Pre-commencement customers - what CDD obligations apply, and the risks of not completing initial CDD

Overview

This article explains the pre-commencement customer carve-out under Australia's AML/CTF reforms (effective 1 July 2026), what obligations still apply, and the risks a firm carries if it treats those customers as out of scope. Businesses should seek their own legal advice in relation to their treatment of pre-commencement customers.

Who is a pre-commencement customer?

Anyone the firm was in a business relationship with on 1 July 2026 for a designated service.

Source: AUSTRAC, Transitioning existing customers (Reform).

What's NOT required

Firms do not have to perform initial CDD on every existing client on 1 July 2026. They can continue providing services to pre-commencement customers without doing initial CDD, subject to the obligations below.

"Pre-commencement" is not a "do nothing" status - and this is the single biggest source of confusion about meeting your AML obligations.

What IS still required - ongoing obligations

Even for pre-commencement customers, the firm must:

1. Monitor for unusual activity - transactional and behavioural monitoring still applies. AUSTRAC stated ongoing monitoring scope: unusual transactions and behaviours, changes in the client profile that may indicate a shift in risk rating, transactions of $10,000 or more in physical currency, and cross-border movement of physical currency or bearer negotiable instruments of $10,000 or more. Source: AUSTRAC Accounting Program Starter Kit - Process document (29 January 2026), page 3, "Applying risk-based ongoing CDD" section. See AUSTRAC, Ongoing customer due diligence.
2. Keep KYC information current - existing identity, ownership and risk data must be maintained.
3. Watch for changes in the customer's risk profile - new PEP exposure, sanctions hits, beneficial ownership changes, jurisdictional shifts.
4. Review customers on an ongoing basis. AUSTRAC prescribes (as per starter kits) a risk-tiered periodic review cadence:
   * Low risk - periodic review at least every 3 years
   * Medium risk - at least every 2 years
   * High risk - at least every year
5. The pre-commencement carve-out removes the initial CDD obligation; it does not remove the obligation to keep reviewing each customer over the life of the relationship. Source: AUSTRAC Program Starter Kit - Process document (29 January 2026), page 4 (risk-level table). See AUSTRAC, AML/CTF program starter kits.

The two triggers that end pre-commencement status

The constant monitoring requirement requires a “review" of a pre-commencement customer when there is any significant change in the nature and purpose of the business relationship and/or changes that may result in the ML/TF risk of the customer being medium or high.

In practice this means a customer must stop being treated as "pre-commencement" - and full initial CDD becomes mandatory - the moment one of these fires:

1. A suspicion is formed about the customer (an SMR obligation arises), OR
2. The business relationship significantly changes or the client asks for a different designated service and/or ML/TF risk becomes medium or high.

A firm can only rely on the carve-out if it is doing enough monitoring and periodic review to know whether one of those triggers has fired. Your business will need to build processes to manage this risk if you don't fully onboard a customer through a proper initial CDD process.

Source: AUSTRAC, Transitioning existing customers (Reform).

Risks and issues if a firm ignores its pre-commencement book

1. the exemption is conditional, not absolute

If a review or initial trigger fires and the firm hasn't been monitoring or reviewing, the firm is in breach the moment the trigger occurred. AUSTRAC may ne unlikely to accept "we didn't notice" as a defence.

2. SMR exposure remains

The SMR obligation applies to pre-commencement customers the same as to anyone else. Suspicious activity money laundering and other criminal activity that goes unreported within 3 business days (or 24 hours if the suspicion relates to terrorism financing) is a standalone contravention, regardless of whether initial CDD was ever completed.

3. without initial CDD, there's no baseline to detect change against

This is the structural problem with treating pre-commencement as a "do nothing" status. If no initial CDD has been performed, the firm has no documented starting point to monitor change against:

• PEP and sanctions screening. Without an initial screen, there's no "clear as at X date" record. When a hit appears in ongoing monitoring, the firm can't distinguish new exposure from a pre-existing match that was always there. More fundamentally, if the customer has never been screened, there's nothing for the ongoing monitor to re-run against.
• Beneficial ownership. If ownership was never established, the firm cannot detect that it has changed. ASIC monitoring catches director and shareholder changes against a recorded baseline; with no baseline, there's no change signal.
• Risk rating. The "moved to medium or high" trigger requires a starting rating. Without an initial assessment, there's no baseline to escalate from. AUSTRAC's prescribed periodic review cadence means that for pre-commencement customers, there's no fixed anchor date and potentially no risk rating to drive the cadence until you complete your periodic review of the customer.
• Source of funds. Drift will be difficult to detect if the expected pattern was not documented in the first place.

The practical conclusion: a firm relying heavily on the carve-out without any baseline data on its pre-commencement book may be unable to effectively detect most of the triggers that would oblige it to act. The monitoring is operating on empty.

4. who's checking whether the designated service has changed?

The second trigger (relationship significantly changes / new type of designated service and/or the ML/TF risk is medium or high) needs someone inside the firm to actually notice when the service being provided is no longer the service that was being provided on 1 July 2026. AUSTRAC's own Trigger event review and update form lists "client requests a new designated service" as one of the eight prescribed trigger events - firms are expected to detect this and document the review when it happens.

Source: AUSTRAC Program Starter Kit - Trigger event review and update form (29 January 2026).

In practice, for firms not previously regulated by the AML/CTF Act, this is rarely anyone's defined job - matters open through the practice management system, the partner or conveyancer or accountant gets on with the work, and the AML question of "is this a different designated service to what we've previously done for this client?" doesn't sit on any intake checklist.

The firm needs to be explicit about:

• Who owns the check - typically the Compliance Officer, but in practice it has to be embedded into matter intake so it happens on every new file.
• When the check happens - at intake, before any service is provided.
• What "different designated service" means in their sector - a conveyancer who previously acted on the sale side now acting on a purchase, an accountant moving from compliance returns into trust account work or business structuring, a real estate agent who has only listed and is now handling trust money.

Without this, the firm is structurally unable to identify when a customer has rolled off pre-commencement status - and unable to trigger the initial CDD that becomes mandatory at that point.

---

How easyAML supports this

(easyAML commercial framing, not regulatory advice)

• Ongoing monitoring is included in every subscription tier - no per-event or per-customer fee for PEP/sanctions/adverse-media re-screening, ASIC change monitoring, transaction pattern monitoring, or risk-profile alerts.
• Re-screening is constant to ensure certainty Sanctions/PEP re-screening is done daily. Transactional sectors re-screen on each new transaction. The customer only pays when a fresh KYC or KYB is actually triggered.
• ASIC change monitoring catches material structural changes in corporate customers automatically (trust changes still require a client-uploaded deed refresh).
• CO alerts and audit trail capture each trigger event - the evidence base an AUSTRAC reviewer (or external evaluator from 2029 onwards) will want to see, and aligned to the prescribed Trigger event review form.
• The platform addresses the "no baseline" problem directly - completing initial CDD on pre-commencement customers as they re-engage (or on a planned migration schedule) establishes the baseline the ongoing monitoring then operates against, and starts the risk-tiered review clock that effective AML/CTF compliance depends on.

---

Sources and further reading

AUSTRAC guidance (web)

• Transitioning existing customers (Reform) - the core authority on pre-commencement status and the triggers that end it
• Customer due diligence reform - the broader CDD reform framework
• Ongoing customer due diligence - the ongoing CDD obligation framework
• AML/CTF program starter kits - the sector-specific starter kits hub page

AUSTRAC starter kit documents and forms used in this article (January 2026 version)

• Process document - pages 3-4 set out the prescribed ongoing CDD process and the risk-tiered periodic review cadence
• Periodic review and update form - the prescribed form for the cadence-based review; includes an "N/A (Pre-commencement client)" risk-rating option
• Trigger event review and update form - the prescribed form for the eight prescribed trigger events.

Related articles

• easyAML (Platform) Set-up Checklist
• Glossary: Key Terms & Definitions
• What's the difference between CDD, KYC and KYB - and when does each apply?
• When a buyer nominates someone else to take settlement, what are the CDD obligations? Does the original buyer's CDD transfer?
• How does CDD work for an off-the-plan purchase where settlement is years away?