Personnel Obligations

Your AML/CTF program is only as strong as the people implementing it. AUSTRAC requires you to ensure that the personnel involved in providing designated services or managing compliance are suitable, knowledgeable, and properly supervised.

AML/CTF Compliance Officer

Every reporting entity must designate an AML/CTF Compliance Officer who:

• Has overall responsibility for the AML/CTF program
• Reports to senior management or the governing body of the organisation
• Has authority to make compliance decisions, allocate resources, and escalate matters
• Oversees CDD processes, transaction monitoring, reporting, and program maintenance
• Is the primary point of contact for AUSTRAC
• Is sufficiently senior to ensure compliance decisions are respected and implemented

In small businesses (sole practitioners, small firms), this is typically the business owner or principal. The Compliance Officer does not need to perform every compliance task personally, but they must have oversight and accountability.

Delegation

If the Compliance Officer is temporarily unavailable (leave, illness), the role should be formally delegated to another suitable senior person. Verifia supports delegation with defined start/end dates, and all actions taken by the delegate are logged against their identity.

Personnel Due Diligence

You must conduct due diligence on all personnel who are involved in:

• Providing designated services to customers
• Performing CDD or identity verification
• Handling transaction monitoring or alert management
• Filing reports with AUSTRAC
• Any other AML/CTF compliance responsibilities

Before they commence the role

Before a person takes on AML/CTF responsibilities, you must:

• Verify their identity — confirm who they are
• Assess their suitability — consider whether they are an appropriate person for AML/CTF responsibilities, taking into account their experience, qualifications, and character
• Check for relevant matters — where legally permitted, check for relevant criminal history or regulatory actions
• Document the assessment — record your assessment and its outcome (Suitable / Unsuitable / Conditionally Suitable)

During their role

Personnel due diligence is not a one-off check. You must:

• Monitor for changes — be aware of any changes that may affect a person's suitability (e.g., criminal charges, conflicts of interest, performance concerns)
• Reassess when roles change — if a person takes on new or expanded AML/CTF responsibilities, reassess their suitability for the new role
• Conduct periodic reviews — review suitability at regular intervals as defined in your AML/CTF program

When issues arise

If you become aware of concerns about a person's suitability:

• Investigate the concern promptly
• Reassess the person's suitability for their AML/CTF role
• Consider whether additional supervision, training, or role changes are needed
• Document your findings and actions taken
• Consider whether the concern itself constitutes a suspicious matter requiring an SMR

When they leave or change roles

When a person departs the organisation or moves out of an AML/CTF role:

• Remove access — revoke system permissions and access to compliance records promptly
• Reassign responsibilities — transfer any open KYC cases, pending alerts, or compliance tasks
• Conduct an exit review — assess whether there are any outstanding compliance matters
• Document the departure — record the date, handover details, and access removal in the audit trail

Training Requirements

All personnel involved in providing designated services must receive AML/CTF training that is appropriate to their role and responsibilities.

Initial training — before commencing the role

New staff must be trained on:

• What money laundering and terrorism financing are, and why they matter
• Your business's AML/CTF obligations as a Tranche 2 reporting entity
• How to identify designated services — which client engagements trigger compliance obligations
• How to perform CDD procedures — identity collection, verification, and risk assessment
• How to recognise suspicious behaviour and common ML/TF indicators relevant to your industry
• The escalation process — how to raise concerns and who to report to
• Record-keeping requirements — what to document and how
• The tipping-off prohibition — understanding that it is a criminal offence to disclose SMR-related information

Ongoing training

• Regular refresher training at intervals defined in your AML/CTF program (typically annually)
• Ad-hoc training when the program is updated, new risks emerge, or new ML/TF typologies are identified
• Role-specific training tailored to each person's responsibilities (e.g., the Compliance Officer needs deeper training than front-line staff)
• Incident-based training — if a compliance incident or near-miss occurs, use it as a learning opportunity

Training records

You must maintain records of all training activities, including:

• Training content and topics covered
• Date and duration of training
• Names of attendees
• Assessment results (if applicable)
• Next training due date

These records must be retained for 7 years and form part of your compliance audit trail.

Verifia provides built-in training modules with quizzes, automatic scheduling based on your program's training cycle, and complete record-keeping.

How Verifia helps