Welcome to the How to Comply with the AML/CTF Act Series!

If you haven’t been introduced to the series, check out this post:

“How to comply with the AML/CTF Act Series - an introduction”

bronID AML/CTF Compliance Toolkit


Achieving your obligations to the AML/CTF Act begins with designing your AML program. The goal of an AML program is to construct policies and procedures which will reduce your business and regulatory risk of ML/TF. Inform these policies by performing an AML/CTF risk assessment and use this knowledge to tailor your program to the specific industry or designated service you intend to deliver. This obligation is an important aspect of Part A of your AML/CTF program.


What is an AML/CTF Program?

An AML/CTF program is the toolkit to achieving your obligation to the AML/CTF Act. bronID aims to be the digital toolkit to building and executing on your AML program. In this post we will go through some key policies and practices you should put in place immediately after enrolling with AUSTRAC to build out your AML program.

First things first, work out what type of AML program suits you.

Three types of AML/CTF Programs:

  1. A standard AML/CTF program  -  applies to individual reporting entities
  2. A joint AML/CTF program  -  applies to reporting entities that are members of a designated business group and opted to operate under a joint program.
  3. A special AML/CTF program  -  applies to individual reporting entities that hold an Australian financial service licence (AFSL) and that arrange for a person to receive another designated service from a separate reporting entity. An example is a financial planner who arranges for a client to receive a designated service provided by another reporting entity.

Standard and Joint AML programs must have two components:

Part A (general) of an AML/CTF program covers identifying, managing and reducing the money laundering and terrorism financing risk faced by a reporting entity.

Part B (customer identification) covers a reporting entity’s customer due diligence (CDD) procedures. See the portal.bronid.com for the self-serve solution to KYC.

Special AML/CTF programs are only required to include the part B component.

In this post, we will go through a checklist of your obligations to the AML/CTF Act providing a reference to the relevant blog post if required.

AML program checklist:

  1. Complete an ML/TF risk assessment of your business
  2. Design and adopt an AML/CTF risk awareness training program
  3. Design and adopt an employee due diligence program
  4. Formally adopt the AML/CTF program and subject it to ongoing oversight by senior management/board
  5. Appoint an AML/CTF compliance officer
  6. Subject AML/CTF program to regular independent reviews
  7. Describe procedures for responding to AUSTRAC feedback
  8. Describe your reporting procedures
  9. Set out procedures for keeping your AUSTRAC enrolment and registration details current
  10. Set out your procedures for ongoing customer due diligence, including transaction monitoring and your enhanced customer due diligence program - see Know Your Customer
  11. Keep records
  12. Part B: Set out your procedures for collecting and verifying ‘Know Your Customer’ (KYC) information 

For doing a Part B, KYC & KYB compliance check, see the bronID portal.

Employee Due Diligence Program

Any employee who handles a function of AML/CTF compliance, whether that be in an admin role or development each contribute to the risk of a non-compliance event occurring in your business. For this reason, it is essential you screen a prospective employee who, if employed, may be in a position to facilitate the commission of a money laundering or financing of terrorism offence. Rescreen an employee where the employee is transferred or promoted into a position to facilitate the commission of a money laundering or financing of terrorism offence.

Establish procedures to:

  • Identify and verify the identity of prospective or existing employees
  • Confirm their employment history
  • Determine if they are suitable to be employed in a particular position in the business

Taking into account:

  • The role, nature, size and complexity of compliance
  • Identifying the risk of a position and whether additional screening needs to be done
  • Criminal record checks
  • Been subject to disciplinary account by a regulator or legal action or matters in a court of law
  • Taken advantage of laws relating to bankruptcy
  • Lived in high-risk countries

An employee due diligence program must also outline a system to manage an employee who fails, without reasonable excuse, to comply with any system control or procedure under the AML/CTF program.

  • Disciplinary action (formal warnings/dismissal depending on the seriousness or scale of the breach)
  • Mandatory refresher training

Formally adopt the program with oversight

Part A of the AML/CTF program must be approved by the governing board and senior management of the reporting entity, or each reporting entity of a designated business group.

Your AML/CTF program must also be subject to ongoing oversight by the governing board and senior management.

To help with this process, you will need to appoint a compliance officer.

Appoint an AML/CTF Compliance Officer

An AML/CTF compliance officer should have the power to access all relevant areas of operations and staff members as well as address problems relating to AML/CTF compliance and reporting obligations.

It is for this reason that the compliance officer must be of management level, however, they may also undertake other roles. It is preferable for the compliance officer to have a direct connection with the reporting entity.

One compliance officer for a designated business group is possible, however, if the group elects not to adopt a joint AML/CTF program each reporting entity must develop their own and have their own officer.

Duties of Compliance Officer:

  • Ensuring continued compliance, this is subject to oversight.
  • Day-to-day oversight of the program
  • Regular reporting
  • Addressing any AUSTRAC feedback
  • Acting as the AUSTRAC contact officer
  • Contributing to designing, implementing and maintaining internal AML/CTF compliance manuals, policies, procedures and systems.
  • They may delegate certain duties, however, maintain responsibility for AML/CTF compliance.

Registering and Responding to AUSTRAC feedback

Enrollment with AUSTRAC should be the first thing you do when complying with the AML/CTF Act.

Register to AUSTRAC here

You must have procedures in place to ensure your business addresses the recommendations contained in any reports AUSTRAC prepares on your AML/CTF compliance.

The nominated compliance officer is responsible for keeping track of feedback and implementing any required changes or improvements to your AML/CTF program. Particularly if AUSTRAC requests a response from you.

AUSTRAC can also provide industry feedback and guidance, for example, this report on digital currency exchange providers, take these into account and use them to keep your AML/CTF program up to date.

Apply for renewal here

Performing an AML/CTF Risk Assessment should be a priority to achieving Part A of your obligations, follow onto this article for an overview on how to perform your risk assessment in our How to Comply With the AML/CTF Act Series.


AML/CTF Webinar

Online, interactive, step by step guide to your AML/CTF Act obligations and how you can use bronID to automate and fast track compliance to scale globally.

bronID AML Webinar image

Sign up your interest today!