Overview of ongoing customer due diligence (Reform)

Learn about your ongoing customer due diligence (CDD) obligations.

On this page

Ongoing CDD obligations overview

This section refers to the Act sections 30, 32 and 39D.

You must monitor your customers to appropriately identify, assess, manage and mitigate the risks of money laundering, terrorism financing and proliferation financing (we refer to these as ML/TF risks) that you may reasonably face while providing designated services

This includes monitoring your customers for unusual transactions and behaviours, and behaviour that may require you to submit a suspicious matter report (SMR) to us.

If you have a business relationship with a customer, you must also both:

  • review and, if appropriate, update your identification and assessment of the customer’s ML/TF risk
  • review and, if appropriate, update and reverify know your customer (KYC) information relating to the customer.

Learn about: 

  • your ongoing CDD obligations for pre-commencement customers
  • when you need to apply enhanced CDD measures in ongoing CDD.

Note about tipping off

You don’t need to conduct all aspects of ongoing CDD if you both:

  • have an obligation to submit an SMR in relation to the customer
  • reasonably believe that complying with an ongoing CDD requirement would or could reasonably be expected to alert the customer to your suspicion.

If you submit an SMR in relation to a customer and continue to provide them with designated services, you must apply enhanced CDD measures.

If this happens, you must undertake as much ongoing CDD as you can without alerting the customer to your suspicion.

Learn more about tipping off.

AML/CTF policies and ongoing CDD

This section refers to the Act sections 26F and 30.

Your anti-money laundering and counter-terrorism financing (AML/CTF) policies (which includes your systems, controls and procedures) must deal with ongoing CDD. 

The way you conduct ongoing CDD must be appropriate to manage and mitigate the ML/TF risks you reasonably face in providing your designated services.

What’s appropriate depends on all of the following:

  • your ML/TF risk assessment in your AML/CTF program
  • your customer’s ML/TF risks that you identify during initial CDD
  • any changes to the customer’s ML/TF risk that you identify as they use your services.

Your AML/CTF policies must set out how you’ll do all of the following:

  • monitor for unusual transactions and behaviours and criminal activity
  • review and, where appropriate, update and reverify your customers’ KYC information
  • review and, where appropriate, update your assessment of the customer’s ML/TF risk
  • respond to unusual transactions and behaviours and additional ML/TF risks you identify during ongoing CDD
  • ensure your ongoing monitoring is working effectively
  • keep records that demonstrate how you complied with your ongoing CDD obligations.

Simplified CDD during ongoing CDD

This section refers to the Act section 31. 

You may apply simplified ongoing CDD measures if all of the following are satisfied:

  • the customer’s ML/TF risk is low
  • you aren’t required to apply enhanced CDD
  • your AML/CTF policies deal with applying simplified CDD measures.

You must still meet your ongoing CDD obligations, but you may be satisfied that you can do this: 

  • through less intensive monitoring activities
  • by updating and reverifying KYC information less frequently. 

What you must monitor for

This section refers to the Act sections 30 and 41 and the Rules section 6–35.

You must monitor your customers to appropriately identify, assess, manage and mitigate the ML/TF risks you may face when providing designated services. 

This includes monitoring your customers for any unusual transactions and behaviour that may require you to submit an SMR to us. Learn more about SMRs

You must also monitor transactions and behaviour for information that:

  • suggests the customer or their agent isn’t who they claim they are
  • would be useful in an enforcement matter relating to the proceeds of crime
  • may be relevant to an investigation or prosecution of certain Commonwealth, state, or territory offences.

This applies to customers that you have a business relationship with, and those who only occasionally use your services. 

Failure to monitor transactions and behaviour can have serious flow-on effects to other AML/CTF obligations.

Learn more about:

Responding to unusual transactions and behaviour

You must take appropriate steps to manage and mitigate ML/TF risks when you identify unusual transactions and behaviour.

Customers may have unusual transactions or behaviour, but this doesn’t mean they’re doing something illegal. 

When you identify unusual transactions or behaviour, determine if both: 

  • there’s a legitimate explanation
  • you need to take further action, such as conducting enhanced CDD to better understand the ML/TF risks or submitting an SMR to us.

Learn about responding to unusual transactions and behaviour.

Example: Identifying and responding to unusual transactions

A staff member at Company A is manually reviewing customer transaction records. The staff member notices a pattern of deposits just below the transaction reporting threshold of $10,000 made under different names to the same customer account.

The staff member escalates the issue to Company A’s AML/CTF compliance officer to determine if there are reasonable grounds to submit an SMR. 

Review and update information and customer ML/TF risk

This section refers to the Act sections 26F and 30.

As part of ongoing CDD, you must both: 

  • review and, where appropriate, update your identification and assessment of the customer’s ML/TF risk
  • review and, where appropriate, update and reverify KYC information relating to the customer.

These obligations only apply where you have a business relationship with your customer. 

Learn more about reviewing and updating KYC information and customer ML/TF risk.

Check your ongoing CDD

This section refers to the Act sections 26F(1) and 30.

You must regularly check the effectiveness of your ongoing CDD. This helps you make sure it’s operating as intended to appropriately identify, assess, mitigate and manage the ML/TF risks you may face.

If you identify any problems during your checks, we expect you to address them promptly. If you don’t, you may fail to meet your obligations.

We expect your AML/CTF policies include how you’ll do all of the following:

  • review your ongoing CDD measures to make sure they’re appropriate. This includes following changes to your customers’ KYC information or ML/TF risk
  • monitor the effectiveness of your ongoing CDD measures
  • prioritise addressing any issues you identify with your ongoing CDD
  • update your AML/CTF policies relating to ongoing CDD.

Nested services relationships

You have additional ongoing CDD obligations if you provide designated services as part of a nested services relationship

Learn more in section 6–26 of the Rules.

Record keeping

This section refers to the Act sections 107 and 111.

You must keep records that show how you complied with your ongoing CDD obligations in relation to a customer. This includes all of the following:

  • keeping records of the customer’s transactions
  • your identification, analysis, and assessment of the customer’s ML/TF risk
  • any decisions your business makes about how you conduct ongoing CDD on the customer.

Learn more about record keeping

This guidance sets out how we interpret the Act, along with associated Rules and regulations. Australian courts are ultimately responsible for interpreting these laws and determining if any provisions of these laws are contravened. 

The examples and scenarios in this guidance are meant to help explain our interpretation of these laws. They’re not exhaustive or meant to cover every possible scenario.

This guidance provides general information and isn't a substitute for legal advice. This guidance avoids legal language wherever possible and it might include generalisations about the application of the law. Some provisions of the law referred to have exceptions or important qualifications. In most cases your particular circumstances must be taken into account when determining how the law applies to you.

Last updated: 16 Oct 2025
Page ID: 1323

Was this page helpful?

Please note that feedback you provide here will be used only for the purpose of improving our website. If you have a specific question about your AML/CTF obligations, please contact us.