discretionary (family) trust | Trust deed; trust name; trustee details | Trustee; appointor or principal; named beneficiaries or classes of beneficiaries |
| Unit trust | Trust deed; trust name; trustee details | Trustee; unit-holders at 25%+; any controlling party under the deed |
| SMSF | Trust deed; ATO records; fund name; trustee structure | Corporate trustee directors or individual trustees; all members |
| Partnership | Partnership agreement; trading name; ABN | All partners; any person controlling 25%+ of the partnership |
| Incorporated association | Constitution; registration details | Office bearers; persons with effective control |
Verification means matching the identification documents to a reliable source. For a Pty Ltd, the ASIC database does the work. For a trust, the deed and a recent statement of the trustee's appointment do. For natural persons, an electronic identity check against government data sources (driver licence, passport, Medicare) is the standard. The verification has to be recorded on the CDD file so the firm can show, years later, that it had a reasonable basis for being satisfied about identity.
Beneficial Ownership for Complex Structures
A beneficial owner is a natural person who ultimately owns 25% or more of the customer entity, or who otherwise controls the customer. Control can come from holding more than half the voting rights, the right to appoint or remove the majority of directors or trustees, contractual rights, or other practical control. The 25% threshold is a floor, not a ceiling: any person with effective control is a beneficial owner even where their nominal holding is small.
The tricky cases are layered structures. The customer is a Pty Ltd, owned by a holding company, owned by a discretionary trust, with a corporate trustee, directed by two individuals who are also the appointor and the sole adult beneficiary. To find the beneficial owners, walk up the chain:
- Identify the customer (the operating Pty Ltd).
- Read the share register. Anyone owning 25% or more at that level is a beneficial owner.
- For shareholder companies, repeat. For shareholder trusts, identify the trustee, appointor and beneficiaries.
- Stop when you reach natural persons. Identify and verify each of them.
Where the chain runs offshore, source documents (foreign company extracts, certified trust deeds) and translations are common. Foreign structures push the file into Enhanced CDD because country risk and beneficial-ownership transparency are weaker outside Australia. AUSTRAC's Enhanced CDD guidance sets out the extra steps.
Two practical notes. First, identify the people, not just the names. A name on a deed is not enough; you need to know which natural person sits behind it. Second, record your reasoning. If two of three named beneficiaries are minors and the third runs the family business, your analysis of "control" will not be the same as the analysis for a unit trust with three equal unit-holders. Write down what you decided and why.
Family Trust CDD Walk-Through
The default Australian family trust is a discretionary trust with a corporate trustee. A worked example: the client wants you to set up "Smith Family Trust" with "Smith Holdings Pty Ltd" as trustee, John Smith as appointor, and Jane Smith plus the children as beneficiaries. The designated service is creating the trust (item 6 on AUSTRAC's Professional designated services list). CDD looks like this:
- Customer: the new trust (identified by the deed once executed; for pre-establishment work, identified by the draft deed and the client's instructions).
- Trustee: Smith Holdings Pty Ltd. Identify the trustee company via ASIC, identify its directors, and identify any 25%+ shareholders.
- Appointor: John Smith. The appointor controls the identity of the trustee and is treated as a beneficial owner irrespective of any threshold.
- Beneficiaries: Jane Smith plus the children, recorded by class. Where the discretion is wide, AUSTRAC accepts identification by class plus the obvious named adults; the practitioner records the class and notes the risk profile.
- Risk rating: assessed on the trust's purpose, the source of the trust property and the controllers' profile. A new family trust holding the family home is low risk. A new family trust contributing into a property syndicate with foreign co-investors is not.
The full discretionary-trust CDD walk-through, with edge cases (cross-border beneficiaries, professional appointors, corporate beneficiaries), sits in our CDD on trusts guide.
SMSF CDD Walk-Through
An SMSF is a regulated superannuation fund with up to six members, where the members are also the trustees (either individually or via a corporate trustee). CDD on a new SMSF identifies the fund, the trustee structure, and the members. Continuing the Smith example, if John and Jane also ask you to establish "Smith Super Fund" with "Smith SMSF Pty Ltd" as corporate trustee and the couple as members, the CDD file looks like:
- Customer: Smith Super Fund. Identified using the trust deed and (once registered) the ATO Super Fund Lookup record.
- Trustee: Smith SMSF Pty Ltd. Identify the trustee company via ASIC, and identify each of its directors.
- Members: John and Jane. Each member is a beneficial owner of the fund and is identified and verified as a natural person.
- Risk indicators: rollover sources, in-specie transfers, related-party loans, contributions from offshore, and SMSF property purchases all raise the risk profile.
SMSF accountants often touch designated services beyond pure fund establishment. Helping a fund buy real estate is item 1 (real estate transaction). Restructuring a corporate trustee is item 6. Holding fund money for a transaction is item 3 (managing client property). Each of those touch points pulls the file into the regime. AUSTRAC has flagged SMSF set-ups linked to property syndicates and offshore contributions as a higher-risk pattern that deserves Enhanced CDD.
Source of Funds and Source of Wealth
"Source of funds" answers the question: where did the money for this transaction come from? "Source of wealth" answers a broader question: how did this person accumulate their overall net worth? Both are part of CDD for higher-risk clients, and both are mandatory under Enhanced CDD where the AML/CTF Rules require it.
For an accountant, the typical evidence pack includes some combination of:
- Sale contracts (where proceeds of a property or business sale are funding the transaction).
- Recent payslips or tax returns (where salary is the source).
- Dividend or distribution statements.
- Gift letters with supporting evidence of the donor's source of funds.
- Loan documents (bank or related-party loans).
- Bank statements covering the relevant period.
The accountant's role is not to act as a forensic investigator. It is to collect evidence consistent with what the client has said, look for inconsistencies, and record the assessment. Where the story does not add up, the file escalates: more evidence, senior sign-off, or in some cases an SMR. The line between "needs more evidence" and "needs an SMR" is one of the harder judgment calls in CDD; the test is whether a reasonable person in your role would suspect a relevant offence.
Ongoing Monitoring Triggers
CDD is not finished at onboarding. AUSTRAC's ongoing customer due diligence guidance sets a risk-based standard: regular review on a schedule that matches the client's risk rating, plus event-based triggers when something changes. For accounting firms, the most common event triggers are:
- A change in beneficial ownership (new director, share transfer, new appointor, change in trust deed).
- A material change in the client's business (entering a new industry, a sharp increase in turnover, a move offshore).
- A large or unusual transaction (a one-off transfer that is out of pattern, a new third-party counterparty, cash deposits where there were none).
- A sanctions or PEP hit on a re-screen.
- Adverse media or law enforcement contact.
Document the review. Even where the conclusion is "no change in risk, continue at current rating", the record is the evidence that monitoring happened.
Common Mistakes
The five mistakes we see most often
- Identifying the entity but stopping there. A trust deed alone is not CDD. You also identify the trustee, the appointor, the beneficiaries and the natural persons behind any corporate trustee.
- Anchoring on the 25% threshold. The 25% rule is a floor for ownership. Anyone with effective control is also a beneficial owner, even at 0%. Appointors of discretionary trusts are the classic example.
- Treating CDD as a one-off. Onboarding CDD is half the job. Ongoing monitoring is what catches the change a year later when the client transfers shares to a new entity offshore.
- Skipping source of funds on related-party loans. "It came from the family company" is not source of funds. The next question is: where did the family company get it?
- Not recording the reasoning. The file has to show the firm's thinking, not just the documents. Without a recorded reasoning trail, you cannot prove to AUSTRAC that the CDD was risk-based and proportionate.
For the broader Tranche 2 picture, including enrolment, the AML/CTF program and SMR work, see our accountants Tranche 2 guide. For terminology, the VOI vs KYC vs CDD explainer covers how Australian state-based identity rules differ from AML CDD.
How AMLTranche Handles Entity CDD
AMLTranche is built around the messy structures that show up on an accountant's desk. Pick an entity type, and the platform asks for the right documents, walks up through layered ownership, captures appointor and beneficiary detail for trusts, identifies members for SMSFs, and screens every natural person against the DFAT Consolidated List and PEP databases. Source-of-funds intake is structured (sale contract, payslip, dividend statement, gift letter, loan document) and the practitioner's assessment is recorded against each file. Ongoing monitoring runs on a risk-rated schedule with event-based triggers (sanctions list updates, beneficial owner changes, unusual transactions).
The entire CDD chain is stored in a 7-year tamper-proof audit log hosted in AWS Sydney. See the full feature list and pricing on the AML software for accountants page.
Run accountant CDD in one workflow
Purpose-built CDD for companies, trusts, SMSFs and partnerships, with beneficial ownership and source-of-funds built in. Plans from $59/mo.
See the accountants page Book a DemoFrequently Asked Questions
Who does an accountant conduct CDD on?
The customer is the person, company or trust on whose behalf you provide the designated service. Where the customer is a non-individual, CDD extends to the directors or trustees and to the beneficial owners (natural persons who own 25% or more, or who otherwise control the entity).
What is a beneficial owner under AUSTRAC's CDD rules?
A natural person who ultimately owns 25% or more of the customer entity, or who otherwise controls it. Control can come through voting rights, the ability to appoint or remove directors or trustees, contractual arrangements, or other means.
How do you do CDD on an SMSF?
Identify the fund (using the trust deed and ATO records), the trustee (corporate or individual), and the members as beneficial owners. Where there is a corporate trustee, identify its directors. Source-of-funds work applies on higher-risk contributions (large in-specie transfers, related-party loans, offshore rollovers).
What about CDD on a discretionary (family) trust?
Identify the trust (using the trust deed), the trustee, the appointor or principal (who can change the trustee), and the named beneficiaries or classes of beneficiaries. The appointor is a beneficial owner regardless of any 25% threshold.
When does source of funds work apply for accountants?
For higher-risk clients and where the AML/CTF Rules require Enhanced CDD. Foreign clients, foreign PEPs, layered or opaque structures, cash-intensive businesses and unusual transaction patterns commonly trigger ECDD. Collect supporting documents and record the assessment.
Disclaimer: This article provides general information about CDD for accountants under AUSTRAC Tranche 2 and does not constitute legal advice. Confirm your specific obligations with AUSTRAC or a qualified legal adviser.