Initial CDD for sole traders (Reform)

Learn what you need to do for initial customer due diligence (CDD) if your customer is a sole trader. We have other guides for when your customer is an individual, body corporate, unincorporated association, partnership, trust or government body.

On this page

Read this guidance in conjunction with our guidance on: 

  • initial CDD, which sets out your initial CDD obligations
  • enhanced CDD, which sets out your enhanced CDD obligations.

Matters you must establish

This section refers to the Act sections 28 and 32. 

You must establish the following matters on reasonable grounds:

  • the identity of the customer – both the individual and their sole trader business
  • the identity of any person acting on the customer’s behalf and their authority to act
  • the identity of any person on whose behalf the customer is receiving the service
  • if any of the above persons are a politically exposed person (PEP) (where they are an individual) or designated for targeted financial sanctions (TFS)
  • the nature and purpose of the business relationship or occasional transaction.

This guidance provides examples of the baseline information that could be collected and verified as part of establishing each matter for a sole trader that doesn’t: 

  • receive the designated service at or through an overseas permanent establishment (for example, a foreign branch or subsidiary of an Australian company)
  • trigger enhanced CDD
  • trigger any additional collection of information based on their money laundering, terrorism financing and proliferation financing risks. We refer to these as ML/TF risks.

This guidance also outlines examples of the following:

  • Independent and reliable data that could be used to verify information. Where this guidance refers to documents, you could obtain either an original or a reliable copy of the document or extract from that document. If these documents have expired, it may be appropriate to collect and/or verify additional information.
  • Circumstances where collection or verification requirements can be reduced or delayed. 

It’s important to note that you’re not required to keep these documents under your record keeping obligations and can instead record details of these documents. Learn more about record keeping.

You could establish these matters by:

  • collecting and verifying different information (unless this guidance specifies that collection or verification must occur)
  • using other independent and reliable data to that specified in this guidance.

Additional requirements

You must also identify the customer’s ML/TF risk and may need to collect and verify additional information to meet the following requirements: 

  • to establish a matter on reasonable grounds
  • to identify the ML/TF risk of the customer, based on know your customer (KYC) information reasonably available to you. Learn about assigning customer risk ratings.
  • to resolve any discrepancies that arise while providing information
  • collect and verify additional KYC information as appropriate to the ML/TF risk of the customer, particularly if this risk is medium or high. 

You must apply enhanced CDD measures for some customers. Learn more in enhanced CDD.

You could collect information using a customer onboarding form. This is an online or paper form that you ask new customers to complete.

Customer identity

This section refers to the Act sections 28(2)(a) and (3) and the Rules sections 6–1(1). 

You must establish both the identity of the individual and their sole trader business.

Collect information

Where the designated service proposed relates to the conduct of a business, you must collect at least the following information:

  • the individual’s full name
  • any business name used for the conduct of the business
  • any other names the individual and their business are commonly known by
  • a unique identifier for the business or, if none has been given, a unique identifier for the customer (if any has been given). If the customer has registered as a business, this will typically be their Australian Business Number (ABN)
  • the address of the principal place of business of the customer. Typically, the physical location where the business most commonly conducts its activities.

We also expect you to collect enough information to distinguish the individual from another individual with the same or similar name and other details. 

You could collect information on the individual’s:

  • date of birth
  • other name(s) (if any) that they’re commonly known by. For example, a former name or an anglicised name if the customer has adopted one
  • residential address
  • unique identifier (if the individual has one). For example, a passport or driver’s licence number or a foreign national identity number.

Verify information

You must verify information collected as appropriate to the ML/TF risk of the customer. 

Verify information on the individual customer’s identity

We expect you to verify information to establish that the individual exists.

You could verify their full name and date of birth. This information is useful in establishing identity as it often stays the same throughout a customer’s life. 

You could verify this information using either a:

  • government-issued primary photographic identification document. For example, a current drivers’ licence, passport, proof of age card, passport or foreign national identity card
  • primary non-photographic identification document. For example, a birth certificate, citizenship certificate or concession card, and a secondary identification document showing the individual’s name and address, such as a utility bill or notice issued by a commonwealth, state, territory or local government body. 

Your customer might be unable to provide standard identification documents. In these circumstances, you can comply with your obligations in different ways. 

Learn more in our alternative identification guidance.

Verify information on the sole trader business

If the business has a separate name to the individual, you could verify both:

  • the business name
  • any unique identifier for the business (if any has been given).

This information could be verified using ABN information from the Australian Business Register.

If the business doesn't have a separate name to the individual, and has no ABN, no further verification steps may be required (unless the ML/TF risk warrants it).

Making sure that the individual customer is the person they claim to be

This section refers to the Act section 28(3)(a).

You could match the individual customer’s appearance against their photographic identification. 

You could complete this in-person or online. For example, by:

  • comparing the customer against their photograph on a driver’s licence or passport in their presence
  • participating in a video call and comparing the name and features of the live video image to the name and photo on the identification document
  • using biometric technology to compare the customer’s identification against their appearance, such as a solution provided by an ID verification provider.

If you’ve verified their identity without using photographic identification, you could confirm that they’re who they claim to be by collecting a reference from an independent and reliable source. You could then cross-check the information provided against the information you have already collected.

If you suspect on reasonable grounds that a person isn’t who they claim to be, you must file a suspicious matter report. You can't start to provide a designated service to the individual customer until you are satisfied that they are who they claim to be on reasonable grounds. 

Nature and purpose of the business relationship

This section refers to the Act sections 28(2)(f), 28(3) and 32 and the Rules sections 6-1(3), 6-9 and 6-21.

You must establish the nature and purpose of your business relationship or occasional transaction with the customer. 

Collect information

You must at least collect information about the nature of the customer’s business.

We expect you to collect information on all of the following:

  • the general commercial activity or sector the customer operates in. For example, law firm, food services, real estate agency or similar.
  • the kinds of products and services offered by the business. For example, for a law firm, they may offer conveyancing, criminal law and commercial advisory services. 

We also expect you to collect information on the reasons the customer is seeking your services and the nature of the services they’re seeking. Without this information, it will be difficult to establish the nature of the business relationship or occasional transaction on reasonable grounds.

This can provide a good starting point to determine whether the: 

  • way your services are used is inconsistent with the stated nature of the business relationship or occasional transaction
  • behaviour of your customer or associated persons is unusual.

This is relevant to determining your customer’s risk rating during initial and ongoing CDD. See assigning risk ratings

This information could either be collected in an onboarding form or determined from your initial engagement with the customer and any of their representatives.

Verifying the nature and purpose of the business relationship 

You won’t need to verify the information you’ve collected on this matter if all of the following apply:

  • you aren’t required to apply enhanced CDD measures in relation to the customer

  • you’ve taken reasonable steps to establish that the individual customer is the person they claim to be 

  • you’ve identified the customer’s ML/TF risk based on KYC information about the customer reasonably available to you before starting to provide the service

  • you’ve collected information about the nature and purpose of the business relationship or occasional transaction that is appropriate to the ML/TF risk of the customer.

This means that, in practice, after establishing the identity of the customer, you’ll generally only need to verify information on nature and purpose if any of the following apply: 

  • you are required to apply enhanced CDD
  • you have doubts about the adequacy and veracity of the information your customer provided.

If you’re required to verify information on this matter, you must do this by using reliable and independent data. 

For example: 

  • evidence of business activity, such as business activity statements – to verify that activities align with the stated purpose of the customer
  • sighting documentation that sets out the purpose of the customer’s operations, such as its business constitution
  • requesting business records such as letters from the customer’s lawyer or accountant
  • viewing publicly available information about the customer from third parties. Such as reliable third-party websites that provide information on their business or operations 

Example – An accountant and sole trader customer

An accountant is approached by a sole trader. Through an onboarding form and initial engagement, the accountant collects the following information from the sole trader on the nature of the business relationship. The sole trader is: 

  • in the food industry and runs a bakery in rural Australia, providing baked goods to customers in their region
  • seeking to transition their business to a body corporate structure and needs help to facilitate payments to their local suppliers. 

The accountant then learns the following from the sole trader before they provide them with a designated service. The sole trader wants: 

  • to create a body corporate to send high-value payments to overseas high-risk jurisdictions which do not appear to relate to the bakery business
  • the accountant to arrange for unidentified third parties to be appointed directors of the body corporate to help facilitate these payments. 

These services don’t appear to align with the stated nature and purpose of the business relationship. 

The accountant therefore rates the sole trader as high ML/TF risk and completes the following enhanced CDD checks, collecting and verifying information to establish the: 

  • sole trader’s bakery is engaged in ongoing business activity
  • source of funds and source of wealth of the high-value transactions
  • purpose of the high-value transactions, and how they align with the bakery’s business model.

Persons acting on behalf of the customer

This section refers to the Act sections 28(2)(c) and (3) and the Rules section 6-5 

You must establish on reasonable grounds the identity of any person acting on behalf of the customer and their authority to act. 

You only need to do this for representatives of the customer who engage with you in relation to your designated services. 

This will: 

  • often include employees of the sole trader
  • not include the individual who is the sole trader. 

Collect information 

You can determine whether a person is acting on behalf of another person from: 

  • the way they engage with your services – such as seeking the service in the name of another person or a sole trader business that isn’t their own
  • customer onboarding processes – where you can ask whether the individual is acting on behalf of another person or will have a person act on their behalf. 

If the individual who is the sole trader is seeking your services, and there’s no information to suggest that they are representing another person or will have another person represent them, you don’t need to establish this matter. 

If the individual sole trader is interacting with you on behalf of another person, the person they are representing is the customer. You must identify who this customer is. You can use the practical guides we’ve provided depending on if they’re: 

If you become aware that the sole trader will interact with you through another person, you must establish both: 

  • the identity of the representative – this process will differ depending on whether they are an individual, body corporate, unincorporated association, partnership, trust, sole trader or government body
  • their authority to act as a representative for the customer – including collecting details about the nature of their authority to act for the customer. This could include being appointed under an agency agreement, power of attorney or employed with appropriate authority to act as a representative.

You could also collect information on the reason for granting the authority to act. For example, in the context of real estate purchases, a representative may provide that they have been hired under an agency agreement to help broker the purchase of property.

This provides a good baseline from which you can establish related ML/TF risk and whether the behaviour of the representative is unusual through the course of your business relationship with the customer. 

Verify information 

This section refers to the Rules section 6-17. 

You’re taken to have established the identity of the customer’s representative and their authority to act if all of the following are satisfied:

  • you’ve identified the customer’s ML/TF risk based on KYC information about the customer reasonably available to you before starting to provide the service

  • the customer’s ML/TF risk is low and enhanced CDD doesn’t apply 

  • you’ve taken reasonable steps to establish that the customer is the person they claim to be 

  • you’ve collected KYC information about any representative and their authority to act, as appropriate to the customer’s ML/TF risk

  • there are no reasonable grounds for you to doubt the adequacy or veracity of that KYC information.

This will allow you to establish the matter without verifying the information you’ve collected.

If these circumstances don’t apply, you could verify: 

  • the identity of the representative – this process will differ depending on whether they are an individual, body corporate, unincorporated association, partnership, trust, sole trader or government body
  • their authority to act as a representative of the customer – by gathering reliable and independent data that establishes their authority to act.

Reliable and independent data establishing authority to act could include, for:

  • a power of attorney – a document granting the person power of attorney
  • employees – written confirmation from their employer that they’re authorised to act
  • general appointments – a letter, agency agreement or other authorisation from the customer establishing that the representative has authority to act on their behalf or confirmation from a reliable third party. For example, a legal practitioner, accountant or other professional (who isn’t the person acting on behalf of the customer in relation to the designated service). 

Customers receiving services on another person’s behalf

This section refers to the Act sections 28(2)(b) and (3) and the Rules section 6–6(1).  

If you’ve established the identity of your customer on reasonable grounds, you’ll generally not be required to collect or verify information on this matter. 

You may be required to do so if the service provided relates to a life policy or sinking life policy. See the Act items 37 and 38 of table 1 in section 6 and the Rules sections 6-6(1)(b) and 6-34.

Politically exposed persons and targeted financial sanctions

This section refers to the Act sections 28(2)(e) and (3) and the Rules section 6-12. 

You must establish if your customer, or any person acting on their behalf or receiving a service on their behalf in relation to your designated services, is a person designated for targeted financial sanctions (TFS).

You must also establish whether any of these persons, if they are individuals, are a politically exposed person (PEP)

Collect information

You could ask your customer, in an onboarding form, whether any of the following individuals are a PEP: 

  • the customer
  • any person acting on the customer’s behalf
  • any person receiving a service on their behalf.

In the onboarding form, you could specify that a PEP includes the following:

  • a foreign PEP
  • a domestic PEP
  • an international organisation PEP.

If the customer confirms that one of the individuals mentioned above are a PEP, they could then provide the details of the individual and a description of their role. For example, Australia’s High Commissioner to New Zealand.

For TFS, you’ll have already collected information about the identity of the customer and any person acting on their behalf. This will be enough to complete the verification steps outlined below. 

If you have information that a person is subject to TFS, don’t deal with their assets without a permit from the Australian Sanctions Office. Criminal penalties may apply if you do. Further information is on the Australian Sanctions Office website.

Delayed verification

In practice, you would typically complete PEP and TFS verification after you’ve collected information about the identity of the customer and any person acting on their behalf. 

This helps you conduct accurate PEP and TFS searches. 

Ordinarily, you would need to verify this information before you start providing a designated service. 

In some circumstances you may be able to delay verification where carrying them out would interrupt the ordinary course of business and other conditions are met. 

Learn more about delayed verification for CDD

Verify PEP information

You could verify the information provided by: 

  • checking the individual’s background using reliable and independent online sources, including government websites and other official data sources, and in the media
  • using databases and reports from third-party providers that provide PEP screening services.

You could make sure any service you use satisfies both of the following: 

  • reflects the definition of PEP in the Act and Rules
  • allows for effective searching despite minor discrepancies or errors in the data entered. 

Learn how to establish if an individual is a PEP.

Verify sanctions information

You can use the Department of Foreign Affairs and Trade Consolidated List to search for persons and entities listed for TFS under Australian sanctions laws. 

Sanctions listings change often, so always check for the most recently published list.  

A person may have variations in the spelling of their name, particularly non-English names changed into English. You may need to check alternative spellings or use a service that allows for effective searching despite minor discrepancies or errors in the data entered. 

Learn how to establish if a person is subject to TFS

At the end of this process, you may not be satisfied you’ve established a matter on reasonable grounds. If this is the case, you’ll need to take further action, which may include collecting and verifying additional information, until this level of satisfaction is reached. 

This guidance sets out how we interpret the Act, along with associated Rules and regulations. Australian courts are ultimately responsible for interpreting these laws and determining if any provisions of these laws are contravened. 

The examples and scenarios in this guidance are meant to help explain our interpretation of these laws. They’re not exhaustive or meant to cover every possible scenario.

This guidance provides general information and isn't a substitute for legal advice. This guidance avoids legal language wherever possible and it might include generalisations about the application of the law. Some provisions of the law referred to have exceptions or important qualifications. In most cases your particular circumstances must be taken into account when determining how the law applies to you.

Last updated: 17 Oct 2025
Page ID: 1307

Was this page helpful?

Please note that feedback you provide here will be used only for the purpose of improving our website. If you have a specific question about your AML/CTF obligations, please contact us.