Select another region to view local content

You are on the Australia website
Australia
New Zealand
United Kingdom
Primary Logo

Blogs

AUSTRAC’s step 1.4: Finalising your AML/CTF program

AUSTRAC’s step 1.4: Finalising your AML/CTF program

Using APLYiD’s Kickstart Kit, you've built the core foundations of an Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) program from scratch. Before we walk through the final piece of the puzzle, let's take a moment to recognise exactly what you've already created and why it matters.

Quick recap: What steps 1.1–1.3 gave you

Step 1.1: Your Risk Assessment

Every solid AML/CTF program starts with understanding your own risk. In Step 1.1, you completed a Money Laundering and Terrorism Financing (ML/TF) Risk Assessment - a structured analysis of the specific risks your business faces based on your customer types, the products and services you offer, the channels through which you deliver them, and the jurisdictions you operate in or deal with.

Step 1.2: Your Policy Document

With your risks understood, Step 1.2 had you turn that understanding into a formal AML/CTF Policy Document. This document sets out your business's commitment to compliance at an organisational level: who is responsible, what the overarching approach is, and how your business will meet its obligations under the AML/CTF Act 2006 and Rules.

Step 1.3: Your Customer Process

Your Customer Process Document brings everything down to the ground level: how you actually identify and verify your customers. This is your Customer Due Diligence (CDD) framework - the processes that define who you collect information from, how you verify that information, when you apply standard versus enhanced due diligence, and how you handle higher-risk customers or situations.

APLYiD's AML/CTF Policy Builder lets you generate all the above required program documents - your Risk Assessment, AML/CTF Policy, Processes & Procedures, and Governance & Personnel documents - from a single short form. These are built on AUSTRAC-approved templates, reviewed by our compliance experts, so you're not starting from scratch or guessing what AUSTRAC wants to see.

What you've built: An AML/CTF program

Together, these three steps - your Risk Assessment, your Policy Document, and your Customer Due Diligence Process - form the core of what AUSTRAC calls your AML/CTF Program.

Under Australia’s AML/CTF Rules, reporting entities are required to have a documented AML/CTF program that is appropriate to the nature, size, and complexity of their business. You now have that. You have:

  • A risk-based foundation - your risk assessment shows that your controls are calibrated to actual risk, not applied blindly
  • A governance layer - your policy document demonstrates organisational commitment and accountability
  • An operational layer - your CDD process translates policy into practical, repeatable action

Finalising your AML/CTF program

Now it's time to pull everything together and make your program complete. Step 1.4 is about governance, review, and sign-off - the processes that turn a collection of good documents into a functioning, auditable, and maintainable AML/CTF program.

Here's what Step 1.4 involves:

AUSTRAC’s step 1.4: Finalising your AML/CTF program

1. Establish a review schedule

Risks change, your business changes, and AUSTRAC's expectations evolve. Your program must be reviewed at least every three years - but best practice is to build in an annual review cycle, and to trigger an out-of-cycle review whenever there is a significant change to your business (new products, new customer segments, new geographies, a merger, or a major regulatory update).

Document your review schedule and assign accountability for it. Who is responsible for initiating the review? Who approves the updated documents? How do changes get communicated to staff?

2. Program sign-off

If you are a sole practitioner or sole director/owner, you can approve your own completed AML/CTF program. Otherwise, your program needs formal approval from your board or senior leadership.

Draft a short approval record or board resolution that confirms the program has been reviewed, adopted, and that leadership is committed to its ongoing maintenance. Include the date of approval and the names of those who approved it.

3. Staff training

A program that exists only in documents won't protect your business. Your staff need to understand what's required of them - particularly anyone involved in customer onboarding, transaction monitoring, or reporting.

Develop or source AML/CTF training appropriate to your team's roles. At minimum, all staff should understand 

  • What money laundering and terrorism financing look like
  • What your business's obligations are
  • How to apply your CDD process
  • How to escalate concerns or report suspicious matters. 

APLYiD takes care of this with a built-in AML training platform - offering courses, quizzes, and certifications through a full learning management system so your entire team can get trained, certified, and audit-ready, all in one place. Document who has completed training and when, and build this into your onboarding process for new staff.

4. Pull it all together

If your Risk Assessment, Policy, and CDD Process currently exist as separate documents, Step 1.4 is a good moment to create an AML/CTF Program register - a master document or folder structure that ties everything together. 

This doesn't need to be elaborate: it could be as simple as a cover sheet that references and links to each component, confirms the version number, date of approval, and the name of your Compliance Officer. 

What matters is that if AUSTRAC were to ask for your AML/CTF program tomorrow, you could produce it in a coherent, organised way.

Your program Is done - now what?

Completing Step 1 means you have a compliant, documented AML/CTF program in place. That's a significant achievement - and with the 1 July 2026 deadline approaching fast for Tranche 2 reporting entities, having reached this point puts you well ahead of many businesses in your sector.

Having a program and running a program are two different things.

Step 2 is where your program comes to life. This is where you move from documentation into operation - implementing transaction monitoring, lodging Threshold Transaction Reports (TTRs) and Suspicious Matter Reports (SMRs), maintaining your customer records, and keeping your program current as your business evolves.

July 1st will be here sooner than it feels. If you haven't started thinking about Step 2, now is the time. The businesses that will find compliance easiest are those that build their operational habits now - before the deadline - rather than scrambling to retrofit them after.

Contact Us
Loading...
AUSTRAC’s step 1.4: Finalising your AML/CTF program | No-nonsense AML platform for your business | Trusted AML & KYC for Real Estate, Legal & Finance