When something doesn't look right, you must record it — whether or not it ever reaches AUSTRAC. The obligation to document suspicious matters is as important as the obligation to report them.
A Suspicious Matter Report (SMR) is a formal report submitted to AUSTRAC when a reporting entity suspects — on reasonable grounds — that a transaction, service, or client is connected to money laundering, terrorism financing, or other serious financial crime. Under the AML/CTF Act, you are legally required to submit an SMR as soon as practicable, and no later than three business days after forming that suspicion.
Importantly, the obligation to record a suspicious matter arises when the suspicion forms — not when a decision is made to report. Your AMLCO must review every incident, even those that are ultimately resolved internally without an AUSTRAC submission.
Tipping-off is a criminal offence. Under section 123 of the AML/CTF Act 2006, it is illegal to disclose to a customer — or any other person — that a Suspicious Matter Report has been or may be submitted to AUSTRAC. Do not inform the client they are under review. Do not mention the SMR to colleagues outside your AMLCO chain.
Each incident record must capture:
AUSTRAC does not only look at what you reported — it looks at what you considered and how you handled it. A practice that has never recorded a suspicious matter, despite serving dozens of clients over several years, is more likely to attract scrutiny than one with a well-maintained register showing considered decisions, even if most resolved without an SMR.
The incident register is evidence that your AML/CTF program is operational — that your staff are applying what they were trained to look for, and that your AMLCO is exercising genuine oversight. Without it, your program exists only on paper.
Not every incident needs to become an SMR. An incident may be reviewed by the AMLCO and resolved internally — for example, where the suspicion is explained by legitimate circumstances. What matters is that the consideration was recorded. Gaps in your register are harder to explain than internal resolutions.
Failing to report a suspicious matter when required is a direct breach of the AML/CTF Act, carrying significant civil penalties. But the risk goes further than the penalty for a missed report.
If a client is later found to have been laundering money and AUSTRAC finds no incident records in your register, the inference is that your program failed to detect what it should have detected — or that you detected it and failed to act. Either outcome is a serious compliance failure.
There is also a professional liability dimension. If your practice is connected to a money laundering investigation, the absence of incident records — even for matters that didn't reach the SMR threshold — is evidence that your AML/CTF program was not genuinely operational.
SimpleAML is a compliance register, not a document storage system. It records what happened, when, who reviewed it, and what was decided — the audit trail AUSTRAC expects to see. Your internal notes, correspondence, and supporting materials stay in your firm's own filing systems.
SimpleAML stores records locally in your browser on your device. It does not currently provide multi-user cloud sync. You should export and back up your records regularly.
Every suspicious matter should be recorded — whether or not it reaches AUSTRAC. No account needed.
Open SimpleAML Free →