With Australia's AML/CTF reform taking effect on 31 March 2026, understanding the customer due diligence requirements for organisational entities has become more critical than ever. It's important to recognise that AUSTRAC's published guidelines on Customer Due Diligence are considerably more detailed than the AML/CTF Rules themselves, and in some cases extend the requirements beyond what is explicitly stated in the Rules. These guidelines represent AUSTRAC's interpretation of how reporting entities should apply the AML/CTF Act and its associated Rules in practice.
That said, whilst AUSTRAC's interpretations are highly influential for compliance purposes, they do not carry the force of law. Australian courts remain the ultimate authority when interpreting legislation and determining whether any provisions of the AML/CTF Act have been contravened, meaning that in any legal dispute, it is the judicial interpretation that prevails over regulatory guidance.
In light of this regulatory landscape, bronID has adopted a conservative approach to compliance. We incorporated both the explicit requirements set out in the AML/CTF Rules and AUSTRAC's published interpretations of the CDD procedures. This dual-layered approach ensures that bronID's compliance framework not only meets the minimum legal requirements but also aligns with the regulator's expectations, thereby minimising regulatory risk for bronID clients.
This guide breaks down the practical steps reporting entities must take to establish the identity, ownership, and control of business customers across all entity types, providing a comprehensive framework for meeting the spirit of the new CDD requirements. bronID has tailored its KYB procedures in accordance with the guidance outlined below.
Why Know Your Business (KYB) Matters
Know Your Business procedures form the cornerstone of effective anti-money laundering and counter-terrorism financing controls. While many are familiar with Know Your Customer (KYC) requirements for individuals, KYB addresses the unique challenges that corporate structures and legal arrangements present.
AUSTRAC's National Money Laundering Risk Assessment 2024 rated both legal structures and bodies corporate as high money-laundering risks, noting they are persistently exploited by criminals to store and move large volumes of criminal proceeds, including offshore. Trusts received a similar assessment, with their poor transparency identified as a key national vulnerability to criminal exploitation.
The reason is straightforward: organisational entities can disguise the individuals who ultimately control and benefit from them. Money launderers exploit this opacity to place, layer, and integrate the proceeds of crime while concealing their illicit origins.
KYB procedures counter this threat by requiring reporting entities to look through the corporate veil and establish two critical elements:
Entity Verification: Confirming that the organisation exists as a legal entity and establishing its fundamental identity characteristics. This includes verifying the organisation's legal name, registration details, principal place of business, and the legal instruments that govern its operations.
Ultimate Beneficial Owner (UBO) Verification: Identifying and verifying the individuals who ultimately own or control the entity. This is the most critical aspect of KYB, as it reveals who truly stands behind the corporate structure. Beneficial owners may include shareholders, partners, trustees, settlors, appointors, protectors, directors, and others who exercise control over the entity.
The legislation requires reporting entities to establish these matters on reasonable grounds before providing designated services. This means you must collect sufficient Know Your Customer information and, in most cases, verify that information using reliable and independent data sources.
Importantly, just because certain entity types are rated as nationally high risk does not automatically mean every customer of that type will be high risk for your business. You must assess each customer's money laundering and terrorism financing risk based on their specific circumstances, including the complexity of their structure and their ability to disguise beneficial ownership.
CDD Procedures by Entity Type
The specific information you must collect and verify varies depending on the type of organisational entity. The tables below provide a comprehensive overview of requirements for each entity type under the reformed AML/CTF regime.
