Getting Ready for 1 July: What Accountants Need to Have in Place

AUSTRAC has repeatedly signalled it is not expecting perfection on day one. However, it does expect you to be enrolled, have an AML/CTF Program appropriate for your business, have trained your team, engaged clients and be ready to report suspicious matters.

So, here’s a step-by-step plan if you’re feeling overwhelmed or don’t know where to start.

1. Finalise Your AML/CTF Program

Your AML/CTF Program is the cornerstone of ensuring you comply with your obligations. By 1 July, it should be documented, approved by your senior manager, and ready to be put into practice.

A fit-for-purpose program should:

• define which AUSTRAC-regulated services you provide (your designated services).
• document your key money laundering and terrorism financing risks linked to those services (your ML/TF risk assessment)
• set governance and accountability — who is responsible, who approves, who owns, and who administers the controls to ensure compliance
• explain how you will conduct initial and ongoing customer due diligence (CDD) for clients receiving designated services, and
• describe how you will monitor compliance, keep records, and review your program to ensure it remains up to date.

The AUSTRAC Starter Kit may suit you if you’re a smaller business of less than 15 staff. However, if you’re a larger firm or have complexity (for example, higher-risk clients or engage with higher-risk overseas jurisdictions), you will likely need a more comprehensive program.

If you are sourcing a template (including the Starter Kit) and wanting to develop the program yourself, consider attending a workshop to understand how to customise these documents. Waller said the workshops have been one of the most practical ways to help firms prepare and be ready for 1 July.

2. Decide How You Will Conduct Customer Due Diligence

From 1 July, you will need to undertake customer due diligence, commonly referred to as CDD, before you provide designated services to your clients. With a growing market of technology and outsourced providers, it’s worth being clear on what you need before you choose a solution.

Manual processes can work for low volumes, but consider the opportunity cost of staff time, the consistency of decision-making, and how you will securely collect, store and retrieve client identification and verification information.

If you’re assessing an outsourced or software-based solution, here are some tips to think about:

• client and transaction volumes in the first 12 months (including whether “pay per check” pricing is available)
• the depth of their Australian AML/CTF expertise (beyond identity verification)
• the ability of the solution to reflect your risk assessment settings (including custom risk questions and triggers)
• data storage location and controls (security, access, retention, cyber security controls and audit trails)
• the ability to integrate with your existing systems (practice management, document management and onboarding tools), and
• exit arrangements — what happens to client data if you change providers.

3. Review Client Onboarding Processes

Your client onboarding process will almost certainly need to change to cater for initial customer due diligence.  Here’s some things to think about and consider:

• Do you need to update your engagement letters to clearly scope out designated services that do not form part of the engagement?
• Do your engagement letters make it clear you can only commence work once CDD checks are completed?
• Who is responsible for sending the initial form/email to collect CDD information?
• Who is doing the client risk assessment in your firm — and do they have the skills, guidance and escalation path to do it consistently?

4. Train Staff 

Waller said training is one of the most underestimated aspects of AML/CTF readiness. It is also not a one-off exercise — most firms will need a number of solutions depending on the roles and responsibilities of those involved in the firm.

Many firms are turning to structured AML/CTF training programs to ensure consistency across teams and roles. Your training solution needs to include:

• Foundation training for all staff on what AML/CTF is and why it affects your practice
• Practice-specific training so staff understand which services within your business are captured as designated services and the changes to client onboarding and delivery of these services
• Role-specific training for appointed positions (the AML/CTF compliance officer, senior manager and governing body), and
• Topic-specific training on higher-risk or higher-consequence obligations, including suspicious matter reporting and, if applicable, reliance arrangements.

AML/CTF is definitely not “set and forget”. As your client base and designated services evolve — and as AUSTRAC refines its guidance — your controls and training must be reviewed and updated to ensure you are managing your risks and your staff remain across regulatory expectations and escalation pathways.

Waller says training packages can provide the additional support you may need in the first 12 months of regulation to embed your new obligations, such as quarterly Q&A sessions.

5. Conduct Due Diligence Checks on Staff

Your staff — and any consultants or outsourced providers involved in delivering designated services must undergo due diligence checks, including long-standing team members.

Your AML/CTF program must specify what due diligence checks you will undertake on staff and your wider personnel – and these initial checks need to be done by 1 July.  If you’re using an outsourced provider for customer due diligence, you may also be able to use them to complete your staff checks.

For firms needing support across programs, training or implementation, seeking early guidance can make the transition significantly smoother and get you ready to enrol with AUSTRAC and start operating under the new requirements from 1 July.