Legal profession program starter kit: examples of dealing with clients

These examples show how the legal profession program starter kit can work in practice to deal with your clients based on their risk.

On this page

Low-risk customer example

An individual asks for help setting up a private company. They’ll be the sole director and shareholder.

The client advises they’re a sole trader plumber, and their business is expanding rapidly. They want to run their business as a company to take advantage of company tax benefits and make it easier to hire employees in future.

Before entering into an agreement and actioning the instructions, you must complete initial CDD.

Collect information from the client 

Collect information from the client and complete initial CDD by: 

  • following the initial CDD policy and ongoing CDD policy in the Policy document
  • providing your client with the onboarding form – individuals and sole traders.

The client fills out the onboarding form. They provide their name, date of birth, business address, and country of residence. On the form, they also advise that: 

  • they’re seeking legal services for the reasons stated above
  • they’ll provide their driver's licence to confirm their identity
  • they’re not a politically exposed person (PEP) or subject to sanctions
  • they operate as a sole trader with an Australian Business Number (ABN) and different trading name (which they provide)
  • they only provide plumbing services within Australia.

Assess the client’s risk

Using the information provided by the client, use the initial customer due diligence form – individual to assess the risk of the client. 

If you don’t identify any medium- or high-risk factors, you rate the client as low ML/TF risk. 

Verify the information provided by the client

Next, you use the initial customer due diligence form – individual to:

  • verify the name and date of birth of the buyer, and that they are who they claim to be (by checking the driver's licence against their appearance and the details in the onboarding form)
  • do an ABN search to verify that the plumber is currently registered as a sole trader.

You document that you have no concerns with the validity of the driver's licence and there are no discrepancies in the information provided.

Conduct politically exposed persons and sanctions checks

To verify the plumber isn’t a politically exposed person (PEP) or subject to sanctions, you follow the Sanctions check process and Politically exposed persons check process.

If you find the client is not a PEP or subject to sanctions, you record these findings in the Initial customer due diligence form.

You complete the final onboarding checks in the form, validating all steps required for onboarding are completed. 

Finalise risk rating and initial CDD

You assign a final ML/TF risk rating of low after confirming that:

  • the client isn’t high risk
  • there are no reasonable grounds for a suspicion
  • there are no apparent ML/TF risk factors that aren’t included in your risk assessment
  • the client doesn’t need to be escalated to the AML/CTF compliance officer.

You assign a final ML/TF risk rating of low. Initial CDD is now complete, and you can start providing the service to the client.

In line with your ongoing CDD policy, you monitor the client for unusual transactions and behaviours, and changes to ML/TF risk while setting up the company.

When you’ve finished providing services to the client, the business relationship has concluded. No further ongoing CDD or monitoring is required.

Medium-risk customer example

You receive an online enquiry from a person wanting help to set up a trust and corporate trustee in Australia, on behalf of their overseas client.

Before entering into an agreement and actioning the instructions, you must complete initial CDD.

Collect information from the client

Collect information from the client and complete initial CDD by: 

  • following the initial CDD policy and ongoing CDD policy in the Policy document
  • providing your client’s representative with the onboarding form – individuals and sole traders.

The representative fills out the onboarding form on behalf of the client confirming:

  • the client is an individual who is a resident of a foreign country
  • the client is a former accountant who is now retired, but does occasional freelance work
  • the client wants to set up the family trust to hold their Australian investment properties and distribute rental income each financial year to their children residing in Australia
  • the representative has agreed to be a nominee director for the trustee company (as private companies must have one director residing in Australia), with the client being the second director and sole shareholder
  • the representative has reliable documentation showing their authority to act on behalf of the client
  • the representative isn’t a reporting entity enrolled with AUSTRAC
  • the client and representative are not politically exposed persons (PEPs)
  • the representative will provide an Australian driver's licence to prove their identity
  • the client provides a foreign passport to prove their identity
  • you interact with them using remote channels and never meet them in person.

Assess the client’s risk

You fill out the initial customer due diligence form – individual to assess the risk of your client. You determine that the ML/TF risk rating is medium, as you’ve identified the following medium-risk factors:

  • there’s a third party interacting with you on the client’s behalf as their representative (medium-risk factor)
  • you interact with the representative using remote channels, and never meet them in person (medium-risk factor)
  • the client is a foreign resident of a medium-risk country in your risk assessment (medium-risk factor).

Conduct politically exposed persons and sanctions checks

You need to verify the client isn’t a politically exposed person (PEP) or subject to sanctions, you follow the Sanctions check process and Politically exposed persons check process.

You find the client isn’t a PEP or subject to sanctions. You record these findings in the Initial customer due diligence form.

You document all required details and confirm that the representative and client aren’t subject to sanctions.

Verify the information provided by the client

You use the initial customer due diligence form – individual to verify the identity of the:

  • client using a foreign passport
  • representative using an Australian driver’s licence.

You then complete initial CDD by confirming there are:

  • no escalation trigger listed in the escalation and enhanced CDD policy in the Policy document
  • no circumstances that have changed the initial client risk rating.

Monitor client behaviour

In line with your ongoing CDD policy in the Policy document, you document all interactions with your client. 

This is to monitor client behaviour and transactions during the business relationship for any:

  • indicators of criminal activity
  • changes to ML/TF risk.

When you’ve finished providing services to the client, the business relationship is concluded. No further ongoing CDD or monitoring is required.

High-risk customer example

An individual contacts you and asks you to set up a family trust. 

When you ask about the reason for the creation of the trust, the individual states that they wish to use the trust to buy a garage for $1.7 million. The client plans to pay a $650,000 deposit in physical currency, which will be paid into the family trust account and then used for the purchase. 

They then plan to transfer the garage from the trust to a company run by the client’s daughter. That company will lease the garage to another party. The rent paid by the tenant will be paid back to the family trust.

Before entering into an agreement and actioning the instructions, you must complete initial CDD.

Collect information from the client

Collect information from the client and complete initial CDD by: 

  • following the initial CDD policy and ongoing CDD policy in the Policy document
  • providing your client with the onboarding form – individuals and sole traders.

The client completes the onboarding form confirming:

  • their name, date of birth, residential address, country of residence and occupation
  • the service they want, as detailed above.

Assess the client’s risk

You use the initial customer due diligence form – individual to assess the client’s risk. You rate the client as high risk, identifying the following medium- and high-risk factors.

The client is:

  • creating effective anonymity by requesting a complex legal arrangement, making it difficult to identify the individuals who own and control it (high-risk factor)
  • seeking a high-value transaction (medium-risk factor)
  • requesting an unusual physical currency transaction (high-risk factor)
  • interacting with you using remote channels and has never met in person (indicators of ML/TF).

You note the ML/TF risk factors and rate the client as high ML/TF risk. As the client is high ML/TF risk, under the escalation and enhanced CDD policy in the Policy document you must: 

  • escalate this to the AML/CTF compliance officer
  • wait for confirmation from the compliance officer before proceeding with the instructions.

Conduct politically exposed persons and sanctions checks

Before escalating to the AML/CTF compliance officer, you conduct politically exposed persons (PEP) and sanctions screening to ensure these are not additional risk factors. You follow the Sanctions check process and Politically exposed persons check process.

You find the client is not a PEP or subject to sanctions. You record these findings in the Initial customer due diligence form.

You document all required details and confirm that the representative and client aren’t subject to sanctions.

You complete the Escalation form and provide this to the AML/CTF compliance officer with the relevant details about the client. 

AML/CTF compliance officer checks and processes

Once escalated, the AML/CTF compliance officer conducts the following additional checks.

Complete other client checks

The AML/CTF compliance officer follows the source of funds and source of wealth check processes. When completing this check, the:

  • client explains that the source of funds is from their inheritance, but refuses to provide verifying information when asked
  • AML/CTF compliance officer identifies that their assets appear inconsistent with their known income. 

The AML/CTF compliance officer uses the Adverse media check process to search for information available about the client. These searches show that the client has been the subject of media reporting for involvement with drug trafficking offences.

Determine if there are reasonable grounds for suspicion

The AML/CTF compliance officer considers all relevant information and determines there are reasonable grounds for a suspicion. They believe that information about the client may be relevant to or assist with an investigation into a criminal offence. 

The AML/CTF compliance officer submits a suspicious matter report (SMR) to us. None of the information they disclose is subject to legal professional privilege, so they don’t need to complete a legal professional privilege form (LPP form).

Client rated as high risk

The AML/CTF compliance officer seeks written approval from the senior manager before providing the designated service to the client. The senior manager approves continuing the relationship with the client. 

Proceed with the designated service and carry out ongoing monitoring of the client

Once you receive advice from the AML/CTF compliance officer and senior manager, you proceed with the instructions from the client.

For the remainder of the business relationship, you follow the ongoing CDD policy. You monitor the client for any indicators of criminal activity or changes to ML/TF risk as outlined in your Risk assessment

You monitor the client more closely than you would a client who you rate as low or medium ML/TF risk.

The program starter kits are intended to be used as a complete package and have been designed for use by those reporting entities who satisfy certain suitability criteria. That suitability criteria is set out in the ‘Getting Started’ web page under the heading “Who the starter kit is for” in each program starter kit. In particular, those Tranche 2 entities who, from 1 July 2026, are for the first time subject to anti-money laundering and counter-terrorism financing legislation (AML/CTF).

 The program starter kits have been designed for the purpose of providing practical guidance to those reporting entities to assist them to build their own AML/CTF programs. The program starter kits represent AUSTRAC’s interpretation and application of the law to the eligible reporting entities only and are not intended to represent an interpretation and application of the law in all circumstances. The program starter kits are not a substitute for legal advice about any reporting entity’s AML/CTF compliance obligations. Australian courts are ultimately responsible for interpreting the AML/CTF legislation and determining if any provision of these laws are contravened.

This guidance sets out how we interpret the Act, along with associated Rules and regulations. Australian courts are ultimately responsible for interpreting these laws and determining if any provisions of these laws are contravened. 

The examples and scenarios in this guidance are meant to help explain our interpretation of these laws. They’re not exhaustive or meant to cover every possible scenario.

This guidance provides general information and isn't a substitute for legal advice. This guidance avoids legal language wherever possible and it might include generalisations about the application of the law. Some provisions of the law referred to have exceptions or important qualifications. In most cases your particular circumstances must be taken into account when determining how the law applies to you.

Last updated: 29 Jan 2026
Page ID: 1496

Was this page helpful?

Please note that feedback you provide here will be used only for the purpose of improving our website. If you have a specific question about your AML/CTF obligations, please contact us.