Conduct Customer Due Diligence

Your Program must also describe how you will monitor client activity to detect unusual transactions or behaviours, and how you will review relationships for any significant changes that may affect ML/TF risk. This may include collecting and verifying additional KYC information—such as the client’s source of wealth and funds - where needed.

Examples of ‘unusual transactions or behaviours’ include:

• Instructions that do not make commercial sense
• Sudden changes to instructions or funding arrangements
• Unusual payment methods
• Reluctance to provide identification or comply with CDD, combined with urgent instructions 
• Services with no clear economic or legal purpose
• Unusually large or complex transactions, or
• Unusual transaction patterns (s30(5)).

For clients or transactions that pose a higher ML/TF risk, your Program must specify enhanced CDD measures. These apply to situations such as:

• Those identified as ‘unusual transactions or behaviours’s 30(5)
• Foreign politically exposed person (PEP)
• High-risk domestic or international PEP
• High-risk jurisdiction client.

Enhanced CDD typically involves obtaining and verifying detailed information about the client’s source of wealth and source of funds.

If a client presents a low ML/TF risk and enhanced CDD is not required, your Program may allow for simplified CDD procedures.

Existing clients (those who are clients as at 1 July 2026) will not require initial or ongoing CDD unless:

• A suspicious matter report must be filed in relation to that client, or
• There is a significant change in the nature or purpose of the business relationship that increases the ML/TF/PF risk to medium or high (s36).

If either occurs, the practitioner must complete initial CDD, and the client will no longer be considered a pre-commencement client.

If a positive sanctions check under the DFAT Consolidated List (List) occurs for a client:

1. You must escalate the matter using the escalation form to your AML/CTF Compliance Officer.
2. Document all sanctions checks performed in the relevant Initial CDD form, including:
   • Details about the client and the sanctioned individual / entity
   • The updated date of the List
   • Screening results including a copy of the List used
   • Any actions taken by the legal practice.
3. The Compliance Officer must review the escalation form and document the findings using the Escalations register, confirming the positive match.
4. The Compliance Officer must:
   • Inform the Senior Manager and Governing Body
   • Stop all client activity and freeze any client assets under the control of the practice
   • Notify the Australian Sanctions Office and the AFP
   • Nb: ASO has issued a class-based Legal Services permit SAN-2024-00138 that allows legal practitioners to provide very limited services to sanctioned persons.
5. Do not tip off the client under s123 of the Act.

Overheads — the general costs of running a practice — are absorbed in the firm’s hourly rate or fixed fee and cannot be passed on without specific agreement and disclosure.¹ General compliance costs not linked to a specific retainer (such as obtaining a Trust Account audit or your PI insurance premium) fall into this category.

Disbursements are payments to arms-length third parties, accurately quantified and incurred to provide legal services on a specific matter, usually recoverable at cost.

Professional fees (or profit costs) are charges for the firm’s own work, whether time‑based, fixed, or otherwise structured.

The question is where CDD sits in this framework.

¹And as an “unusual charge” the level of disclosure required to create informed consent would be onerous.

General AML compliance, such as establishing your AML program, staff training and setting up software to manage regulatory obligations is an overhead.

Client due diligence activity is different. It is work done with respect to a specific transaction for a specific client. Conceptually, outlays and reasonable professional time may be properly billed to the client in appropriate circumstances.

Disbursements: AML provider search fees, third‑party identity verification charges and similar payments are recoverable as outlays where they meet the standard test: 

• a genuine cost paid or due to a third party,
• capable of being accurately quantified and apportioned to a particular matter,
• and incurred for the purpose of supplying legal services in that matter. 

A hybrid charge from an AML provider — part search, part interpretation and report preparation — may still be billed as a disbursement but consider how it is described to avoid misleading the client.

Professional fees: Reasonable time spent on CDD, whether by a solicitor or a paralegal is recoverable provided it is tracked in the ordinary way and charged at a rate appropriate to the task. Routine collection and verification of identity material is most likely paralegal work. Risk assessment, beneficial‑ownership analysis and PEP/sanctions evaluation in more complex matters may justify a solicitor’s rate.

Fixed fees: If a firm offers a fixed fee, AML‑related work forms part of the agreed fee unless the costs agreement specifically provides otherwise — for instance, by carving out enhanced CDD where higher risk emerges. A "fixed fee plus outlays" structure permits recovery of third‑party search fees. However, where the amount is significant the client should be told about any outsourced professional fee component. That enables a fair comparison between different firms’ costs.

Two traps warrant attention:

• Universal precautionary CDD: If a firm conducts CDD on every onboarding regardless of whether a designated service is being supplied, the link between the CDD activity and the legal work for that client is weakened. The work may not be "necessary or proper" for the matter, and may not be recoverable. Sometimes verification of identity obligations arise independently of the AML/CTF, for example in some litigation matters where the solicitor must satisfy themselves that the person instructing has authority to bind an entity. 
  
  Where VOI must be performed for several overlapping reasons, it is not necessary to wait to see whether a designated service is to be provided. Front‑loading verification at onboarding does not indicate over-servicing.
   
• Hybrid line items: A bill entry combining search fees with the professional time of reading them, presented as an outlay, misrepresents the nature of the charge. Work done by the firm is not a disbursement. If you propose to charge AML costs on an hourly rate retainer or on top of a fixed fee the time spent and outlays incurred with respect to a specific file must be captured and billed and reflected in the costs agreement.

Ideally agreement should be obtained. We consider that these costs are not materially different to other outlays such as title and company searches and therefore recoverable applying normal principles but there is limited authority directly on point. Client agreement to pay VOI and CDD costs should remove any residuary uncertainty.

As a practical matter it may be more appropriate not to charge clients for CDD-related professional fees where the firm elects to decline representation due to the risk profile.