When should a business request proof of source of funds and source of wealth?

Under the reformed AML/CTF regime, Source of Funds (SoF) and Source of Wealth (SoW) sit within the Enhanced Customer Due Diligence framework — and AUSTRAC is explicit that there are circumstances where you must establish them on reasonable grounds, not just where you choose to. Your firm's AML/CTF policies are required to set out exactly when this applies (section 26F of the Act; section 5-2 of the Rules), so this isn't discretionary territory.

The mandatory triggers include:

• The customer is a foreign Politically Exposed Person, or a domestic/international-organisation PEP where your risk assessment warrants it.
• You've assessed the customer as high ML/TF risk, and SoF/SoW is relevant to the nature of that risk.
• You're required to submit a Suspicious Matter Report and intend to keep providing the designated service.
• The customer is connected to a high-risk jurisdiction — countries with significant corruption, weak AML regimes, sanctions exposure, or conflict-zone status.
• The transaction or relationship involves shell companies, or complex trust or corporate structures that obscure beneficial ownership — AUSTRAC names this explicitly as a scenario best managed by establishing SoF and SoW.
• The transaction is inconsistent with what you know about the customer — for example, a wealth level or funding source that doesn't match their identified profile, or a high-value cash settlement on a property purchase with no apparent loan or financing trail.

Beyond those mandatory triggers, AUSTRAC also expects SoF/SoW enquiries where you've identified potential ML/TF risks during initial or ongoing CDD, or where you need to establish the nature and purpose of a transaction or business relationship. In other words, the "something feels off" instinct from an experienced compliance officer is a legitimate trigger — provided it's grounded in identifiable risk indicators rather than gut feel alone.

This is where easyAML carries the operational load. The platform's Risk Profile based on your firm configures the thresholds and trigger conditions that reflect your business's ML/TF risk assessment — country flags, transaction values, structural complexity indicators, PEP status, and any other factors identified in your AML/CTF program. When a customer file crosses any of those thresholds, the platform automatically prompts the user that ECDD (including SoF/SoW) is required, so the decision isn't left to memory or individual judgement on each file. Users can also raise an ad-hoc SoF/SoW request at any point — for example, when a transaction surfaces an indicator your automated rules wouldn't have caught.

The net effect is that your firm's policy positions get applied consistently across every customer, every transaction, every operator — without relying on people remembering when the rules say "must."

Related articles

• Glossary: Key Terms & Definitions
• Pre-commencement customers - what CDD obligations apply, and the risks of not completing initial CDD
• Do I Need to Report Cash Transactions Over $10,000?
• How to Complete Your ML/TF Risk Assessment
• What countries are high risk for money laundering?