Training your staff is not optional — it's a legal requirement under the AML/CTF Act. If you're a Tranche 2 business (accountant, lawyer, real estate agent, conveyancer, or jeweller), you must ensure that relevant employees understand their AML/CTF obligations before they start providing designated services.
Here's exactly what you need to know.
Why Training Matters
An AML/CTF program is only as strong as the people implementing it. AUSTRAC expects that:
- Staff can identify suspicious activity in their day-to-day work
- Staff know how to escalate concerns internally
- Staff understand the legal consequences of non-compliance, including personal liability
- Your business can demonstrate a culture of compliance, not just a document on a shelf
In enforcement actions, AUSTRAC regularly cites inadequate training as a contributing factor. The Westpac case ($1.3 billion penalty) highlighted systemic failures in staff awareness and escalation processes.
Who Needs Training?
Not every employee needs the same level of training. AUSTRAC distinguishes between different roles:
Must Be Trained
| Role | Why |
|---|---|
| Staff who provide designated services | They're the frontline — they interact with customers and handle transactions |
| Staff who handle customer identification | They collect and verify CDD information |
| The compliance officer | They oversee the entire program and must understand it deeply |
| Management and directors | They're responsible for governance and resourcing the program |
| Staff who handle reporting | They need to know when and how to file SMRs, TTRs, and IFTIs |
Should Be Trained (Best Practice)
- Administrative staff who may encounter suspicious documents or communications
- IT staff who manage customer data systems
- New hires — training should be part of onboarding, not an afterthought
- Contractors and agents who act on your behalf in providing designated services
Tip: When in doubt, train them. The cost of a 30-minute training session is nothing compared to the cost of a compliance failure.
What Training Must Cover
AUSTRAC doesn't prescribe an exact curriculum, but your training program must be appropriate to the roles and responsibilities of each employee. At a minimum, it should include:
Core Topics (All Relevant Staff)
-
What is money laundering and terrorism financing?
- The three stages of money laundering (placement, layering, integration)
- How terrorism financing differs from money laundering
- Why your industry is targeted
-
Your business's AML/CTF program
- What the program contains (Parts A–F)
- The employee's specific responsibilities under the program
- Where to find the program and who to contact with questions
-
Customer Due Diligence (CDD)
- How to collect and verify customer identity
- When to apply Enhanced CDD
- How to identify beneficial owners
- What to do if a customer refuses to provide ID
-
Recognising suspicious activity
- Red flags specific to your industry
- Unusual transaction patterns
- Customer behaviour that warrants further investigation
- The difference between "suspicious" and "unusual"
-
Reporting obligations
- How to file an SMR (Suspicious Matter Report)
- SMR timeframes: 24 hours for terrorism, 3 business days otherwise
- The tipping off offence — never tell a customer you've filed or are considering filing a report
- TTR requirements for cash transactions of $10,000+
-
Record keeping
- What records to keep and for how long (7 years minimum)
- How to store records securely
- Privacy obligations when handling customer data
Role-Specific Topics
For the Compliance Officer:
- How to conduct and update the ML/TF risk assessment
- AUSTRAC reporting portal and submission procedures
- Managing regulatory correspondence and examinations
- Independent review requirements
For Management:
- Governance obligations and personal liability
- Resourcing the compliance function
- Oversight and escalation protocols
For Customer-Facing Staff:
- Practical CDD procedures (step-by-step)
- How to handle difficult conversations when customers resist identification
- Scripts and escalation paths for suspicious situations
When to Train
Initial Training
Staff must be trained before they begin performing designated services or relevant duties. This means:
- New hires should complete AML/CTF training as part of onboarding
- Existing staff should be trained before your obligations commence on 1 July 2026
- Don't wait until the last week — allow time for questions and follow-up
Ongoing Training
Training is not a one-time event. You should provide refresher training:
- At least annually — this is widely considered best practice
- When your AML/CTF program is updated (e.g., after a risk assessment review)
- When there are regulatory changes or new AUSTRAC guidance
- When new typologies or red flags are identified in your industry
- After a compliance incident — use it as a learning opportunity
Transitional Period Considerations
For Tranche 2 businesses, the transitional rules provide some flexibility:
- You have until 1 July 2026 to have your program (including training) in place
- AUSTRAC has said they "don't expect perfection immediately" but do expect genuine effort
- Focus on training your highest-risk staff first (those in client-facing and compliance roles)
How to Deliver Training
AUSTRAC doesn't mandate a specific delivery format. Choose what works for your team:
| Method | Best For | Pros | Cons |
|---|---|---|---|
| Online modules | Remote teams, flexible scheduling | Self-paced, trackable, consistent | Less interactive |
| In-person workshops | Small teams, initial rollout | Interactive, allows Q&A | Harder to schedule, not scalable |
| Recorded webinars | Catch-up training, new hires | Reusable, consistent | No real-time Q&A |
| Case study discussions | Experienced staff, refreshers | Practical, engaging | Requires facilitation |
| Quizzes and assessments | Verifying comprehension | Measurable, identifies gaps | Can feel like a test |
The best approach is usually a combination — online modules for core content, supplemented by team discussions on real-world scenarios.
Record Keeping Requirements
You must maintain records that demonstrate your training program is effective. Keep:
- Training register — who was trained, when, and on what topics
- Training materials — copies of slides, modules, handouts used
- Assessment results — quiz scores, competency checks
- Attendance records — sign-in sheets or system logs
- Certificates of completion — if issued
- Follow-up actions — retraining for those who didn't pass assessments
Records must be kept for a minimum of 7 years after the training was delivered.
Pro tip: Use a system that automatically tracks completions and sends reminders for overdue training. Manual spreadsheets are error-prone and hard to audit.
Common Training Mistakes
1. "Set and Forget" Training
Running a single training session and never revisiting it. AUSTRAC expects ongoing awareness, not a checkbox exercise.
2. Generic Training Content
Using off-the-shelf training that doesn't address your specific industry, services, or risk profile. Your training should reference your AML/CTF program and your red flags.
3. No Assessment or Verification
How do you know staff actually understood the content? Include quizzes or assessments to verify comprehension. This also creates evidence of a functioning training program.
4. Excluding Part-Time or Casual Staff
If they provide designated services or handle customer information, they need training — regardless of their employment status.
5. No Records
If you can't prove training happened, it may as well not have happened. AUSTRAC will ask for records during an examination.
6. Training After the Fact
Staff should be trained before they start performing relevant duties, not weeks or months later. Build training into your onboarding process.
Employee Due Diligence (Part B)
Training is part of the broader Part B of your AML/CTF program, which also covers employee screening:
- Pre-employment checks — verify identity and background of staff in relevant roles
- Ongoing monitoring — be alert to changes in employee behaviour that could indicate compromise
- Role-based access — ensure staff only have access to customer data they need for their role
Employee due diligence is especially important for staff with access to customer records, trust accounts, or reporting systems.
What AUSTRAC Will Look For
During an examination or compliance assessment, AUSTRAC may ask:
- Can you show me your training program?
- Who has been trained, and when?
- How do you verify that staff understood the content?
- How often is training refreshed?
- Is training tailored to your industry and risk profile?
- Can your frontline staff explain what an SMR is and when to file one?
If your staff can't answer basic questions about their AML/CTF obligations, that's a problem — regardless of what your program document says.
How AML Mate Helps
AML Mate includes a built-in training module designed for Tranche 2 businesses:
- 5 training modules covering all core AML/CTF topics
- Quizzes at the end of each module to verify comprehension
- Automatic tracking — see who has completed training and who is overdue
- Certificates — downloadable completion certificates for each employee
- Training portal — invite employees via email to complete training on their own schedule
- Audit-ready records — training completions included in your export pack
No need to build training content from scratch or manage spreadsheets.
Start your free compliance check →
This guide is for general information only and does not constitute legal advice. For specific guidance on your obligations, refer to AUSTRAC's website or consult a qualified AML/CTF professional.