Your AML/CTF program is the written record of how your practice manages ML/TF risk. Without it, nothing else holds together.
Every reporting entity under the AML/CTF Act must adopt and maintain an AML/CTF program — a written document that describes how your practice identifies, manages and mitigates its money laundering and terrorism financing risks. The program has two parts, both of which are required.
Part A — your risk-based program: This is the operational heart of your compliance. It must describe:
Part B — your employee due diligence program: This describes how you screen and monitor staff who have roles relevant to your AML/CTF obligations. It covers pre-employment checks, ongoing monitoring and what you do if a staff member's circumstances change.
Senior manager approval is mandatory. Your AML/CTF program must be approved by your board or senior management — and you must be able to document that approval. For a sole practitioner, that means you approving it as the senior manager of your own practice, with a dated record.
A written program creates accountability. When your AML/CTF obligations are documented and approved by management, it signals that compliance is a deliberate, governed activity — not something that happens informally. AUSTRAC's risk-based framework requires that your controls are not just in place, but that they are documented, reviewed and owned at a senior level.
Senior manager approval also matters because money laundering risk in professional services often originates from client acceptance decisions — which are ultimately management decisions. The AML/CTF Act places responsibility at the top of the practice, not just with whoever happens to do the paperwork.
Your program must be kept up to date. An AML/CTF program written in 2026 and never reviewed is not a compliant program. AUSTRAC expects it to evolve as your practice changes and as the regulatory environment develops. Each revision needs to be documented and re-approved.
Not having an AML/CTF program — or having one that lacks senior manager approval — is one of the most straightforward compliance failures AUSTRAC can identify. It requires no investigation to detect. If you cannot produce the document, you are non-compliant.
Failure to maintain an AML/CTF program carries penalties of up to $22 million for corporations under the AML/CTF Act. AUSTRAC has used enforceable undertakings in high-profile cases to require complete rebuilds of compliance programs under external supervision — at significant cost and reputational damage to the entity involved.
For smaller practices, the practical consequence is that every other compliance breach becomes harder to defend. If you are found to have conducted CDD incorrectly, having a well-documented program that you followed in good faith is your strongest mitigating factor. Without a program, there is no mitigation.
SimpleAML does not generate your AML/CTF program for you — that document needs to reflect your specific practice and should be prepared with appropriate guidance. What SimpleAML does is give you a structured place to store it, track its status, and record the approvals that prove it has been properly governed.
SimpleAML provides free Word document templates for your AML/CTF program. Download, fill in your firm details, get senior manager approval, and upload to SimpleAML. Both Part A and Part B are included.
Governance framework, risk appetite, AMLCO appointment, reporting obligations, record keeping and senior manager approval section.
Download Part A →Customer identification, risk rating procedure, PEP & sanctions screening, beneficial ownership and ongoing monitoring schedule.
Download Part B →Need all five templates? Firm risk assessment, training policy and SMR procedure also available.
View all templates →Upload your AML/CTF program and record your compliance checkpoints. No account needed.
Open SimpleAML Free →