AML Compliance Checklist for Professional Services

Use this as a working list to get your firm from aware of Tranche 2 to operationally ready. Keep it short, visible, and owned by a named person.

Step 1: Confirm if you are in scope

• List all services your firm provides
• Flag services that involve managing money or assets, creating or managing entities, or buying and selling businesses
• Mark each service as designated service — yes, no, or unclear
• Outcome: A simple view of where AML/CTF is likely to apply

Step 2: Decide your service strategy

• For in-scope or borderline services, decide whether to continue offering them, narrow their scope, or exit them
• Document the decision for each service line
• Outcome: A clear statement of which services you will provide under Tranche 2

Step 3: Enrol with AUSTRAC

• Confirm that your firm needs to enrol
• Gather firm details such as ABN or ACN, contact details, and key people
• Complete enrolment via AUSTRAC within the required timeframe
• Outcome: AUSTRAC enrolment confirmed and reference recorded

Step 4: Appoint an AML/CTF Compliance Officer

• Choose a senior person who understands your services and risk
• Document their role and responsibilities
• Update internal org charts and engagement letters if needed
• Outcome: Named AML/CTF Compliance Officer with clear accountability

Step 5: Build your AML/CTF program

• Draft a short, practical document covering risk assessment, CDD, risk ratings, suspicious matters, record keeping, and review cycles
• Have it approved by a senior decision-maker
• Outcome: A live AML/CTF program your team can actually use

Step 6: Standardise client onboarding and CDD

• Design standard onboarding flows for individuals, companies, trusts, SMSFs, and other relevant client types
• Specify exactly what information and documents are required for each type
• Decide where this process will live, ideally in a system rather than scattered spreadsheets and email threads
• Outcome: A repeatable process that produces consistent CDD and evidence

Step 7: Train your team

• Identify who needs training across partners, managers, frontline staff, and admin
• Cover when a client or matter is in scope, what to collect, red flags, escalation points, and how to use your workflow or system
• Record who attended and when
• Outcome: Staff know what to do and how to do it

Step 8: Put monitoring and review on a schedule

• Set review dates based on client risk levels
• Schedule periodic reviews of your AML/CTF program
• Decide how you will check that the process is being followed in practice
• Outcome: Ongoing oversight, not a one-off project