Program overview

12 March 20263 min read
Program overview

Program overview

AML Comply has provided a summary of AUSTRAC’s guidance on the program obligations below. Please note that this overview is intended as a guide only; for comprehensive details, the full AUSTRAC documentation is included further down this page.

AML/CTF Program Overview (Summary)

Core Components

An AML/CTF program must include:

  1. ML/TF Risk Assessment – Identify and assess your money laundering, terrorism financing, and proliferation financing risks (ML/TF risks). This assessment is the foundation of your program and informs your policies.
  2. AML/CTF Policies – Documented procedures, systems, and controls to manage and mitigate ML/TF risks and ensure compliance with AML/CTF obligations.

Program Obligations

Under the AML/CTF Act (sections 26C, 26D, 26E, 26F, 26G, 26U, 107, 111, 114, 116):

  • Must be in place before providing designated services.
  • Must be documented, approved by a senior manager, and complied with.
  • Must be regularly reviewed and updated to reflect changing circumstances.
  • Must undergo periodic independent evaluations.
  • Must maintain records relating to designated services and AML/CTF compliance.

Tailoring Requirements:

  • Depth of risk assessment, policies, and evaluations should match the nature, size, and complexity of your business.

Risk-Based Approach

  • Programs must be risk-based, addressing the specific ML/TF risks and operational characteristics of your business.
  • Different entities face different risks; policies and controls should be proportionate and targeted.

Key Steps to Comply

ObligationSteps

Governance

Identify governing body, appoint an AML/CTF compliance officer, and senior manager(s) to approve and oversee the program.

ML/TF Risk Assessment

Identify and assess inherent and residual ML/TF risks.

AML/CTF Policies

Develop and maintain policies to manage ML/TF risks and comply with obligations.

Document & Approve Program

Document the program and obtain senior manager approval.

Compliance & Monitoring

Apply policies in daily operations and monitor their effectiveness

Review & Update

Regularly update risk assessments and policies; get approval for changes.

Independent Evaluation

Conduct independent reviews of the program’s effectiveness.

This framework ensures that your AML/CTF program is effective, up-to-date, and tailored to your business risks.

Program overview

Author: AUSTRAC

Your AML/CTF program must include both your:

  • money laundering and terrorism financing risk assessment. This identifies and assesses your money laundering, terrorism financing and proliferation financing risks. We refer to these as ML/TF risks. It’s the first step to develop your program and shapes the AML/CTF policies that protect your business
  • AML/CTF policies. These detail the policies, procedures, systems and controls you’ll use to manage and mitigate your ML/TF risks. They ensure you comply with your AML/CTF obligations.

AML/CTF program obligations

This section refers to the Act sections 26C, 26D, 26E, 26F, 26G, 26U, 107, 111, 114 and 116.

Your AML/CTF program must be:

  • in place before you start providing a designated service
  • clearly documented in writing
  • approved by a senior manager
  • complied with.

You must also:

  • review and update your program to make sure it remains current as circumstances change
  • conduct periodic independent evaluations of your program
  • make and keep records relating to the designated services you provide and your AML/CTF obligations.

The following must also be appropriate to the nature, size and complexity of your business:

  • the steps you take to complete your risk assessment
  • your AML/CTF policies
  • internal reviews of your risk assessment
  • the frequency and conduct of independent evaluations of your AML/CTF program.

Risk-based approach

Different reporting entities face different ML/TF risks. This is why an effective program must be ‘risk based’ and designed to address the specific risks of your business along with its needs and characteristics.

Obligations overview

Below are your general obligations and an overview of the steps you must take to meet your obligations.

ObligationSteps

Establish your governance framework

  • Identify your governing body – who oversees your AML/CTF program
  • Appoint an AML/CTF compliance officer to oversee and coordinate day-to-day compliance
  • Appoint a senior manager or senior managers to approve the AML/CTF program and make other key decisions

Conduct an ML/TF risk assessment

  • Identify and assess your ML/TF risks

Develop AML/CTF policies

  • Develop and maintain policies to appropriately manage and mitigate your ML/TF risks
  • Develop and maintain policies to make sure you comply with each of your AML/CTF obligations.

Document and approve your AML/CTF program

  • Document your program
  • Get approval from a senior manager

Comply with your program

  • Follow your AML/CTF policies in your daily operations
  • Apply them to manage and mitigate ML/TF risks and ensure AML/CTF compliance
  • Monitor their effectiveness

Review and update your AML/CTF program

  • Review and update your risk assessment and AML/CTF policies
  • Get senior manager approval for updates

Independent evaluation

Conduct independent evaluations of your AML/CTF program

12 March 2026