Customer Due Diligence for Real Estate: Why You Must Verify Both Buyers AND Sellers

Customer Due Diligence — CDD — is the cornerstone of your AUSTRAC compliance obligations. It's the process of identifying who your customers are, verifying their identity, and understanding the nature of the transaction they're involved in.

For real estate agents, this is where Tranche 2 gets practical. You can't just collect a driver's licence and call it done. The AML/CTF Act requires a structured, risk-based approach to every customer — and yes, that means both buyers and sellers.

Why both buyers AND sellers?

This is one of the most common misconceptions in real estate compliance. Many agents assume CDD only applies to the buyer — after all, they're the ones paying the money. But under the AML/CTF Act, both parties are your “customers.”

The seller is engaging your agency to provide a designated service (brokering the sale of real estate). The buyer is the other party to that service. Both create a customer relationship that triggers CDD obligations.

Money laundering doesn't only happen on the buying side. Sellers can use property transactions to generate seemingly legitimate income from illicitly acquired assets, or to obscure the true ownership of property held through layered structures.

When does CDD start?

The timing of CDD depends on which side of the transaction you're dealing with:

• Sellers: CDD begins when the listing agreement is signed. This is the point at which you establish a customer relationship with the vendor. You should collect and verify identification before or at the time of listing.
• Buyers: CDD begins when a formal offer is made or a contract is entered into. In practice, many agencies begin preliminary identification earlier in the process, but the legal obligation is triggered at the offer/contract stage.

Practical tip: Don't wait until the last minute. If you're collecting ID at the point of contract signing, you risk delaying settlement or discovering an issue when it's too late to act. Build CDD into your onboarding workflow from the start.

CDD for individuals

For individual customers (natural persons), you must collect and verify:

• Full legal name — as it appears on their identity document
• Date of birth
• Residential address — not a PO Box

Verification requires at least one primary photographic ID (Australian passport, state/territory driver's licence, or foreign passport) or one primary non-photographic ID (birth certificate, citizenship certificate) plus one secondary ID (Medicare card, Centrelink card, or utility bill).

You can verify in person (viewing original documents) or electronically through a reliable, independent data source. Electronic verification is increasingly standard and is accepted by AUSTRAC, provided it meets the requirements in the AML/CTF Rules.

CDD for companies

When a company is the buyer or seller, you must verify:

• Full company name and ACN/ABN
• Registered office address
• Principal place of business (if different from registered office)
• Directors — full names of all directors
• Beneficial owners — anyone who ultimately owns or controls 25% or more of the company

Verify the company's existence through an ASIC search. For each beneficial owner identified, you must then conduct individual CDD (full name, date of birth, address, and identity verification).

CDD for trusts

Trusts are common in Australian property transactions, and they add complexity. You must identify and verify:

• Full name of the trust
• Type of trust (family/discretionary, unit, self-managed super fund, testamentary)
• Trustee(s) — if an individual, conduct individual CDD; if a company, conduct company CDD
• Settlor (for non-SMSF trusts where the settled sum exceeds $10,000)
• Beneficiaries — for unit trusts, identify anyone holding 25% or more of units; for discretionary trusts, identify the classes of beneficiaries
• Any person who has effective control — the appointor, guardian, or anyone who can remove the trustee

Request a copy of the trust deed or a certified extract to verify the trust's details. This is non-negotiable — a trust name alone is not sufficient.

Beneficial ownership: the 25% threshold

The concept of “beneficial ownership” is central to CDD. A beneficial owner is any natural person who ultimately owns or controls 25% or more of a customer entity. This applies to companies, trusts, and any other legal arrangement.

You must look through the ownership chain to find the natural persons at the end. If Company A owns a property, and Company B owns 50% of Company A, and John Smith owns 100% of Company B — John Smith is a beneficial owner and must be identified and verified.

If you cannot determine the beneficial owners after taking reasonable steps, you must identify the senior managing official(s) of the entity.

Risk rating your customers

Not every customer presents the same level of money laundering risk. Your AML/CTF program must include a methodology for assigning a risk rating to each customer. Common risk factors include:

• Customer type: individuals are generally lower risk than complex corporate structures or foreign entities
• Geographical risk: customers from or connected to high-risk jurisdictions (as identified by FATF)
• Transaction risk: unusually high-value purchases, cash payments, or transactions that don't match the customer's profile
• Politically Exposed Persons (PEPs): current or former senior government officials, their relatives, and close associates

Enhanced due diligence (EDD)

When a customer is rated as high risk, you must apply enhanced due diligence. This goes beyond standard CDD and may include:

• Obtaining additional identity documents or verification
• Verifying the source of funds — where is the money coming from?
• Verifying the source of wealth — how did the customer accumulate their assets?
• More frequent ongoing monitoring of the customer relationship
• Senior management approval before proceeding with the transaction

EDD is mandatory for PEPs, customers from high-risk jurisdictions, and any situation where the ML/TF risk is elevated.

Simplified due diligence (SDD)

At the other end of the spectrum, simplified due diligence may be applied where the ML/TF risk is demonstrably low. SDD allows you to reduce — but not eliminate — your verification requirements. For example, you might accept a wider range of identity documents or delay certain verification steps.

SDD is only appropriate where your risk assessment supports it. It cannot be used as a shortcut to avoid CDD entirely, and you must still collect minimum identification information.

Deemed CDD provisions

In some cases, you may be able to rely on CDD already conducted by another reporting entity — for example, a solicitor or conveyancer who is also subject to AML/CTF obligations. This is known as “deemed CDD” or reliance on third parties.

However, there are strict conditions: the other entity must be an Australian reporting entity, they must have conducted CDD to the required standard, and you must have a written agreement in place. Even with deemed CDD, the ultimate responsibility for compliance remains with you.

Practical workflow for agents

Here's how CDD should fit into your daily operations:

1. At listing: Collect the vendor's ID and verify it. If the vendor is a company or trust, request the relevant documents and identify beneficial owners. Assign a risk rating.
2. At offer/contract: Collect the buyer's ID and verify it. Same process for companies and trusts. Assign a risk rating.
3. During the transaction: Monitor for anything unusual. Does the transaction match the customer's profile? Are there any red flags (sudden change of buyer, requests for unusual payment arrangements, reluctance to provide ID)?
4. At completion: Ensure all CDD records are filed and retained. Your records must be kept for a minimum of 7 years after the end of the customer relationship.
5. Ongoing: If you have a continuing relationship with a customer (e.g., repeat vendor), review and update their CDD periodically and whenever you become aware of a change in their circumstances.