What is an independent evaluation?
An independent evaluation does the following:
- evaluates how you undertook or reviewed your ML/TF risk assessment against the requirements in the AML/CTF Act, the regulations and Rules
- evaluates the design of your AML/CTF policies against the requirements of the Act, regulations and Rules
- tests and evaluates whether you appropriately identified, assessed, mitigated and managed your ML/TF risks and complied with your AML/CTF policies.
Practitioners must conduct an independent evaluation in addition to their own periodic AML/CTF program reviews.
How often should there be an independent evaluation?
Your AML/CTF policies must set out the frequency of your independent evaluations which must be appropriate to the nature, size and complexity of your practice.
At a minimum, an independent evaluation must occur at least once every 3 years. The Anti-Money Laundering and Counter-Terrorism Financing Transitional Rules 2026 provide staggered deadlines for conducting your first independent evaluation.
AUSTRAC have suggested that you may wish to conduct your first independent evaluation earlier as this may assist the practice in identifying and correcting any major ML/TF risk management or mitigation risk issue earlier and independent evaluators may be more readily available. The rationale behind the frequency of evaluations should be documented.
How to select an independent evaluator?
Practitioners must ensure their AML/CTF policies set out how they have determined that the evaluator is both independent and suitable given the nature, size and complexity of their practice. Please see AUSTRAC's Guidance - Conduct an independent evaluation and pages 33-34 of AUSTRAC Policy document.
What the independent evaluator will need to access?
Your evaluator will need access to documents, key staff and systems to conduct the evaluation. For example, during the independent evaluation, your evaluator may request:
- documents about the development of your ML/TF risk assessment and AML/CTF policies
- your ML/TF risk assessment
- your AML/CTF policies
- access to relevant staff members and senior managers
- access to records
- details of your own monitoring and reviews of your ML/TF risk assessment and AML/CTF policies
- previous independent evaluation reports
- other documents relevant to the evaluation.
What do you need to do once you have received your independent evaluation?
The evaluator will provide a written report, and practitioners must review that evaluation and, if required, update their risk assessment and policies in response to those findings. Practitioners are reminded that they must keep appropriate records of their evaluation.