AU AML/CTF Program — Medium Business

01 - WHAT

What is it?

The AML/CTF Program — AU Medium Business is a comprehensive, ready-to-implement compliance framework for Australian medium-sized reporting entities under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006. It goes beyond the essentials to deliver a full governance structure, advanced risk and due diligence procedures, board-level reporting, independent review capability, and a complete suite of operational forms and registers.

It is designed for businesses with more complex customer profiles, higher transaction volumes, multiple designated services, or a need to demonstrate program maturity to AUSTRAC, regulators, or professional bodies.

02 - WHO

Who is it for?

• Medium-sized Australian businesses with reporting entity obligations
• Financial services firms, lenders, payment providers, and remitters
• Businesses with boards, audit committees, or senior management oversight requirements
• Firms subject to AUSTRAC audits, regulatory reviews, or enforcement history
• Compliance teams building or upgrading a mature, documented AML/CTF program
• Businesses using third-party reliance arrangements or outsourced compliance functions

03 - WHY

Why does it matter?

Medium-sized reporting entities face heightened AUSTRAC scrutiny, more complex customer risk profiles, and greater accountability at board and senior management level. AUSTRAC expects documented evidence of governance, oversight, independent review, and continuous improvement — not just a basic program.

Relevant obligations include:

• AML/CTF Act 2006 — full Part A and Part B program requirements
• AML/CTF Rules — enhanced CDD, third-party reliance, and outsourcing obligations
• AUSTRAC reporting — SMRs, TTRs, threshold reporting, and annual declarations
• Corporations Act — board and officer duties where applicable
• Privacy Act 1988 — CDD data handling and customer information obligations

Without a mature program, medium businesses risk:

• Significant civil penalties and enforceable undertakings from AUSTRAC
• Board and officer personal liability for compliance failures
• Banking derisking — loss of correspondent banking or payment processing relationships
• Reputational damage with institutional clients, investors, and regulators
• Failure of independent review or audit, triggering regulatory escalation

04 - WHEN

When do you need it?

• When your business has grown beyond a basic AML/CTF program
• Before a scheduled AUSTRAC audit, targeted review, or independent review
• When appointing or replacing your AML Compliance Officer
• When your board or senior management require formal compliance reporting
• When you introduce new designated services, products, or customer segments
• When third-party reliance or outsourced compliance arrangements are in place
• When your risk profile has materially changed and your program needs updating

05 - WHERE

Where does it apply?

• Financial services, credit, and lending businesses
• Payment service providers, remitters, and currency dealers
• Accountants, lawyers, and professional services firms with designated services
• Businesses with third-party reliance or correspondent relationships
• Any medium-sized reporting entity requiring a full governance and oversight framework

06 - HOW

How does it work?

• Establish governance structure — board, senior management, and AMLCO accountabilities
• Complete the ML/TF/PF risk assessment across all designated services and customer types
• Adopt the full suite of Part A and Part B program documents
• Implement CDD, EDD, ongoing monitoring, and third-party reliance procedures
• Screen customers against PEP and sanctions lists at onboarding and on an ongoing basis
• Monitor transactions, escalate alerts, and submit SMRs and TTRs to AUSTRAC
• Report quarterly to board and senior management on compliance performance
• Conduct and document independent review on the required cycle
• Train all staff annually and maintain complete compliance records
• Update the program in response to regulatory changes, risk events, and review findings

07 - INCLUDED

What is included?

• 1.1 Welcome to Your AML/CTF Program
• 1.2 Quick Start Guide
• 1.3 12-Week Implementation Roadmap
• 2.1 AML/CTF Program Part A
• 2.2 AML/CTF Program Part B
• 2.3 ML/TF/PF Risk Assessment
• 2.4 Evidence Index
• 2.5 Master Program Index
• 3.1 Governance Policy
• 3.2 Risk Assessment Policy
• 3.3 Compliance Officer Policy
• 3.4 Staff Training Policy
• 3.5 Personnel Due Diligence Policy
• 3.6 Recordkeeping Policy
• 3.7 Independent Review Policy
• 3.8 Privacy & Confidentiality Policy
• 3.9 Whistleblower & Protected Disclosure Policy
• 3.10 Outsourcing & Third-Party Reliance Policy
• 3.11 Reporting Group Policy
• 4.1 Governance Oversight Procedure
• 4.2 Risk Assessment Procedure
• 4.3 Customer Due Diligence (CDD) Procedure
• 4.4 Ongoing CDD Procedure
• 4.5 Enhanced Due Diligence (EDD) Procedure
• 4.6 Politically Exposed Persons (PEP) Procedure
• 4.7 Sanctions Screening Procedure
• 4.8 Transaction Monitoring Procedure
• 4.9 Suspicious Matter Reporting (SMR) Procedure
• 4.10 Threshold Transaction Reporting (TTR) Procedure
• 4.11 Personnel Due Diligence Procedure
• 4.12 Incident & Breach Response Procedure
• 4.13 Control Effectiveness & Risk Update Procedure
• 4.14 Program Update & Change Management Procedure
• 4.15 Regulator Liaison & Reporting Procedure
• 4.16 Independent Review Execution Procedure
• 5.1 CDD New Client Onboarding Form
• 5.2 Enhanced Due Diligence (EDD) Form — High Risk Customer
• 5.3 PEP Identification Checklist
• 5.4 Beneficial Ownership Declaration Form
• 5.5 Sanctions Screening Checklist
• 5.6 Customer Risk Scoring Guide
• 5.7 Ongoing CDD Periodic Review & Update Form
• 5.8 Source of Funds / Wealth Declaration Form
• 5.9 Transaction Monitoring Alert Form
• 5.10 Suspicious Matter Report Internal Referral Form
• 5.11 Breach Incident Report Form
• 5.12 Staff Training Attendance Record
• 5.13 Training Evaluation & Competency Checklist
• 5.14 Employee AML/CTF Acknowledgement Form
• 5.15 AMLCO Appointment Letter
• 5.16 Board & Senior Management Quarterly AML Report
• 5.17 Board AMLCO Meeting Minutes Template
• 5.18 Annual Declaration to Senior Management
• 5.19 Third-Party Reliance Due Diligence Form
• 5.20 Independent Review Scope & Terms of Engagement
• 6.1 CDD Register
• 6.2 High-Risk Customer Register
• 6.3 PEP Register
• 6.4 Sanctions Screening Register
• 6.5 Suspicious Matter Reporting Register
• 6.6 Transaction Monitoring Alerts Register
• 6.7 Incident & Breach Register
• 6.8 Independent Review Findings Register
• 6.9 Training Register
• 6.10 Personnel Due Diligence Register
• 6.11 Document Change & Version Control Register
• 6.12 Third-Party Reliance Due Diligence Register
• 6.13 AUSTRAC Correspondence Register
• 7.1 Glossary of Terms
• 7.2 Legislation Reference Index
• 7.3 Audit Readiness Checklist
• 7.4 Red Flags & Suspicious Activity Indicators
• 7.5 Recordkeeping Checklist
• 7.6 Annual Compliance Checklist — Self-Assessment
• 7.7 Customer Risk Scoring Guide
• 7.8 AMLCO Obligations Summary
• 7.9 Beneficial Ownership Guidance Note
• 7.10 Tipping-Off & Confidentiality Guidance Note
• 7.11 Designated Services Reference Guide
• 8.1 Staff Training Pack
• 8.2 Mandatory Staff Training Presentation
• 8.3 Training Quiz
• 8.4 Training Module Guide
• 9.1 Risk Assessment Summary Sheet
• 9.2 Proliferation Financing Risk Guidance