The AUSTRAC risk management tool: Are you meeting your obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006?

Share on twitter
Share on linkedin
Share on facebook


By Dr. Drew Donnelly, Compliance Quarter.

Last month in Financial crime doesn’t pay – three ways in which wrongdoers may soon be hit in the pocket we addressed the government’s increasing crackdown on financial crime and wrongdoing and those who would (even unwittingly) facilitate it. We mentioned the recent court case involving Tabcorp where the organisation agreed to pay $45 million for failing to meet its obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (the Act).

Today we take a closer look at the requirements of the Act. Specifically, we look at the risk-management obligations for small-to-medium sized enterprises (SMEs) under that Act and its associated regulatory regime. This should be particularly pressing for SMEs, given that the Australian Transaction Reports & Analysis Centre (AUSTRAC) recently identified risk-management as an area of uneven compliance.

Among other areas, AUSTRAC noted the overuse of templates, generic risk assessments and lack of independent review of programs as situations where businesses need to improve.

The requirement to develop a program under the Act

The Act and its associated regulatory regime set out a range of compliance requirements for ‘designated services’ including enrollment, record-keeping and reporting obligations.

Today we focus on the requirement under that Act that ‘designated services’ must develop and comply with a ‘anti-money laundering and counter-terrorism financing program’, which is designed to identify, mitigate and manage the risk that their services might involve or facilitate money laundering or the financing of terrorism (see Part 7, Division 2 of that Act).

The definition of ‘designated services’ in the Act is broad but includes account/deposit-taking services, payroll services, life insurance services and loan services.

The risk-management tool

AUSTRAC has developed a risk management tool to help SMEs with the development of their program. While there is no regulatory requirement to use this tool, it is intended to provide useful guidance for SMEs in the development of a program. The tool sets out several steps for businesses:

Step One: The business should Identify possible risks as part of their program. Categories of possible risk include:

  • Customer risk, such as dealing with new, unknown customers;
    Service risk, such as a consistent request to a bank for branch pick-up only;
  • Business channel risk, such as use of a third-party agent or broker;
  • Country risk, such as business with a country subject to trade sanctions; and
    Regulatory risks, such as the risk to the organisation of not submitting their compliance reports.

Step 2: The business needs to carry out a risk assessment. That is, work out the chance that the identified risk will occur, and the impact of those risks occurring. This means that the business can then arrive at a ‘risk score’.

Step 3: The business needs to prepare its risk treatment. This includes developing policies and procedures to manage the identified risks.

Step 4: The business needs to prepare for and carry out risk monitoring and review.

Next steps for SMEs

Review the risk management tool (see and consider AUSTRAC’s recent report on compliance (see

If you think that we could be of assistance in developing or reviewing a risk management program for your business, please get in touch.

More to explorer

photo of a kangaroo on road

ACCC report highlights challenges and opportunities for retail electricity market

In December 2023, the Australian Competition and Consumer Commission (ACCC) released its latest report on the National Electricity Market (NEM), covering the period from August 2022 to July 2023. The report examines the state of competition and consumer outcomes in the retail electricity market, the impact of the energy transition on the contract market and retailers’ ability to manage financial risk, and the need for reforms to improve the conditions for competition and deliver better outcomes for consumers. Key findings

electricity poles by the road

How to comply with the life support equipment registration rules

Introduction If you are a retailer selling energy to customers who require life support equipment, you need to be aware of your obligations under the National Energy Retail Rules (NERR). Life support equipment is any equipment that is needed to sustain or support the life of a person, such as oxygen concentrators, kidney dialysis machines, ventilators, and so on.  The NERR provides a definition of life support equipment. Customers who rely on such equipment are entitled to certain protections under

Free people walking image

Understanding Part 3 of the National Energy Retail Rules: Customer Hardship

Introduction The National Energy Retail Rules (NERR) are a set of rules that regulate the retail sale of electricity and gas to customers in those states that have adopted the national framework within the National Energy Market (NEM). The NERR aim to protect the interests of customers and promote efficient and competitive retail markets. The NERR cover various aspects of the retail relationship, such as contracts, billing, payment, disconnection, connection, metering and customer information. One of the key components of

Leave a Reply

Your email address will not be published. Required fields are marked *