Frequently
asked questions
Can’t find the answer that you’re looking for? Get in touch with us.
Drafted, approved outline of: risk assessment, CDD/EDD, monitoring, reporting, record‑keeping, training, and governance; clear ownership and review cycle.
Why now? This is the core build‑spec for your Day‑1 program; it anchors policies, procedures, controls, and evidence you’ll be asked to produce.
Table of contents and drafting plan mapped to AUSTRAC headings; gap list to close by end‑Q2.
Why now? Confirms Part A/Part B scope your team must document before you start providing designated services from 1 Jul 2026.
Named compliance officer, draft program, training plan scheduled, enrolment pack checklist ready for AUSTRAC Online.
Why now? Sets the pre‑live sequence: enrol, design program, appoint compliance officer, train staff.
RACI that maps each obligation to a control owner and evidence location.
Why now? Keeps the scope visible for resourcing and assurance planning (program, CDD, reporting, records, ongoing compliance).
Confirm your designated services; prepare business profile data and governance details for the enrolment form.
Why now? Enrolment opens 31 Mar 2026 for newly regulated sectors; if you provide designated services on 1 Jul 2026 you have until 29 Jul 2026 to enrol (or 28 days after you start).
Cross‑check each service against AUSTRAC “new designated services” and document your in‑scope list.
Why now? Confirms scope for all business lines that may become reporting entities under Tranche 2.
Board‑endorsed workplan with milestones to 1 Jul 2026 and post‑go‑live monitoring actions.
Why now? Locks your pre‑go‑live plan to the regulatory calendar: enrolment (opens 31 Mar), program build, training, go‑live on 1 Jul.
Tasks 1–3 complete or in train: framework defined, compliance officer appointed, policy drafting underway; AUSTRAC enrolment artefacts ready.
Why now? Provides pragmatic sequencing so operations, risk and IT know what happens first.
Level‑of‑detail standard set (what a “procedure” vs “work instruction” must contain) and examples circulated.
Why now? AUSTRAC expects risk‑proportionate depth but specific enough to guide staff step‑by‑step.
Draft risk assessment methodology (factors, scales, aggregation), initial inherent risk heatmap, and control mapping outline.
Why now? Your practice‑wide ML/TF risk assessment is the foundation for controls and resourcing.
ECDD triggers and documentary requirements drafted; escalation/approval chain defined.
Why now? ECDD criteria and workflows must be built into onboarding before go‑live (PEPs, high‑risk geographies, complex structures).
Reporting matrix with owners and timeframes; draft SMR/TTR/IVTS procedures; diary entry for annual compliance report window (1 Jan–31 Mar each year).
Why now? You’ll need SMRs, TTRs, IFTI/IVTS reporting wired into processes, plus annual compliance reports post‑go‑live.
Records schedule approved; retention and retrieval tests planned; evidence taxonomy finalised.
Why now? Seven‑year retention impacts DMS configuration and privacy/infosec (ISO27001, CPS230-234, etc) commitments.
Role description signed; named officer recorded in governance pack and pre‑populated in enrolment data.
Why now? AUSTRAC expects a nominated officer at management level; this role is central to enrolment, program design, and oversight.
Training needs analysis done; curriculum mapped; LMS or register ready to capture completions pre‑1 Jul.
Why now: Role‑based training (frontline, trust‑account staff, partners/senior managers) must precede operations; audit trails are required.
Terms of reference drafted; preferred reviewers shortlisted; cadence aligned to risk profile.
Why now: AUSTRAC requires regular independent review (Part A); many entities plan every 2–3 years or sooner for higher‑risk changes.
Evidence register with locations/owners; sample files prepared; audit‑ready packaging format agreed.
Why now? “Show your working”: program, risk assessment, CDD files, training logs, internal reviews, and copies of submitted reports.
Risk paper to the Board on regulatory stakes and residual risk if milestones slip.
Why now? Sets the tone at the top – civil penalties, enforceable undertakings, directed audits, reputational damage.
Timeline posters in project rooms; stakeholder comms drafted for clients and staff.
Why now? Fixes the plan to the two anchor dates: enrolment opens 31 Mar 2026; obligations begin 1 Jul 2026 for newly regulated DNFBPs (property & real estate, legal/conveyancing & advisory, accounting & Corp Services/TCSPs, high‑value dealers, pubs, clubs, digital assets & payments, funds & trustees).
Draft standard CDD packs (individuals, companies, trusts), PEP/sanctions screening process, and monitoring rules catalogue.
Why now? You must complete CDD before providing designated services, implement ongoing monitoring, and integrate ECDD for higher‑risk scenarios.
Let us worry about AML compliance while you focus on your business.
Compliance as a Service. Our in-house experts manage every aspect of compliance, from KYC and ECDD to regulatory reporting.
Navigation
Who we protect
© 2026 AML Smart Guard. All rights reserved.