CDD — Customer Due Diligence — is the process of identifying a customer, verifying their identity, understanding the purpose and intended nature of the business relationship, and assessing the money-laundering and terrorism-financing risk they pose. It's broader than KYC: KYC is the identity-verification piece, while CDD also covers risk rating, purpose of the relationship, beneficial-ownership identification for entities, ongoing monitoring of activity, and triggering enhanced due diligence (EDD) when risk indicators appear. Australian CDD obligations sit in the AML/CTF Act and Rules and form the operational core of Part B of the AML/CTF Program. CDD is risk-based — the depth of work scales with the customer's assessed risk rather than applied uniformly.
What CDD means in practice from 1 July 2026
For Tranche 2 sectors, CDD is the single biggest operational change. Every law firm, accounting practice, real estate agency and bookkeeper providing a designated service from 1 July 2026 has to run CDD on relevant clients and document it. Generic ID photocopies and informal know-your-client habits won't pass an AUSTRAC supervisory review.
Need to act on CDD? Get matched to a vetted Australian AML provider.
Free, independent, two minutes. We'll send a shortlist tailored to your sector and size — no sales pressure.