Under Australia's reformed AML/CTF Act, every reporting entity must appoint an AML/CTF compliance officer (often called the AMLCO). With enrolment opening 31 March 2026 and obligations starting 1 July 2026, many Tranche 2 firms are naming someone this quarter — and discovering mid-audit that the person they picked does not actually meet AUSTRAC's expectations.
This guide covers what the role requires, who qualifies, what they actually do day-to-day, and a copy-ready role description you can use today.
Is This Role Legally Required?
Yes. The AML/CTF Rules require every reporting entity to designate a compliance officer to oversee the AML/CTF program. The requirement applies regardless of business size — a sole-practitioner law firm and a large accounting group both need one. For small businesses, the compliance officer can be the principal themselves; larger firms typically appoint a partner, director, or senior manager.
AUSTRAC expects the role to be named, documented in Part B of your AML/CTF Program, and notified to AUSTRAC as part of enrolment.
Who Can Be Your Compliance Officer
Four criteria. Miss any of them and you have a governance gap.
| Criterion | What It Means |
|---|---|
| Management level | Must have real authority — typically partner, director, senior manager, or owner. Not a junior admin or external bookkeeper. |
| Fit and proper | No disqualifying convictions, not bankrupt, no serious regulatory sanctions. You should keep a dated record of this assessment. |
| Australian resident | Must be ordinarily resident in Australia. Offshore compliance officers are not accepted. |
| Sufficient authority and resources | Must have authority to halt transactions, file reports, and access all records — and the time and budget to actually do it. |
The last criterion is where most small firms fail audits. Appointing a partner and giving them zero hours to actually run the program is a documented gap AUSTRAC auditors flag.
Core Responsibilities
The role covers six ongoing duties. Each one must be evidenced in your records.
| # | Duty | What It Looks Like |
|---|---|---|
| 1 | Own the AML/CTF Program | Maintain, review, and update Parts A–F of the program at least annually or when the business materially changes |
| 2 | Approve risk assessments | Sign off on Part A risk assessment and any EDD escalations |
| 3 | Oversee CDD and screening | Ensure customer due diligence, PEP / sanctions screening, and beneficial owner verification are done for every client |
| 4 | File reports with AUSTRAC | Responsible for SMRs (3 business days, 24 hours for terrorism financing), TTRs (10 business days), and annual compliance reports |
| 5 | Ensure staff training | Arrange initial and annual refresher training; keep attendance records, quiz scores, and certificates |
| 6 | Report to senior management | Produce regular (typically quarterly) compliance reports to the board or partnership — alerts triaged, reports filed, training status, incidents |
For a small business, this is around half a day per month in steady state. For a mid-size firm with 200+ clients, closer to one day per week. Budget for it explicitly.
Role Description Template (Copy This)
Use this as Section B.2 of your AML/CTF Program or as an internal appointment letter.
Position: AML/CTF Compliance Officer
Reports to: [Managing Partner / Board / CEO]
Authority: Full authority to halt, delay, or decline transactions where AML/CTF obligations are not satisfied. Full access to all customer files, transaction records, and staff training data. Direct reporting line to senior management for escalations.
Key Responsibilities:
- Maintain the AML/CTF Program (Parts A–F) and review it at least annually
- Approve customer risk ratings and any Enhanced Due Diligence escalations
- Ensure all customers receive appropriate CDD before designated services are provided
- Oversee PEP and sanctions screening, including bulk screening of existing clients
- File SMRs, TTRs, and annual compliance reports with AUSTRAC within statutory deadlines
- Organise initial and annual AML/CTF training for all staff; maintain training records
- Act as primary liaison with AUSTRAC for enquiries, audits, and reform updates
- Provide quarterly compliance reports to senior management
Resources: [X] hours per week allocated; budget of $[Y] per annum for compliance tools, training materials, and independent review
Fit and proper confirmation: Confirmed on [date] by [name]. No disqualifying convictions; not bankrupt; no regulatory sanctions.
Acknowledged: [Officer's name] [date]. [Managing partner's name] [date].
Store this signed document with Part B of your AML/CTF Program.
Qualifications Checklist
When selecting or hiring an AMLCO, check the following:
- Currently in a management-level role in the business (partner / director / senior manager)
- Ordinarily resident in Australia
- Has allocated time — not "on top of a full caseload" with zero budget
- Understands the firm's business model and customer base
- Has completed AML/CTF foundation training (or will within 30 days of appointment)
- Understands AUSTRAC Online and the reporting mechanisms
- Has authority to escalate directly to senior management without intermediaries
- No conflicts of interest with the compliance function (e.g. not the same person who relies on client revenue for their own bonus)
- Documented fit and proper check completed
- Has a named deputy to cover leave and absence (not legally required but best practice)
Three Mistakes That Create Governance Gaps
Naming the most junior person available. Treating the AMLCO role as an administrative function — assigning it to a receptionist or junior paralegal "because they have time" — fails the management-level requirement and will not hold up to an AUSTRAC review. The role requires real authority to halt transactions; a junior cannot do that.
No allocated time or budget. Even when the right person is named, giving them zero hours to actually run the program means it does not get run. AUSTRAC's language here is unambiguous: "the compliance officer must have sufficient authority, time, and resources." A partner who "also happens to be" the AMLCO with no allocated hours fails this test.
No documented fit and proper check. The fit and proper assessment is not just a formality. If you cannot show evidence that you assessed the person at appointment — convictions, bankruptcy, regulatory history — you have a documented governance gap. Do a brief written assessment at appointment and again annually.
The Role, Operationalised
Appointing an AMLCO is the start, not the end. The role needs a system to actually execute on — customer screening, transaction monitoring, report filing, training records, audit logs. Doing this in Excel and email works for a handful of clients; it breaks under any real volume.
AML Mate gives your compliance officer a single workspace for CDD, screening, SMR/TTR reporting, training records, and the audit log — with AUSTRAC deadline tracking built in. One compliance officer can realistically run a 200-client book in about a day per week.
With 70 days until 1 July 2026, the appointment should happen this month if it has not already. Name the person, give them the hours, document the assessment, and make sure they have the system to do the job.
Related reading: