AML Compliance FAQ for Australian Accountants

When am I legally required to lodge a Suspicious Matter Report (SMR) with AUSTRAC?

You must lodge an SMR with AUSTRAC as soon as practicable — and within 24 hours for terrorism financing suspicions — after forming a suspicion that a matter relates to money laundering, tax evasion, or another serious offence under Australian law.

What does AUSTRAC look for in a compliance audit of an accounting firm?

AUSTRAC audits typically examine whether your firm has enrolled with AUSTRAC, has a current written AML/CTF program, has CDD records for every client, evidence of ongoing screening and transaction monitoring, staff training records, and a log of SMRs lodged. Documentation gaps are the most common finding.

What are the penalties for failing to report to AUSTRAC?

Civil penalties for failing to lodge a required SMR or TTR can reach $22 million for a body corporate or $4.4 million for an individual. Criminal penalties apply for deliberate concealment. AUSTRAC can also issue remedial directions, enforceable undertakings, and seek court-imposed conditions.

How do I lodge an International Funds Transfer Instruction (IFTI) report?

An IFTI report must be lodged with AUSTRAC within 10 business days of sending or receiving an international funds transfer instruction. Reports are submitted via AUSTRAC Online. IFTIs capture details of the transfer, the parties involved, and the ordering and beneficiary financial institutions.

Can I tell a client that I've filed an SMR on them (tipping off rules)?

No. Under section 123 of the AML/CTF Act, it is a criminal offence to disclose to any person — including the client — that you have filed, are filing, or are considering filing an SMR. This is the tipping-off prohibition and carries a maximum penalty of two years imprisonment.

How do I conduct enhanced due diligence on a high-risk client?

Enhanced due diligence (EDD) requires you to collect additional information beyond standard CDD — including verified source of funds and source of wealth — and to obtain senior management approval before onboarding. EDD clients must also be monitored more frequently than standard-risk clients.

How do I identify and verify the beneficial owner of a trust?

To identify the beneficial owner of a trust, you must identify all trustees (and verify at least one), the settlor, and any beneficiaries holding more than 25% beneficial interest. For discretionary trusts, you must identify all potential beneficiaries or the class of beneficiaries named in the trust deed.

How do I onboard a client remotely while still meeting CDD requirements?

Remote CDD is permissible if you use a combination of document verification (checking the ID document itself) and biometric verification (matching the document photo to a live selfie or video). The verification must be completed before providing a designated service, using an AUSTRAC-compliant verification provider.

What is the difference between simplified, standard, and enhanced CDD?

Simplified CDD applies to low-risk clients and requires minimal verification. Standard CDD is the default — verify identity using reliable, independent documents or electronic sources. Enhanced CDD applies to high-risk clients and requires deeper verification including source of funds and wealth, plus senior management approval.

What onboarding checks are required for a self-managed super fund (SMSF)?

When onboarding an SMSF, you must verify the fund's ABN on the ATO register, identify and verify the identity of all individual trustees (or directors of a corporate trustee), identify the fund's beneficiaries (members), and screen all trustees against PEP and sanctions lists.

How do I build a compliant ML/TF risk assessment for my firm?

A compliant ML/TF risk assessment identifies your firm's exposure to money laundering and terrorism financing across four dimensions: client types, products and services, delivery channels, and geographic exposure. Each risk must be rated and documented with the controls you have in place to mitigate it.

What must be included in an AML/CTF program for an accounting firm?

An AML/CTF program for an accounting firm must include a Part A program (governance, risk assessment, transaction monitoring, and staff training) and a Part B program (customer due diligence procedures). Both must be documented in writing, approved by senior management, and reviewed annually.

How do I prepare for an unannounced AUSTRAC inspection?

Prepare by maintaining an up-to-date written AML/CTF program, complete CDD records for every client, evidence of ongoing PEP and sanctions screening, staff training records, and a log of all SMR decisions. AUSTRAC inspectors can request records going back seven years. Readiness must be continuous, not reactive.

How do I screen a client against Australian sanctions lists?

Screen every client against the Australian Sanctions Office (ASO) consolidated list and the United Nations Security Council (UNSC) list before providing a designated service, and on an ongoing basis thereafter. A confirmed match means you cannot deal with that person and must not tip them off.

How do I handle a match result that looks like a false positive?

When a PEP or sanctions screening match appears, compare all available identifiers — full name, date of birth, nationality, and ID numbers — against the listed person. If all identifiers are inconsistent, document your analysis and the basis for ruling out a match. Never proceed without completing and recording this step.

What transaction patterns should trigger an AML alert?

Key patterns that warrant an AML alert include structuring (splitting transactions to stay below reporting thresholds), unusual cash volumes, rapid layering of funds across accounts, transactions inconsistent with the client's known financial profile, and unexplained payments involving high-risk jurisdictions.

What is structuring and how do I detect it in client transactions?

Structuring is the deliberate splitting of transactions to avoid AUSTRAC's $10,000 reporting threshold that triggers a Threshold Transaction Report (TTR). It is a criminal offence under section 142 of the AML/CTF Act. Key indicators include multiple similar-sized cash transactions by the same client within a short period.

What AML training is legally required for my staff under Australian law?

The AML/CTF Act requires reporting entities to provide AML/CTF training to all relevant employees. Training must cover your firm's AML/CTF program, how to recognise suspicious activity, and how to report it. Training records must be retained, and training must be refreshed at least annually.

What is Tranche 2 AML reform and when does it take effect for accountants?

Tranche 2 reforms extend Australia's AML/CTF Act to accountants, lawyers, and real estate agents for the first time. Enrolment with AUSTRAC is required by 31 March 2026, and a compliant AML/CTF program must be in place by 31 July 2026.

How do proposed changes to the AML/CTF Act affect my current program?

The Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 introduces a modernised AML/CTF framework with updated CDD requirements, a streamlined program structure, and expanded obligations for Tranche 2 entities. Existing reporting entities should review and update their programs to align with the new framework by the compliance deadline.