Governance and oversight for sole traders and micro businesses (Reform)
Find out what your anti-money laundering and counter-terrorism financing (AML/CTF) responsibilities are if you’re a sole trader or micro business.
On this page
- Overview of governance and oversight
- Governance roles
- Your duties as a sole trader or micro business
- Related pages
As a sole trader or micro business, you’re responsible for performing a range of governance roles. In many cases, you’ll have just one person fulfil all the governance roles required under the AML/CTF regime.
This guidance explains:
- what governance and oversight mean where a single person satisfies all governance roles
- how a single person can meet all the governance roles in a practical way.
Overview of governance and oversight
Governance involves exercising authority and control over how you manage your AML/CTF responsibilities within your business.
Oversight involves supervising or managing compliance. It includes regularly checking your AML/CTF policies to make sure they’re working correctly and making improvements as needed.
Governance roles
There are 3 roles within the AML/CTF governance structure. These are the:
- governing body
- senior manager
- AML/CTF compliance officer.
In a larger business, separate people typically hold these roles. They must communicate and report to one another on certain matters.
For sole traders or micro businesses, often a single person will act in all 3 roles. If the same person is acting in all 3 roles, they don’t need to report to themselves. It’s important to understand that they’re still responsible for the other duties of these roles.
You can outsource governance roles, but this isn’t required to meet your obligations. If you outsource governance roles, you’ll still be responsible for making sure that the outsource service provider meets the requirements of these roles.
For example, you can outsource the role of AML/CTF compliance officer, but you must make sure they meet the eligibility requirements.
Your duties as a sole trader or micro business
As a sole trader or micro business, you must make sure that you:
- conduct an ML/TF risk assessment and review it as required: this document will identify and assess the ML/TF risks you reasonably face
- develop, maintain and comply with your AML/CTF policies: to align with your risk assessment, regularly review your policies, procedures, systems and controls to ensure they remain effective and up to date
- keep records to reasonably demonstrate compliance: keeping records of key decisions and actions, such as how you develop, maintain and comply with your AML/CTF policies. This is evidence of your compliance and gives you clear processes on what to do if an issue occurs
- maintain accountability: you’re responsible for meeting your obligations even where you outsource AML/CTF functions.
The tables below look at:
- the obligations of each governance role in more detail
- how they may apply where a single person is responsible for all 3 governance roles.
Governing body
This section refers to the Act sections 26H(1) and 26J(2).
| Obligations | Examples of what you could do as a single person satisfying all governance roles |
|---|---|
|
Exercise appropriate oversight of and take reasonable steps to make sure you comply with:
|
Take action to learn and keep up to date with AML/CTF requirements. For example, attending professional development sessions we offer and applying these learnings to your business operations. Regularly review and address any compliance issues. You should also subscribe to get updates from us. |
| Make sure the AML/CTF compliance officer has sufficient authority, independence and access to resources and information they need to perform their functions |
If you’re acting in all 3 governance roles, and have control over your business, you’ll generally have sufficient authority and independence. Additionally, if you’re acting in all 3 governance roles, you’ll need to determine if you have the necessary resources. For example, if you have any employees, you can document if there’s any workload concerns. To make sure you have access to the information you need, you can contact your employees (if applicable) and request updates on AML/CTF matters. For example, requesting updates on any incidents relating to AML/CTF non-compliance. |
| Oversee the business’ identification and assessment of risk for its ML/TF risk assessment |
Subscribe to get our updates that may impact your ML/TF risk assessment. Make sure your staff inform you if they encounter a risk factor that isn’t present in your ML/TF risk assessment, allowing you to review and update it as required. |
AML/CTF compliance officer
This section refers to the Act sections 26J(3) and 26L and the Rules section 5–7.
| Obligations | Examples of what you could do as a single person satisfying all governance roles |
|---|---|
| Oversee and coordinate day to day compliance with AML/CTF obligations | Manage daily compliance with AML/CTF obligations or take steps to comply with them yourself. |
| Oversee and coordinate the effective operation of your AML/CTF policies and your compliance with those policies | Check your policies are working as intended. This can be done through periodic testing. |
| Provide regular updates to your governing body on compliance with AML/CTF policies, the extent to which the policies are appropriately managing and mitigating ML/TF risks and compliance with AML/CTF obligations |
You don’t need to fulfil this requirement if:
Otherwise, set aside time to review and reflect on AML/CTF issues and keep notes for your records. |
| Communicate with us on behalf of your business | Handle all communications with us. |
| Check if you meet the requirements for the AML/CTF compliance officer role |
Assess whether you’re capable of performing the role, by considering:
The requirement to ‘consider’ an issue isn’t a pass/fail checklist. It should help you determine whether a person is currently fit and proper. Complete our e-learning courses. |
Senior manager
This section refers to the Act section 26P and the Rules section 5–5.
| Obligations | Examples of what you could do as a single person satisfying all governance roles |
|---|---|
|
Approve AML/CTF policies and any updates If you’re acting in all 3 governance roles you’ll also be preparing the AML/CTF policies |
Assess your business and include the version number and date of approval in your policies. |
|
Approve ML/TF risk assessments and any updates If you’re acting in all 3 governance roles you’ll also be preparing the risk assessment |
Align AML/CTF policies to the ML/TF risks of your business. Include the version number and date of approval in your risk assessment. |
| Notify the governing body of changes to ML/TF risk assessment in writing | Update and record changes to risk assessments, including dates and reasons for changes. |
| Approve onboarding of high-risk customers like foreign politically exposed persons (PEPs) and high-risk PEPs | Review and document the decisions you make to onboard high-risk customers. |
| Approve continuing a business relationship with an existing customer, beneficial owner or an agent of an existing customer that becomes a foreign PEP or high-risk domestic or international PEP | Review and document the decisions for continuing the business relationship with these customers. |
| Approve entering into a written agreement or arrangement with a third party for collection and verification of customer due diligence (CDD) information |
If you enter into a third-party arrangement where another business will collect and verify CDD information on your behalf, you can:
|
Related pages
This guidance sets out how we interpret the Act, along with associated Rules and regulations. Australian courts are ultimately responsible for interpreting these laws and determining if any provisions of these laws are contravened.
The examples and scenarios in this guidance are meant to help explain our interpretation of these laws. They’re not exhaustive or meant to cover every possible scenario.
This guidance provides general information and isn't a substitute for legal advice. This guidance avoids legal language wherever possible and it might include generalisations about the application of the law. Some provisions of the law referred to have exceptions or important qualifications. In most cases your particular circumstances must be taken into account when determining how the law applies to you.