Initial CDD for a government body (Reform)

Learn what you need to do for initial customer due diligence (CDD) if your customer is a government body. We have other guides for when your customer is an individual, trust, sole trader or body corporate, unincorporated association or partnership.

On this page

You should read this guidance in conjunction with our guidance on: 

  • initial CDD, which sets out your initial CDD obligations
  • enhanced CDD, which sets out your enhanced CDD obligations

Matters you must establish

This section refers to the Act section 28. 

A government body includes the government of a country, or part of a country, or an agency or authority of such a government. For example, the Commonwealth Department of Defence.

When conducting initial CDD on a customer who is a government body, you must establish the following matters on reasonable grounds:

  • the identity of the government body
  • the identity of any person on whose behalf the government body is receiving the designated service
  • the identity of any person acting on behalf of the government body and their authority to act
  • the identity of any beneficial owners of the government body
  • if any of the above persons are a politically exposed person (PEP) (if they are an individual) or designated for targeted financial sanctions (TFS)
  • the nature and purpose of the business relationship or occasional transaction.

What this guidance covers

This guidance provides an example of the baseline information that could be collected and verified to establish each matter for a customer that doesn’t: 

  • receive the designated service at or through an overseas permanent establishment (such as a foreign branch or subsidiary of an Australian company)
  • trigger enhanced CDD
  • trigger any additional collection of information based on their money laundering, terrorism financing and proliferation financing risks. We refer to these as ML/TF risks.

You could collect information using a customer onboarding form. This is an online or paper form that you ask new customers to complete.

This guidance outlines examples of the following:

  • independent and reliable data that could be used to verify information – where this guidance refers to documents, you could obtain either an original or a reliable copy of the document or extract from that document. If these documents have expired, it may be appropriate to collect and/or verify additional information.
  • circumstances where collection or verification requirements can be reduced or delayed. 

It’s important to note that you’re not required to keep these documents under your record keeping obligations and can instead record details of these documents. Learn more about record keeping.

You could establish these matters by:

  • collecting and verifying different information (unless this guidance specifies that collection or verification must occur), or
  • using other independent and reliable data to that specified in this guidance

Additional requirements

You must also identify the customer’s ML/TF risk and may need to collect and verify additional information to meet the following requirements: 

  • to establish a matter on reasonable grounds
  • to identify the ML/TF risk of the customer, based on know your customer (KYC) information reasonably available to you. Learn about assigning customer risk ratings
  • to resolve any discrepancies that arise while providing information
  • collect and verify additional KYC information as appropriate to the ML/TF risk of the customer, particularly if this risk is medium or high. 

You must apply enhanced CDD measures for some customers. Learn more in enhanced CDD.

Customer identity

This section refers to the Act section 28(2)(a) and (3) and the Rules section 6-4.

Collect information

We expect you to collect sufficient information to distinguish the government body from another government body with the same or a similar name and other details. 

You must collect at least the following information:

  • the government body’s full name
  • any other names the government body is commonly known by
  • the name of the country or part of a country under which the government body is established. For example, a state or territory, the Commonwealth, or a foreign country or part of a foreign country
  • a unique identifier for the government body (if any has been given)
  • the address of the principal place of business or operations of the government body. This is the main physical location from which they conduct their activities
  • evidence of the government body’s existence. For example, a law or executive decision or order that establishes an agency or an extract from an official government website
  • the full name of the individual, or each member of the group of individuals, with primary responsibility for the governance and executive decisions of the government body. For example, the CEO of an agency, the Secretary of a department, or the board of commissioners of an agency.  

Verify information

You could verify the following information, the:

  • full name of the government body
  • address of the government body’s principal place of business or operations
  • name of the country or part of a country under which the government body is established. Such as a state or territory, the Commonwealth, or a foreign country or part of a foreign country. 

The Department of Finance maintains a list of Commonwealth entities and companies. This can help identify Australian government bodies and their accountable authorities or governing bodies.

Official Australian government websites will have a .gov.au domain. Note that some types of government entities, such as government corporations, may have different domains. 

Other examples of documents and data you may use to verify KYC information about a government body include:

  • viewing ABN registration information on the Australian Business Register ABN Lookup website
  • looking up reliable and independent publicly available details, such as government reports and directories
  • viewing information online about foreign government bodies from their official websites
  • viewing legislation or an executive decision or order that establishes or regulates the government body on an official government web site.

Nature and purpose of the business relationship

This section refers to the Act section 28(2)(f) and the Rules sections 6–4 and 6–9.

You must establish the nature and purpose of the business relationship with the government body. 

Collect information

You must at least collect information about the nature of the customer’s business or operations.

The nature of a government body’s business or operations includes the general activity or sector they operate in. For example:

  • defence
  • social services
  • law enforcement and investigations
  • health services and administration
  • utilities and infrastructure
  • international programs and aid
  • local council services.

We also expect you to collect information on the reasons the customer is seeking your services and the nature of the services they’re seeking. Without this information, it will be difficult to establish the nature of the business relationship or occasional transaction on reasonable grounds.

This can provide a good starting point to determine whether the:

  • way your services are used is inconsistent with the stated nature of the business relationship or occasional transaction
  • behaviour of your customer or associated persons is unusual.

This is relevant to determining your customer’s risk rating during initial and ongoing CDD. See assigning risk ratings

Verifying information 

You won’t need to verify the information you’ve collected on this matter if all the following apply:

  • you aren’t required to apply enhanced CDD measures in relation to the customer

  • you’ve identified the customer’s ML/TF risk based on KYC information about the customer reasonably available to you before starting to provide the service

  • you’ve collected KYC information about the nature and purpose of the business relationship or occasional transaction that is appropriate to the ML/TF risk of the customer.

This means that, in practice, after establishing the identity of the customer, you’ll generally only need to verify information you collected on the matter if any of the following apply: 

  • you are required to apply enhanced CDD
  • you have doubts about the adequacy and veracity of the information your customer provided.

If you’re required to verify information on this matter, you must do this by using reliable and independent data. 

For example:

  • publicly available information about the customer. Such as a website that provides information on their business or operations
  • annual reports and information from government sources about the operation of the government body
  • official documents approving the procurement of the relevant designated service by the government body.

Simplified verification for certain matters

This section refers to the Act section 31 and the Rules section 6–17.

There are certain circumstances where you’ll have been taken to have established the identity of a: 

  • person acting on behalf of the customer and their authority to act
  • person receiving a service on the customer’s behalf
  • beneficial owner of the customer. 

A matter mentioned above will be taken to be established where all of the following apply:

  • you’ve identified the customer’s ML/TF risk based on KYC information about the customer reasonably available to you before starting to provide the service
  • the customer’s ML/TF risk is low and enhanced CDD doesn’t apply to them
  • you’ve collected KYC information about the matter, as appropriate to the customer’s ML/TF risk
  • there are no reasonable grounds for you to doubt the adequacy or veracity of that KYC information. 

If this is satisfied, you don’t need to verify the information you collected on the matter. 

Persons acting on behalf of the customer

This section refers to the Act section 28(2)(c) and 28(3) the Rules sections 6–5 and 6–19.

You must establish the identity of any person acting on behalf of the customer and their authority to act. You only need to identify representatives who engage with you in relation to your designated services. You don’t need to verify every representative that the customer has.

This is a common requirement for government bodies, which will often interact with you through an individual employee or agent.

Collect information 

You can determine whether a person is acting on behalf of a government body from: 

  • the way they engage with your services. Such as seeking the service in the name of a government body and not their own name
  • if they indicate your services aren’t for them
  • customer onboarding processes – where you can ask whether the person is acting on behalf of another person or will have a person act on their behalf.

If a government body is seeking your services on behalf of another person, the person they are representing is the customer. You must identify who this customer is. You can use the practical guides we’ve provided depending on if they’re an individual, body corporate, unincorporated association, partnership, sole trader, trust or government body.

If the government body is the customer, they will interact with you through a representative. 

You must collect information on both of the following:

  • the identity of the representative – this process will differ depending on whether they are an individual, body corporate, unincorporated association, partnership, trust, sole trader or government body
  • their authority to act for the customer – including collecting details about the nature of their authority to act for the customer. This could include being appointed under an agency agreement, power of attorney or employed with appropriate authority to act as a representative.

You could also collect information on the reason for granting the authority to act. For example, in the context of real estate purchases, a representative may provide that they have been hired under an agency agreement to help broker the purchase of property.

This provides a good baseline from which you can establish related ML/TF risk and whether the behaviour of the representative is unusual through the course of your business relationship with the customer. 

Verify information

This section refers to the Act section 28(3) and the Rules section 6–19. 

You’re taken to have established the identity of a person acting on behalf of a government body and their authority to act, if all the following apply:

  • you’ve established on reasonable grounds the authority of the person to act on behalf of the customer
  • you determine on reasonable grounds that any additional ML/TF risk associated with the person acting on behalf of the customer is low
  • you’ve collected KYC information about the customer, relating to the person acting on behalf of the customer, that’s appropriate to the ML/TF risk of the customer
  • there are no reasonable grounds for you to doubt the adequacy or veracity of that KYC information.

This will allow you to establish the identity of the relevant representative without verifying the information you’ve collected on this matter.

Verifying information in other circumstances

If these circumstances don’t apply, you could verify: 

Reliable and independent data establishing authority to act for a government body could include:

  • a letter, agency agreement or other authorisation from the customer establishing that the representative has authority to act on their behalf and the scope of their authority
  • an instrument of delegation (or similar document) showing that the person has delegated authority from the head of a government body and evidence showing they currently hold the position to which authority has been delegated
  • that the person is included as an authorised government representative in a reliable and independent government database. Such as the DFAT foreign representatives accredited to Australia list.   

Customers receiving services on another person’s behalf

This section refers to the Act sections 28(2)(b) and (3) and the Rules section 6–6(1). 

If you’ve established on reasonable grounds that your customer is a government body, you’ll generally not be required to collect or verify information on this matter. 

You may be required to do so if the service provided relates to a life policy or sinking life policy. See the Act items 37 and 38 of table 1 in section 6 and the Rules sections 6-6(1)(b) and 6-34.

Identifying beneficial owners

This section refers to the Act sections 28(2)(d)(e) and 31 and the Rules section 6–18.

You’re taken to have established the identity of a government body’s beneficial owners if the ML/TF risk of the government body is low and enhanced CDD doesn’t apply to them.

In these circumstances you’re also taken to have established whether any beneficial owner of the customer is a politically exposed person (PEP) or person designated for targeted financial sanctions (TFS).

If these circumstances don’t apply, you must establish the identity of any beneficial owners of the government body. 

To identify the government body, you’ve already collected information on the full name of the individual, or each member of the group of individuals, with primary responsibility for the governance and executive decisions of the government body. 

You could also ask the government body’s representative to identify any further individuals who own or control the government body. Ownership will generally not be relevant to governments of countries or parts of countries, but may be relevant to other government bodies.

You could verify the identity, ownership and control of individuals over the government body using publicly available information, including:

  • a description of the individual and their role, from an official government website
  • an instrument of appointment outlining the individual’s appointment to the role. 

Learn more about determining ownership and control. 

Politically exposed persons and sanctions

This section refers to the Rules section 6–18.

You must establish if your customer, or any person acting on their behalf or receiving a service on their behalf in relation to your designated services, is a person designated for targeted financial sanctions (TFS).

You must also establish whether any of these persons, if they are individuals, are a politically exposed person (PEP)

Collect information

You could ask your customer’s representative, in an onboarding form, whether any of the individuals referred to above are a PEP: 

In the onboarding form, you could specify that a PEP includes the following:

  • a foreign PEP
  • a domestic PEP
  • an international organisation PEP.

If the customer confirms that one of the individuals mentioned above are a PEP, they could then provide the details of the individual and a description of their role. For example, Australia’s High Commissioner to New Zealand.

For TFS, you’ll have already collected information about the identity of the customer and any person acting on their behalf, which will be enough to complete the verification steps outlined below. 

If you’ve information that a person is subject to TFS, don’t deal with their assets without a permit from the Australian Sanctions Office. Criminal penalties may apply if you do. Further information is on the Australian Sanctions Office website.

Delay verification

In practice, you would typically complete PEP and TFS verification after you’ve collected information about the identity of the customer and any person acting on their behalf. 

This helps you conduct accurate PEP and TFS searches. 

Ordinarily, you would need to verify this information before you start providing a designated service. 

In some circumstances you may be able to delay verification where carrying them out would interrupt the ordinary course of business and other conditions are met. 

Learn more about delayed verification for CDD

Verify PEP information

You could verify the information provided by: 

  • checking the individual’s background using reliable and independent online sources, including government websites and other official data sources, and in the media
  • using databases and reports from third-party providers that provide PEP screening services.

You could make sure any service you use satisfies both of the following: 

  • reflects the definition of PEP in the Act and Rules
  • allows for effective searching despite minor discrepancies or errors in the data entered. 

Learn how to establish if an individual is a PEP.

Verify sanctions information

You can use the Department of Foreign Affairs and Trade’s Consolidated List to search for persons and entities listed for TFS under Australian sanctions laws. 

Sanctions listings change often, so always check for the most recently published list.  

A person may have variations in the spelling of their name, particularly non-English names changed into English. You may need to check alternative spellings or use a service that allows for effective searching despite minor discrepancies or errors in the data entered. 

Learn how to establish if a person is subject to TFS

At the end of this process, you may not be satisfied you’ve established a matter on reasonable grounds. If this is the case, you’ll need to take further action, which may include collecting and verifying additional information, until this level of satisfaction is reached. 

This guidance sets out how we interpret the Act, along with associated Rules and regulations. Australian courts are ultimately responsible for interpreting these laws and determining if any provisions of these laws are contravened. 

The examples and scenarios in this guidance are meant to help explain our interpretation of these laws. They’re not exhaustive or meant to cover every possible scenario.

This guidance provides general information and isn't a substitute for legal advice. This guidance avoids legal language wherever possible and it might include generalisations about the application of the law. Some provisions of the law referred to have exceptions or important qualifications. In most cases your particular circumstances must be taken into account when determining how the law applies to you.

Last updated: 16 Oct 2025
Page ID: 1310

Was this page helpful?

Please note that feedback you provide here will be used only for the purpose of improving our website. If you have a specific question about your AML/CTF obligations, please contact us.