By Justin Amos, Co-Founder & CEO, iDeed Pty Ltd
Part 3 of the iDeed Beyond the Checkbox series
A few years ago, our founder had his house broken into. Shaken, he asked the attending officer what he could do to better protect his family home. The answer was simple and memorable: “Just make sure you’re harder to rob than your neighbours.”
It wasn’t about building a fortress. It wasn’t about spending a fortune. It was about one simple truth; someone will always try to rob a house. The question is never if, it’s whether yours is the easiest one on the street.
That conversation has stayed with us, because it turns out it applies to almost everything that matters in business right now. Someone will always try to launder money. Someone will always try to steal sensitive identity data. Someone will always send phishing emails pretending to be your firm - asking your clients’ Directors, UBOs and Authorised Persons to hand over personal documents for identity theft.
This isn’t alarmist. It’s just reality. And the firms that navigate it best aren’t the ones that panic, they’re the ones that have quietly made themselves a harder target than the practice down the road.
You’re Not Starting From Scratch
If you’re a lawyer, accountant or property agent reading this, you already understand due diligence. KYC obligations, identity verification and client checks aren’t new concepts, the ATO, for example, has required them for years and your professional standards have long demanded a level of client scrutiny.
What Tranche 2 brings is a deeper, more formalised leveling up framework. The same instinct you’ve always had; know your client, verify who you’re dealing with that now needs to extend further, to the people behind the entity, the ownership structures behind the transaction, to the Directors, Authorised Persons and Ultimate Beneficial Owners who may never have been through a process like this before.
That’s a meaningful shift. And if it feels like a lot right now, that’s completely understandable. You’re running a practice, managing clients and navigating a regulatory change that landed at one of the busiest times of the year.
We get it. And we built our service for precisely for this moment.
Not sure where to start? Use our free compliance cost calculator to understand your obligations and estimate your compliance investment.
The Easy Path and Why It Matters
When firms start looking for a CDD solution, the most natural instinct is to turn to an existing software provider. Familiar interface. One less vendor. Easy to justify internally.
And many providers are actively encouraging exactly that - Tranche 2 has created a wave of compliance features being bolted onto platforms built for something else entirely.
We’re not here to criticise that instinct. But we do think it’s worth understanding what you’re actually getting - and more importantly, what the people going through your CDD process will experience.
Because here’s the thing. Your clients’ & customers, the Directors, the UBOs, the Authorised Persons are real people going about their daily lives. They’re going to receive a request, possibly out of the blue, asking them to hand over sensitive personal and identity documents.
In a world where scam texts impersonate the ATO, phishing emails mimic banks, and fake verification requests are a daily occurrence - that moment matters enormously. How it feels, how it looks, and how secure it actually is will reflect directly on your firm.
A clunky, generic, unfamiliar verification process doesn’t just create friction. It creates doubt. And for high value clients making significant financial decisions, doubt is the last thing you want to introduce.
What Bolt-On Compliance Typically Looks Like in Practice
Tools that weren’t built for CDD from the ground up tend to have predictable limitations:
Ownership structures - verifying beneficial ownership behind a company or trust is genuinely complex work. Generic tools often can’t go deep enough, leaving gaps that are difficult to detect until they become a problem.
Inconsistent application - when CDD is bolted onto an existing workflow, staff apply it differently across clients and transactions, creating inconsistency that’s hard to audit and harder to defend.
The client experience - a generic verification request sent from an unfamiliar platform, with little explanation, can feel alarming. In a world of identity theft and phishing, that’s the last impression you want to create.
Record keeping - audit-ready documentation requires more than a tick in a box. If AUSTRAC ever comes knocking, you need a clear, complete evidence trail that tells the full story.
None of this means bolt-on tools can’t work. But they require significantly more management, oversight and supplementary process to work well. And for most busy practices, that’s exactly the kind of hidden overhead nobody budgeted for.
The Smaller Practice Question
One thing we hear frequently from smaller buyer’s agents, boutique law firms and independent accountants is: “surely we’re not really the target here.”
We understand why. The headlines tend to focus on large institutions and major enforcement actions. But the reality is more nuanced and more important to understand.
Robust compliance isn’t about the size of your firm. It’s about the thoroughness of your process. A smaller practice that has genuinely solved for CDD is in a far stronger position than a large one that hasn’t.
And remember the policeman’s advice. Someone will always be looking for the easiest target. A smaller firm with bolt-on compliance and visible gaps is a more attractive proposition than a large firm that has invested properly, regardless of transaction volume.
You don’t need to be the most sophisticated practice in the country. You just need to be harder to exploit than the one next door.
The Good News
Getting this right doesn’t have to be expensive, complicated or time consuming. That’s exactly what iDeed provides.
We built ARCaml from the ground up as a specialist CDD platform - not adapted from something else, not added as a feature. Our team handles the work that takes genuine expertise: investigating ownership structures, verifying beneficial ownership chains, collecting and recording evidence across multiple parties - and doing all of it in a way that feels professional, secure and trustworthy to the people going through it.
Think of us as your on-demand CDD admin team. We carry the compliance load so you can focus on the client relationships and the billable work that matter most.
- You only pay for outcomes through our credit based model - no licence fees sitting idle.
- Full AUSTRAC compliance from as little as $2,000 per year.
The goal isn’t to add complexity to your practice. It’s to quietly and efficiently take it away and make sure that when someone does come looking for the easiest target, it isn’t you.
Next in the series
Next week: The hidden cost of slow CDD - how delays and friction are costing your firm more than you think, and what a faster process actually looks like.
Missed the earlier posts in this series?
- Part 1: What Tranche 2 Actually Means for Your Practice
- Part 2: The Hidden Cost of Tranche 2 - What It Actually Asks of Your People
Ready to talk? Visit ideedworks.com.au or get in touch with our team.
Justin Amos is Co-Founder and CEO of iDeed Pty Ltd, operators of ARCaml - an AML/CTF compliance platform built for Australian designated service providers. ideedworks.com.au
Justin Amos
Co-Founder & CEO, iDeed Pty Ltd
Justin is Co-Founder and CEO of iDeed, operators of ARCaml - an AML/CTF compliance platform built for Australian designated service providers.
Connect on LinkedIn