You must provide AML/CTF training to personnel who perform functions relevant to your AML/CTF obligations to make sure they understand:

• your obligations under the Anti-Money Laundering and Counter-Terrorism Financing 2006 Act (the Act), Rules and regulations
• your ML/TF risks.

You must provide training:

• when a person is employed or engaged
• that’s ongoing during their employment or engagement.

This is essential to make sure your personnel:

• have the required knowledge and skills to comply with your AML/CTF obligations
• effectively implement your AML/CTF program to ensure your business can appropriately identify, manage and mitigate ML/TF risk.

What to include in your AML/CTF policies

Your AML/CTF policies must ensure you can provide initial and ongoing training for personnel who perform AML/CTF functions. 

Your policies must ensure the training you provide is tailored and appropriate to the person based on:

• the functions they perform
• the ML/TF risks relevant to their functions
• their specific responsibilities under your AML/CTF policies.

The training must be delivered in a way that’s easy for them to understand.

We expect you to do the following and outline how you do so in your AML/CTF policies:

• develop a training plan and schedule tailored training to different roles and their relevant ML/TF risks
• include updates on AML/CTF regulatory changes and emerging risks in training material
• include steps taken to make sure your personnel are getting training
• use a register to record completion dates and track when further training is due
• monitor the effectiveness of your training
• evaluate whether personnel are retaining knowledge from your training and applying it appropriately. 

Tailoring your AML/CTF training

The AML/CTF training you provide must be tailored so that it’s appropriate to the person, their role, responsibilities and the ML/TF risks relevant to their role. 

The AML/CTF training must cover:

• your obligations under the Act and Rules
• your ML/TF risks. 

We expect that you use your ML/TF risk assessment, business size and sector-specific risks to identify your training needs. 

You may choose to provide general AML/CTF training to all personnel. However, if you have roles with different AML/CTF functions and varied ML/TF risk levels, you must include appropriate training for individuals exposed to these different risks. 

Some roles may need technical training while others may only need general awareness. For example:

• All personnel in customer-facing roles need an awareness of indicators of suspicious activity and your reporting procedures.
• Personnel responsible for undertaking enhanced customer due diligence and investigating suspicious matters need a deeper understanding of the ML/TF risks your business faces and procedures they must follow.

To help tailor your training, consider the following examples of what training may include for personnel that conduct specific obligations.

When to deliver AML/CTF training

You must provide initial training at the start of a person’s employment or engagement. You must also provide ongoing training. 

We expect you to offer training as often as necessary to make sure your personnel understand:

• new and emerging ML/TF risks
• updates to AML/CTF policies and laws. 

We expect you to also provide training before any personnel conduct new duties that may expose them to other ML/TF risks and AML/CTF functions. 

The frequency and extent of ongoing training will depend on functions the person performs and the ML/TF risks.

Consider the following examples of how frequently you may provide ongoing training. These are examples only, and the frequency you deliver training must be appropriate to your business. 

For example, you may deliver training to:

• AML/CTF compliance officers and senior management every 6–12 months
• customer-facing personnel every 12 months
• personnel responsible for onboarding, transaction monitoring, or other enhanced CDD roles every 12 months
• third-party vendors when they’re onboarded, and when your contract is renewed or changed
• all other personnel not in AML/CTF relevant roles at onboarding (providing general awareness training).

We expect that you consider updating and providing AML/CTF training as soon as practicable in response to:

• changes to AML/CTF laws
• new and emerging ML/TF risks
• changes to your AML/CTF program
• findings from AML/CTF program independent evaluations, regulatory or internal compliance reviews indicating AML/CTF training gaps
• significant instances of non-compliance or breaches of AML/CTF obligations (potential or actual)
• AUSTRAC-issued guidance.

How to deliver AML/CTF training

You have flexibility to choose the type of training you provide based on your ML/TF risk, resources and the roles and responsibility of your personnel. 

You must make sure the training is accessible and understandable to the person receiving it. This means training needs to be appropriate to the individual receiving the training. It should be based on factors such as their comprehension and language skills.

Common delivery methods can include:

• online training courses or certifications
• in-person training courses
• on-the-job training, especially if there’s a ML/TF risk specific to certain roles
• review of publications on current/relevant AML/CTF issues
• participation in industry events or seminars
• regular communication with employees by email, intranet updates or newsletters. For example, about updates to your ML/TF risks or AML/CTF policies
• informal education, such as day-to-day supervision, mentoring and peer review.

You may consider providing training using a mixture of delivery methods.

To help with training, you may make the material available for personnel to refer to.

Our e-learning modules

To help you understand and comply with your AML/CTF obligations, we provide e-learning modules, education and guidance. 

These can be used as part of your AML/CTF training but can’t be relied on solely to meet your training obligations. This is because your training must be tailored to the person receiving the training based on: 

• their AML/CTF functions
• the ML/TF risks relevant to their function
• their responsibilities under your AML/CTF policies. 

Outsourcing training

You may outsource delivery of AML/CTF training to a third party such as to an external training provider, industry association, or learning platform. However, you remain responsible for making sure training is tailored, appropriate and understandable to your personnel. 

Avoid relying on generic training not specific to your industry without first assessing if it’s appropriate for your business and adapt it as needed. You may also need to supplement with role-specific training and content specific to your business and industry.

If you outsource training, we expect you to:

• conduct appropriate due diligence to confirm the provider’s suitability and expertise
• confirm the provider can deliver training specific to your business needs and its ML/TF risks, AML/CTF policies and personnel
• set clear expectations on content and delivery of training
• make sure training aligns with your AML/CTF program. 

Learn more about outsourcing.

Reviewing and monitoring training

We expect you to periodically assess your training and update it where necessary. This can be based on: 

• internal compliance reviews or audits
• personnel feedback
• our guidance or feedback on ML/TF risks.

We expect you to continuously monitor the effectiveness of your AML/CTF training. This will help you make sure training is:

• appropriately equipping your personnel with knowledge and skills to help meet your AML/CTF obligations
• completed, understood and applied by your personnel
• addressing your AML/CTF obligations
• updated to accurately reflect your ML/TF risks and changes to AML/CTF obligations.

For example, to monitor effectiveness you may consider the following monitoring tools:

• Post-training assessment of understanding and testing results to confirm personnel understand key content. This may be measured through practical exercises, testing scores or follow-up discussions.
• Real-time incident reviews. You may use internal audits or compliance checks to identify knowledge gaps (for example, missed red flags, late SMRs).
• Personnel surveys or feedback to understand whether they find training to be clear, relevant and usable.
• Performance reviews and targets to assess personnel knowledge, skills and expertise to perform their AML/CTF functions.
• AML/CTF compliance reports from the AML/CTF compliance officer to the governing body. You may use these to inform the governing body of compliance with AML/CTF policies, and how ML/TF risks are being managed and mitigated.

If a person needs more training

If monitoring reveals a knowledge gap or performance concern, we expect you to take appropriate action. This will help make sure your business remains compliant and that you don’t increase your ML/TF risks.

Depending on the gap or concern, actions may include, for example:

• providing targeted follow-up training
• providing remedial training tailored to the issue or obligation
• documenting action taken including dates, training type and result
• reassessment post-training such as tests, practical observation or manager sign-off
• escalation if the person remains unable to meet AML/CTF expectations. For example, consider reassigning their AML/CTF functions or responsibilities.

Record keeping

You must keep records that are reasonably necessary to demonstrate compliance with your personnel training obligations.

Your AML/CTF policies can set out how you maintain and update training records. 

When you conduct your training, you may consider keeping records of attendance, training schedules, content, delivery methods and any employee assessments. 

The following are examples of details you could record:

• who completed training: names, roles, teams and date of commencement in the role
• what training you delivered: topics covered, delivery format (for example, online, in-person, on-the-job training), content and content version
• how you assessed understanding and training results: methods of assessment used (see above for more information)
• training history: records of initial training, refresher sessions, role-specific modules. 

You may also record industry accreditation(s) or on the job training arrangements.

Maintaining a training log or register can help make sure that:

• all relevant personnel have been trained
• you can identify who needs refresher training
• you can demonstrate compliance to AUSTRAC.

Learn more about your record keeping requirements.

Related pages

• Personnel due diligence and training
• Personnel due diligence
• Examples of personnel due diligence and training