One of the most resource-intensive aspects of Know Your Business (KYB) customer due diligence is identifying and verifying beneficial owners—the individuals who ultimately own or control your business customers. While this process is essential for effective anti-money laundering and counter-terrorism financing controls, Australia's AML/CTF framework recognises that not every business customer presents the same level of risk.

For certain types of low-risk business entities that are already subject to robust regulatory oversight or public transparency requirements, the law allows reporting entities to apply simplified verification procedures for their KYB processes. This means you can skip the time-consuming process of beneficial owner verification while still maintaining effective risk management and compliance.

Understanding when simplified verification procedures can be applied is crucial for operational efficiency. It allows your compliance team to focus resources where they're needed most—on higher-risk customers—while streamlining KYB onboarding for low-risk entities that don't require the same level of scrutiny.

This article explains what simplified verification procedures are, which business customers qualify, what you still need to verify, and how to implement these procedures correctly to ensure both efficiency and compliance.

What is a Beneficial Owner?

Before exploring simplified procedures, it's important to understand what we mean by a beneficial owner. Under the reformed AML/CTF framework, a beneficial owner is an individual who directly or indirectly:

• Ultimately owns 25% or more of your customer, OR
• Otherwise controls your customer

Key points to remember:

• A customer may have more than one beneficial owner
• Sometimes a customer may have no beneficial owner
• You must follow the ownership chain until you reach individuals, not other entities

What Are Simplified Verification Procedures?

Simplified verification procedures allow reporting entities to skip the identification and verification of beneficial owners for certain types of business customers. This reduces administrative burden in your KYB processes while maintaining effective ML/TF (money laundering, terrorism financing, and proliferation financing) risk management.

However, it's crucial to understand that simplified verification procedures only exempt you from beneficial owner verification—they don't eliminate all CDD requirements.

The Three Mandatory Conditions for Simplified Verification

To apply simplified verification procedures and skip beneficial owner verification, ALL of the following conditions must be met:

1. The customer is LOW ML/TF risk
2. Enhanced CDD does NOT apply to them
3. The customer is, or is controlled by, a qualifying entity type (see below)

Important: If even one of these conditions is not met, you must conduct full beneficial owner identification and verification.

Qualifying Entity Types

There are four categories of entities that qualify for simplified procedures:

1. Government Bodies

Any government body, including federal, state, local, or foreign government bodies. This recognises that government entities are subject to public accountability and transparency requirements that mitigate ML/TF risks.

Example: A state government department seeking to open an account to manage grant distributions would qualify for simplified procedures, provided the customer is assessed as low ML/TF risk and enhanced CDD doesn't apply.

2. Entities Subject to Regulatory Oversight

Entities subject to regulatory oversight by a prudential, insurance, or investor protection regulator through registration or licensing requirements. These entities are already subject to comprehensive regulatory supervision that addresses ML/TF risks.

This category includes:

• Banks (regulated by APRA)
• Insurance companies (regulated by APRA)
• Superannuation funds (regulated by APRA)
• Australian Financial Services (AFS) licensees (regulated by ASIC)
• Credit licensees (regulated by ASIC)
• Registered auditors and liquidators (regulated by ASIC)

Example: A superannuation fund regulated by APRA wants to invest in a property trust you manage. Because the fund is subject to APRA's prudential supervision, is assessed as low risk, and enhanced CDD doesn't apply, you can apply simplified procedures and skip beneficial owner verification.

How to verify: Check the entity's registration on the APRA website (for banks, insurers, and super funds) or search ASIC's professional services registers (for AFS licensees, credit licensees, auditors, and liquidators).

3. Corporations or Associations of Homeowners

Corporations or associations of homeowners in a strata title or community title scheme. These bodies corporate typically have limited purposes and transparent governance structures that present lower ML/TF risks.

Example: An owners' corporation for a residential apartment building needs to open a bank account to manage common property expenses and levy collections. As a strata title body corporate assessed as low risk without enhanced CDD requirements, simplified procedures apply.

4. Publicly Listed Companies

Companies that are BOTH:

• A listed public company (e.g., on the Australian Securities Exchange)
• Subject to public disclosure requirements that ensure transparency regarding the identity of any beneficial owners

Example: A company listed on the ASX wants to establish a relationship with your firm. ASX listing rules require comprehensive disclosure of substantial shareholdings and related party transactions. Provided the company is low risk and enhanced CDD doesn't apply, you can skip beneficial owner verification.

Special note: For publicly listed companies meeting these criteria, you also don't need to identify the CEO or equivalent senior managing official.

What About 'Controlled By' a Qualifying Entity?

The simplified procedure applies not only when your customer is one of the qualifying entity types, but also when your customer is controlled by one of these entities.

Example: A trust is wholly owned and controlled by an APRA-regulated bank. Even though the trust itself isn't a regulated entity, because it's controlled by a qualifying entity (the bank), is low risk, and enhanced CDD doesn't apply, simplified procedures can be used.

What You Still Must Do (Even with Simplified Procedures)

This is critical: simplified procedures only exempt you from beneficial owner verification. You still have substantial CDD obligations:

‍

How to Apply Simplified Procedures: A Practical Workflow

Follow these steps to determine if simplified procedures apply:

Step 1: Assess ML/TF Risk

Determine if the customer is low ML/TF risk based on your AML/CTF program's risk assessment methodology. If the customer is medium or high risk, simplified procedures cannot apply.

Step 2: Check Enhanced CDD Requirements

Confirm that enhanced CDD doesn't apply to this customer. Enhanced CDD is required in specific circumstances, such as when dealing with high-risk customers or politically exposed persons. If enhanced CDD applies, you cannot use simplified procedures.

Step 3: Collect Information About Entity Type

Ask the customer's representative whether the customer is, or is controlled by:

• A government body
• An entity subject to regulatory oversight (prudential, insurance, or investor protection)
• A strata or community title corporation
• A publicly listed company with disclosure requirements

For regulated entities, collect:

• The regulator they're registered or licensed with (e.g., APRA, ASIC)
• The capacity in which they're registered or licensed
• Any unique licensing or registration number

Step 4: Verify the Information

Use reliable and independent sources to verify the customer's qualifying status:

• For APRA-regulated entities: Check the APRA website for registration details of banks, insurers, and superannuation funds
• For ASIC-regulated entities: Search ASIC's professional services registers for AFS licensees, credit licensees, auditors, and liquidators
• For publicly listed companies: Verify listing on the ASX or other appropriate exchange
• For government bodies: Obtain reliable and independent data confirming government status

Step 5: Document Your Decision

Record in your CDD records:

• The customer's ML/TF risk assessment (confirming low risk)
• Confirmation that enhanced CDD doesn't apply
• The qualifying entity type and verification evidence
• Your decision to apply simplified procedures (no beneficial owner verification required)

Step 6: Complete Required CDD

Proceed with all other CDD requirements:

• Verify the customer entity
• Verify representatives
• Verify persons receiving service on behalf of the customer
• Conduct PEP and targeted financial sanctions screening

Practical Examples: When Simplified Procedures Apply

Example 1: APRA-Regulated Superannuation Fund

Scenario: Industry SuperFund Pty Ltd, a large superannuation fund regulated by APRA, wants to open an investment account with your wealth management firm.

Analysis:

• ML/TF Risk: Assessed as low based on regulatory oversight, transparent governance, and established operations
• Enhanced CDD: Not required
• Qualifying Entity: Yes - APRA-regulated superannuation fund (verified via APRA website)

Outcome: Simplified procedures apply. You verify the fund itself, the authorised representatives acting on its behalf, and conduct PEP/sanctions checks. You do NOT need to identify or verify the beneficial owners of the fund.

Example 2: ASX-Listed Company

Scenario: Mining Corp Ltd, listed on the ASX with a market capitalization of $500 million, seeks corporate banking services.

Analysis:

• ML/TF Risk: Assessed as low given public company status, regulatory oversight, and transparent shareholding structure
• Enhanced CDD: Not required
• Qualifying Entity: Yes - ASX-listed with continuous disclosure obligations ensuring transparency of beneficial ownership

Outcome: Simplified procedures apply. You verify the company itself, authorised signatories, and conduct PEP/sanctions screening. You do NOT need to identify beneficial owners OR the CEO/equivalent senior managing official.

Example 3: Trust Controlled by Regulated Entity

Scenario: Smith Family Trust, with National Bank Ltd (an APRA-regulated bank) as the corporate trustee holding 100% control, wants to establish an investment account.

Analysis:

• ML/TF Risk: Assessed as low based on control by a major regulated bank
• Enhanced CDD: Not required
• Qualifying Entity: Yes - trust is controlled by an APRA-regulated bank

Outcome: Simplified procedures apply. You verify the trust, the corporate trustee (National Bank Ltd), and any beneficiaries. You conduct PEP/sanctions checks. You do NOT need to identify the settlor, appointor, or other beneficial owners of the trust.

Example 4: Owners' Corporation

Scenario: Harbourview Apartments Owners Corporation, managing a 50-unit residential strata scheme, needs a bank account for levy collection and common property maintenance.

Analysis:

• ML/TF Risk: Assessed as low - residential strata with transparent governance and limited purpose
• Enhanced CDD: Not required
• Qualifying Entity: Yes - strata title corporation

Outcome: Simplified procedures apply. You verify the owners' corporation, the committee members authorised to operate the account, and conduct PEP/sanctions screening. You do NOT need to identify the individual apartment owners as beneficial owners.

When Simplified Procedures Don't Apply

It's equally important to understand when you cannot use simplified procedures:

Example 5: High-Risk Customer

Scenario: A bank regulated by APRA wants to establish a correspondent banking relationship with your institution.

Analysis: While the customer is an APRA-regulated entity, correspondent banking relationships are typically assessed as high ML/TF risk due to the potential for layering transactions and reduced visibility of underlying customers.

Outcome: Simplified procedures do NOT apply because the customer is not low risk. You must conduct full beneficial owner identification and verification, plus enhanced CDD measures.

Example 6: Enhanced CDD Applies

Scenario: A small regional insurance company regulated by APRA is assessed as low risk. However, you discover that the CEO is a foreign politically exposed person (PEP).

Analysis: Enhanced CDD is required when dealing with PEPs or their family members and close associates.

Outcome: Simplified procedures do NOT apply because enhanced CDD is required. You must identify and verify beneficial owners, even though the company is APRA-regulated and otherwise low risk.

Example 7: Private Company (Not Publicly Listed)

Scenario: Tech Startup Pty Ltd is a private unlisted company assessed as low risk. The company is not subject to regulatory oversight by APRA or ASIC beyond general corporate law compliance.

Analysis: While the company is low risk and enhanced CDD doesn't apply, it doesn't fall into any of the four qualifying entity categories.

Outcome: Simplified procedures do NOT apply. You must identify and verify all beneficial owners (individuals who own or control 25% or more of the company).

Key Takeaways

1. All three conditions must be met: Low ML/TF risk, no enhanced CDD, and qualifying entity type
2. Four qualifying entity types: Government bodies, regulated entities, strata corporations, and publicly listed companies with disclosure requirements
3. Control matters: The exemption applies when a business customer is controlled by a qualifying entity, not just when they are one
4. Verification is required: You must verify the customer's qualifying status using reliable, independent sources like APRA or ASIC registers
5. Other KYB checks continue: Simplified verification procedures only exempt beneficial owner verification - all other CDD requirements remain
6. Document your decision: Keep records showing how you determined simplified verification procedures were appropriate
7. Trusts require special attention: Even with simplified verification procedures, you must still verify trustees and beneficiaries

How bronID Can Help

Determining whether an entity qualifies for simplified verification procedures and properly documenting that decision can be complex and time-consuming. bronID's eKYC platform automates this entire process, ensuring compliance while reducing manual effort.

bronID automatically detects if an entity qualifies for a simplified verification procedure by:

• Collecting and verifying regulatory credentials: bronID captures Australian Financial Services Licences (AFSL) or Australian Credit Licences (ACL) and verifies them against ASIC registers, or checks APRA registration for banks, insurers, and superannuation funds
• Verifying public listing status: The platform automatically collects and verifies listing details on the ASX, NASDAQ, NYSE, or other recognised exchanges to confirm public company status and disclosure requirements
• Confirming regulatory oversight: bronID validates regulatory status with relevant regulatory bodies to establish whether an entity meets the qualifying criteria
• Documenting the reasoning: The platform automatically documents why simplified procedures apply, creating a clear audit trail that demonstrates compliance with AUSTRAC's requirements

All verification evidence is included in bronID's IDV (Identity Verification) Certificate, providing you with comprehensive documentation for future reference and audit purposes. This means you have immediate access to:

• The specific regulatory licence or registration details (e.g., AFSL number, APRA registration)
• Exchange listing verification and relevant disclosure regime confirmation
• Clear reasoning for why simplified procedures were applied
• Timestamped evidence supporting the verification decision

This automated approach ensures consistency across your customer onboarding process, reduces the risk of human error, and provides the comprehensive documentation required to demonstrate compliance with Australia's AML/CTF requirements. Whether you're verifying an APRA-regulated superannuation fund, an ASX-listed company, or a trust controlled by a regulated entity, bronID handles the complexity while you focus on your business.