AML/CTF Program
How to use Verifia to generate, customise, publish, and maintain your AML/CTF compliance program.
Your AML/CTF program is the written document that sets out how your business will meet its compliance obligations. It must be tailored to your business, approved by a senior manager, and kept current. Verifia uses AI to generate a customised draft based on your risk assessment, which you then review, edit, and publish.
Generating your program
- Navigate to AML/CTF Program from the sidebar
- Ensure your risk assessment is complete — the program is generated based on your assessment results
- Click Generate Program
- Verifia's AI generates a draft covering:
- Your risk assessment summary and key risk drivers
- Customer identification and verification procedures for each CDD tier
- Ongoing CDD policies and review schedules
- Transaction monitoring procedures
- Reporting procedures (SMR, TTR, annual compliance report)
- Record-keeping requirements
- Personnel obligations (training, due diligence, roles)
- Program review and maintenance procedures
The draft is tailored to your:
- Industry type and specific designated services
- Risk rating and the risk factors identified in your assessment
- Business size and structure (sole practitioner, small firm, larger organisation)
- Regulation scope (for precious metals dealers — Options 1–4)
Reviewing and editing
- Open the generated draft in Verifia's built-in editor
- Review each section carefully — the AI-generated content provides a strong foundation, but you must customise it to accurately reflect your specific business operations and procedures
- Edit, add, or remove content as needed to ensure the program reflects how your business actually operates
- Use the clause library for pre-written, compliance-reviewed paragraphs on common topics
- All edits are tracked with change history
Important: Your AML/CTF program must be a genuine reflection of your business practices, not a generic template. AUSTRAC expects your program to be tailored to your specific circumstances. The AI-generated draft is a starting point — invest time in customising it.
Approval and publishing
- When you are satisfied with the program, click Submit for Approval
- A senior manager (typically the Compliance Officer) reviews and formally approves the program
- Click Publish — the published version becomes your official, operative AML/CTF program
- Previous versions are preserved in the version history
- A copy is automatically archived in the Compliance Vault
Staff acknowledgment
After publishing a new or updated program:
- Verifia sends notifications to all team members
- Each staff member must read and acknowledge the program — confirming they have read, understood, and will comply with it
- The dashboard tracks who has and has not confirmed
- Acknowledgment records (with timestamps) are stored in the audit trail
Staff acknowledgment is an important compliance control. AUSTRAC expects you to be able to demonstrate that all relevant personnel are aware of and have committed to following the program.
Version management
Verifia maintains a complete version history of your program:
- View all previous versions with publication dates and the approver's identity
- Compare versions side-by-side with highlighted changes
- Understand which trigger events prompted each revision
- Reference or restore previous versions when needed
Version history demonstrates to AUSTRAC that your program is a living document that evolves with your business.
Program Maintenance Triggers
AUSTRAC requires your program to be reviewed when specific events occur. Verifia provides a structured trigger management system to track these events and ensure timely program updates.
The 8 AUSTRAC-defined trigger types
| # | Trigger Event | Example |
|---|---|---|
| 1 | Designated services change | You begin offering a new service type or stop providing an existing one |
| 2 | Customer/client types change | You start serving a new category of customer (e.g., international entities) |
| 3 | Jurisdictions change | Your business begins dealing with new jurisdictions |
| 4 | Regulatory/legislative update | AUSTRAC amends rules or the AML/CTF Act is updated |
| 5 | AUSTRAC communication | AUSTRAC issues new risk assessments, indicators, or typologies |
| 6 | Independent review findings | An adverse finding from an independent review of your program |
| 7 | Internal incident | A compliance breach, error, or near-miss within your organisation |
| 8 | Scheduled periodic review | Your regular program review cycle (annually or as defined in your program) |
How trigger management works
- Automatic triggers — Verifia creates trigger events automatically when it detects changes (e.g., a new independent review finding, a scheduled review date approaching)
- Manual triggers — you can record trigger events manually (e.g., you learn of a regulatory update or an internal incident occurs). Record the trigger type, description, date, and your assessment of its impact.
- Review workflow — each trigger links to a structured review process: reassess risk → confirm risk appetite → update controls → update program → communicate changes → retrain staff
- Dashboard integration — unresolved triggers appear in your Smart To-Do list and are factored into your Compliance Health Score
- Version linking — when you publish a new program version, you record which trigger events prompted the update
This creates a clear, auditable chain showing why your program was updated, not just when — exactly what AUSTRAC expects to see during a review.
Matter Management
Use matters to link customers, KYC cases, transactions, and reports to specific business activities — giving AUSTRAC auditors clear context for every compliance action.
Transaction Monitoring
How to use Verifia's transaction monitoring engine to record transactions, detect suspicious activity, and manage alerts.