VOI vs. KYC: Key Differences in Tranche 2 AML for Australian Lawyers & Conveyancers

Reading Time: 13 minutes

Introduction

Australia’s upcoming Tranche 2 Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) reforms introduce significant new compliance obligations for lawyers and conveyancers. Understanding the distinct roles of Verification of Identity (VOI) and Know Your Customer (KYC) is essential for these professionals to meet their expanded responsibilities under the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 (Cth), effective from 1 July 2026.

While VOI focuses narrowly on confirming client identity in property transactions through face-to-face verification or certified documents, KYC encompasses a broader, risk-based approach involving ongoing customer due diligence, beneficial ownership identification, and transaction monitoring. This guide clarifies these differences to help legal practitioners and conveyancers prepare their firms for effective compliance with AUSTRAC’s enhanced regulatory framework.

Tranche 2 Regulatory Framework for Legal Professionals

Key Tranche 2 Compliance Dates & Deadlines

The Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 (Cth) introduces Tranche 2 reforms, extending AML/CTF obligations to lawyers and conveyancers. These obligations commence on 1 July 2026.

bu

Affected Professionals & Designated Services

Tranche 2 significantly expands the AML/CTF regime to include legal professionals and conveyancers who provide designated services. Newly captured entities include:

• Lawyers: This encompasses:
  • Solo solicitors
  • Partners in small law firms
  • Other legal practitioners providing designated services such as managing client funds, acting as nominee directors or trustees, company formation, and involvement in property transactions
• Conveyancers: Those involved in:
  • Buying and selling real estate
  • Managing related property transactions

Designated services under Tranche 2 cover a broad range of activities, including:

• Buying and selling real estate
• Managing client monies or other assets
• Creating, managing, or administering legal entities such as companies and trusts

AUSTRAC will regulate these professionals to ensure compliance with AML/CTF obligations, reflecting their role as gatekeepers in the financial system vulnerable to exploitation for money laundering and terrorism financing.

The reforms align Australia’s AML/CTF framework with international standards set by the Financial Action Task Force (FATF), aiming to enhance transparency and reduce financial crime risks in high-risk sectors like property and legal services.

Law firms and conveyancing practices must now implement comprehensive AML/CTF programs, including customer due diligence (CDD), risk assessments, suspicious matter reporting, and record-keeping, to meet these new regulatory requirements.

Understanding KYC and Broader AML Obligations

Core KYC Components Under Tranche 2

KYC is a fundamental part of CDD under Australia’s AML/CTF regime. With the Tranche 2 reforms effective from 1 July 2026, this framework now extends to include lawyers and conveyancers. KYC requires these professionals to collect and verify comprehensive client information to effectively manage the risks of money laundering and terrorism financing.

Key components of KYC include:

KYC Component	Description
Client Identity Verification	Collect and verify the client’s full name, date of birth, and address using reliable, independent sources like government databases or official documents.
Beneficial Ownership Identification	Identify and verify the ultimate beneficial owners of entities (e.g., individuals with ≥25% ownership or effective control) to prevent misuse of corporate structures.
Risk Classification	Assess and classify clients based on their risk profile. High-risk clients, like politically exposed persons (PEPs), require enhanced due diligence.
Ongoing Due Diligence	Continuously monitor client transactions and update information to reassess risk profiles when circumstances or behaviours change.

These components ensure that law firms and conveyancers maintain a thorough understanding of their clients, enabling them to identify potential risks and comply with AML/CTF obligations comprehensively.

The Risk-Based Approach to Ongoing KYC Monitoring

KYC under Tranche 2 adopts a risk-based approach, meaning that the level of due diligence and monitoring is proportionate to the assessed risk level of each client. This approach allows firms to allocate resources efficiently while maintaining compliance.

Key aspects of this approach include:

Aspect of Risk-Based Approach	Explanation & Application
Tailored Verification	The level of due diligence is based on the client’s risk. Low-risk clients may undergo simplified verification, while high-risk clients require enhanced due diligence (e.g., investigating source of funds).
Continuous Monitoring	Firms must implement systems to monitor client transactions on an ongoing basis to detect unusual or suspicious behaviour that may indicate financial crime risks.
Trigger-Based Updates	Client KYC information must be refreshed when trigger events occur, such as new transactions, changes in ownership, or an updated PEP status, ensuring profiles remain current.
Documentation & Record-Keeping	All KYC activities, including risk assessments, verification methods, & monitoring outcomes, must be thoroughly documented and retained for at least seven years to demonstrate compliance.

For example, if a conveyancer identifies that a client is a PEP, the firm must apply enhanced due diligence measures and monitor the client’s transactions more closely. Similarly, if a client’s ownership structure changes, the firm must update its records and verify any new beneficial owners.

VOI: A Focused Identity Verification Process

VOI Document Requirements

VOI is a targeted process primarily used by conveyancers and lawyers involved in property transactions to confirm that an individual is who they claim to be. This process is narrower in scope than broader KYC obligations and focuses on preventing identity theft and property fraud.

VOI requires firms to take reasonable steps to verify identity, typically by sighting original identity documents or obtaining certified copies. The hierarchy of acceptable documents generally includes:

• Primary photographic identification: Australian passports, driver’s licenses, or proof of age cards.
• Primary non-photographic identification: Birth certificates, citizenship certificates, or government-issued concession cards.
• Secondary identification: Recent utility bills, municipal rates notices, or letters from schools for minors, which help verify residential addresses.

For overseas individuals, documents must be certified by an authorised person such as a lawyer, Justice of the Peace, or police officer. The certification must confirm that the copy is a true and accurate reproduction of the original document.

VOI standards often align with the Australian Registrars’ National E-Conveyancing Council (ARNECC) Model Operating Requirements and Model Participation Rules. These rules prescribe specific categories and combinations of documents to be accepted for identity verification.

While certified copies are permitted, they are considered an inferior option compared to sighting original documents or using reliable electronic verification methods. Firms must ensure that:

• Certified copies are properly certified by authorised persons
• The rationale for their use is documented within a risk-based approach

Face-to-Face vs. Remote VOI Methods

A key feature of VOI under current regulations is the mandatory face-to-face verification requirement. Conveyancers and lawyers must conduct in-person interviews with clients to sight original identity documents. This face-to-face meeting ensures the person presenting the documents is the rightful holder of the identity.

Remote verification methods, such as video calls via Zoom, FaceTime, or other platforms, are generally not accepted for VOI purposes. This limitation reflects the higher assurance standard VOI demands to prevent identity fraud in property transactions.

However, emerging digital VOI solutions are beginning to offer electronic verification options. These platforms use:

• Biometric technologies, including facial recognition and liveness detection
• Verification of documents against government databases like the Document Verification Service (DVS)

When compliant with AUSTRAC’s standards, such electronic VOI methods may satisfy the face-to-face requirement by securely linking the individual to their identity remotely.

Despite these technological advances, firms must carefully select reputable and compliant electronic Verification of Identity (eVOI) providers. The integrity and security of these platforms are critical to meeting regulatory expectations.

In summary, traditional VOI requires:

• An in-person meeting to sight original identity documents or obtain certified copies
• No acceptance of remote video or electronic methods unless conducted through compliant digital VOI solutions
• Strict adherence to prescribed document hierarchies and certification standards

These requirements ensure a high level of identity verification specific to property transactions, distinguishing VOI from the broader and more flexible KYC processes under Tranche 2 AML/CTF regulations.

Key Differences: VOI vs. KYC for Legal Professionals

Scope & Purpose

VOI is a specific process focused on confirming an individual’s identity in the context of property transactions. Its primary goal is to reduce risks such as identity theft and property fraud by verifying the identity of clients, mortgagors, signers, and related parties involved in land dealings. VOI is narrower in scope and typically applies only to the individuals directly involved in a transaction.

In contrast, KYC under the Tranche 2 AML/CTF reforms is broader and forms part of the comprehensive CDD obligations. KYC aims to prevent money laundering and terrorism financing by requiring firms to understand not only the client’s identity but also:

• Beneficial ownership structures,
• The nature and purpose of the business relationship,
• Ongoing risk management.

This broader scope means KYC applies to a wider range of designated services beyond property transactions, including managing client funds and company or trust formation.

Verification Methods & Technology

VOI relies heavily on physical verification methods. It requires face-to-face, in-person meetings where original identity documents such as passports or driver’s licenses are sighted. Certified copies of documents may be accepted if certified by authorised persons like lawyers or Justices of the Peace. However, remote verification methods, such as video calls via Zoom or FaceTime, are generally not accepted under traditional VOI rules.

While emerging eVOI solutions using biometric technologies and government database checks (e.g., DVS) are gaining traction, these must meet strict compliance standards.

KYC verification methods are more flexible and risk-based. They allow for both document-based and electronic verification, including remote onboarding depending on the client’s risk profile. Verification can involve:

• Checking client information against two reliable and independent electronic sources, such as government databases and credit bureaus,
• Applying biometric and anti-tampering checks based on assessed risk.

This flexibility enables firms to streamline onboarding while maintaining compliance with AML/CTF obligations.

Entity & Beneficial Ownership

Under VOI, entity verification is limited. Firms must confirm the existence of companies through recent company searches and verify the identity of individuals signing on behalf of the entity. However, VOI does not require verification of beneficial owners or shareholders, nor does it mandate screening for PEPs or sanctions.

KYC requires a more detailed approach to entities. Firms must verify the legal name, registration number, and address of the entity using official extracts (e.g., ASIC extracts). Crucially, KYC mandates:

• Identifying and verifying all direct and indirect beneficial owners holding 25% or more of shares or voting rights,
• Verifying individuals with effective control, such as CEOs, if no beneficial owner meets the 25% threshold,
• Screening both individuals and entities against PEPs and sanctions lists to manage AML/CTF risks effectively.

Timing & Frequency

VOI is typically a one-off process completed before executing a property transaction or providing a designated service related to the transaction. Once completed, VOI verification is generally valid for two years. There is no ongoing monitoring obligation under VOI.

In contrast, KYC is an ongoing process. Initial CDD must be completed before providing designated services, but firms are also required to conduct ongoing monitoring and update client information regularly. This includes:

• Reassessing risk profiles,
• Re-verifying information when significant changes occur, such as changes in ownership, transaction patterns, or PEP status.

For clients engaged before the commencement of Tranche 2 obligations, ongoing due diligence is triggered by specific events like suspicious matter reports or changes in risk level.

Record-Keeping Obligations

KYC requires firms to retain comprehensive records of all CDD activities, including:

• Identity verification,
• Risk assessments,
• Transaction monitoring,
• Suspicious matter reports.

These records must be kept for at least seven years after the end of the business relationship or the completion of an occasional transaction. Firms must ensure records are secure, legible, and readily accessible for regulatory audits.

VOI record-keeping requirements are generally shorter and tied to property transaction laws and regulations. While firms must maintain records of identity verification documents sighted or certified, the retention periods are typically less extensive than those mandated under KYC and AML/CTF obligations. VOI records focus on the specific transaction and do not encompass ongoing monitoring documentation.

Tranche 2 Verification Methods: Document & Electronic

Traditional Document & Certified Copy Verification

Under Tranche 2 AML/CTF regulations, traditional document verification remains a fundamental method for verifying client identity. This process involves sighting original identity documents such as Australian passports, driver’s licenses, or proof of age cards. These documents must be current and reliable, forming the basis of identity verification for both VOI and KYC obligations.

Certified copies of identity documents are also acceptable but are considered an inferior option compared to original documents or electronic verification methods. When certified copies are used, they must be certified by an authorised person, such as a lawyer, Justice of the Peace, or police officer, who confirms that the copy is a true and accurate reproduction of the original.

Firms must document the rationale for accepting certified copies within their risk-based approach and ensure the certification process is robust to maintain compliance.

The hierarchy of acceptable documents typically includes:

• Primary photographic identification: passports, driver’s licenses, proof of age cards
• Primary non-photographic identification: birth certificates, citizenship certificates, government-issued concession cards
• Secondary identification: recent utility bills, municipal rates notices, or letters from schools for minors verifying residential addresses

For overseas clients, documents must be certified by authorised persons such as Australian embassies or legal practitioners. Additionally, firms must ensure that all documents, whether originals or certified copies, meet the standards prescribed in the Model Operating Requirements and Model Participation Rules.

Electronic Verification & Digital VOI

Emerging digital verification technologies are increasingly used to complement or replace traditional document-based methods. eVOI solutions employ biometric verification, facial recognition, and liveness detection to confirm that the individual presenting the identity documents is the rightful owner. These technologies also integrate with government databases, such as the DVS, to verify the authenticity of identity documents electronically.

Digital VOI platforms offer several benefits:

• Enable remote verification while maintaining compliance with face-to-face requirements through biometric linking
• Provide enhanced security and audit trails for verification processes
• Improve efficiency by reducing manual paperwork and turnaround times

However, firms must carefully select reputable and AUSTRAC-compliant eVOI providers to ensure data security and regulatory adherence. These platforms must reliably link the individual to their claimed identity, satisfying the “reasonable steps” standard required under VOI and AML/CTF obligations.

While traditional VOI requires in-person verification, compliant digital VOI solutions can meet the face-to-face requirement electronically, offering flexibility in client onboarding without compromising verification standards.

Using Reliable Electronic Data Sources for KYC

For KYC verification, the use of reliable and independent electronic data sources is a key component under Tranche 2. These sources must meet criteria including accuracy, security, currency, comprehensiveness, and independence. Examples include government databases like the DVS and credit bureaus.

The AML/CTF framework allows firms to verify client information using:

• Reliable and independent documentation (physical documents)
• Reliable and independent electronic data (government and commercial databases)
• A combination of both

For medium or lower-risk clients, firms may apply “safe harbour” procedures, which require verification of the client’s full name and either date of birth or residential address against at least two separate and independent electronic data sources. This approach streamlines verification while maintaining compliance.

Firms must conduct due diligence on electronic data providers to ensure the data’s reliability and independence. They should also document their rationale for selecting these sources within their AML/CTF program. The risk-based approach means that higher-risk clients require enhanced due diligence, potentially involving additional verification steps beyond electronic data checks.

Nondocumentary methods, while not separately classified by AUSTRAC, are encompassed within the principle of using reliable and independent data sources. Firms must ensure that any nondocumentary verification method provides a level of assurance appropriate to the client’s assessed risk and is auditable.

By integrating reliable electronic data sources with traditional document checks and digital eVOI solutions, law firms and conveyancers can build robust, efficient, and compliant verification processes under Tranche 2 AML/CTF regulations.

VOI & KYC: Timing & Record-Keeping Requirements

Timing of VOI Completion

VOI must generally be completed before providing designated services, particularly in property transactions. This means that lawyers and conveyancers are required to verify the identity of clients, mortgagors, signers, and other relevant parties before executing property transfers or related legal services. The VOI process typically involves:

• Face-to-face verification of original identity documents
• Obtaining certified copies of identification
• Ensuring the person presenting the documents is the rightful holder

In some limited circumstances, delayed VOI may be permitted, such as in time-sensitive real estate transactions like auctions. However, this is only allowed provided that:

• The outstanding verification is completed as soon as practicable
• The settlement is conditional on satisfactory completion of VOI
• Strict internal policies and risk assessments are in place to manage any increased money laundering or terrorism financing risks arising from the delay

Ongoing KYC Monitoring & Updates

KYC under Tranche 2 is an ongoing process that extends beyond the initial onboarding stage. Legal practitioners and conveyancers must complete an initial CDD, including collecting and verifying client identity and beneficial ownership information, before providing any designated service.

After onboarding, firms are continuously required to monitor client activities and update KYC information as necessary. Triggers for re-verification and enhanced due diligence include:

• Significant changes in the client’s circumstances or ownership structure
• Detection of unusual or suspicious transactions
• Changes in the client’s risk profile, such as becoming a PEP or involvement in higher-risk jurisdictions

For clients engaged before the commencement of Tranche 2 obligations, ongoing due diligence is required when specific triggers occur, such as the need to file a suspicious matter report or a reassessment of the client’s risk level to medium or high. This continuous monitoring helps firms detect and mitigate money laundering and terrorism financing risks throughout the client relationship.

Record Retention & Accessibility

Under Tranche 2 AML/CTF regulations, firms must retain records of both VOI and KYC compliance activities for a minimum of seven years after the end of the business relationship or completion of an occasional transaction. These records include:

• Copies of identity documents sighted or certified
• Details of beneficial ownership verification
• Risk assessments and CDD information
• Transaction records sufficient to reconstruct client activities
• Records of ongoing monitoring and any suspicious matter reports submitted to AUSTRAC

Records must be maintained securely, be legible, and readily accessible for regulatory audits or investigations. Firms may store records in physical or electronic formats, provided appropriate security measures are in place to prevent unauthorised access or tampering. Maintaining comprehensive and well-organised records is essential to demonstrate compliance with AML/CTF obligations and to support any inquiries by AUSTRAC.

Practical Compliance Strategies for Law Firms

Integrating VOI into KYC Workflows

Legal practitioners and conveyancers should view VOI as a foundational step within the broader KYC framework required under Tranche 2 AML/CTF reforms. Existing VOI processes, which focus on verifying client identity in property transactions through face-to-face checks or certified documents, can be leveraged to satisfy part of the identity verification component of KYC.

However, firms must expand these workflows to include additional KYC obligations, such as:

• Identifying and verifying beneficial owners of entities involved in transactions, especially those holding 25% or more ownership or control
• Conducting risk assessments to classify clients according to their money laundering and terrorism financing risk
• Implementing ongoing monitoring of client activities and updating client information as risk profiles change

For example, a conveyancer verifying a buyer’s identity through VOI must also gather information on the buyer’s beneficial ownership structure and assess the transaction’s risk level under KYC. This integration of VOI data into a comprehensive KYC process ensures compliance with AUSTRAC’s requirements and helps mitigate financial crime risks effectively.

Staff Training & AML Compliance Officer Roles

Effective compliance with Tranche 2 AML/CTF obligations requires well-trained staff and clear accountability. Law firms and conveyancing practices must take several important steps:

Action Required	Details & Responsibilities
Provide Staff Training	Deliver ongoing, tailored AML/CTF training to all relevant personnel on policies, CDD procedures, risk-based approaches, and technology tools. Maintain detailed training records for audits.
Appoint AML Compliance Officer	Designate an Anti-Money Laundering Compliance Officer (AMLCO) at a management level who is an Australian resident, fit and proper, and has the authority and resources to oversee the firm’s AML/CTF program.
Develop Internal Procedures	Establish clear internal processes for identifying suspicious activities, escalating concerns internally, and submitting Suspicious Matter Reports (SMRs) to AUSTRAC.

Training should cover the firm’s AML/CTF policies, CDD procedures, risk-based approaches, and the use of technology tools. Additionally, maintaining detailed records of training sessions is essential for demonstrating compliance during regulatory audits.

Leveraging Technology for Efficient Compliance

Adopting appropriate technology is critical for streamlining identity verification and ongoing monitoring under Tranche 2.

Recommended technology solutions include:

Technology Solution	Function & Benefit
Digital eVOI Platforms	Use biometric verification, facial recognition, & liveness detection to securely verify clients remotely, satisfying face-to-face requirements.
Government Database Integration	Integrate with services like the DVS to electronically confirm the authenticity of identity documents, improving accuracy & efficiency.
AML Compliance Software	Automate key processes such as client risk assessments, beneficial ownership identification, transaction monitoring, & record-keeping.
Secure Record Storage Systems	Implement systems for the secure storage & easy retrieval of compliance records to meet the mandatory seven-year retention period.

These tools reduce manual errors, improve efficiency, and help firms maintain robust audit trails. For smaller practices, leveraging third-party KYC providers or compliance platforms can be particularly beneficial.

Conclusion

The Tranche 2 AML/CTF reforms introduce significant new obligations for lawyers and conveyancers in Australia, effective from 1 July 2026. These reforms distinguish clearly between VOI, which is a specific, transaction-focused process primarily aimed at preventing identity fraud in property dealings, and KYC, a broader, risk-based framework that encompasses ongoing CDD, beneficial ownership verification, and transaction monitoring. Understanding and implementing both VOI and KYC requirements is essential for legal professionals to ensure full compliance with AUSTRAC’s enhanced regulatory framework and to protect their practices from financial crime risks.

To prepare effectively, law firms and conveyancing practices should begin integrating VOI into their wider KYC workflows, develop comprehensive AML/CTF compliance programs, and invest in staff training and technology solutions that support both identity verification and ongoing monitoring. Engaging with specialised legal and consulting services can provide trusted expertise and proven solutions tailored to the unique needs of legal professionals. Contact AML House today to secure your practice’s future and achieve peace of mind by starting your compliance preparations today.

Frequently Asked Questions (FAQ)