The AUSTRAC risk management tool: Are you meeting your obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006?

Share on twitter
Share on linkedin
Share on facebook


By Dr. Drew Donnelly, Compliance Quarter.

Last month in Financial crime doesn’t pay – three ways in which wrongdoers may soon be hit in the pocket we addressed the government’s increasing crackdown on financial crime and wrongdoing and those who would (even unwittingly) facilitate it. We mentioned the recent court case involving Tabcorp where the organisation agreed to pay $45 million for failing to meet its obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (the Act).

Today we take a closer look at the requirements of the Act. Specifically, we look at the risk-management obligations for small-to-medium sized enterprises (SMEs) under that Act and its associated regulatory regime. This should be particularly pressing for SMEs, given that the Australian Transaction Reports & Analysis Centre (AUSTRAC) recently identified risk-management as an area of uneven compliance.

Among other areas, AUSTRAC noted the overuse of templates, generic risk assessments and lack of independent review of programs as situations where businesses need to improve.

The requirement to develop a program under the Act

The Act and its associated regulatory regime set out a range of compliance requirements for ‘designated services’ including enrollment, record-keeping and reporting obligations.

Today we focus on the requirement under that Act that ‘designated services’ must develop and comply with a ‘anti-money laundering and counter-terrorism financing program’, which is designed to identify, mitigate and manage the risk that their services might involve or facilitate money laundering or the financing of terrorism (see Part 7, Division 2 of that Act).

The definition of ‘designated services’ in the Act is broad but includes account/deposit-taking services, payroll services, life insurance services and loan services.

The risk-management tool

AUSTRAC has developed a risk management tool to help SMEs with the development of their program. While there is no regulatory requirement to use this tool, it is intended to provide useful guidance for SMEs in the development of a program. The tool sets out several steps for businesses:

Step One: The business should Identify possible risks as part of their program. Categories of possible risk include:

  • Customer risk, such as dealing with new, unknown customers;
    Service risk, such as a consistent request to a bank for branch pick-up only;
  • Business channel risk, such as use of a third-party agent or broker;
  • Country risk, such as business with a country subject to trade sanctions; and
    Regulatory risks, such as the risk to the organisation of not submitting their compliance reports.

Step 2: The business needs to carry out a risk assessment. That is, work out the chance that the identified risk will occur, and the impact of those risks occurring. This means that the business can then arrive at a ‘risk score’.

Step 3: The business needs to prepare its risk treatment. This includes developing policies and procedures to manage the identified risks.

Step 4: The business needs to prepare for and carry out risk monitoring and review.

Next steps for SMEs

Review the risk management tool (see and consider AUSTRAC’s recent report on compliance (see

If you think that we could be of assistance in developing or reviewing a risk management program for your business, please get in touch.

More to explorer

Window lights in multistorey house at night, Kuala Lumpur

A Guide to the Role of the Metering Coordinator

In the complex landscape of the electricity market, the role of the Metering Coordinator (MC) is crucial for ensuring the accurate measurement and efficient coordination of metering services. With the National Electricity Rules (NER) as the guiding framework, AEMO has published a guide to the role of a metering coordinator and this article serves as a summary of that role drawing on the guide. Understanding the Purpose and Scope: The Guide to the Role of the Metering Coordinator is specifically

Digital electric meters in a row measuring power use. Electricity consumption concept.

Roles and Functions in Electricity Metering: A Short Guide

Electricity metering is a complex process that requires the collaboration of various entities to ensure accurate measurement and efficient energy management. Understanding the roles and responsibilities of these entities is crucial for maintaining compliance and facilitating the smooth functioning of the electricity market. In this article, we will explore in detail the key roles in electricity metering, including Financially Responsible Market Participants (FRMPs), Metering Coordinators (MCs), Metering Providers (MPs), and Metering Data Providers (MDPs), as outlined in Chapter 7 of

Preparing to Apply for a Retailer Authorisation: A Comprehensive Guide

The Australian Energy Regulator (AER) oversees the authorisation process for energy retailers in Australia. If you’re considering joining this market, it’s crucial to understand the AER’s guidelines and requirements. This article will outline the preparatory steps your business needs to take before applying for a retailer authorisation.

Leave a Reply

Your email address will not be published. Required fields are marked *