Starting from late January 2026, AUSTRAC began publishing sector-specific Program Starter Kits for Tranche 2 entities. These are free, government-issued templates designed to help accountants, lawyers, real estate agents, and jewellers build an AML/CTF program from scratch.
Good news: the starter kits are genuinely useful. They've saved many small firms from writing a 60-page program from a blank page.
Bad news: a starter kit is not a compliance program. It's a Word document. To actually meet your AUSTRAC obligations, you need everything that runs on top of the document — the systems, records, screenings, monitoring, and reporting workflows that the kit assumes you have but doesn't provide.
Here's an honest gap analysis of what AUSTRAC's starter kits give you and what you still need to source elsewhere.
What's in an AUSTRAC Starter Kit?
Each industry-specific kit (accounting, legal, real estate, jewellers) includes pre-written language for:
| Component | What it covers |
|---|---|
| Part A — Governance | Compliance officer role, board oversight, program review cycle |
| Part B — ML/TF Risk Assessment | Generic industry risk factors, customer/product/channel risks |
| Part C — Customer Due Diligence | When to verify identity, what documents to collect, EDD triggers |
| Part D — Ongoing CDD & Monitoring | Trigger events for re-verification, suspicious activity indicators |
| Part E — Reporting Obligations | When to file SMRs, TTRs, IFTIs |
| Part F — Record Keeping | What to keep, for how long, how to destroy |
It's a solid scaffold. AUSTRAC's drafting team did good work — the language is clean, the structure mirrors the AML/CTF Rules, and the industry examples are reasonable.
For a sole-practitioner accountant who has never seen an AML/CTF program before, the starter kit is the difference between "I have no idea where to start" and "I have a 30-page document I can edit."
What's Missing: The Eight Gaps
Here's where it gets real. The starter kit is a template, not a compliance program. AUSTRAC says this explicitly: the kit must be tailored, populated, operated, and maintained by you.
Gap 1: Your actual ML/TF risk assessment
The kit lists generic risk factors. It does not:
- Score your specific customer base against those factors
- Tell you whether your firm is overall low, medium, or high risk
- Document the methodology that led to that conclusion
- Update automatically when your customer mix changes
AUSTRAC inspectors will ask: "Show me how you arrived at your risk rating." A blank table from the starter kit isn't an answer.
What you need: A documented, deterministic risk assessment that walks through your customer types, products, geographies, and delivery channels — and produces a defensible score with reasoning.
Gap 2: A customer database with risk ratings
The starter kit's CDD section says you must risk-rate every customer. It does not provide the database where you store those ratings, the form for capturing the underlying data, or the trigger events that cause a rating to be reviewed.
What you need: A client management system that stores ID documents, beneficial owner records, risk rating, and CDD review dates per customer.
Gap 3: Sanctions and PEP screening
Every Tranche 2 customer has to be screened against the DFAT consolidated sanctions list at onboarding and periodically thereafter. PEP (Politically Exposed Person) checks are also required for higher-risk relationships.
The starter kit says you must do this. It does not provide:
- The DFAT XLSX file or a way to search it
- Access to a PEP database (commercial databases cost $2,000–$10,000/year)
- A logged record of the screening result for each customer
- Automatic re-screening when the sanctions list updates
What you need: A screening workflow that hits DFAT and a PEP source on customer creation, logs the result, and re-screens on a schedule.
Gap 4: Transaction monitoring
Part D of the kit describes what suspicious activity looks like. It does not monitor transactions for you. It does not generate alerts. It does not connect to your trust account, accounting software, or CRM.
For accountants and conveyancers, this gap matters most for trust account monitoring — large cash deposits, structured payments, and unusual third-party transfers.
What you need: A monitoring layer that ingests transaction data and flags activity matching the indicators in your program.
Gap 5: SMR and TTR forms (and submission)
The starter kit explains when to lodge an SMR or TTR. It does not give you:
- A pre-filled SMR form ready to submit to AUSTRAC Online
- An error checker to catch missing fields before submission
- A deadline tracker (SMRs are due within 3 business days for ML; 24 hours for TF)
- A record of what was submitted
In a real SMR, you spend most of your time gathering details about the customer and the transaction — not writing the narrative. Without a system, that data is scattered across emails, files, and memory.
What you need: Pre-filled SMR/TTR generation from existing customer and transaction records, with built-in field validation. See our SMR guide and TTR guide for the form details.
Gap 6: Staff training (and evidence of completion)
Part B of the kit references mandatory AML/CTF training for staff. It does not provide:
- The training content itself
- Quizzes or competency tests
- Completion certificates
- A register of who completed what, when
AUSTRAC's compliance report asks how many staff completed training. "We told them about it at the staff meeting" isn't an acceptable answer.
What you need: Structured training modules with quizzes, certificates, and a completion register. AML Mate ships with five built-in modules covering all AUSTRAC requirements.
Gap 7: An audit trail
The starter kit's record-keeping section says you must keep records for 7 years. It does not produce those records. It does not log who did what when. It does not bundle records for an AUSTRAC audit.
When AUSTRAC inspects you (and they will inspect Tranche 2 entities — that's the whole point of the regime), you have 5–10 business days to produce a comprehensive audit pack: AML/CTF program, client list, CDD records, training records, SMRs/TTRs lodged, screening results, and the audit log.
What you need: An audit-ready export pack that bundles everything in one ZIP on demand.
Gap 8: Updates when the rules change
AUSTRAC has already published transitional rules updates in 2026, and more will follow. A Word-doc starter kit doesn't update itself. If you customised the kit in February and the AML/CTF Rules change in October, your program is out of date.
What you need: A program that updates centrally when AUSTRAC issues new guidance, with change logs you can show inspectors.
Side-by-Side: Starter Kit vs Full Compliance System
| Capability | AUSTRAC Starter Kit | What You Actually Need |
|---|---|---|
| Written AML/CTF program | ✅ Template provided | ✅ Tailored, signed-off, version-controlled |
| ML/TF risk assessment | ⚠️ Generic factors only | Quantitative scoring against your client base |
| Customer database | ❌ Not included | Per-client records with risk ratings |
| DFAT sanctions screening | ❌ Not included | Automated screening on every client |
| PEP screening | ❌ Not included | Database access + result logging |
| Transaction monitoring | ❌ Not included | Live monitoring with alerts |
| SMR / TTR forms | ⚠️ Described, not pre-filled | Pre-filled forms with validation |
| Staff training content | ❌ Not included | Modules, quizzes, certificates |
| Training register | ❌ Not included | Per-employee completion records |
| Compliance calendar | ❌ Not included | Annual report + CDD review reminders |
| Audit pack export | ❌ Not included | One-click ZIP for AUSTRAC inspection |
| Rules change updates | ❌ Manual | Centrally maintained |
Should You Use the Starter Kit?
Yes. Even if you adopt a full platform like AML Mate, the starter kit is a useful sanity check. AUSTRAC's templates reflect what AUSTRAC inspectors expect to see — using the same structure makes audits easier.
But don't confuse "I downloaded the kit" with "I'm compliant." The kit is page 1. Compliance is pages 1–500: the system, the records, the operations, the evidence.
If you're staffing this manually, plan for:
- 2–4 weeks to tailor the kit to your firm
- $2,000–$10,000/year for sanctions/PEP screening tools
- 5–15 hours/month of compliance officer time for ongoing operations
- 30–60 hours to prepare an audit pack on short notice
If you're using AML Mate:
- The kit's content is built into our Part A–F program editor
- DFAT and OpenSanctions screening are bundled
- Training modules, audit pack export, and the compliance calendar are included
- Updates flow through automatically when AUSTRAC publishes new guidance
The Bottom Line
AUSTRAC's starter kits are a generous gift to Tranche 2 entities. Use them. But understand what they are and what they aren't.
A starter kit is the paper plan. A compliance program is the operating system. You need both, and only the first one is free.
For a deeper look at how the Part A–F structure works and what each part requires, see our AML/CTF compliance guide.
Want to skip the gap analysis? Run a free compliance check and AML Mate will tell you exactly which gaps apply to your firm. Or start your 14-day free trial and we'll generate your full Part A–F program — with screening, monitoring, training, and audit pack all included — in 15 minutes.