Close this search box.

AML/CTF Ongoing Requirements

Businesses who are Reporting Entities under the AML/CTF Act have variety of obligations required by AUSTRAC and the law.

Enrol / Register

Reporting Entities must enrol and/or register with AUSTRAC by completing the Australian Business Profile Form

AML/CTF Program

All Reporting Entities are required to adopt an AML/CTF Program

Various Obligations

Reporting Entities have a variety of obligations in relation to Reporting, Risk management, Customer Due Diligence, and Record Keeping

Annual Report

Most Reporting Entities are required to submit an annual compliance report to AUSTRAC

What are your AML/CTF Obligations

  • Adopting and maintaining an AML/CTF Program;
  • Notifying AUSTRAC of any changes or updates to your enrolmentor registration;
  • Conducting regular internal and independent compliance reviews of your AML/CTF Program and business operations;
  • Reporting various transactions to AUSTRAC such as International Funds Transfer Instructions (IFTIs), Suspicious Matter Reports (SMRs) and Threshold Transaction Reports (TTRs);
  • Submitting regular compliance reports to AUSTRAC (if applicable);
  • Conducting Know Your Customer (KYC) checks, and AML/CTF risk assessments for each of your clients;
  • Maintaining and implementing robust Customer Due Diligence (CDD) procedures;
  • Keeping appropriate records;
  • If you are a Remittance Network Provider, you will also have to conduct certain transaction reporting on behalf of the affiliates in your remittance network.

How can Sophie Grace Assist you?

With a long list of obligations, it can be a daunting task ensuring your business is compliant with the AML/CTF requirements. This is where Sophie Grace can assist you. We can help with many aspects of AML/CTF compliance so you can ensure you are meeting your obligations.

Risk Assessment and Management

Assessing the ML/TF risks which impact your business and development measures to address these risks is a key obligation for all reporting entities.

A risk assessment should include an assessment of:

  • customers;
  • products and services;
  • business practices and delivery methods;
  • the countries and jurisdictions a reporting entity deals with.


Reporting entities must:


Customer Due Diligence Requirements

AUSTRAC is responsible for overseeing all financial service providers who are considered reporting entities under the AML/CTF Act and this includes ensuring all entities have in place procedures to identify and verify their customers.

Identification and verification of your customers is essential in order to:

  • determine the money laundering and terrorism financing risks posed by each customer;
  • determine whether to proceed to onboard the customer; and
  • assess the level of future monitoring which may be required.

Initial Client Onboarding Requirements (KYC) 

A variety of information needs to be collected from the customer, depending on the customer type. This process is often referred to as Know Your Client (KYC).

Reporting entities must collect information from all new customers.  These are broken down according to their category and have tailored requirements:



Sole Traders



Registered Co-operatives


Government Bodies

Reporting entities are also required to verify the information collected. This process is intended to ensure the information provided is confirmed by the reporting entity as being accurate. The AML/CTF contains safe harbor provisions which include verifying the information collected against certified copies of a primary photographic, non photographic or secondary document.

Ongoing Client Money

The AML/CTF Act also requires the conduct of Ongoing Customer Due Diligence (“OCDD“) – that is, regular monitoring of customers and documenting what triggers you have to require further or updated identification from your clients.

Sophie Grace is able to provide ongoing compliance support to Reporting Entities in order to ensure your AML/CTF obligations are met.  If you would like further information or assistance, please contact Sophie Grace directly.

Test your Knowledge!


AML/CTF Obligations

1 / 4

1. Which of the following countries are prescribed foreign countries under the AML/CTF Regulations 2018?

2 / 4

2. The AML/CTF Act does not mandate KYC for one-off transactions involving parties from low-risk countries.

3 / 4

3. Part A of an AML/CTF Program must cover KYC Processes

4 / 4

4. Who is NOT required to submit an AUSTRAC compliance report? (multi-select)

Your score is

The average score is 49%


Rather watch a video?

Sophie Grace’s Director, Sophie, goes through the ongoing compliance obligations for Remittance and Digital Currency Exchange Providers in Australia

Sophie Grace Compliance Portal

Sign up today for up-to-date compliance policies and regular consultation with our staff.

Contact Us

We will contact you as soon as possible!