Australia’s AML/CTF reforms mark a practical shift in how reporting entities are expected to manage financial crime risk. The direction of travel is clear, moving away from prescriptive, tick-box compliance and towards risk-based governance, clearer accountability and evidence that controls are operating in practice.
For AFSL and ACL holders, the most effective response is not to treat AML reform as a policy refresh alone. The stronger approach is to treat it as a governance uplift, ensuring ownership, oversight, staff capability and record-keeping are aligned and defensible.
A key point to keep in mind is that while transitional arrangements apply to some elements, such as initial customer due diligence, ongoing customer due diligence applies from commencement, with no transitional period. This means day-to-day monitoring and escalation cannot be left to later.
Start with governance and accountability
Dealing with AML reform starts with clarity on who owns AML risk, how reporting lines work, and how oversight is performed at Responsible Manager and Board level. In practice, the strongest frameworks are the ones where AML risk is treated like other core governance risks, visible, monitored, escalated and documented.
This is where many licensees currently fall short, AML is often covered in a document, but not embedded into operating rhythms.
What licensees should have in place, practical minimum requirements
The reforms are best approached through a simple operational baseline, a set of actions that demonstrate control.
1) Appoint an AML/CTF Compliance Officer (AMLCO)
You must appoint an AML/CTF Compliance Officer with sufficient authority to oversee the program. Many policies nominate the Compliance Manager as the AMLCO, and this can be changed if needed, but what matters is that the role is clearly assigned and operationalised.
2) Notify AUSTRAC of your AMLCO by 30 May 2026
The reforms include extended deadlines for notifying AUSTRAC of AML/CTF compliance officers, to 30 May 2026. Ensure this is treated as a tracked governance action, not an admin afterthought.
3) Evidence suitability, fit-and-proper, including a police check
AMLCO suitability should be treated as a governance control. A current police check and suitability evidence should be maintained on file, demonstrating the AMLCO is appropriate for the role.
4) Annual AMLCO suitability confirmation, treated as a governance checkpoint
Rather than turning this into form-filling, treat it as an annual governance moment, confirm the AMLCO remains suitable, document the confirmation, and retain evidence. Your policy suite contemplates ongoing annual monitoring of AMLCO fit-and-proper status.
5) Annual AML/CTF training for all staff, plus onboarding, with records retained
Your AML/CTF policies require an AML/CTF training program delivered at onboarding and on an ongoing basis, with training records retained to demonstrate completion and ongoing awareness.
These fundamentals matter because regulators care less about whether a policy exists and more about whether the framework is operating, understood and provable.
Use the transition period strategically, to improve systems and prove control
The transition period for initial customer due diligence exists to support implementation, but it should not be used to defer governance uplift. Use this period to strengthen how AML operates in your business, including mapping where AML risk arises across your advice and service model, clarifying reliance arrangements where product issuers and platforms carry certain obligations, improving escalation pathways and documentation standards, embedding AML reporting into your Responsible Manager and Board oversight cadence, and lifting training quality so staff can identify and escalate issues confidently.
The goal is to be able to show, at any point, that AML risk is actively managed, not passively assumed.
What if you are not ready?
Many licensees are still working through what reform means for their operating model, that is not unusual. What matters is how you respond when gaps exist.
If you are not ready, your priority should be to:
1) Identify and document the gaps
Be clear on what is missing, governance, AMLCO appointment evidence, training, reliance arrangements, monitoring processes, record-keeping, or oversight reporting.
2) Put interim controls in place immediately
If core components are missing, stabilise first. For example, confirm or appoint the AMLCO, schedule AUSTRAC notification, deliver refresher training, implement a simple escalation pathway and interim tracking, and ensure records are being kept consistently.
3) Create an uplift plan with ownership and timeframes
A short, documented uplift plan is far more defensible than “we’re still working on it.” Assign owners, set dates, and track actions.
4) Ensure Responsible Managers and senior leadership have visibility
Regulators expect AML risk to be governed. Escalate the position and the plan so AML remains a managed risk, not an invisible one.
Regulators understand implementation is a process. What they look for is evidence of active management, prioritisation and progress.
Call to Action
If you are preparing for AML/CTF reform, or you have identified gaps in governance, training or oversight, AICS provides a complete AML/CTF solution for AFSL and ACL holders, including:
- Updated AML/CTF Policy aligned to the reformed regime
- AML/CTF Compliance Officer governance framework, fit-and-proper, oversight controls
- Annual AML/CTF training for staff and representatives, with completion records
- Implementation and remediation support to embed the framework in practice
To update your AML/CTF Policy, implement training, or establish a clear remediation plan, contact [email protected].ould significantly increase compliance and regulatory risk.
Sources
