AML/CTF Program Quick Guide — AUSTRAC AML/CTF Knowledge Hub

Overview

The five pillars

An AML/CTF program protects your business from money laundering, terrorism financing and proliferation financing. AUSTRAC structures it around five connected components.

1. Governance

Roles, responsibilities, AMLCO appointment.

2. Risk assessment

Identify and assess ML/TF risks.

3. Policies

Procedures, systems & controls.

4. Customer DD

Initial, ongoing & enhanced CDD.

5. Reporting

SMR, IFTI, TTR & record-keeping.

Pillar 1

Establish your governance framework

Define who does what — and how leaders are kept informed.

Outline governance roles & their AML/CTF responsibilities.
Set eligibility requirements for your AML/CTF compliance officer.
Define how the governing body is kept informed of program performance & risks.
The AMLCO must report to the governing body at least every 12 months.
Notify AUSTRAC within 14 days of appointing an AMLCO.
Document senior-manager approval of policies and the risk assessment.

Pillar 2

Identify & assess your risks

Four categories you must consider — services, customers, channels, countries — plus AUSTRAC guidance.

Services

Which designated services do you provide? Each has built-in ML/TF risk.

Customers

PEPs, complex structures, source-of-wealth concerns.

Channels

Online, in-person, third-party intermediaries.

Countries

Jurisdictions you deal with — sanctions, FATF lists.

Risk lifecycle

3 stages — repeat as risks evolve.

Identify inherent risk

Pinpoint weaknesses before any controls are applied.

Assess inherent risk

How exploitable are those weaknesses? What's the impact?

Evaluate & prioritise

Which risks need attention first?

Pillar 3

Manage & mitigate via AML/CTF policies

Tailored policies, procedures, systems and controls — appropriate to your business's nature, size and complexity.

Tailored, not generic

Off-the-shelf templates rarely suffice. Policies must reflect your services, customers, channels and countries.

Linked to risk

Every control should map back to a risk in your ML/TF risk assessment.

Version-controlled

Document approvals, dates, and rationale for changes.

Operationalised

Train staff on the policies — they must be lived, not filed.

Pillar 4

Customer due diligence (CDD)

Three levels of CDD, applied based on the risk a customer presents.

Simplified CDD

For low-risk customers — minimal information, faster onboarding.

Initial CDD

Default level. Collect & verify identity before providing the service.

Enhanced CDD

Source of funds & wealth, additional checks for higher-risk customers.

Pillar 5

Report & keep records

Three primary reports flow to AUSTRAC, with strict timeframes.

Report	What triggers it	Timeframe
SMR — Suspicious Matter Report	Reasonable grounds for suspicion of ML/TF or related crime	24 h (terrorism) · 3 days (other)
TTR — Threshold Transaction Report	Cash transactions of A$10,000+	10 business days
IFTI — International Funds Transfer	Money or property in/out of Australia	10 business days
Compliance report	Annual compliance reporting	Annually

Reform countdown

1 July 2026

From this date, the new AML/CTF reforms apply to tranche-2 entities — lawyers, real estate, accountants, conveyancers, trust & company service providers, and dealers in precious metals & stones.

Open the Essentials Checklist →