By Justin Amos, Co-Founder & CEO, iDeed Pty Ltd
This article explores trends in digital identity verification relevant to Australian compliance professionals. It does not constitute legal or technical advice.
Identity verification is no longer just a bank problem
For years, identity verification was something banks did at account opening. You walked into a branch, showed your passport, and someone ticked a box. That world is gone.
Today, every business providing a regulated service needs to verify who they’re dealing with - and do it in a way that’s fast, accurate, and defensible if the regulator asks questions.
With Tranche 2 bringing 46,000+ professional services firms into the AML/CTF regime from July 2026, identity verification is about to become an operational reality for accountants, lawyers, and real estate agents who’ve never had to think about it before.
The current state of digital IDV
Document verification
Modern document verification uses optical character recognition (OCR) and machine learning to:
- Extract data from identity documents in seconds
- Detect fraudulent or tampered documents
- Cross-reference information against government databases (DVS in Australia)
- Support 10,000+ document types across 200+ countries
The Document Verification Service (DVS) operated by the Australian Government allows real-time verification of Australian identity documents against issuer records. This is the gold standard for initial verification.
Biometric authentication
Biometric verification adds a layer that documents alone can’t provide:
| Method | What it does | Strength |
|---|---|---|
| Facial recognition | Matches a selfie to a document photo | Proves the person presenting the document is the document holder |
| Liveness detection | Ensures the person is physically present | Prevents photo/video replay attacks |
| Voice recognition | Verifies identity through voice patterns | Useful for phone-based verification |
Database checks
Real-time database verification allows businesses to:
- Verify names and addresses against electoral rolls and credit bureaus
- Check against AUSTRAC sanctions lists and international watchlists
- Screen PEP (Politically Exposed Persons) databases
- Confirm business registration details via ABR/ASIC
For individual clients, this works well. A biometric check + DVS verification + sanctions screening can be completed in under 2 minutes. The challenge is everything else.
Where current solutions fall short
The identity verification market has optimised for one use case: verifying an individual person’s identity at a single point in time.
For AML/CTF compliance, that’s only the beginning. The real challenges are:
Complex structures
Most accounting and legal clients aren’t individuals. They’re companies, trusts, partnerships, and SMSFs. Verifying a discretionary trust with a corporate trustee means:
- Identifying the trust (obtaining the deed)
- Identifying the trustee, appointor, settlor, and beneficiary classes
- If the trustee is a company - identifying directors and shareholders
- Tracing beneficial ownership to natural persons
- Verifying each natural person individually
- Screening all parties against sanctions and PEP lists
No biometric scan handles this. It requires document review, research, and judgment.
Ongoing obligations
Identity verification isn’t a one-time event under the AML/CTF Act. It’s ongoing:
- Periodic re-verification at intervals based on risk rating
- Trigger-based refresh when circumstances change
- Continuous screening against updated sanctions and PEP lists
- Record maintenance for 7 years after the relationship ends
Beneficial ownership opacity
Australia doesn’t yet have a public beneficial ownership register. This means firms must do their own research to identify who ultimately owns or controls an entity. AUSTRAC’s guidance is clear:
“There may be several links in the chain of owners… you may need to do your own research, especially if the customer has a complex structure.”
- AUSTRAC, Beneficial Owners guidance
Emerging trends that matter
Reusable digital identity
The concept of “verify once, use many times” is gaining traction globally. In Australia, the Digital Identity system (myGovID / TDIF framework) is laying groundwork for this.
For compliance professionals, reusable identity could mean:
- A client verified by one firm could present a credential to another
- Reduced friction for clients who engage multiple professional services
- Lower cost per verification over time
The reality check: Reusable identity doesn’t eliminate the need for risk assessment. Even if a client’s identity is pre-verified, you still need to assess the ML/TF risk of the specific relationship and conduct ongoing monitoring.
AI-powered risk assessment
Machine learning is enabling more sophisticated risk assessment:
- Behavioural analytics - identifying unusual patterns across client portfolios
- Network analysis - mapping connections between entities and individuals
- Predictive models - flagging potential risks before they materialise
- Natural language processing - extracting risk indicators from unstructured documents
Decentralised identity
Self-sovereign identity (SSI) puts individuals in control of their own identity data. Using verifiable credentials:
- Users store verified credentials in a digital wallet
- They share only the minimum required information
- Verification is cryptographic - no need to contact the original issuer
- Credentials can be revoked if compromised
This is still early-stage in Australia, but the technology is maturing rapidly.
What this means for Tranche 2 firms
For accountants, lawyers, and real estate agents preparing for July 2026, the practical implications are:
Don’t over-invest in point solutions
A tool that only does biometric verification solves 20% of your problem. The other 80% - complex structures, beneficial ownership, ongoing monitoring, record-keeping - needs a different approach.
Plan for ongoing operations, not just onboarding
The initial CDD check is the easy part. The ongoing obligation - periodic reviews, trigger events, continuous screening - is what creates sustained operational load.
Consider the execution model
Three options exist:
| Approach | Best for | Trade-off |
|---|---|---|
| Build internally | Large firms with dedicated compliance teams | High cost, full control |
| Self-serve platform | Tech-savvy firms comfortable doing the work | Lower cost, your staff do the analysis |
| Co-sourced execution | Firms where compliance officers are also fee earners | Higher per-check cost, execution off your plate |
Invest in structured record-keeping
Whatever approach you take, ensure every verification decision is documented, timestamped, and retrievable. AUSTRAC’s shift toward “substantive risk management” means you need to demonstrate your reasoning - not just that you ticked a box.
The bottom line
Digital identity verification technology is advancing rapidly. But for Australian compliance professionals, the challenge isn’t the technology for verifying individuals - that’s largely solved.
The challenge is everything around it: complex structures, beneficial ownership research, ongoing monitoring, and building a defensible record of risk-based decision-making.
The firms that get this right will be the ones that treat identity verification as one component of a broader compliance operation - not as the whole solution.
Want to see how ARCaml handles the full CDD lifecycle - from individual verification through to complex structure research and ongoing monitoring? Visit ideedworks.com.au to learn more.
Justin Amos is Co-Founder and CEO of iDeed Pty Ltd, operators of ARCaml - an AML/CTF compliance platform built for Australian designated service providers. ideedworks.com.au
Justin Amos
Co-Founder & CEO, iDeed Pty Ltd
Justin is Co-Founder and CEO of iDeed, operators of ARCaml - an AML/CTF compliance platform built for Australian designated service providers.
Connect on LinkedIn