AML Compliance Checklist Australia: Your Step-by-Step Audit Prep

Getting AML compliant can feel like a large and complicated task, particularly if your business has only recently been brought into the regulatory framework under Tranche 2. The reality is that compliance becomes much more manageable when you break it down into a clear, ordered checklist.

This AML compliance checklist for Australia walks you through every essential step — from AUSTRAC registration through to record keeping. Whether you are setting up your compliance framework for the first time or preparing for an audit, use this checklist to make sure nothing falls through the cracks.

Why You Need an AML Compliance Checklist

AUSTRAC expects reporting entities to have a systematic and documented approach to compliance. A checklist ensures you cover every obligation and gives you a reference document for when AUSTRAC conducts a compliance assessment.

Businesses that approach compliance in an ad hoc way are far more likely to have gaps that expose them to enforcement action. An AML compliance checklist in Australia helps you avoid that.

The 8-Step AML Compliance Checklist

Step 1: Register With AUSTRAC

Enrol your business as a reporting entity through the AUSTRAC Online portal. You will need your ABN, business contact details, and information about the designated services you provide. Registration must be completed before you provide any designated service. Keep your enrolment details up to date — notify AUSTRAC of any changes within 14 days.

Audit tip: Retain a copy of your enrolment confirmation and any AUSTRAC correspondence.

Step 2: Develop Your AML/CTF Program

Create a written AML/CTF compliance program tailored to your business with two parts:

• Part A — General compliance arrangements including governance, risk management, the compliance officer role, and oversight
• Part B — Applicable customer identification procedures (ACIPs)

The program must be approved by a senior manager, partner, or board member. It must be reviewed and updated when your business or risk environment changes.

Audit tip: Date every version and maintain a change log. AUSTRAC may ask to see previous versions.

Step 3: Complete Your ML/TF Risk Assessment

Identify, assess, and document the money laundering and terrorism financing risks your business faces across four dimensions:

• Customer risk — High-risk individuals, PEPs, or customers from high-risk jurisdictions
• Service risk — Which services are more vulnerable to exploitation
• Delivery channel risk — Face-to-face, remote, or through intermediaries
• Geographic risk — Transactions involving high-risk countries

Assign risk ratings and document the controls you have in place. The risk assessment must be completed before finalising your AML/CTF program.

Audit tip: Review your risk assessment at least annually and after any material business change.

Step 4: Set Up Customer Due Diligence (CDD) Procedures

Establish processes for identifying and verifying customers before providing a designated service:

• Individuals — Collect full name, date of birth, and address; verify against government-issued photo ID or electronic verification
• Companies — Verify company name, ABN/ACN, registered office; identify directors and beneficial owners holding 25% or more
• Trusts — Identify the trust, trustee, and beneficiaries

Apply enhanced due diligence for higher-risk customers and identify politically exposed persons (PEPs). CDD is an ongoing obligation — update customer information throughout the relationship.

Audit tip: Record every CDD check, including documents sighted, verification method, and who conducted it.

Step 5: Establish Transaction Monitoring

Put systems or processes in place to detect suspicious transactions. Your approach should be proportionate to your business size. For smaller businesses, a documented manual process applied consistently is acceptable. Monitor for:

• Transactions inconsistent with the customer's known profile
• Unusually large or frequent transactions
• Transactions with no apparent economic rationale
• Attempts to structure transactions to avoid reporting thresholds

Audit tip: Log all monitoring activities and outcomes, even when no further action was required.

Step 6: Create Your Suspicious Matter Reporting Process

Establish a clear internal process for identifying, escalating, and reporting suspicious matters. A Suspicious Matter Report (SMR) must be submitted within 24 hours for terrorism financing matters, or 3 business days for all other suspicions. Your process should cover how staff escalate matters, who makes the reporting decision, and how reports are submitted via AUSTRAC Online.

Remember the tipping off offence — never inform the customer that an SMR has been submitted. You must also submit Threshold Transaction Reports (TTRs) for cash transactions of $10,000 or more.

Audit tip: Maintain an internal register recording every matter assessed, whether or not a report was submitted, and the reasoning.

Step 7: Implement Staff Training

Train all relevant employees on your AML/CTF obligations. Training should cover the AML/CTF Act, your internal program, CDD procedures, red flags, how to escalate suspicious matters, and the tipping off offence. Provide training at induction and on an ongoing basis (at least annually).

Audit tip: Keep records of dates, attendees, topics covered, and assessment results.

Step 8: Set Up Record Keeping

Retain all AML/CTF records for a minimum of seven years. This includes customer identification documents, transaction records, copies of reports submitted to AUSTRAC, your AML/CTF program (all versions), risk assessments, training records, and monitoring logs. Records must be stored securely and retrievable in a readable format.

Audit tip: Test your record retrieval process periodically — you need to produce records promptly if AUSTRAC requests them.

Pulling It All Together

This AML compliance checklist covers the essential obligations every Australian reporting entity must meet. Work through each step in order, document everything, and build compliance into your day-to-day operations rather than treating it as a one-off project.

For a downloadable version of this checklist, visit our AML compliance checklist page.

Simplify Your AML Compliance

ComplyReady is designed to take you through every step of this checklist — from risk assessment and AML/CTF program development to CDD, monitoring, training, and record keeping. Instead of piecing together templates, spreadsheets, and manual processes, ComplyReady gives you a single platform that covers everything AUSTRAC expects. Get started today and turn this checklist into a compliant business.