AML Compliance Guide
← Back to compliance toolkit

Free AML/CTF Tranche 2 Compliance Toolkit

Customer Due Diligence

Send a secure link to your customer. They complete identity verification — you get a confirmed name, a sanctions screening result, and a timestamped audit trail in your dashboard. Under 2 minutes, end-to-end.

Why this is required: All Tranche 2 reporting entities must verify the identity of customers before providing a designated service, and keep those records for at least 7 years. AML/CTF Act 2006 (Cth) Pt 2 Div 2 ↗

How it works

1

You generate a link

From your dashboard, create a new CDD check in seconds — optionally label it with the client's name. A unique verification link is generated instantly.

2

Your customer completes ID verification

The customer clicks the link, photographs their identity document (passport, driver licence, or ID card), and takes a live selfie — all via our secure hosted verification flow.

3

Automated sanctions screening runs

Once the document is verified, the customer's confirmed legal name is automatically screened against the OpenSanctions database — covering UN, OFAC, EU, and AUSTRAC watchlists.

4

You see the result in your dashboard

Pass or review-required — the result appears in your CDD dashboard with the verified name, screening outcome, and a timestamped audit trail. Takes under 2 minutes end-to-end.

What's checked

Identity verification

  • Government-issued document authentication (passport, driver licence, ID card)
  • MRZ chip and barcode integrity check
  • Live selfie matched to document photo
  • Legal name and date of birth extracted and returned

Sanctions screening — OpenSanctions

  • UN Security Council consolidated sanctions list
  • OFAC (US), EU, and UK sanctions lists
  • DFAT Australian autonomous sanctions
  • 100+ official sources, updated daily

Ready to run your first CDD check?

Generate a link, share it with your customer — verified and screened in under 2 minutes.

Free account · No credit card required to get started

Frequently asked questions

What is Customer Due Diligence (CDD) and why is it required?
CDD is the process of verifying a customer's identity before providing a designated service. Under the AML/CTF Act 2006 (Cth) Part 2 Division 2, all reporting entities must collect and verify identifying information for individual customers before or as soon as practicable after the commencement of a business relationship. Tranche 2 businesses (accountants, lawyers, conveyancers, real estate agents) are required to implement CDD from 29 July 2026.
What does the identity verification actually check?
Our verification checks the authenticity of a government-issued identity document (passport, driver licence, or national ID card) and confirms that the person presenting it matches the document via a live selfie. It checks document integrity, MRZ data, and liveness detection.
Which sanctions lists does the screening cover?
Screening is performed via OpenSanctions, which consolidates data from over 100 official sources including UN Security Council sanctions, OFAC (US), EU consolidated list, UK sanctions list, Australian Department of Foreign Affairs and Trade (DFAT) autonomous sanctions, and AUSTRAC-relevant watchlists. The database is updated daily.
Does the customer's ID document get stored on your servers?
Identity document images are captured and processed entirely within our platform. Only the verified legal name and, where available, date of birth are stored in your account — the raw document image is not retained after verification completes.
Is this sufficient for all CDD obligations?
This tool covers individual identity verification and sanctions screening — two of the core CDD requirements for standard-risk customers. However, your AML/CTF program may require additional steps for higher-risk customers (enhanced CDD), beneficial ownership verification for companies and trusts, or PEP screening. The result here is one input into your overall CDD assessment, not a substitute for your program.
What happens if there is a sanctions match?
The result will show "review required" in your dashboard. You will need to manually review the match — many hits are false positives (common names). If you believe a match is genuine, you must not proceed with the transaction and should consider your SMR obligations under s 41 of the AML/CTF Act. Do not tip off the customer that a report may be made.
How long are CDD records retained?
Under the AML/CTF Act, CDD records must be retained for at least 7 years from the date the business relationship ends or the transaction is completed. Records are stored in your account and can be exported at any time.