AML Compliance Checklist for Australian Businesses

⚡ Direct Answer:  This AML compliance checklist helps Australian reporting entities verify that they have addressed each major obligation under the AML/CTF Act. It covers AUSTRAC enrolment, ML/TF risk assessment, AML/CTF program, customer due diligence, reporting obligations, record keeping, staff training, and independent review — the core pillars of a compliant AML/CTF framework.

How to Use This Checklist

This checklist is designed for reporting entities — businesses that provide designated services with a geographical link to Australia. Work through each section and mark whether your business has addressed each obligation. Any gaps should be treated as priority remediation items.

Note: This checklist covers the core obligations. For businesses newly captured under the Tranche 2 reforms (effective 1 July 2026), additional obligations apply from enrolment.

✅ Section 1: Enrolment

  • Determined whether the business provides designated services with a geographical link to Australia
  • Applied to enrol with AUSTRAC within 28 days of commencing designated services
  • For remittance or virtual asset service providers: completed both enrolment AND registration
  • Enrolment details are current and up to date (including services, business structure, and contact information)
  • If a member of a reporting group: enrolment reflects current group membership
  • Newly regulated entities (from 1 July 2026): applied to enrol by 29 July 2026

✅ Section 2: ML/TF Risk Assessment

  • Conducted a formal ML/TF risk assessment (including proliferation financing risk)
  • Risk assessment is documented in writing
  • Risk assessment covers: customer types, designated services (including new/emerging technology), delivery channels, and countries/jurisdictions
  • Risk assessment methodology is tailored to the nature, size, and complexity of the business
  • Any planned new services, customers, or geographies have been assessed for ML/TF risk
  • Risk assessment is reviewed and updated when material business changes occur
  • Risk assessment is reviewed periodically (at minimum annually for higher-risk businesses)

✅ Section 3: AML/CTF Program

  • AML/CTF program is in place and documented in writing
  • Program was in place before commencing the provision of designated services
  • Program has been approved by a senior manager
  • Program is tailored to the nature, size, and complexity of the business
  • Program covers: risk assessment, CDD procedures, ongoing monitoring, PEP and sanctions checks, record keeping, reporting, employee due diligence, and training
  • Program is kept current and updated when circumstances change
  • Periodic independent evaluations of the program are conducted and documented
  • Program complies with updated requirements under the 2026 reforms (if applicable)

✅ Section 4: Customer Due Diligence (CDD)

  • Initial CDD is conducted on all new customers before providing designated services
  • CDD procedures include identity verification for individuals (name, date of birth, residential address)
  • CDD procedures include beneficial ownership identification for corporations, trusts, and partnerships
  • Customer risk ratings are assigned and documented
  • Enhanced due diligence (EDD) is applied to high-risk customers
  • Simplified due diligence is only applied where permitted by the Act and Rules
  • Ongoing CDD is conducted — transactions and customer behaviour are monitored
  • PEP (Politically Exposed Person) detection procedures are in place
  • Targeted financial sanctions screening is conducted against relevant sanctions lists
  • Source of funds/wealth is obtained for high-risk customers and documented
  • CDD records are kept for at least 7 years

✅ Section 5: Reporting Obligations

  • Processes are in place to identify and submit Suspicious Matter Reports (SMRs) within required timeframes (24 hours for terrorism financing; 3 business days for other suspicions)
  • Staff understand the obligation to report suspicious matters and the “tipping off” prohibition
  • Threshold Transaction Reports (TTRs) are submitted for physical currency transactions of AUD $10,000 or more within 10 business days
  • International Funds Transfer Instructions (IFTIs) are reported as required
  • Cross-Border Movement Reports (CBMRs) are submitted when required
  • Reports are complete, accurate, and submitted in required form
  • Records of all submitted reports are maintained

✅ Section 6: Record Keeping

  • Records of all designated service transactions are maintained with sufficient detail to reconstruct transactions
  • CDD records (identity documents and verification information) are retained for at least 7 years from the date of record creation
  • AML/CTF program and risk assessment documents are retained as required
  • Records of submitted reports (SMRs, TTRs, IFTIs) are retained
  • Records are stored securely and can be retrieved within a reasonable time if requested by AUSTRAC
  • If relying on a third party to conduct CDD: records of assessments of that third party are retained for 7 years

✅ Section 7: Employee Due Diligence and Training

  • Appropriate background checks are conducted on relevant employees
  • All relevant employees receive AML/CTF training before commencing duties
  • Training is refreshed periodically and when material changes occur
  • Training records are documented
  • Staff understand their individual obligations, including how to identify suspicious activity and the reporting process

✅ Section 8: Governance and Independent Review

  • A senior manager has approved and taken ownership of the AML/CTF program
  • Roles and responsibilities for AML/CTF compliance are clearly defined
  • A periodic independent review of the AML/CTF program has been completed
  • Review findings are documented and acted upon
  • The AML/CTF program is updated to reflect review findings

✅ Section 9: 2026 Reform Readiness (if applicable)

  • Identified whether the business provides any new designated services commencing 1 July 2026
  • Applied to enrol with AUSTRAC by 29 July 2026 (if newly regulated)
  • AML/CTF program updated to reflect new obligations under the reformed Act
  • CDD procedures updated to address new customer types and service requirements
  • Staff trained on new requirements

Frequently Asked Questions

Is there an official AUSTRAC checklist?

AUSTRAC publishes guidance and explanatory materials on its website, but does not publish a single consolidated compliance checklist. This checklist is based on obligations set out in the AML/CTF Act, the AML/CTF Rules, and AUSTRAC’s published supervisory guidance.

How often should I review this checklist?

At minimum annually — and whenever there is a material change to your business, your customer base, or the regulatory requirements. With the Tranche 2 reforms commencing in 2026, all reporting entities should review their compliance position now.

What if I find gaps in my compliance?

Document the gaps, prepare a remediation plan, and address them promptly. If the gap is serious (e.g., failure to report suspicious matters or enrol with AUSTRAC), you should also consider whether voluntary disclosure to AUSTRAC is appropriate. Seek legal or AML advisory advice.

📣 Need help with AML/CTF compliance? 

👉 Download a comprehensive AML compliance checklist: AML Compliance Checklist for Australian Businesses

👉 Get expert help to close your compliance gaps: contact us

👉 Read the complete AML guide: AML Compliance Australia – Complete Guide (2026)

👉 Read More

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by