AML Mate
All posts
General8 min read

Is Your Business Ready? A 5-Minute AML/CTF Self-Assessment

Take this quick self-assessment to find out where your business stands on AML/CTF compliance before 1 July 2026. Score yourself across 10 areas and get a clear action plan.

2026-04-10· AML Mate Team
Is Your Business Ready? A 5-Minute AML/CTF Self-Assessment

1 July 2026 is less than 90 days away. Are you ready?

Most Tranche 2 businesses — accountants, lawyers, real estate agents, conveyancers, and jewellers — know they have new AML/CTF obligations. But knowing and being ready are two very different things.

This self-assessment takes 5 minutes. Be honest — no one sees your score but you.

How It Works

Rate yourself on each of the 10 areas below:

  • ✅ Done = 2 points
  • 🔶 In progress = 1 point
  • ❌ Not started = 0 points

Write down your score for each. Add them up at the end.

The 10 Areas

1. Do you know which of your services are designated?

AUSTRAC obligations only apply to designated services — not everything you do. Have you reviewed your service lines and identified exactly which ones are caught?

  • ✅ I've reviewed all my services and know exactly which are designated
  • 🔶 I have a rough idea but haven't formally documented it
  • ❌ I'm not sure which of my services are designated

Why it matters: If you don't know which services trigger your obligations, you can't build an effective program. Some businesses over-comply (wasting resources), others under-comply (risking penalties).

2. Have you enrolled with AUSTRAC?

Enrolment opened on 31 March 2026. It's free and takes about 20-30 minutes online.

  • ✅ I'm enrolled
  • 🔶 I've started the process but haven't completed it
  • ❌ I haven't enrolled yet

Why it matters: You must be registered by 29 July 2026. Enrolment is the first step — without it, you can't submit reports or demonstrate compliance.

3. Do you have a nominated compliance officer?

Every reporting entity needs a compliance officer at management level who is responsible for the AML/CTF program.

  • ✅ I have a compliance officer and they understand their responsibilities
  • 🔶 I've identified someone but haven't formalised the role
  • ❌ No one has been appointed

Why it matters: Without a compliance officer, there's no one accountable for your program. AUSTRAC will ask who your compliance officer is during any examination.

4. Have you completed a documented risk assessment?

You need a written ML/TF risk assessment that considers customer risk, service risk, geographic risk, and delivery channel risk — specific to your business.

  • ✅ I have a documented risk assessment tailored to my business
  • 🔶 I've thought about my risks but haven't written them down
  • ❌ I haven't done a risk assessment

Why it matters: Your risk assessment drives everything else — your CDD procedures, monitoring approach, and training priorities. A risk assessment that exists only in your head is invisible to AUSTRAC.

5. Do you have an AML/CTF Program (Parts A-F)?

This is the core document. It must cover governance (A), employee due diligence and training (B), customer identification (C), transaction monitoring (D), reporting (E), and record keeping (F).

  • ✅ I have a complete program covering all six parts
  • 🔶 I've started drafting but some parts are incomplete
  • ❌ I don't have a program yet

Why it matters: This is the document AUSTRAC expects you to produce if examined. It's not a suggestion — it's a legal requirement. Building one from scratch takes weeks. Using a tool like AML Mate, it takes under an hour.

6. Can you verify a new client's identity before providing services?

You need a CDD process: collect identity information, verify it against government-issued ID, screen for sanctions and PEPs, and assign a risk rating.

  • ✅ I have a documented CDD process and the tools to execute it
  • 🔶 I check ID informally but don't have a formal process
  • ❌ I don't currently verify client identities for AML/CTF purposes

Why it matters: CDD is the frontline of AML/CTF compliance. If you can't verify who your clients are, nothing else in your program works.

7. Can you screen clients against sanctions and PEP lists?

You must check every client against the DFAT consolidated sanctions list and assess whether they are a Politically Exposed Person.

  • ✅ I have a screening process (manual or automated) that I use for every client
  • 🔶 I know I need to do this but haven't set up a process
  • ❌ I don't screen clients

Why it matters: Providing services to a sanctioned person is a serious criminal offence. PEPs require enhanced due diligence. This isn't optional.

8. Have you trained your staff?

All staff involved in designated services or handling client information must complete AML/CTF training before they start those duties.

  • ✅ All relevant staff have completed training and I have records
  • 🔶 Some staff have been briefed but I don't have formal training or records
  • ❌ No staff training has been conducted

Why it matters: AUSTRAC consistently cites inadequate training as a factor in enforcement actions. If your staff can't recognise suspicious activity, your monitoring is blind.

9. Do you know how to file a Suspicious Matter Report (SMR)?

If you suspect a client or transaction involves money laundering or terrorism financing, you must file an SMR with AUSTRAC — within 24 hours for terrorism, 3 business days otherwise.

  • ✅ I know how to file an SMR and have internal procedures documented
  • 🔶 I know what an SMR is but haven't set up a process
  • ❌ I wouldn't know where to start

Why it matters: Filing an SMR is a legal obligation, not a choice. Failure to report is a contravention. Tipping off a client that you've filed one is a criminal offence.

10. Are your records audit-ready?

You must keep CDD records, transaction records, training records, and report copies for 7 years. If AUSTRAC examines you, can you produce them?

  • ✅ All records are organised, secure, and easily retrievable
  • 🔶 I keep some records but they're scattered across systems
  • ❌ I don't have a record-keeping system for AML/CTF

Why it matters: If you can't prove you did it, you may as well not have done it. AUSTRAC examinations are document-driven.

Your Score

Add up your points and find your band:

🟢 16-20 Points: Compliance-Ready

You're in good shape. Focus on:

  • Reviewing and refining your program before 1 July
  • Running a test scenario (mock SMR, mock CDD on a complex client)
  • Setting calendar reminders for your next risk assessment review

🟡 8-15 Points: Getting There

You've made a start, but gaps remain. Prioritise:

  • Complete your AML/CTF Program — this is the single most important document
  • Formalise your CDD process — even a simple checklist is better than nothing
  • Set up sanctions screening — this is non-negotiable
  • Give yourself a deadline of mid-June to close the gaps

🔴 0-7 Points: Urgent Action Needed

You're significantly behind. But there's still time if you act now:

  1. This week: Enrol with AUSTRAC and appoint a compliance officer
  2. Next two weeks: Complete your risk assessment and start your AML/CTF program
  3. By end of May: Have CDD procedures and staff training in place
  4. By mid-June: Test everything with a real client scenario

Don't try to be perfect. AUSTRAC has said they expect "genuine effort to comply" — but you need to have the foundations in place by 1 July.

The Cost of Waiting

Every week you delay makes the task harder:

Weeks Until 1 JulyWhat You Can Realistically Achieve
12 weeks (now)Full program, tested and refined
8 weeksProgram in place, some rough edges
4 weeksBasics only — program, CDD, enrolment
2 weeksScrambling — high risk of gaps
0 weeksNon-compliant from day one

Quick Wins You Can Do Today

If your score was low, here are three things you can do right now (not next week — today):

  1. Enrol with AUSTRACAUSTRAC Online — 20 minutes
  2. Take the free compliance checkAML Mate Free Check — 3 minutes, tells you your risk level
  3. Identify your compliance officer — write their name down and tell them

These three actions take less than 30 minutes and move you from "not started" to "in progress."

Want the Full Picture?

AML Mate generates your complete AML/CTF program — risk assessment, Parts A-F, CDD procedures, staff training, and audit-ready export — tailored to your industry and business profile.

Most businesses go from zero to compliance-ready in under an hour.

Take the free compliance check →

View pricing →

This guide is for general information only and does not constitute legal advice. For specific guidance on your obligations, refer to AUSTRAC's website or consult a qualified AML/CTF professional.

tranche-2austracself-assessmentcomplianceaml-programchecklistreadiness

Related Articles

General

Inside the AML/CTF Program Editor: What Parts A–F Actually Look Like

Part 2 of our product walkthrough series. See how AML Mate's program editor pre-fills your AML/CTF Program Parts A–F with industry-specific content, AI generation, and one-click export to PDF or Word.

General

From Zero to Compliant: Setting Up Your AML/CTF Program in Minutes

Part 1 of our product walkthrough series. See how AML Mate takes you from signup to a personalised risk assessment and compliance dashboard — with real screenshots.

General

AML/CTF Staff Training Requirements: What Every Australian Business Must Know

Understand your AML/CTF staff training obligations under AUSTRAC's Tranche 2 reforms. Covers who needs training, what to include, training frequency, record keeping, and common mistakes to avoid.

Ready to get compliant?

AML Mate generates your AML/CTF program in 15 minutes using AUSTRAC's official templates. Start with a free compliance check.

This article is based on AUSTRAC's publicly available guidance. It does not constitute legal or compliance advice. Consult a licensed compliance professional for complex situations.