Design Your AML/CTF Program

MitchellJanuary 22, 2019


Getting Started with AML/CTF

Achieving your obligations to the AML/CTF Act begins with building your AML/CTF program. The goal of an AML/CTF program is to construct policies and procedures which will reduce your business and regulatory risk of ML/TF. Inform these policies by performing an AML/CTF risk assessment and use this knowledge to tailor your program to the specific industry or designated service you intend to deliver. This obligation is an important aspect of Part A of your AML/CTF program.

Refer to the blog post: Do I need an AML/CTF Program to get started

What is an AML/CTF Program?

An AML/CTF program is the toolkit to achieving your obligation to the AML/CTF Act. bronID aims to be the digital toolkit to building and executing on your AML/CTF program. In this post we will go through some key policies and practices you should put in place immediately after enrolling with AUSTRAC to build out your AML/CTF program.

First things first, work out what type of AML/CTF program suits you.

Types of AML/CTF Programs:

  1. A standard AML/CTF program- applies to individual reporting entities
  2. A joint AML/CTF program- applies to reporting entities that are members of a designated business group and opted to operate under a joint program.
  3. A special AML/CTF program- applies to individual reporting entities that hold an Australian financial service licence (AFSL) and that arrange for a person to receive another designated service from a separate reporting entity. An example is a financial planner who arranges for a client to receive a designated service provided by another reporting entity.

Standard and Joint AML/CTF programs must have two components:

Part A(general) of an AML/CTF program covers identifying, managing and reducing the money laundering and terrorist financing risk faced by a reporting entity.

Part B(customer identification) covers a reporting entity’s customer due diligence (CDD) procedures. See the bronID portal for the self-serve solution to KYC.

SpecialAML/CTF programs are only required to include the Part B component.

In this post, we will go through a short checklist of what to do when gettinng started with your AML/CTF Program.

Employee Due Diligence Program

Any employee who handles a function of AML/CTF compliance, whether that be in an admin role or development each contribute to the risk of a non-compliance event occurring in your business. For this reason, it is essential you screen a prospective employee who, if employed, is in a position to facilitate the commission of a money laundering or financing of terrorism. Rescreen an employee where the employee is transferred or promoted into a position to facilitate the commission of a money laundering or financing of a terrorism offence.

Establish procedures to:

  • Identify and verify the identity of prospective or existing employees
  • Confirm their employment history
  • Determine if they are suitable to be employed in a particular position in the business

Taking into account:

  • The role, nature, size and complexity of compliance
  • Identifying the risk of a position and whether additional screening needs to be done
  • Criminal record checks
  • Been subject to disciplinary account by a regulator or legal action or matters in a court of law
  • Taken advantage of laws relating to bankruptcy
  • Lived in high-risk countries

An employee due diligence program must also outline a system to manage an employee who fails, without reasonable excuse, to comply with any system control or procedure under the AML/CTF program.

  • Disciplinary action (formal warnings/dismissal depending on the seriousness or scale of the breach)
  • Mandatory refresher training

Formally adopt the program with oversight

Part A of the AML/CTF program must be approved by the governing board and senior management of the reporting entity, or each reporting entity of a designated business group.

Your AML/CTF program must also be subject to ongoing oversight by the governing board and senior management.

To help with this process, you will need to appoint a compliance officer.

Appoint an AML/CTF Compliance Officer

Pursuant to Part 8.5 of the AML/CTF Rules your Board and management need to ensure that at all times a Compliance Officer is appointed, and a second person to act in the Compliance Officer’s absence.

The Compliance Officer and the Interim Compliance Officer must be at management level and have a direct connection to the reporting entity that allows them:

  • the authority and resources to perform their responsibilities, including access to all relevant areas of operations and all relevant staff members (at any level); and
  • the power to address problems relating to AML/CTF compliance and reporting obligations.

Appoint an AML/CTF Compliance Officer

compliance officer roles
  • Ensuring continued compliance, this is subject to oversight.
  • Day-to-day oversight of the program
  • Regular reporting
  • Addressing any AUSTRAC feedback
  • Acting as the AUSTRAC contact officer
  • Contributing to designing, implementing and maintaining internal AML/CTF compliance manuals, policies, procedures and systems.
  • They may delegate certain duties, however, maintain responsibility for AML/CTF compliance.

Registering and Responding to AUSTRAC feedback

Enrollment with AUSTRAC should be the first thing you do when complying with the AML/CTF Act.

Register to AUSTRAC here

You must have procedures in place to ensure your business addresses the recommendations contained in any reports AUSTRAC prepares on your AML/CTF compliance.

The nominated compliance officer is responsible for keeping track of feedback and implementing any required changes or improvements to your AML/CTF program. Particularly if AUSTRAC requests a response from you.

AUSTRAC can also provide industry feedback and guidance, for example, this report on digital currency exchange providers, take these into account and use them to keep your AML/CTF program up to date.

Apply for renewal here

Performing an AML/CTF Risk Assessment should be a priority to achieving Part A of your obligations, follow onto this article for an overview on Conduct a Risk Assessment

Follow us on Medium, Twitter, Facebook, and LinkedIn.

AML/CTFbronID PortalAML/CTF ProgramCompliance SeriesRisk Assessment


Written by


A catalyst for transforming legislation and governance into easy to use software. The personified pen of bronID.


Stay in the know

Keep up to date with the latest developments and regulatory changes.

Wave footer