Compliance and governance to the AML/CTF Act requires a comprehensive, risk-based AML/CTF program outlining policies to identify, mitigate and manage the risks of money laundering and terrorism financing.
Policies encompass procedures, systems and controls to ensure compliance to the regime. One of the first things that must be completed in your AML/CTF program are your governance and compliance obligations.
What you need to do:
The following key roles must be appointed:
- Governing Body,
- AML/CTF Compliance Officer and
- the Senior Manager.
Further information on establishing governance framework is available on the AUSTRAC website.
For sole practitioners, they may hold all three roles.
If your practice is not an individual entity (e.g. an incorporated legal practice, partnership or company), the Governing Body is the person or group primarily responsible for governance and executive decision-making.
Their responsibilities include:
- monitoring and being accountable for ensuring AML/CTF compliance
- exercising appropriate and ongoing oversight of the practice’s identification and assessment of risks
- ensuring the practice is identifying and mitigating ML/TF/PF risks
- ensuring the practice has allocated adequate resources etc. to meet reporting obligations
- being the primary internal recipient of compliance data eg: annual compliance report, risk assessment updates, independent evaluations.
Your practice must appoint an AML/CTF Compliance Officer by 1 July 2026.
This role is required under s26J(1) of the Act.
Their responsibilities include:
- overseeing day-to-day compliance
- coordinating and reporting (eg: SMRs, TTRs, Compliance) to AUSTRAC
- reviewing and addressing high-risk matters referred to by staff
- conducting enhanced customer due diligence on clients
- reviewing and updating the AML/CTF Program
- providing a written report to the governing body at least annually
- managing personnel due diligence
- coordinating and overseeing staff training
- conducting periodic effectiveness checks to ensure the AML/CTF Program is working as intended.
The Compliance Officer must be an individual who:
- Is employed or engaged by the legal practice at a management level
- Has sufficient authority, independence and access to resources and information to perform their duties effectively
- Is a resident of Australia (if your practice provides designated services at or through a permanent establishment in Australia)
- Is a fit and proper person.
When making this appointment, your practice must also consider the factors listed in Rule 5-14, including whether the individual:
- Has the competence, skills and knowledge to perform their duties effectively
- Is of good character, honesty and integrity
- Has been convicted of a serious offence
- Has been subject to civil, criminal, regulatory or disciplinary proceedings
- Is an undischarged bankrupt
- Has executed a personal insolvency agreement
- Has any conflict of interest that could materially affect their ability to perform their duties.
AUSTRAC must be notified of the Compliance Officer’s appointment or change of appointment within 14 days.
Further information see AML/CTF compliance officer | AUSTRAC.
A Senior Manager (as defined in s5 of the Act) is a person who makes or participates in decisions that affect the whole or a substantial part of the business.
This role is required under s26F(4) of the Act.
Their responsibilities include:
- approving the AML/CTF Policies and ML/TF Risk Assessment (including updates)
- being informed and providing written approval before providing services to foreign politically exposed persons (PEPs) or other clients that are assessed as high-risk
- approving in writing any reliance arrangements with other entities
- approving decisions to terminate a retainer when AML/CTF risks fall outside the practice’s risk appetite
- overseeing the maintenance of the AML/CTF framework.
Practice tip:
The Compliance Officer role cannot be outsourced, but the officer may engage external providers for support and advice.