With AUSTRAC’s reform package now gathering pace, both existing reporting entities and newly regulated professions need to start preparing for transition to the new AML/CTF framework. AUSTRAC has made it clear that businesses must take a proactive approach to implementation – and early preparation will be essential to avoiding compliance gaps once the new requirements commence.
Currently Regulated – Key Steps to Get Ready
Consider your group structure
The shift from designated business groups to reporting groups means existing AML arrangements may no longer be fit-for-purpose.
You should:
- Review how your current DBG is operating.
- Confirm which parts of the business should (and should not) sit within the new reporting group.
- Start planning how AML functions will be shared or centralised under the new model.
Many AFSL holders and fund managers will need to undertake a structural uplift in how group-level AML responsibilities are allocated.
Clarify roles and responsibilities
The proposed reforms create more prescriptive expectations around governance.
You should identify:
- Who will own the AML/CTF Program
- Who is responsible for the business-wide risk assessment
- Which teams will execute CDD, monitoring and reporting
- What assurance and oversight functions will look like going forward
Note the legislation prescribes certain requirements for who must do what, so read the AUSTRAC reforms guidance and be clear on the new role and approval requirements.
Review whether you now provide additional designated services
Updated designated service categories may capture activities not previously regulated. You should assess the new types of designated services (they are broad) and determine what additional designated services you will need to be enrolled for and cover in your AML/CTF risk assessment and AML/CTF policies.
Prepare for significant changes to your AML/CTF Program
Existing Programs generally will not meet the new standards. AUSTRAC expects Programs to be:
- Outcomes-focused
- Risk-based
- Tailored, not templated
- Operationally embedded
- Regularly reviewed
Your documentation will need to be rewritten to reflect this shift. This is likely to be one of the most substantial uplift tasks. For our clients, we do this for you, you don’t need to worry about this aspect.
Complete your business-wide ML/TF Risk Assessment
AUSTRAC has emphasised that the business- wide risk assessment is the central pillar of the new regime. Your risk assessment must:
- Identify, analyse and evaluate ML/TF risks
- Consider customers, delivery channels, products, jurisdictions and business practices
- Link directly to the controls in your Program
- Be regularly reviewed and updated
Most existing assessments will require a complete redevelopment.
AUSTRAC has published extensive guidance on what it expects for a risk assessment and key ML/TF risks that it sees for different industry groups. Read this and ensure you are across it. Again, for our clients, we will guide you through this process and generate your new risk assessment for you.
Understand changes to CDD and ongoing monitoring
You should document the changes to:
- Onboarding workflows
- Beneficial ownership checks
- Purpose and nature of business enquiries
- Triggers for enhanced due diligence
- Ongoing monitoring and periodic reviews
This will ensure the reforms are reflected both in your Program and in your day-to-day processes. As above, for our existing clients this is done within your existing subscription
Develop and maintain an implementation plan
AUSTRAC expects reporting entities to transition in an orderly way and develop an implementation plan.
Join us for our webinar series kicking off on 25 November 2025 (you can watch on demand later if you register) – we will be working through the implementation plan and providing a free template: Register for our Webinar
Newly Regulated – Steps for Lawyers and Accountants to Prepare
Lawyers and accountants will be entering the AML/CTF framework for the first time, and preparation early in the transition period will be essential.
Understand the designated services you provide
You should map which of your services will be captured as designated services.
For professional services (advisers, accountants and lawyers) see AUSTRAC’s guidance here: AUSTRAC Guidance for Professional Services
Also check property related designated services to see if they apply: AUSTRAC Guidance for Property Developers and Real Estate. This mapping exercise will define the scope of your AML/CTF obligations and is the critical first step,
Understand the new regime and your obligations
Becoming a reporting entity means you must comply with:
- AUSTRAC enrolment requirements
- AML/CTF Program requirements
- Customer due diligence
- Ongoing monitoring
- Employee due diligence and training
- Suspicious matter and other reporting to AUSTRAC
- Record-keeping obligations
- A number of other obligations under the AML/CTF Act and Rules
For many practices, this will represent a major procedural and cultural shift.
Get the right support in place
Legal and accounting practices will need:
- AML/CTF capability (internal or external)
- Systems to undertake CDD and monitoring
- Escalation frameworks
- Staff awareness programs
Now is the time to identify gaps and secure additional support where needed.
Begin to establish your AML/CTF Program (or engage someone to help)
Your Program will need to describe:
- Your ML/TF risks
- The controls you apply to manage them
- Roles, responsibilities and escalation pathways
- CDD procedures
- Monitoring and reporting processes
- Employee due diligence and training
- Other items covered by the AML/CTF Act and Rules – AUSTRAC has specific reforms guidance for what must be covered in your AML/CTF Program so ensure you check this out.
Importantly, AUSTRAC expects Programs to be business-specific and operational.
Work through roles and responsibilities
You will need to assign:
- An AML/CTF Compliance Officer
- Senior Manager(s) responsible for AML/CTF Program approval, along with approvals of relationships with certain customers and reliance arrangements
- Operational owners of onboarding, monitoring, recordkeeping and reporting
- Training and assurance responsibilities
Clear accountability will be essential for audit and supervisory expectations.
Start your Risk Assessment
Before building your Program in full, you should complete a business-wide ML/TF risk assessment covering:
- Clients
- Services
- Delivery channels
- Jurisdictions
- Business operations
This assessment becomes the foundation for every other component of your Program. AUSTRAC has extensive guidance on what you need to consider and how to document your ML/TF risk assessment.
Undertake employee due diligence and training
Firms must:
- Conduct appropriate screening for all personnel engaging in AML/CTF activities
- Deliver relevant and specific AML/CTF training
- Ensure staff understand their obligations, red flags and escalation procedures
Training is one of the earliest uplift activities you can begin – and our free 4-part webinar series will help get you started on this.
How can we help?
For $300 ex GST per month (regardless of users), all of the above will be taken care of via our Digital Compliance Platform which provides a holistic and ongoing AML/CTF Framework, enabling you to generate fully compliant but also fully customised risk assessments, policies and controls (fully customised not only to your industry but also how you will do things as a business), that can be updated instantly when things change.
Our dynamic task list will prompt you with all the things you need to be doing throughout the year to comply with your obligations, with audit trails to meet your record keeping obligations under the AML/CTF laws.
Our detailed training modules, guides, checklists and templates mean you’re not worried about whether what you’re doing is compliant – you have detailed prompts to ensure everything is captured and completed compliantly. Staff training is delivered within platform.
We are kicking off with a free 4 part webinar series on 25 November 2025. You can register here: Register for our Webinar
As long as you register, if you can’t make that time we can provide a recording to you afterwards). The webinar serious is intended to have you fully ready and equipped by 31 March 2026!
If you also want to join the wait list for our product, you can do so here: Wait list
We will be onboarding clients to the new AML/CTF Framework from February so get in early – first in best dressed.