AML/CTF ProgramTransactional

What must be included in an AML/CTF program for an accounting firm?

Updated 23 May 2026

Quick answer

An AML/CTF program for an accounting firm must include a Part A program (governance, risk assessment, transaction monitoring, and staff training) and a Part B program (customer due diligence procedures). Both must be documented in writing, approved by senior management, and reviewed annually.

The AML/CTF Act requires every reporting entity to adopt and maintain a written AML/CTF program. For accounting firms newly captured by Tranche 2, this is a formal document that must be in place before you begin providing designated services after the compliance deadline.

Part A: The core program

Part A is your firm's overarching governance and compliance framework. It must include:

  • ML/TF risk assessment: A documented assessment of your firm's exposure across client types, products, channels, and jurisdictions (see the separate FAQ on risk assessments)
  • Risk-based systems and controls: The specific policies, procedures, and controls your firm uses to identify, mitigate, and manage ML/TF risk
  • Transaction monitoring: How you monitor for unusual or suspicious transactions or activity patterns
  • Employee due diligence: Screening staff in positions where they could facilitate ML/TF
  • AML/CTF training: A training program for all relevant staff, with records of completion
  • Oversight: Documented senior management sign-off and a designated AML/CTF compliance officer

Part B: Customer due diligence procedures

Part B specifies how your firm will identify and verify the identity of clients. It must cover:

  • When CDD is required (before providing a designated service)
  • What information and documents you collect for individuals, companies, trusts, and other entity types
  • How you verify that information (face-to-face ID checks, electronic verification, certified copies)
  • Your risk-based approach to CDD levels (simplified, standard, enhanced)
  • Beneficial ownership identification procedures
  • Ongoing CDD — how you keep client information current

Record-keeping requirements

All CDD records, transaction records, and program-related documents must be retained for at least seven years from the date the record was made. This applies whether you are using paper files or a digital system.

Review and update obligations

Your program must be reviewed at least annually and updated whenever there is a material change — new services, new client types, changes to the regulatory environment, or feedback from AUSTRAC. An outdated program that no longer reflects your actual practice is a compliance gap.

How ClearAML helps

ClearAML generates a customised Part A and Part B program for your firm based on your specific client mix and services. The program is stored, versioned, and prompts you for annual review — keeping your documentation audit-ready at all times.

Generate your AML/CTF program with ClearAML →

Related questions

AML/CTF Program

How do I build a compliant ML/TF risk assessment for my firm?

AML/CTF Program

How do I prepare for an unannounced AUSTRAC inspection?