Read our examples of good and poor practice in personnel due diligence and training.

On this page

• Good practice: Due diligence and training in a professional services firm
• Poor practice: Poor due diligence and generic training in a real estate agency
• Related pages

This guidance outlines good and poor practice examples to help you understand how to effectively conduct:

• personnel due diligence
• anti-money laundering and counter-terrorism financing (AML/CTF) training for your personnel.

Good practice: Due diligence and training in a professional services firm

Good Practice Legal (GPL) is a small-sized firm providing legal and financial services with a team of 25 personnel. This includes solicitors, compliance personnel and administrative support. 

Policies

GPL has a tailored personnel due diligence and training process which they detail in their AML/CTF policies. 

Identifying roles

GPL maps out which roles need to be subject to personnel due diligence and training as they perform AML/CTF functions. The firm then identifies which of those are high-risk roles. For example, roles that manage creating or restructuring body corporates or trusts. They apply more thorough checks and provide additional targeted follow up training for these high-risk roles. 

Personnel due diligence

When hiring for a role, GPL conducts the following due diligence checks before they employ or engage any personnel:

• reference checks
• a police check
• a check for government regulator or professional body disciplinary action
• verifying qualifications
• assessing AML/CTF knowledge during the interview process
• self-disclosure of conflict of interests or any other material information
• adverse media and sanctions screening
• a bankruptcy check
• an ASIC company directorship check.

Before hiring for a high-risk role, GPL conducts a more comprehensive due diligence process which also includes:

GPL also make sure existing personnel are subject to more comprehensive due diligence checks if they:

• are promoted
• move into a different role with higher money laundering, terrorism financing and proliferation financing risks. We refer to these as your ML/TF risks. 

GPL conducts periodic re-assessments of personnel in line with the triggers outlined in their policies. GPL maintains clear records of the due diligence process including: 

• the records related to the checks conducted
• any adverse findings
• an audit trail of decisions taken for each person subject to personnel due diligence. 

Personnel training

All personnel receive foundational AML/CTF training covering the firm's: 

• AML/CTF obligations
• ML/TF risks
• red flag indicators. 

New employees complete their initial training during onboarding. All AML/CTF-relevant roles conduct refresher training at least annually or when there’s a significant change in policy or risk profile in line with the firm’s training policies.

More detailed, role-specific training is delivered based on the AML/CTF functions personnel perform. 

Every employee that’s client facing receives training on: 

• the firm’s AML/CTF obligations
• how to conduct customer due diligence (CDD)
• ML/TF risks of the business and suspicious indicators
• how to identify and escalate suspicious client behaviour
• reporting escalation procedures and timelines
• record keeping. 

Junior solicitors receive detailed training on: 

• customer onboarding
• how to conduct initial customer due diligence
• how to follow the ID verification procedures
• record keeping.

Administrative personnel receive detailed training on:

• record-keeping processes
• how to use any record-keeping tools
• keeping accurate and complete records. 

Principal solicitors (who are designated as ‘senior managers’ under GPL’s AML/CTF policies) receive training on: 

• politically exposed persons (PEPs)
• how to tailor enhanced CDD measures to the customer risk
• undertaking source of funds and wealth checks.

The governing body receives detailed training on: 

• the specific AML/CTF obligations for each governance role
• the firm’s ML/TF risk assessment and AML/CTF policies
• good governance practice.

GPL has all training records logged in a central register. 

Training materials are readily accessible, and employees are tested on their knowledge via quizzes or scenario-based discussions. GPL also: 

• monitors and reviews training effectiveness as part of their annual program review
• collects feedback from personnel to improve delivery.

Outcome

By applying a risk-based approach to both personnel due diligence and training, GPL makes sure that all individuals performing AML/CTF-related functions are: 

• suitable
• equipped with appropriate knowledge
• subject to continuous oversight.

Poor practice: Poor due diligence and generic training in a real estate agency

Poor Practice Realty (PPR) is a real estate agency with 25 employees. This includes receptionists, admin personnel and real estate agents.

Policies

The agency has documented AML/CTF personnel due diligence and training policies in place. However, these policies don’t:

• address the specific AML/CTF responsibilities and risks associated with individual roles
• outline steps to tailor their due diligence checks or training to the risks and responsibilities of the roles. 

As a result, the due diligence and training provided is generic. 

Identifying roles

PPR maps out what roles need due diligence and training but doesn’t identify high-risk roles to tailor their due diligence and training to the role.

Personnel due diligence 

All new hires are subject to an interview, reference checks and asked to sign a standard self-attestation form confirming their suitability. 

PPR conducts no further checks for high-risk personnel who process high-value property transactions or interact with international clients. They don’t: 

• conduct background screening or criminal history checks
• assess professional qualifications or prior AML/CTF experience.

As a result, they failed to identify that a personnel member with previous adverse media links to a criminal organisation was hired. 

The agency only becomes aware of the personnel member’s links to a criminal organisation when they’re arrested. 

Personnel training 

Personnel miss clear signs of suspicious activity as they haven’t received tailored training and aren’t clear on their responsibilities under the agency’s AML/CTF policies. They fail to apply the policies and controls set out under their AML/CTF program to manage the ML/TF risks.

An online third-party vendor delivers their AML/CTF training. The training doesn’t cover ML/TF risks faced by the real estate industry. It also makes no reference to the agency’s AML/CTF program. The business doesn’t track completion, schedule refresher sessions, or confirm if personnel understand and can apply the content. The training program isn’t reviewed or updated in response to regulatory or operational changes.

Outcome

The firm conducts a review after the arrest. They identify the personnel member had processed a series of suspicious cash property transactions linked to suspected money laundering activity. 

By failing to meet their personnel due diligence obligations, PPR hired a personnel member with previous criminal connections that facilitated suspected money laundering activity. 

By not providing appropriate training, their personnel weren’t adequately able to identify the signs of suspicious activity. 

PPR has exposed itself to being targeted by criminals to launder money. They’ve failed to meet their obligations and manage their ML/TF risks.

Related pages

• Personnel due diligence and training guidance
• Personnel due diligence
• AML/CTF training