Step 2: Use your jeweller program

Learn how the jeweller program you’ve developed from the starter kit works and how to use it in your day-to-day business operations. 

On this page

How the program works

Once you've completed Step 1: Customise your jeweller program with the starter kit, the documents and forms you tailored work together as your anti-money laundering and counter-terrorism financing (AML/CTF) program. 

From here, you’ll follow your program and use your systems to manage AML/CTF tasks and guide how to respond to your money laundering, terrorism financing and proliferation financing risks. We refer to these as ML/TF risks. 

In practice, your program operates across 2 key areas:

  • how you deal with customers
  • how you manage personnel.

Dealing with customers

You’ll use your program in your day-to-day operations to manage the ML/TF risks of your customers. 

Your program scales the level of controls you use to the risk of your customers. 

If you have low-to-medium risk customers, you’ll take fewer steps and generally only need to use a few forms to screen your customers. If you have more complex and higher-risk customers, you’ll take additional steps and use more forms to manage the risk. 

Your program sets out how to:

  • apply customer due diligence (CDD) to understand who your customers are before you provide them a service
  • collect customer information and how to verify it
  • identify the risk of each customer based on risk factors to assign risk ratings as low, medium or high
  • detect and respond to risk indicators. 

Your program then outlines:  

  • the level of CDD you apply for low-, medium- and high-risk customers
  • when additional verification or monitoring applies
  • when to escalate or report activity
  • when to report to us.

This table provides a summary of risk ratings, risk factors and how the controls you apply scale based on your customer’s risk rating. If you risk rate your customer, and don't want to apply the controls below, you could instead ensure that they pay for precious metals, stones or products using a method other than physical currency, such as via bank transfer. 

Risk rating  Criteria  Customer risk factors  Controls 
High 
  • One or more high-risk factors, or
  • You identify other reasons the customer is high risk 
  • Precious metals, stones, or products purchased with $50,000 or more of physical currency
  • Customers whose requests are unusual or have no apparent economic/legal purpose
  • Transactions involving particularly high-risk metals and stones
  • Transactions involving stolen, conflict or counterfeit metals, stones or products
  • Customers who are scrap metal dealers
  • You suspect the customer has committed an offence that generates illicit profits (money laundering, terrorism financing, fraud, tax evasion, corruption, drug trafficking, people smuggling)
  • Foreign politically exposed persons (PEPs) - the customer onboarding forms include definitions for each type of PEP
  • Customer using a complex or unusual legal structure to create anonymity
  • Delivery channels which make it difficult to establish the client is who they claim to be
  • Unexplained wealth
  • Enhanced CDD
  • Source of funds and source of wealth check
  • Adverse media check
  • Verify business relationship
  • Senior manager approval 
Medium 
  • Two or more medium-risk factors, or
  • You identify other reasons the customer is medium risk 
  • Domestic or international organisation PEPs
  • A third party that isn't enrolled with AUSTRAC is representing the customer
  • Customer is a charity or non-profit organisation
  • Initial CDD (simplified CDD not appropriate) 
Low 
  • Doesn't meet high or medium-risk criteria. 
  • Customers who are not high or medium risk
  • Simplified CDD 

Learn more about these risk factors and other indicators of unusual or criminal behaviour in your risk assessment that you customised at step 1. 

Dealing with customers examples

Read our examples showing how this process works in practice for a low-, medium- and high-risk customer.

Customer forms 

At Step 1: Customise your jeweller program with the starter kit you tailored the relevant customer forms from our document library

Now that you’ve customised them to your business or integrated them into your existing processes, they can be used to:

  • engage a new customer
  • undertake initial customer due diligence
  • escalate significant issues
  • act on escalations
  • undertake ongoing monitoring throughout the customer relationship and keep information up-to-date.

Customer lifecycle 

These steps summarise how you’ll follow your program to deal with customers over the full customer lifecycle, from first contact through to the end of the business relationship. 

We refer to the relevant customer forms in italics to show when and how you use them when using your program.

  1. Identify the kind of customer  

When a customer seeks a service, you first identify the: 

  • kind of customer – if they’re an individual or an entity (such as a trust or body corporate)
  • type of service they want. 

This determines which onboarding form applies and what information must be collected. 

  1. Collect customer information 

Collect information about your customer in the onboarding form

The level of information required is based on the: 

  • kind of customer
  • nature of the service
  • ML/TF risk factors.
  1. Verify customer information 

Follow the steps in the relevant initial customer due diligence form to complete verification. 

This is to confirm the information you collected and that it can be relied on for AML/CTF purposes. It supports your assessment of customer risk and if you can provide the brokering service. 

  1. Identify and assess triggers 

Certain triggers may occur, such as: 

  • inconsistencies in information
  • unusual behaviour that may lead to a suspicious matter report (SMR)
  • higher-risk indicators identified in your risk assessment.

This can happen when first onboarding the customer or at any point during the relationship. 

Your policy explains how to assess these triggers and what checks are required. 

  1. Decide how to proceed 

Based on the outcome of your checks, you decide whether to: 

  • proceed with the service
  • apply additional controls
  • escalate concerns or submit a report to us
  • not provide the brokering service. 

This decision is guided by your policy and the controls in your risk assessment. 

  1. Provide the designated service 

You can generally only provide the service once:

  • required checks are complete
  • identified risks have been addressed in line with your program. 

You can delay completing the checks and addressing identified risks until a later time if you meet the delayed CDD criteria outlined in the initial customer due diligence form.  

  1. Ongoing customer due diligence 

During the business relationship, you continue to monitor the customer by: 

  • reviewing changes in behaviour or activity
  • responding to new triggers
  • updating customer information where required.

Ongoing due diligence ensures your controls remain appropriate as risk changes. 

  1. End of business relationship 

When the service ends, your program explains: 

  • what records you must keep
  • how long you must keep them
  • how they support future reviews and evaluations. 

Reporting to us

Follow your program which sets out when you must report to us and the timelines, including:

  • Suspicious matter reports: if you suspect a person isn’t who they claim to be, or you have information relevant to criminal activity. Due within 24 hours of forming the suspicion if it relates to terrorism financing, or 3 business days for other suspicions.
  • Threshold transaction reports: for transactions involving cash of $10,000 or more. Due within 10 business days after the date of the transaction.
  • Compliance reports: an annual report about how you met your obligations the previous calendar year.

You can also learn more about reporting to AUSTRAC.

It's important to note that, if a customer approaches you for a regulated transaction and you hold a suspicion that must be reported to us, you must make a suspicious matter report. 

This is even if you divert the person to an alternative method of payment to physical currency, such as a bank transfer. You should be careful in proceeding with the transaction in this way when you hold a suspicion, as accepting payment through alternative means could make you complicit in criminal conduct. 

Managing personnel

The personnel you assign to perform AML/CTF roles are critical to the effective operation of your AML/CTF program. 

Your program covers:

  • who can perform AML/CTF-related roles
  • how to conduct personnel due diligence to assess suitability and competence
  • initial and ongoing training.

The document library includes personnel forms you can use when appointing, reviewing or assessing people who perform AML/CTF-related roles.

These steps summarise how you’ll follow your program to manage your personnel:

  1. Before a person starts 

Before a person performs an AML/CTF-related role, you: 

  • conduct initial personnel due diligence
  • confirm they're suitable and eligible
  • provide role-appropriate AML/CTF training.

This ensures the person understands their responsibilities and can meet them. 

  1. While the person performs the role 

While a person remains in the role, you: 

  • conduct ongoing personnel due diligence
  • provide refresher or updated training as required
  • monitor performance against AML/CTF responsibilities. 

This helps make sure personnel remain suitable for the role, can meet their obligations and any gaps identified are addressed. 

  1. When issues occur 

Your program includes controls for responding to issues that might occur while a person is in an AML/CTF-related role. These controls help you confirm ongoing suitability and address capability gaps in a structured way. 

If you identify concerns, your personnel due diligence and training policies guide how to assess and document your actions. 

  1. When roles change or end 

When a person changes roles or leaves your business, your policy outlines when to: 

  • update and keep records
  • appoint another person to the role
  • update role-based controls and access. 

Next step

Go to step 3: Maintain your program.

The program starter kits are intended to be used as a complete package and have been designed for use by those reporting entities who satisfy certain suitability criteria. That suitability criteria is set out in the ‘Getting Started’ web page under the heading “Who the starter kit is for” in each program starter kit. In particular, those Tranche 2 entities who, from 1 July 2026, are for the first time subject to anti-money laundering and counter-terrorism financing legislation (AML/CTF).

The program starter kits have been designed for the purpose of providing practical guidance to those reporting entities to assist them to build their own AML/CTF programs. The program starter kits represent AUSTRAC’s interpretation and application of the law to the eligible reporting entities only and are not intended to represent an interpretation and application of the law in all circumstances. The program starter kits are not a substitute for legal advice about any reporting entity’s AML/CTF compliance obligations. Australian courts are ultimately responsible for interpreting the AML/CTF legislation and determining if any provision of these laws are contravened.

This guidance sets out how we interpret the Act, along with associated Rules and regulations. Australian courts are ultimately responsible for interpreting these laws and determining if any provisions of these laws are contravened. 

The examples and scenarios in this guidance are meant to help explain our interpretation of these laws. They’re not exhaustive or meant to cover every possible scenario.

This guidance provides general information and isn't a substitute for legal advice. This guidance avoids legal language wherever possible and it might include generalisations about the application of the law. Some provisions of the law referred to have exceptions or important qualifications. In most cases your particular circumstances must be taken into account when determining how the law applies to you.

Last updated: 29 Jan 2026
Page ID: 1499

Was this page helpful?

Please note that feedback you provide here will be used only for the purpose of improving our website. If you have a specific question about your AML/CTF obligations, please contact us.