AU AML/CTF Program — Small Business

01 - WHAT

What is it?

The AML/CTF Program — AU Small Business is a ready-to-implement compliance framework designed for Australian small businesses that are reporting entities under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006. It gives business owners and compliance managers a structured, practical program to meet their AUSTRAC obligations — covering risk assessment, customer due diligence, transaction monitoring, suspicious matter reporting, and staff training.

It provides the policies, procedures, forms, registers, checklists, and training materials needed to build and maintain a compliant AML/CTF program without the cost of external consultants.

02 - WHO

Who is it for?

• Small businesses that are reporting entities under the AML/CTF Act 2006
• Accountants, bookkeepers, lawyers, and financial service providers with AUSTRAC obligations
• Businesses onboarding a new AMLCO or compliance function
• Firms preparing for an AUSTRAC audit, review, or registration
• Owners and managers who need a compliant program but lack an in-house compliance team

03 - WHY

Why does it matter?

AUSTRAC has significantly increased enforcement activity, with substantial penalties for reporting entities that fail to maintain adequate AML/CTF programs. Non-compliance is not just a regulatory risk — it exposes businesses to reputational damage, criminal liability, and deregistration.

Relevant obligations include:

• AML/CTF Act 2006 — program, CDD, and reporting obligations
• AML/CTF Rules — customer identification, risk assessment, and recordkeeping
• AUSTRAC reporting — SMRs, TTRs, and annual compliance reporting
• Privacy Act 1988 — handling of customer identification information

Without a compliant program, businesses risk:

• AUSTRAC enforcement action, infringement notices, and civil penalties
• Criminal liability for facilitation of money laundering or terrorism financing
• Failure to detect and report suspicious activity
• Reputational damage with customers, banks, and professional networks
• Loss of banking facilities or professional registrations

04 - WHEN

When do you need it?

• When you first become a reporting entity and need to enrol with AUSTRAC
• Before an AUSTRAC audit, compliance assessment, or targeted review
• When appointing a new AML Compliance Officer
• When onboarding new customer types or higher-risk clients
• When your business model, services, or customer base changes materially
• When your existing program is outdated, incomplete, or never properly implemented

05 - WHERE

Where does it apply?

• Financial services, lending, and credit providers
• Accountants, bookkeepers, and tax agents with designated services
• Legal practitioners handling certain financial transactions
• Remittance dealers and currency exchange businesses
• Real estate agencies handling certain transactions
• Any small business that is a reporting entity under the AML/CTF Act 2006

06 - HOW

How does it work?

• Enrol with AUSTRAC and appoint an AML Compliance Officer
• Complete the ML/TF/PF risk assessment for your business
• Adopt the Part A and Part B AML/CTF Program documents
• Implement customer due diligence procedures for new and existing clients
• Screen customers against sanctions lists and PEP registers
• Monitor transactions and submit Suspicious Matter Reports where required
• Report threshold transactions (TTRs) to AUSTRAC as required
• Train all relevant staff on AML/CTF obligations annually
• Conduct independent review and update the program regularly

07 - INCLUDED

What is included?

• 1.1 Welcome to Your AML/CTF Program
• 1.2 Quick Start Guide
• 1.3 12-Week Implementation Roadmap
• 2.1 AML/CTF Program Overview Policy
• 2.2 ML/TF/PF Risk Assessment
• 2.3 AML/CTF Evidence Index
• 3.1 Governance Policy
• 3.2 Risk Assessment Policy
• 3.3 Compliance Officer Policy
• 3.4 Staff Training Policy
• 3.5 Personnel Due Diligence Policy
• 3.6 Recordkeeping Policy
• 3.7 Independent Review Policy
• 3.8 Privacy & Confidentiality Policy
• 3.9 Whistleblower Policy
• 4.1 Governance Oversight Procedure
• 4.2 Risk Assessment Procedure
• 4.3 Customer Due Diligence (CDD) Procedure
• 4.4 Ongoing CDD Procedure
• 4.5 Enhanced Due Diligence (EDD) Procedure
• 4.6 Politically Exposed Persons (PEP) Procedure
• 4.7 Sanctions Screening Procedure
• 4.8 Transaction Monitoring Procedure
• 4.9 Suspicious Matter Reporting (SMR) Procedure
• 4.10 Transaction Threshold Reporting (TTR) Procedure
• 4.11 Personnel Due Diligence Procedure
• 4.12 Incident & Breach Procedure
• 5.1 CDD New Client Onboarding Form
• 5.2 Enhanced Due Diligence (EDD) Form
• 5.3 PEP Checklist
• 5.4 Beneficial Ownership Form
• 5.5 Sanctions Screening Checklist
• 5.6 Customer Risk Scoring Guide
• .7 CDD Periodic Review Form
• 5.8 Source of Funds / Wealth Declaration Form
• 5.9 Transaction Monitoring Alert Form
• 5.10 Suspicious Matter Report (SMR) Internal Referral Form
• 5.11 Breach Incident Report
• 5.12 Staff Training Attendance Record
• 5.13 Training Evaluation & Competency Form
• 5.14 Employee AML/CTF Acknowledgement Form
• 5.15 AMLCO Appointment Letter
• 6.1 CDD Register
• 6.2 High-Risk Customer Register
• 6.3 PEP Register
• 6.4 Sanctions Screening Register
• 6.5 Suspicious Matter Reporting Register
• 6.6 Transaction Monitoring Alerts Register
• 6.7 Incident & Breach Register
• 6.8 Independent Review Findings Register
• 6.9 Training Register
• 6.10 Personnel Due Diligence Register
• 6.11 Document Change & Version Control Register
• 7.1 Glossary of Terms
• 7.2 Legislation Reference Index
• 7.3 Audit Readiness Checklist
• 7.4 Red Flags & Indicators
• 7.5 Recordkeeping Checklist
• 7.6 Annual Compliance Checklist
• 8.1 Staff Training Pack
• 8.2 Mandatory Staff Training Presentation
• 8.3 Training Quiz
• 8.4 Training Module Guide