Maintain a written AML/CTF program
Every reporting entity needs a documented AML/CTF program — Part A risk + Part B systems.
Who must comply
All AUSTRAC reporting entities.
What triggers it
Becoming a reporting entity.
When due
Before providing the first designated service. Maintained on an ongoing basis with annual independent review.
Evidence required
Written program document, board approval minutes, risk assessment, training records, independent review report.
Max penalty
Up to $33M per civil penalty contravention (corporations) or 5 years imprisonment for criminal offences
Effective from
1 July 2026
Summary
A reporting entity must adopt and maintain a written AML/CTF program covering: an ML/TF risk assessment (Part A), customer identification and KYC procedures (Part B), employee due diligence, ongoing customer due diligence, transaction monitoring, board/senior management approval, AML/CTF compliance officer designation, independent review, and ongoing training. Tranche 2 entities must have a compliant program before providing any designated service from 1 July 2026.
Enforced by
Source legislation
Industries
Topics
Related obligations
- CWLTHEnrol with AUSTRAC as a reporting entityTranche 2 entities must enrol with AUSTRAC by 29 July 2026.
- CWLTHCustomer due diligence (KYC) on every customerIdentify and verify every customer (and beneficial owner) before providing a designated service.
- CWLTHSuspicious matter, threshold, and IFTI reporting to AUSTRACLodge SMRs, TTRs ($10K+ cash), and IFTI reports via AUSTRAC Online.
- CWLTHDesignate an AML/CTF Compliance OfficerReporting entities must designate a senior employee as AML/CTF Compliance Officer.
- CWLTHDetect + enhance due diligence on Domestic + Foreign PEPsAML/CTF Rules require detection + EDD on Politically Exposed Persons (foreign + domestic + international organisation).
- CWLTHIndependent review of AML/CTF programReporting entities must arrange independent review of their Part A AML/CTF program at appropriate intervals.
Frequently asked questions
- Who must comply with a written AML/CTF program?
- All AUSTRAC reporting entities.
- What triggers a written AML/CTF program?
- Becoming a reporting entity.
- When is a written AML/CTF program due?
- Before providing the first designated service. Maintained on an ongoing basis with annual independent review.
- What is the maximum penalty for a written AML/CTF program?
- Up to $33M per civil penalty contravention (corporations) or 5 years imprisonment for criminal offences
- What evidence is required for a written AML/CTF program?
- Written program document, board approval minutes, risk assessment, training records, independent review report.
Source: https://austrac.gov.au/business/core-guidance/aml-ctf-program. Rules Mate is not a law firm. Always verify against the live regulator source before acting.