Skip to main content

Understanding Core AML/CTF Compliance Concepts for Tranche 2 Entities

Understanding core compliance concepts is essential for meeting your AML/CTF obligations. These requirements guide how you interact with customers, assess risks, and fulfill your reporting duties.

Edward Frame avatar
Written by Edward Frame
Updated over a week ago

What is an AML/CTF Compliance Officer (AMLCO)?

An AML/CTF Compliance Officer is the designated person responsible for managing your business's AML/CTF compliance. This role carries significant responsibilities and specific requirements:

Requirements:

  • Must be a "fit and proper person"

  • Need not be an employee (can be external)

  • Cannot be domiciled outside Australia

Key Responsibilities:

  • Acting as the primary contact for AUSTRAC

  • Providing day-to-day oversight of your AML/CTF policy and procedures

  • Ensuring reports are submitted to AUSTRAC

  • Coordinating staff training

  • Conducting and updating risk assessments

  • Reporting to the Committee and senior management

  • Addressing AUSTRAC feedback

For Tranche 2 entities, this may be a senior partner, director, or dedicated compliance professional with appropriate authority and expertise.

What is Customer Due Diligence (CDD)?

Customer Due Diligence is the cornerstone of your AML/CTF obligations. It's the process of identifying and verifying your customer's identity and understanding the nature of your business relationship.

Standard CDD involves:

  1. Collecting Information: Gathering customer details including full name, date of birth, address, and supporting documents (passport, driver's license)

  2. Verifying Information: Confirming accuracy through reliable, independent sources

  3. Beneficial Ownership Identification: For corporate customers, identifying individuals who ultimately own or control the entity:

    • Directors and company secretaries

    • Shareholders or partners with greater than 25% ownership

    • Trust beneficiaries, settlors, appointers, guardians, or protectors

    • Understanding complex ownership structures

  4. Document Checks: Ensuring identification documents haven't expired (Australian passports expired within the preceding 2 years are acceptable)

Important: Your AML/CTF policy must include risk-based procedures for handling discrepancies, such as suspected forged documentation or identity mismatches.

What is Enhanced Customer Due Diligence (ECDD)?

Enhanced Customer Due Diligence applies heightened scrutiny when higher risks are present. ECDD is mandatory in certain circumstances and discretionary based on your risk assessment.

When ECDD is Required:

  • Customer is a foreign Politically Exposed Person (PEP)

  • Customer is classified as high risk in your risk assessment

  • Customer is from a high-risk jurisdiction

  • Complex ownership structures are involved

Enhanced Measures Include:

  • Additional checks and analysis of customer information

  • Senior management approval

  • More detailed source of funds verification

  • Understanding the purpose of transactions

  • More frequent reviews of the relationship

  • Enhanced ongoing monitoring

For complex legal structures, you must gather detailed information on ownership, control, and management structures, including constitutions, partnership agreements, or trust deeds.

What is a Customer Risk Assessment?

Customer risk assessment evaluates the money laundering and terrorism financing risk that providing a designated service to a specific customer may pose. Your AML/CTF policy must define how you assess and classify customers based on risk factors.

Risk Factors to Consider:

  • Customer occupation or business activity

  • Transaction patterns and amounts

  • Geographic connections (customer location, transaction destinations)

  • Ownership and control structures

  • Use of third parties or intermediaries

  • Whether the customer falls into higher-risk categories

Risk-Based Approach: The assessment determines the level of due diligence required - higher-risk customers receive enhanced scrutiny (ECDD), while lower-risk customers may receive standard measures (CDD). Your policy must document how these risk levels translate into specific procedures.

What are KYC and KYB?

Know Your Customer (KYC) applies to individual customers:

  • Collecting personal information (name, date of birth, address)

  • Verifying identity through reliable documents

  • Understanding the customer's background and intended use of services

Know Your Business (KYB) applies to corporate customers:

  • Entity identification and verification through company registration searches

  • Understanding corporate structure and ownership

  • Identifying beneficial owners (those with >25% ownership or control)

  • Verifying authorized representatives

  • Understanding how the entity is regulated

KYB is typically more complex due to layered ownership structures, multiple jurisdictions, and the need to understand ultimate beneficial ownership.

What are Politically Exposed Persons (PEPs)?

A Politically Exposed Person holds or has held a prominent public position that could potentially be abused for money laundering, corruption, or bribery.

Three Categories of PEPs:

  1. Australian PEPs: Australian government officials

  2. Foreign PEPs: Government officials from other countries

  3. International Organization PEPs: Officials from international bodies (UN, WHO, etc.)

PEP Positions Include:

  • Heads of state or government

  • Senior politicians and government officials

  • Senior judicial or military officials

  • Senior executives of state enterprises

  • Important political party officials

PEP Family and Associates: Immediate family members and known close associates may also require enhanced scrutiny.

Your Obligations:

  • Implement procedures to identify PEPs (through databases or searches)

  • Foreign PEPs and high-risk domestic/international PEPs require ECDD

  • Obtain senior management approval before establishing or continuing relationships with high-risk PEPs

  • Apply enhanced ongoing monitoring

What are Sanctions and Sanctioned Individuals?

Sanctions are restrictive measures imposed by the Australian government or UN Security Council against specific individuals, entities, or countries. You are legally prohibited from dealing with sanctioned parties.

Your Obligations:

  • Screen customers against current sanctions lists maintained by the Department of Foreign Affairs and Trade (DFAT)

  • Screen beneficial owners and controllers

  • Conduct screening before establishing relationships and periodically thereafter

  • Immediately report any matches to AUSTRAC

  • Cease transactions with sanctioned parties

Sanctions lists are updated regularly - your screening procedures must account for these changes.

What is Proliferation Financing?

Proliferation financing involves providing funds or services that contribute to the development, production, or acquisition of weapons of mass destruction (WMD):

  • Nuclear weapons

  • Chemical weapons

  • Biological weapons

  • Their delivery systems and related materials

Your Obligations:

  • Implement systems to identify potential proliferation financing

  • Be alert to customers connected to countries subject to UN proliferation sanctions

  • Watch for customers in industries potentially linked to weapons development

  • Report suspicious activities to AUSTRAC

While proliferation financing is less common than money laundering or terrorism financing, the consequences of facilitating WMD development are severe.

What is Transaction Monitoring?

Transaction monitoring is the ongoing process of reviewing customer transactions to identify suspicious activity. Your AML/CTF policy must document your monitoring approach based on your business risk assessment.

Monitor For:

  • Complex transactions (unusual structures or patterns)

  • Unusual large transactions (relative to the customer's profile)

  • Unusual patterns of transactions (frequency, timing, amounts)

Transaction monitoring helps identify suspicious matters that must be reported to AUSTRAC. However, avoid seeking additional information that would "tip off" the customer if you suspect illegal activity.

Getting Started

With the July 1, 2026 compliance deadline, understanding these core concepts now will help you:

  1. Develop appropriate policies and procedures

  2. Implement effective systems and controls

  3. Train your staff adequately

  4. Begin collecting customer information gradually

  5. Prepare for AUSTRAC enrollment

Next Steps:

  • Review AUSTRAC's guidance for your specific industry sector

  • Conduct a risk assessment of your business

  • Enrol with AUSTRAC from 31 March 2026

  • Begin developing your AML/CTF policy

  • Consider engaging RegTech solutions to support compliance

  • Start collecting customer information using a structured register

Disclaimer: This document provides general information and is not legal advice. Consult legal advisors and AUSTRAC guidance when developing your compliance framework.

For comprehensive guidance, visit: www.austrac.gov.au

Related Articles
PEP and Sanctions Screening
Understanding AML/CTF Reform
Your AML/CTF Program
Outsourcing and Support
Getting Started - Checklist
Did this answer your question?