ReportingInformational

What does AUSTRAC look for in a compliance audit of an accounting firm?

Updated 23 May 2026

Quick answer

AUSTRAC audits typically examine whether your firm has enrolled with AUSTRAC, has a current written AML/CTF program, has CDD records for every client, evidence of ongoing screening and transaction monitoring, staff training records, and a log of SMRs lodged. Documentation gaps are the most common finding.

AUSTRAC has broad audit and inspection powers under the AML/CTF Act. Inspectors can request documents, interview staff, and enter your premises — with or without prior notice. Knowing what they look for allows you to maintain audit-ready records as a matter of routine, rather than scrambling when an inspection arrives.

The eight things AUSTRAC consistently checks

  • Enrolment: Is the business enrolled with AUSTRAC as a reporting entity? Inspectors will verify this against AUSTRAC's register.
  • Written AML/CTF program: Does a current, signed-off Part A and Part B program exist? Is it specific to your firm, or a generic template?
  • ML/TF risk assessment: Is there a documented risk assessment that has been reviewed within the past 12 months?
  • CDD records: Does every client file contain complete identity verification documentation, collected before services were provided?
  • Beneficial ownership: For corporate and trust clients, have all beneficial owners been identified and verified?
  • Ongoing screening: Is there evidence of PEP and sanctions screening at onboarding and on a recurring basis?
  • Training records: Are there records showing that all relevant staff have completed AML/CTF training, and when?
  • SMR log: Is there an internal record of suspicious matters — including cases where a suspicion was considered but an SMR was not filed, and the documented reasoning?

Common findings in accounting firm audits

  • AML/CTF program that is a generic industry template, not tailored to the firm
  • Missing or incomplete CDD for long-standing clients (grandfathering is not a defence)
  • No evidence of beneficial ownership checks for corporate and trust clients
  • Training records that do not cover all relevant staff or are more than 12 months old
  • No documented rationale for not filing an SMR in cases where a concern was raised internally

How long must records be kept?

All records relevant to AML/CTF compliance — CDD documents, transaction records, training logs, program versions, and SMR records — must be retained for seven years from the date the record was made or the relationship ended.

How ClearAML helps

ClearAML maintains a continuous audit trail of every CDD check, screening result, training completion, and SMR decision — all timestamped and retrievable in seconds. When AUSTRAC asks for records, you can produce them without searching through folders or paper files.

Keep your firm audit-ready with ClearAML →

Related questions

Reporting

When am I legally required to lodge a Suspicious Matter Report (SMR) with AUSTRAC?

Reporting

What are the penalties for failing to report to AUSTRAC?

Reporting

How do I lodge an International Funds Transfer Instruction (IFTI) report?