For Compliance Officers

AML/CTF compliance officer obligations Australia — AUSTRAC Tranche 2 guide

As the appointed compliance officer you are personally accountable for your organisation's AML/CTF program — from risk assessment sign-off through to board reporting and AUSTRAC audit readiness. AutoAML gives you the tools to run a defensible, documented program without starting from scratch.

Start FreeView Requirements

Compliance Challenges for Compliance Officers

Appointed AML/CTF compliance officers at Tranche 2 firms must have a compliant program by 1 July 2026. Understand your s 81 obligations under the AML/CTF Act 2006 (Cth).

Personal accountability under the Act

The AML/CTF Act 2006 (Cth) requires a named, sufficiently senior compliance officer with direct access to the board. If the program fails an AUSTRAC audit, the spotlight lands on you — not the firm's general counsel.

Keeping pace with Tranche 2 legislative change

The AML/CTF Amendment Act 2024 adds entirely new designated services from 1 July 2026. Every existing program needs a gap analysis and update; AUSTRAC guidance notes are still being released, meaning the goalposts are shifting in real time.

Audit readiness requires more than a policy document

AUSTRAC inspectors look for a living program: dated risk assessments, version-controlled policies, training records with completion evidence, and an audit log of ongoing compliance decisions. A PDF filed in SharePoint does not satisfy this.

Board and management reporting on compliance status

You are expected to produce regular compliance reports for senior management and the board, including SMR/TTR metrics, training completion rates, and upcoming review dates — all formatted for a non-technical audience.

What Compliance Officers Need for Compliance

The AML/CTF Act 2006 (Cth) and the AML/CTF Rules require all reporting entities to maintain these documents and procedures.

AML/CTF Program (Part A and Part B) with named compliance officer — s 81 of the Act
ML/TF Risk Assessment reviewed at least every three years under AML/CTF Rules Chapter 15
SMR procedures — lodge within 24 hours (terrorism) or 3 business days (other) — s 41
TTR procedures for physical currency $10,000+ — lodge within 10 business days — s 43
Compliance officer role description with board reporting line
Staff training program with documented completion records
Record-keeping for 7 years post-transaction — s 107
Annual compliance report and independent review schedule

Deadline & Applicability

Compliance officers at Tranche 2 reporting entities must ensure a fully operational program is in place by 1 July 2026. This covers enrolment with AUSTRAC, a board-adopted program, a current risk assessment, and evidence of staff training. The AML/CTF Amendment Act 2024 confirmed the start date with no grace period.

Last reviewed: · Information is general guidance, not legal advice.

How AutoAML Helps Compliance Officers

AI-Generated Documents

All 13 compliance documents — including compliance officer role description, risk assessment, CDD scripts, SMR/TTR procedures, and board reporting templates — generated from your organisation's actual service mix.

Team & Audit Trail

Assign and track compliance roles, log every program decision with a tamper-evident audit trail, and keep training records that survive an AUSTRAC inspection.

Ongoing Compliance

Compliance calendar with AUSTRAC deadlines, automated review reminders, version control on every document update, and board-ready status reports — so the program stays current, not just compliant at launch.

Frequently Asked Questions

Compliance Officers & AUSTRAC: common questions

What are my legal obligations as an AML/CTF compliance officer?
Under Part 2 and s 81 of the AML/CTF Act 2006 (Cth), the appointed compliance officer must ensure the organisation has a current, board-adopted AML/CTF program, conducts regular risk assessments under AML/CTF Rules Chapter 15, maintains staff training, and submits SMRs and TTRs within statutory timeframes. The role requires sufficient seniority to access the board and dedicated time to administer the program — a title without authority does not satisfy the Act.
Can the compliance officer also be the CEO or a director?
Yes. AUSTRAC guidance permits the compliance officer role to be held by a director, CEO, or managing partner, provided they have genuine seniority, actual authority over compliance decisions, and the time to administer the program. In small firms this is often practical. The key requirement is that the appointment is documented, the role description is specific, and the person is genuinely accountable — not just nominated on paper.
What happens if AUSTRAC audits our program and finds it inadequate?
AUSTRAC has a graduated enforcement toolkit under Part 15A of the AML/CTF Act. Outcomes range from a letter of guidance at the mild end through to infringement notices, enforceable undertakings, and Federal Court civil penalty orders — up to $22.2 million per contravention for body corporates and $4.44 million for individuals. Westpac's $1.3 billion penalty in 2020 arose from systemic program failures. AUSTRAC has signalled active supervision of Tranche 2 firms from day one of commencement.
How often does an AML/CTF program need to be reviewed?
Chapter 15 of the AML/CTF Rules requires an independent review at least every three years, or more frequently if there is a material change to the business — new services, new delivery channels, new ownership, or a significant change in the customer base. Most well-run programs schedule an annual internal review and a triennial independent review. AUSTRAC expects evidence of both in an audit.
What records must I keep and for how long?
Section 107 of the AML/CTF Act requires records relating to designated services to be retained for seven years from the date of the transaction or the cessation of the customer relationship, whichever is later. This covers CDD documents, transaction records, SMR lodgement evidence, TTR records, training completion logs, and all versions of the AML/CTF program. Records must be reproducible in English and accessible to AUSTRAC on request.
What is an SMR and when must I lodge one?
A Suspicious Matter Report (SMR) is lodged with AUSTRAC when you have reasonable grounds to suspect a transaction involves proceeds of crime, is connected to money laundering or terrorism financing, or involves a person subject to sanctions. Under s 41 of the AML/CTF Act, the lodgement window is 24 hours for terrorism-financing suspicion and 3 business days for all other suspicious matters. Tipping off the customer is prohibited. AutoAML includes an SMR workflow to guide your team through the decision and lodgement steps.

Related compliance guides

Different roles in the same organisation often have overlapping but distinct AML/CTF responsibilities.

Practice ManagersPractice managers at law firms, accounting practices, and real estate agencies must build a compliant AML/CTF program by 1 July 2026. AutoAML generates all 13 required documents and guides you through every step.Read guideAUSTRAC July 2026 Deadline1 July 2026 is the AUSTRAC Tranche 2 commencement date. No grace period. No extensions announced. This checklist covers exactly what accountants, lawyers, real estate agents, and conveyancers need before the deadline.Read guideSmall Business OwnersNo exemption for small businesses under AUSTRAC Tranche 2. If you provide a designated service, you need a compliant AML/CTF program by 1 July 2026 — regardless of staff count.Read guide

Run a defensible compliance program from day one

Built for Australian businesses navigating AUSTRAC Tranche 2. Free until 1 July 2026.

Start Your Free Compliance Program

Free until the 1 July 2026 AUSTRAC deadline. Cancel anytime.