Compliance reference · AUSTRAC AML/CTF
AUSTRAC expects an AML/CTF program that runs as advertised — a written Part A and Part B, customer due diligence kept current, monitoring tuned to actual risk, and reports filed inside the window. This page is the plain-English version.
What it actually requires
AUSTRAC compliance is not a one-time program design. It is an operational rhythm that runs every day across customer records, transactions, and reports. The four obligations below are the floor.
A documented program with two parts. Part A covers enterprise-wide risk assessment and the general program. Part B covers customer due diligence procedures. The program must be approved by the governing body, kept current, and tested in practice — not filed and forgotten.
Identify and verify customers at onboarding, understand the nature and purpose of the relationship, and apply enhanced procedures for higher-risk customers. Ongoing customer due diligence keeps the picture current as risk profiles shift.
Monitor transactions for unusual patterns relative to the customer profile and the entity-wide risk assessment. Monitoring rules must be calibrated, documented, and regularly tested — and the alerts they generate need timely human review.
Threshold transaction reports for cash transactions of A$10,000 or more. International funds transfer instruction reports. Suspicious matter reports within the prescribed window. An annual compliance report. Each has its own format and timing — the reporting cadence is part of the program design.
Four failure modes that recur across AUSTRAC enforcement outcomes.
Transaction monitoring rules generate hundreds of alerts per week. Most are false positives. The analyst team disposes of them at speed and the genuine signal hides among the noise. SMR-worthy patterns get cleared in eight seconds.
Your monitoring runs, your detection does not.
Customer profiles were verified at onboarding. Two years on, the customer has changed profession, citizenship, or beneficial ownership and the file does not reflect it. Ongoing CDD is documented as a policy but not in the records.
Your file says one customer; reality says another.
TTRs, IFTIs, and SMRs go out of formats that worked last year. AUSTRAC submission errors compound. Each rejected report is a small fire that burns operations time you could have spent on the actual risk work.
Compliance becomes a submission-fixing function.
Independent review of the AML/CTF program is required at appropriate intervals. The reviewer arrives expecting evidence of how the program operates day-to-day, not just the policy that says it should. Programs that were paper-only get exposed.
Your policy lives in Word; your program lives elsewhere.
How BackPro maps to AML/CTF
The aim is not to replace your TM platform — it is to make the AML program produce its own evidence. Each row maps an AUSTRAC obligation to the part of BackPro that does the work.
AML/CTF obligation
Program documents — Part A and Part B — live in the platform with version history, approval signatures, and review cadence. Each material change is signed in the audit chain. The Control Monitor agent flags overdue reviews before the program drifts out of date.
AML/CTF obligation
CDD records carry the verification evidence, the rationale for risk rating, and the trail of revisions. Ongoing CDD triggers — adverse media, beneficial ownership change, sanctions list updates — generate findings on the customer record so the team acts before the file ages.
AML/CTF obligation
Monitoring rule logic, calibration tests, and alert dispositions are traceable end-to-end. Tuning decisions tie to test outputs, not analyst memory. The Risk Correlator agent surfaces patterns across customer files, sanctions hits, and transaction alerts that no single rule would catch.
AML/CTF obligation
TTRs, IFTIs, and SMRs are generated from the source of record with the formats AUSTRAC expects. Submission status, rejections, and resubmissions are tracked in the same chain. The reporting cadence becomes a deterministic process rather than a quarterly fire drill.
AML/CTF obligation
Programs that run on BackPro produce evidence as a side effect. The independent reviewer asks how the program operates; the platform answers with the audit chain — every CDD, every alert disposition, every report, every approval signed and chained. No retrospective evidence reconstruction.
Three roles carry AML accountability across most reporting entities.
What reporting entities ask before bringing AI inside the AML/CTF perimeter.
One walkthrough covers architecture, audit chain, deployment model, and how the platform maps to each AML/CTF obligation.