How do I onboard a client remotely while still meeting CDD requirements?
Updated 23 May 2026
Quick answer
Remote CDD is permissible if you use a combination of document verification (checking the ID document itself) and biometric verification (matching the document photo to a live selfie or video). The verification must be completed before providing a designated service, using an AUSTRAC-compliant verification provider.
Remote onboarding has become standard practice for Australian professional services firms. AUSTRAC permits electronic verification of identity, but the method you use must be robust enough to satisfy your CDD obligations. Not all online ID checks are equal under the AML/CTF framework.
What makes remote CDD compliant?
A compliant remote CDD process typically combines two elements:
- Document verification: Confirming that the client's identity document (passport, driver's licence) is genuine and has not been tampered with — either by checking against government databases (DVS) or through document forensic analysis
- Biometric verification: Confirming that the person presenting the document is the person in the photo — typically through a selfie match or a liveness detection check
Used together, these two checks satisfy the 'linking' requirement — you have verified that the document is genuine and that the client in front of you is the document's true owner.
The Document Verification Service (DVS)
Australia's Document Verification Service allows accredited businesses to check identity documents against government databases in real time. Using DVS significantly strengthens the reliability of remote CDD, as you are verifying the document against the government's own records rather than relying solely on visual inspection.
When must CDD be completed?
CDD must be completed before you provide a designated service. This is non-negotiable. You cannot provide advice, handle client money, or take any other designated action before your CDD obligations are satisfied. 'Commence and complete within 30 days' arrangements are not compliant for Tranche 2 entities.
Higher-risk remote clients
If your risk assessment indicates that a client is high risk — for example, they are based overseas, introduced through a third party, or dealing in large sums — standard remote CDD may not be sufficient. EDD requirements may apply even in a remote context, requiring additional documentation and senior management approval.
What records must you keep?
You must retain copies of all CDD documents collected, the method of verification used, the date of verification, and the result. For electronic verifications, your provider should supply a verification report that can be stored against the client file. Retain these records for seven years.
How ClearAML helps
ClearAML's digital onboarding integrates document verification and biometric checks in a single client-facing flow, sends verification results directly to the client file, and stores all records for the required seven-year period — with no manual data entry needed.