So You’re Going To Be An AML/CTF Compliance Officer...
Stepping into the AML/CTF Compliance Officer role is a significant responsibility under Australian law. This guide outlines the expectations, authority, reporting lines, and resources AMLCOs need, along with key questions to assess readiness and organisational support.
Louise Lane
23 May 2025
7 min read
Under Australia’s AML/CTF laws, reporting entities must appoint an Anti-Money Laundering and Counter-Terrorism Financing Officer (AMLCO). This position must be a member of senior management and have the requisite expertise and experience to fulfil the position.
If you are an existing AMLCO or will be appointed to fulfil this function in a tranche 2 reporting entity next year, please read further. We have included some relevant questions you might ask yourself or your board/senior management before stepping into and fulfilling this important, dynamic, and rewarding role.
AUSTRAC GUIDANCE
AUSTRAC has published guidance materials on the role and function of the AMLCO position. These guidance materials are available here, and a checklist is available here.
Firstly, the compliance officer needs to have the authority and resources to carry out their responsibilities effectively. This includes having:
- access to the business;
- access to the employees;
- the power to deal with any problems relating to AML/CTF obligations; and
- resources necessary to do the job.
While all of the above items are important, the third and fourth bullet points are particularly significant.
Does the AMLCO position have the requisite authority within the business and the right reporting lines to deal with problems (including addressing ML/TF risks or compliance-related issues) and the budget to do so, including where the business addressing and resolving an AML issue may require funding and/or impact revenue/profit?
Secondly, the role and function of the AMLCO can be wide-ranging and include:
- making sure the business meets its compliance obligations under the AML/CTF Act and Rules;
- taking day-to-day responsibility for the AML/CTF Program, including helping to create, implement and maintain internal controls (policies, procedures and systems) for compliance;
- reporting on AML/CTF compliance and ML/TF risk to the Board and Senior Management; and
- engaging with the regulator AUSTRAC (including submitting reports or responding to direct or industry feedback).
The AMLCO can be part of your broader role in that you can have other duties. The AMLCO can also delegate to other persons in certain circumstances.
Does the AMLCO position have sufficient resources to fulfil the above requirements? This will turn on the size, scale, and complexity of the organisation. Making sure the business meets its compliance obligations is significant where you have expansive operations or where you might have a less mature technology environment. Taking “day-to-day” responsibility for the Program can be a full-time role in itself. Make sure you document the roles and responsibilities of the position in a formalised job description so if this is part of your function, it is clear what the expectations of the position are (for the Reporting Entity, and for yourself).
YOU’RE STEPPING INTO THE ROLE: RELEVANT QUESTIONS YOU MIGHT ASK
Provided below are some questions you might ask of the Board, Senior Management and business operations teams in advance of appointment to the AMLCO role:
Ask to see the latest ML/TF Risk Assessment and the business’ consideration of its size, scale, and complexity. This will give you an understanding of the Reporting Entity’s operations and its risk profile.
You should also look at the latest national risk assessments conducted by AUSTRAC as follows, and then for sector-specific assessments they have conducted:
2024 AUSTRAC Money Laundering NRA.pdf2024AUSTRACTerrorismFinancingNRA.pdf
If possible, ask to speak with a member of the Board and/or the Senior Management Team to understand the reporting entity’s focus on this risk and compliance area. How often will you have access to/report to the board and senior management? What % of revenue has been allocated to financial crime management?
The AMLCO role has various obligations as an officer under the Act and Rules - how senior does it sit within the organisation?For instance, is it a direct report to the chief executive officer, or does it have a direct line to the board? If it does not, seek to understand how the reporting lines work to obtain comfort that the AMLCO’s message gets to those with decision-making powers and cannot be lost or tempered through layers of management.
Where does the AMLCO “sit” within the structure? Is it sufficiently independent or is it embedded in other areas that could compromise the function? If it's in a legal, risk, or compliance function, does it have sufficient power to oversee implementation of the Program? If it sits closer to operations, what measures are in place to make sure its independence is not compromised?
How is the financial crime team in the reporting entity structured - will you have sufficient resources in both the compliance and risk areas to be able to meet the requirements of the role set out above? Will you need to share resources, and if so, what are the reporting lines?
How does the business otherwise address its broader risk and compliance obligations? Does it have established risk management frameworks, processes, systems, and resourcing (including technology investment) or plans to do so? Is there a compliance team in place, and how are they viewed within the organisation?
Has the company had any compliance issues in the AML space or engagement with the Regulator? If so, what and how?
When was the last set of independent eyes on AML in the organisation? Did the company accept all the recommendations, and how far along are they in implementing the response?
Ask about your Line 1 Operations (your risk owners). Is AML ingrained in how the company does business (like wearing a seatbelt), or is it seen as a ‘compliance’ function sitting to the side and filing reports for the operations team? If it is the latter, is the company taking steps to move the function to be closer to the former? If you sit in a Line 2 role like legal or compliance, how do you make sure that your Line 1 team in Ops is implementing the AML/CTF Program effectively?
Some other questions you might ask yourself in taking on the role (or once you’re in the role):
Do I have the right qualifications to fulfil this function? How do I get more information?
How do I know the AML/CTF Program in place is working the way it should be? Who could I ask to have a look?
Is there an industry group that I could be a part of, where AML issues are discussed? If not, how might I go about forming one?
There’s a lot happening in this space, and it is very high profile. How do I keep on top of it all?
We are available to discuss the above with you if you’d like or help point you in the right direction!
CONCLUSION
This is a dynamic and exciting industry. Ultimately, you get to be a part of the effort to protect your business and the community from criminal abuse.
However, it is important in taking on the significant obligations in the AMLCO role that the position is set up for success. You should have a level of support that is established by the Reporting Entity according to the size, scale, and complexity of the organisation. Depending upon whether it’s an existing or a forthcoming Reporting Entity, the readiness of that support and structure might be at varying stages: you should expect that as a new AMLCO.
The sample list of questions we have provided above is a guide on how you might get a better understanding of whether the role has the right level of support within the business (and if it does not yet, how you might guide them to get there).
You might also enquire of others within your industry or external experts on what they think might be appropriate for your businesss-à-vis where the AMLCO position sits in the organisation, the number of resources you might need to ensure your Program is operating effectively, and your broader industry’s compliance culture.
For further information and education, there are now a number of courses and accreditations you can do to upskill in this area. ACAMS is a great first port of call:
ACAMS: Certified Anti-Money Laundering Specialist | ACAMS
AUSTRAC is running education courses later this month (see here) and there are a number of subject matter experts ready, willing, and able to help you.
Wish to chat further? Contact Involv today.