From 1 July 2026, AML obligations under the AML/CTF Act extend to accounting and bookkeeping firms that provide certain services. Plenty has been written about. Far less has been shown about what a client check actually involves once you are at your with a real client.
So we recorded one. The video below is a live run-through of a client AML check from start to finish. This article walks through what it shows and what it means for your firm.
First question: do you even need to do this?
Not every accounting firm is in scope, and the firms that are do not check every client.
AML obligations are triggered by the service you provide, not by your job title. AUSTRAC calls these designated services. If you provide one, the client receiving it needs to be checked. If you do not, you do not.
For accounting firms, designated services generally include setting up or running a company or trust, acting as or arranging a director, secretary or trustee, managing client money or assets, and helping buy, sell or transfer a business or real estate. Routine work such as preparing tax returns, financial statements and BAS is generally not a designated service on its own.
If you are not sure where your firm sits, AUSTRAC has a self-assessment tool that walks you through it.
The practical takeaway: you check clients at the point you provide a designated service. Not every person on your client list, and not every transaction.
The two jobs inside every check
Strip away the jargon and every AML check comes down to two jobs.
- Work out the risk. Is this client low, medium or high risk for money laundering or terrorism financing? You make that call, and you record it.
- Verify the identity. Confirm the client is who they say they are, against trusted, independent sources.
That is the spine of the whole thing. Everything else is detail hanging off those two jobs.
What the checks actually are
In the demo, the checks run in this order, all from the same onboarding flow:
Identity verification. The client scans their licence and takes a biometric selfie on their phone. Most clients never leave their phone to do it, and you are almost certainly doing some version of this already.
AML background check. This confirms the person against background data such as addresses and credit footprint, which helps verify they are who they claim to be.
PEP and sanctions screening. This flags politically exposed persons and anyone on a sanctions list.
Adverse media. Negative news and information that may not sit on any formal list. You only need this for enhanced customer due diligence, which usually means a client you have already assessed as higher risk. For most firms, with most clients, you will not run it.
The point of running these is not to hand over the decision. The tools surface the information. You make the call and record why.
A clean result is still a result
This is the part that trips people up. If a check comes back with no match, that is not a failure and it is not a dead end. Plenty of people have no adverse media, no sanctions hit and a thin credit file. A no match simply means nothing flagged.
What matters is that you record a determination either way. In the demo, that means assigning a risk rating, writing the short reason for it, and generating a PDF report that sits on the client’s file. If anyone ever asks how you reached your decision, the record is right there.
A check is not a loop you get stuck in. You put the result on the screen, read it, make the call, record it, and move on.
Where it fits in the work you already do
The reason the demo runs start to finish in one place is that the checks are built into onboarding rather than bolted on as a separate system.
A few things worth pulling out:
Lead links. You can add AML questions to a lead form, so a prospect answers a few questions before you have taken them on. That helps you decide whether you even want the work, before you provide any designated service.
Existing clients. You do not need to re-onboard people you already know. If a current client asks you to set up a company, you can pull their details from data already synced with Xero Practice Manager and run the check from there.
This sits inside Seamlss, with identity and screening powered by GBG and Comply Advantage and data held on Microsoft Azure. Checks run at $7.70 per AML screening and $5.50 for ongoing monitoring, both including GST, so the per-client cost is easy to predict.
What to do before 1 July
If your firm provides designated services, the short list is:
- Enrol with AUSTRAC. Enrolment is open now and closes on 29 July 2026 for firms providing designated services from 1 July.
- Put an AML program in place: a risk assessment, a named compliance officer, staff training, and your client due diligence and record-keeping processes.
- Get your checks ready to run inside the onboarding you already do.
AUSTRAC has been clear that programs should be proportionate to the size and risk of your firm. A small practice does not need a bank’s compliance department. The goal for 1 July is simple: be enrolled, have a workable program, and be able to run and record a check when a designated service comes up.
Watch the full check
The recording shows the whole process on screen, including the questions that came up live from accountants on the call. If you would rather see it run with your own client data, you can book a demo.