Skip to content

The AML/CTF programme under the 2025 Rules

What an AML/CTF programme actually is under the new Rules, and why most templates available online are out of date.

Until 2025, the AML/CTF programme was structured in two parts. Part A covered the systematic identification and management of money-laundering and terrorism-financing risk. Part B covered customer due diligence procedures. Most templates, training material, and consultancy products on the market today still reflect that structure.

The Part A / Part B split has been abolished under the AML/CTF Rules 2025.

The programme is now a single topical document that addresses every required element in one integrated framework. The content has not been reduced — if anything, it has been expanded — but the structure has changed.

Under the new Rules, your programme must address four mandatory risk factors:

  1. Customer types — the kinds of customers your agency deals with (individuals, companies, trusts, foreign buyers, PEPs)
  2. Designated services and methods of delivery — which Items 53–55 services you provide and how
  3. Delivery channels — face-to-face, online, through intermediaries
  4. Foreign jurisdictions — countries your customers come from or send funds from

Each factor must be assessed for ML/TF risk, and the programme must describe the systems and controls that address those risks.

The programme must also document:

  • Governance arrangements (board or principal approval, AML/CTF Compliance Officer appointment, reporting lines)
  • Customer due diligence procedures, including for individuals, companies, trusts, and PEPs
  • Enhanced due diligence triggers and procedures
  • Ongoing customer due diligence and transaction monitoring
  • Suspicious matter and threshold transaction reporting procedures
  • Record-keeping arrangements
  • Staff training and screening
  • Independent review schedule and scope

The programme must be approved by the governing body of the reporting entity (board of directors for a company, or principal for a sole-director entity) and reviewed regularly. AUSTRAC inspectors will not accept a generic template — the programme must reflect your specific agency's risk profile, customer base, and operations.

The size of your agency determines how detailed the programme has to be, but every reporting entity needs a programme that is current, board-approved, and demonstrably operational.

What to do next: Verify that any programme template you have been offered references the AML/CTF Rules 2025 and the four mandatory risk factors. If it still describes Part A and Part B, it is stale.

Up next · Building Your Programme
ML/TF risk assessment — how to actually do one

How to assess your agency's money-laundering and terrorism-financing risk in a way that satisfies AUSTRAC.

Sources

  1. AML/CTF Act 2006 (Cth) Part 7
  2. AML/CTF Rules 2025 Part 5

This is general guidance for Australian real estate professionals. It does not constitute legal advice. Consult a qualified AML/CTF practitioner before relying on it for your agency.

Back to Building Your Programme