When standard customer checks aren’t enough, enhanced due diligence for high-risk customers becomes a regulatory necessity. Australian businesses operating under AML/CTF obligations must apply additional scrutiny to clients who present elevated risk, whether due to their location, industry, transaction patterns, or political exposure. Getting this wrong doesn’t just mean compliance failures; it means potential enforcement action from AUSTRAC and serious reputational damage.
But what exactly triggers EDD requirements, and how do you implement them without grinding your onboarding process to a halt? This article breaks down the practical steps, documentation requirements, and risk indicators that Australian regulated entities need to understand. We’ll cover who qualifies as high-risk, what additional checks you must perform, and how to maintain compliant records.
At StackGo, we help businesses integrate identity verification and KYC processes directly into their existing CRM systems, making EDD workflows faster and more reliable without adding another platform to manage.
When enhanced due diligence is required in Australia
The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) sets out specific circumstances where you must apply enhanced due diligence for high-risk customers. AUSTRAC doesn’t give you the option to skip these requirements when your customer assessment identifies elevated risk. You face mandatory EDD obligations in situations involving politically exposed persons (PEPs), customers from high-risk jurisdictions, complex ownership structures, or unusual transaction patterns that don’t align with the customer’s stated business purpose.
Mandatory EDD scenarios under the AML/CTF Act
You must conduct EDD when your customer risk assessment identifies the relationship as high-risk under Part A of your AML/CTF program. This includes any customer who is a PEP or their family member, whether they’re foreign or domestic. Australian reporting entities often miss that domestic PEPs require the same scrutiny as international ones, which creates compliance gaps during AUSTRAC reviews.
Customers from high-risk countries identified in your program also trigger EDD requirements. These jurisdictions typically appear on FATF lists or have been flagged by AUSTRAC as presenting elevated money laundering or terrorism financing risks. You can’t rely on outdated country lists; your program must reflect current risk assessments that align with international standards.
When a customer relationship presents higher than normal risk, you’re legally required to gather additional information and apply ongoing monitoring measures.
Transaction-based EDD triggers
You’ll also need EDD when transaction patterns raise red flags, even if the customer initially appeared low-risk. Large cash transactions, rapid movement of funds through accounts, or dealings that don’t match the customer’s profile all require you to step up your due diligence. The threshold for suspicion isn’t fixed; it depends on the context of your customer’s normal behaviour and your industry sector.
Anonymous transactions or those conducted by third parties without clear beneficial ownership also demand enhanced scrutiny. If you can’t verify who ultimately controls the funds or benefits from the relationship, you’re looking at a mandatory EDD situation regardless of transaction size.
How to identify high-risk customers and triggers
Your first line of defence starts with risk indicators that flag customers requiring enhanced scrutiny before you complete onboarding. These indicators fall into two categories: static characteristics you can identify upfront and dynamic behaviours that emerge during the relationship. Your customer risk assessment framework must capture both types to maintain AML/CTF compliance.
Customer characteristics that signal risk
You’ll identify high-risk customers by examining their profile attributes during initial verification. PEPs, their family members, and close associates automatically qualify for EDD. Customers operating in cash-intensive industries like money remittance, precious metals, or gambling require enhanced scrutiny regardless of transaction size. Complex corporate structures with multiple layers of ownership or entities registered in jurisdictions known for weak AML controls also trigger risk flags.
Beneficial owners who are difficult to verify or customers who refuse to provide standard documentation present clear warning signs. Your assessment must also consider the customer’s geographical risk, including their country of residence, citizenship, and where they conduct business operations.
Behavioural and transactional red flags
Risk indicators don’t stop at onboarding. You must monitor for pattern changes that suggest elevated risk during the customer relationship. Transactions that suddenly increase in volume or value without business justification require investigation. Customers who conduct business through unusual intermediaries or make frequent amendments to their stated business purpose need additional scrutiny.
Effective risk identification for enhanced due diligence for high-risk customers requires both upfront assessment and ongoing monitoring of customer behaviour.
What checks to run in an EDD process
Your enhanced due diligence for high-risk customers must go beyond the standard CDD measures you apply to ordinary clients. You need to gather additional documentation, verify information through independent sources, and establish a clear understanding of the customer’s wealth origins and transaction purposes. These checks aren’t optional when you’ve identified high-risk indicators; they form the minimum standard for maintaining AML/CTF compliance.
Source of wealth and source of funds verification
You must obtain documented evidence of where the customer’s wealth originates and the specific source of funds entering your business relationship. Source of wealth describes the accumulated assets over the customer’s lifetime, whilst source of funds refers to the origin of money for specific transactions. Request tax returns, financial statements, employment contracts, inheritance documents, or sale agreements that substantiate their claims.
Independent verification strengthens your position during AUSTRAC reviews. You can’t simply accept the customer’s word; you need to cross-reference declarations against publicly available records or third-party confirmations where possible.
Adverse media and sanctions screening
Screening against sanctions lists and adverse media sources identifies customers with criminal connections, regulatory breaches, or terrorism financing links. You must check international sanctions databases including UN, OFAC, EU, and Australian lists at onboarding and regularly throughout the relationship. Automated screening tools reduce manual effort whilst improving coverage.
Adverse media checks reveal reputational risks that won’t appear on official sanctions lists but still present money laundering concerns.
Searches should cover the beneficial owners and key controllers, not just the direct customer entity.
How to record, approve, and monitor EDD decisions
You can’t simply conduct enhanced due diligence checks and move on. The AML/CTF Act requires you to document every decision, maintain approval records, and implement ongoing monitoring systems that track changes throughout the customer relationship. Your documentation proves to AUSTRAC that you applied appropriate scrutiny when accepting and managing high-risk customers, and weak records create regulatory exposure even when your checks were thorough.
Documentation and approval requirements
Your EDD records must capture the specific risk indicators that triggered enhanced scrutiny, the additional checks you performed, and the evidence you collected to verify customer information. Document who made the assessment, when they completed it, and what approval process you followed before accepting the relationship. Senior management or compliance officers typically need to sign off on high-risk customer decisions, depending on your program’s requirements.
Include copies of source documents, screening results, and any correspondence with the customer requesting additional information. Your records should clearly show why you accepted the relationship despite elevated risk factors and what compensating controls you implemented.
Comprehensive documentation of enhanced due diligence for high-risk customers protects your business during AUSTRAC examinations and demonstrates your commitment to compliance.
Ongoing monitoring protocols
High-risk customers require continuous oversight beyond initial onboarding. You must review their transactions regularly, reassess their risk profile when circumstances change, and document each review cycle. Set monitoring frequencies based on risk severity, with higher-risk relationships warranting monthly or quarterly reviews rather than annual assessments. Your monitoring system should flag unusual activity automatically and trigger immediate investigation protocols.
How to operationalise EDD in your existing systems
Implementing enhanced due diligence for high-risk customers doesn’t require you to abandon your current technology stack. Your existing CRM and case management systems can handle EDD workflows when you design the right integration points and automation rules. The key is building structured processes that capture required information, enforce approval hierarchies, and maintain audit trails without forcing staff to juggle multiple platforms or manual spreadsheets.
Integration with CRM and workflow systems
You can configure your CRM to flag high-risk indicators automatically during customer creation and trigger EDD workflows when specific criteria match. Build custom fields that capture source of wealth documentation, screening results, and approval records directly within the customer profile. Your system should enforce mandatory field completion before allowing staff to progress high-risk customers through your onboarding pipeline.
Integration with identity verification and screening providers eliminates manual data entry whilst improving accuracy. Connect these services through native CRM integrations that write results back automatically, creating permanent records without requiring staff to copy information between systems.
Operationalising EDD within your existing systems reduces compliance burden whilst maintaining thorough documentation standards.
Automation and efficiency considerations
Automated triggers should initiate EDD reviews when transaction patterns change or periodic review dates arrive. Configure your system to send escalation notifications to compliance officers when high-risk customers require approval, ensuring nothing sits unreviewed in your pipeline. Build reporting dashboards that show EDD completion rates and flag overdue reviews for immediate action.
Key takeaways and next steps
Enhanced due diligence for high-risk customers requires structured processes, clear documentation, and ongoing monitoring to meet Australian AML/CTF obligations. You must identify risk indicators at onboarding, conduct thorough verification checks on wealth sources and transaction purposes, and maintain comprehensive approval records throughout each customer relationship. Your program needs automated triggers that initiate periodic reviews and clear escalation paths when risk profiles change during ongoing relationships.
Your next step involves implementing these requirements within your existing systems rather than adding complexity with standalone compliance platforms that require staff training. IdentityCheck from StackGo runs AUSTRAC Tranche 2 compliance directly inside your CRM, automating identity verification, sanctions screening, and documentation workflows where your team already operates daily.
Start by reviewing your current customer base for previously unidentified high-risk indicators, documenting your specific EDD procedures in writing, and testing approval workflows with compliance officers before live implementation. Automation reduces manual effort whilst maintaining thorough compliance standards that survive AUSTRAC examinations and regulatory reviews.
