Identifying personnel roles that require due diligence and training (Reform)
Learn how to identify roles in your business that need personnel due diligence and training.
On this page
This guidance will help you to identify which of your personnel perform or will perform anti-money laundering and counter-terrorism financing (AML/CTF) roles that need personnel due diligence and training.
We expect you to identify high-risk roles to make sure that the level of due diligence and training is tailored to the person’s role and money laundering, terrorism financing and proliferation financing risks. We refer to these as your ML/TF risks.
Identifying relevant roles
This section refers to the Act section 26F(4)(d) and (e) and the Rules section 5–8 and 5–9.
You must conduct personnel due diligence and provide training to those who perform or will perform roles relevant to your AML/CTF obligations.
This includes people you employ. It also includes people you otherwise engage for example:
- contractors or consultants
- volunteers or interns (paid and unpaid)
- people employed by service providers you use.
Personnel who perform functions relevant to your AML/CTF obligations includes people who:
- hold AML/CTF governance roles, such as your governing body, senior manager(s) and AML/CTF compliance officer
- have responsibilities under your AML/CTF program
- work in roles that could be exposed to ML/TF risks
- perform any other functions or roles that support or help perform your AML/CTF obligations.
To help identify relevant roles, you should consider:
- listing all roles that are relevant to your AML/CTF obligations
- mapping the roles and responsibilities that support or fulfil them.
For example, this may include a list like the below.
| AML/CTF obligation | Roles | Relevant personnel responsibilities |
| Customer due diligence (CDD) |
Customer facing personnel Account or relationship managers Onboarding analysts |
|
| Ongoing CDD |
AML/CTF compliance officer Financial crime teams Quality assurance teams Personnel who design transaction monitoring programs |
|
| Suspicious activity reporting |
Customer facing personnel Account or relationship managers AML/CTF compliance officer Financial crime teams |
|
| Threshold transaction reporting |
Operations personnel Payment processors Risk teams Fraud teams |
|
| Compliance oversight |
AML/CTF compliance officer Legal teams Internal audit Compliance and risk teams Senior managers External consultants with AML/CTF functions |
|
| Governance and oversight |
Board members Senior managers AML/CTF compliance officer |
|
| Systems and controls |
IT teams managing:
|
|
| Third-party service providers |
Personnel of outsourced AML/CTF service providers For example, personnel who conduct CDD, transaction monitoring or contact centre roles |
|
Non-individuals
This section refers to the Act section 5.
Your personnel due diligence and training obligations apply to any person you employ or engage. This includes both individuals (covered above) and non-individuals.
This means you must conduct due diligence on any non-individuals you engage to perform AML/CTF-related obligations. This includes:
- companies
- trusts
- partnerships
- corporations
- body politics
If you outsource AML/CTF functions, you remain responsible for complying with your obligations.
Learn more about using outsourcing to help meet your AML/CTF obligations.
Identifying high-risk roles
After you identify the roles that require personnel due diligence and training, we expect you to identify roles that pose a high risk.
This is to make sure:
- the personnel due diligence and training you provide is relevant and tailored to the specific AML/CTF responsibilities and risks of the role
- you can conduct more thorough checks for employees in high-risk roles.
High-risk roles include roles that:
- may make an employee a target for collusion or coercion by criminal groups
- could pose a serious ML/TF or non-compliance risk if fulfilled by someone with inadequate skills or integrity.
- the duties they perform
- access to sensitive data or systems
- holding positions with control, influence or the ability to bypass or override AML/CTF requirements.
To identify high-risk roles, consider if the person can:
- design or influence changes to AML/CTF policies
- authorise investments or payments
- have access to and authorise reports to be submitted to us. For example, international funds transfer instructions (IFTIs), threshold transaction reports (TTRs) and suspicious matter reports (SMRs)
- override or bypass internal controls
- handle high value transactions and physical currency (cash)
- approve or escalate high-risk customers
- amend customer risk profiles or related audit trails
- change processes, such as temporary exemptions or a manual work-around of protocols
- manage and authorise outsourcing or contracting arrangements
- have access to highly sensitive business or customer information.
Next steps
The following pages will help you tailor your personnel due diligence and training and comply with each obligation.
This guidance sets out how we interpret the Act, along with associated Rules and regulations. Australian courts are ultimately responsible for interpreting these laws and determining if any provisions of these laws are contravened.
The examples and scenarios in this guidance are meant to help explain our interpretation of these laws. They’re not exhaustive or meant to cover every possible scenario.
This guidance provides general information and isn't a substitute for legal advice. This guidance avoids legal language wherever possible and it might include generalisations about the application of the law. Some provisions of the law referred to have exceptions or important qualifications. In most cases your particular circumstances must be taken into account when determining how the law applies to you.