Congratulations to our new Partners and Principal. Read more now.
By: Neil Jeans, Katherine Shamai, Martin Stone, Annelies Homersham
19 Feb 20255 min read
An Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) program is essential to support organisations complying with AML/CTF obligations and requirements.
Under the AML/CTF Act 2024, all reporting entities must have (before providing designated services) and maintain (throughout the time they are providing designated services) an AML/CTF program that appropriately identifies, mitigates, and manages their ML/TF risk and addresses the AML/CTF system and control requirements set out in the AML/CTF Rules.
Under the AML/CTF Act, an AML/CTF program comprises several key documents, each crucial in ensuring compliance with revised AML/CTF obligations.
This document sets out the systematic and structured identification of money laundering, terrorist financing and proliferation financing (ML/TF/PF) risks, an assessment of the likelihood and impact of those risks, and the documentation of the risk assessment process.
It forms the foundation of the AML/CTF program by identifying and evaluating the specific risks faced by the reporting entity and guiding the development of tailored AML/CTF policies and procedures.
The risk assessment informs all other documents, ensuring the AML/CTF program is risk-based and focused on the most significant threats.
This document (or documents) outline the reporting entity's approach to managing and mitigating identified ML/TF/PF risks and ensuring compliance with the general requirements in the AML/CTF Act and AML/CTF Rules.
The AML/CTF policies must be developed based on the risk assessment and provide the framework for the procedures manual.
This document (or documents) provides detailed instructions on implementing AML/CTF policies, ensuring consistency and effectiveness in applying AML/CTF measures.
The procedure(s) must operationalise the policies and is informed by the risk assessment by providing detailed procedural guidance to ensure consistency and effectiveness in applying AML/CTF measures.
The procedure(s) also provides practical guidance to staff on how to comply with AML/CTF obligations. It is crucial for these documents to inform the building of employee training content to ensure that employees with relevant roles are aware of their responsibilities and obligations within the reporting entity’s AML/CTF environment.
To address the AML/CTF program requirements under the AML/CTF Act, new reporting entities should follow a structured, step-by-step approach:
Develop a detailed risk assessment document that evaluates the specific ML and TF risks faced, including consideration of proliferation financing (PF) risks.
AML/CTF policies are required to address the identified risks and comply with the AML/CTF Act requirements. The policies must align with the outcomes-based framework and adequately cover ML/TF/PF risks.
Where there are any new risks identified by a new risk assessment, the relevant sections in the AML/CTF policies should also be updated.
Establish procedures that provide detailed instructions on implementing the AML/CTF policies set out in the AML/CTF policy, ensuring the manual promotes consistency and effectiveness in applying AML/CTF measures.
Monitor for additional AML/CTF Rule requirements and guidance AUSTRAC provides. It is understood the AML/CTF Rules will be published around July 2025, with core guidance published by AUSTRAC in October 2025 and Tranche 2 specific Guidance in December 2025.
The AML/CTF Act introduces new civil penalty provisions related to the development and maintenance of an AML/CTF program, increasing the regulatory risk related to non-compliance. These include civil penalty provisions for failure to document an AML/CTF program, failure of the AML/CTF program to cover mandated requirements, and failure to notify the governing body of AML/CTF program changes.
Although the new AML/CTF requirements won't be enforced until July 2026, it is vital to start planning and preparing for compliance with AML/CTF requirements now.
With a short lead time to compliance and limited AML/CTF experts across Australia, demand will only continue to increase as the compliance date approaches.
If you would like to discuss any of the above with one of our AML/CTF specialists, please reach out.
Understanding changes to AML/CTF obligations and the Privacy Act: what reporting entities need to know.
From 1 July, the updated AML/CTF regime takes effect for Tranche 2 organisations including the real estate industry. There is already commentary, interpretation and subsequently confusion in the aged care market.
The AML/CTF Amendment Bill 2026 gives AUSTRAC new powers to restrict or prohibit the use of high‑risk mechanisms such as crypto ATMs by reporting entities.
