The AML/CTF compliance officer is responsible for communicating with us on your business’s behalf. They must also oversee and coordinate your day-to-day compliance with the:

• Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (the Act)
• Anti-Money Laundering and Counter-Terrorism Financing Rules (the Rules)
• regulations (your AML/CTF obligations).

They must also: 

• oversee the effective operation of compliance with your AML/CTF policies
• give reports to their governing body at least once every 12 months on AML/CTF compliance
• have sufficient authority, independence and access to resources and expertise to do their job effectively.

Appoint an AML/CTF compliance officer

You must appoint an AML/CTF compliance officer within 28 days of providing designated services. You must also notify us within 14 days of the appointment using the new form (this will be available before the laws start on 31 March 2026). The same requirements apply if your AML/CTF compliance officer leaves your business or becomes ineligible. 

You must keep records showing that you’ve appointed an eligible AML/CTF compliance officer. 

We expect these records to show:

• the name of the person appointed your AML/CTF compliance officer
• when the person has acted as your AML/CTF compliance officer
• how your AML/CTF compliance officer meets the eligibility requirements provided below, including records of any reassessments
• what you considered in determining the eligibility criteria, such as open source searches, credit checks, reference checks and police checks.  

Eligibility requirements

Your AML/CTF compliance officer must meet eligibility requirements, including being:

• employed or engaged by your business at management level
• a resident of Australia if you provide designated services at or through a permanent establishment in Australia
• a fit and proper person.

Management level

Whether a person is at management level will depend on the nature of the business. 

For a larger business this may be a person managing daily operations relevant to AML/CTF compliance such as a: 

• risk manager
• operations manager
• general manager.

For a smaller business this may be the business owner, a director or a person responsible for managing broader risks or operations. 

A person being at management level refers to their authority in the business. A person can be at management level without direct reports.

Your AML/CTF compliance officer doesn’t need to be an employee. However, if you engage an external compliance officer they must have the authority, resources and expertise to perform the role. 

If you’re part of a reporting group, the AML/CTF compliance officer of one member may also serve as the compliance officer of another member. This is allowed if the compliance officer meets the eligibility requirements for each member (for example, being a resident in Australia if applicable).

Fit and proper person requirements

Before appointing an AML/CTF compliance officer, you must determine if they’re fit and proper. In considering if a person is fit and proper you must consider all of the following, including whether they:

• have the competence, skills, knowledge, diligence, expertise and soundness of judgement to properly perform the role
• have the attributes of good character, honesty and integrity
• have been convicted of a serious offence
• are the subject of adverse findings by a regulatory body
• have been found to have engaged in serious misconduct by a regulatory body
• are bankrupt or have signed a personal insolvency agreement
• have a conflict of interest that creates a material risk they won’t act properly in the role.

An AML/CTF compliance officer doesn’t need to be an AML/CTF expert. If you’re a small business, you’ll appoint someone with all of the following: 

• at management level with the required competency, skills, knowledge, diligence, expertise and soundness of judgement
• who has the general skills to learn their business’s money laundering, terrorism financing and proliferation financing risks (we refer to these as ML/TF risks) and apply appropriate AML/CTF policies
• who will learn further necessary skills through training and on-the-job experience as an AML/CTF compliance officer. 

You must also consider conflicts of interest that create a material risk the person will not act properly as an AML/CTF compliance officer. This is a factor when considering if someone is fit and proper. 

Examples of conflicts of interest may include where your proposed AML/CTF compliance officer: 

• has interests with an AML/CTF software company that may impact what vendor solution they select to complete transaction monitoring or screening
• is acting as the AML/CTF compliance officer of multiple other businesses which may affect their ability to act impartially.

When assessing the other fit and proper considerations, which go to the integrity of the AML/CTF compliance officer, you can consider any existing fit and proper person tests the person has completed. We’re working with industry bodies to determine if it can recognise existing fit and proper person checks and will develop guidance on this issue in late 2026. 

The requirement to ‘consider’ an issue isn’t a pass/fail checklist. It should help you determine whether a person is currently fit and proper. 

We expect you to periodically reassess your AML/CTF compliance officer. This is to ensure they remain a fit and proper person. 

If your AML/CTF compliance officer becomes ineligible after being appointed or leaves your business, you must both: 

• appoint a new person to the role
• advise us of this change.

Report to the governing body

Your AML/CTF compliance officer must report to your governing body at least once every 12 months. This obligation works differently where the compliance officer and governing body is the same person. 

Learn more about governance and oversight for sole traders and micro businesses. 

What must be in the report

Your AML/CTF compliance officer’s reports must outline all of the following:

• your business’s compliance with its AML/CTF policies
• the extent to which your business’s AML/CTF policies appropriately manage and mitigate the ML/TF risks it may reasonably face in providing its designated services
• your business’s compliance with the Act, Rules and regulations.

The reports, or a record of the reports, must be in writing and in English, or in a form that is readily convertible into English.

If implemented effectively and with appropriate frequency, these reports ensure your governing body: 

• understands how your business meets its AML/CTF obligations and appropriately manages and mitigates ML/TF risks
• is aware of its compliance status, risks, any deficiencies, and key updates, allowing them to oversee AML/CTF compliance effectively
• can take informed reasonable steps to ensure that your business meets its AML/CTF obligations. This includes providing additional resources and strategic direction as required. 

Reports to your governing body may describe any:

• AML/CTF non-compliance
• deficiencies or gaps in your AML/CTF policies or your business’s compliance with those policies that impact your ability to manage and mitigate your ML/TF risk
• steps needed to remediate identified deficiencies or gaps and progress against remediating those deficiencies or gaps.

The reports may also include other updates that significantly affect your AML/CTF policies or compliance, such as: 

• resourcing issues
• AML/CTF process backlogs
• activities to improve AML/CTF compliance or ML/TF risk management
• any updates or feedback from us.

Compliance officer must report to the governing body

Your AML/CTF compliance officer must provide their reports to your governing body. 

To meet this requirement, we expect the AML/CTF compliance officer to retain control over the content of reports that reach the governing body. This allows businesses to use existing review processes while making sure the reports: 

• remain factually accurate
• include all relevant information
• keep the governing body informed on AML/CTF matters.

We expect that significant findings or recommendations from the AML/CTF compliance officer reach your governing board without other staff removing or amending them.

You may make recommendations to the AML/CTF compliance officer to change a draft report. This may sometimes be needed where necessary content is missing or inaccurate. When you make recommendations, we expect the:

• recommendations to be recorded in writing
• reasons the AML/CTF compliance officer decides to adopt or not adopt the suggested changes.

This allows your business to appropriately review reports and suggest changes, while making sure that the AML/CTF compliance officer: 

• retains control over the content of these reports
• isn’t unduly required to remove content that’s accurate but inconvenient to business interests.  

Oversee and coordinate compliance

One of the functions that your AML/CTF compliance officer must perform is to oversee and coordinate your day-to-day compliance with the Act, Rules and regulations.

The AML/CTF compliance officer doesn’t need to directly conduct these obligations. They must instead oversee and coordinate others who do. 

When an AML/CTF compliance officer is absent

You must always have someone fulfilling the functions of an AML/CTF compliance officer. You must also inform us of any person who you designate as a compliance officer.

There may be times your AML/CTF compliance officer is absent from the business, for example, due to short-term leave or illness. If your compliance officer is absent from the business, the responsibilities and functions of this role must be covered.

The AML/CTF compliance officer’s functions can be met during periods of absence without needing to designate another compliance officer. This is because the compliance officer’s functions generally extend to overseeing and coordinating compliance. Unlike senior managers, this doesn’t require the compliance officer to personally conduct the actions required to fulfil a particular obligation.

Whether the AML/CTF compliance officer has met their functions during periods of absence will depend on all the circumstances, including the: 

• length of the absence
• effectiveness of arrangements the compliance officer has established to oversee and coordinate compliance
• effectiveness of arrangements the compliance officer has established to ensure the business communicates with us in their absence
• nature, size and complexity of the business. Smaller businesses with less complex risk profiles may require less oversight and coordination than larger complex businesses. 

Where possible, businesses may identify additional eligible employees who can be an AML/CTF compliance officer. Businesses should make sure they can quickly designate a replacement compliance officer. This will support the business to meet its obligations if the existing compliance officer becomes ineligible or is absent for long periods.

Related pages

• Governance
• Governing body
• Senior manager
• Governance and oversight for sole traders and micro businesses
• Establishing a strong AML/CTF culture.