AUSTRAC Free Starter Kits: How Did They Rate?

AUSTRAC released free starter program kits for five Tranche 2 sectors in January 2026. We ran them against the mandatory requirements in the AML/CTF Act 2006 (future law compilation) (s 26C, s 26F) and AML/CTF Rules 2025. Here is our assessment.

Overall, the kits rate well - a solid foundation with notable gaps in reporting groups, CDD sharing and outsourcing, jurisdictional coverage, implementation burden and legislative referencing.

AUSTRAC CEO Brendan Thomas said the release of the kits marked a key point in the implementation of the anti-money laundering reforms. "AUSTRAC's program starter kits mark the first time that an anti-money laundering regulator anywhere in the world has provided this level of practical support to business".

Important Context

The AUSTRAC starter kits are designed for smaller reporting entities with 15 or fewer personnel. They are a starting point, not a finished compliance program. AUSTRAC states they must be customised for your circumstances.

This assessment is not a criticism of AUSTRAC. It is a factual review of what is and is not covered, measured against the statutory requirements in the Act and Rules.

The Assessment Framework

We assessed each kit against nine categories derived directly from the AML/CTF Act and AML/CTF Rules 2025. These are not optional extras. They are mandatory requirements for reporting entities:

• 1. ML/TF Risk Assessment (s 26C)
• 2. AML/CTF Policies (s 26F)
• 3. Governance (s 26F(4))
• 4. Personnel & Training (Rule 5-8, 5-9)
• 5. Independent Evaluation (Rule 5-10)
• 6. Customer Due Diligence (Part 2 Act)
• 7. Reporting (Part 3 Act)
• 8. Record Keeping (Part 10 Act)
• 9. Reporting Groups (s 26F(5)-(6))

Summary

Across 45 audit items assessed against the Act and Rules:

• 25 Included - fully addressed in the kits
• 12 Partial - referenced but incomplete or lacking process detail
• 8 Missing - not addressed at all

Notable Concerns

Beyond the category-by-category assessment below, we identified several broader concerns with the kits.

Jurisdiction Risk Methodology - Vague Fallback

The kits use a three-step jurisdiction risk methodology: Step 1 uses the Basel AML Index as a baseline rating, Step 2 checks FATF high-risk lists and DFAT sanctions (overriding the Basel rating if a country appears on either list) and Step 3 provides a fallback for countries not covered by any of these sources. This means sanctioned countries like Russia are properly caught by the DFAT override even though Basel does not cover them. However, the fallback for countries that do not appear on Basel, FATF or DFAT is vague, directing users only to "consider the materials underpinning the Basel Index methodology" without further detail on how to assign a risk rating. This leaves a gap for less well-known jurisdictions where none of the three sources provide coverage.

Escalation Procedures - Overreach?

The kits include detailed escalation forms and registers. The AML/CTF Act and Rules 2025 do not use the word "escalation". Rule 5-7 requires AML/CTF compliance officers to report to the governing body at least annually on compliance and risk management, but this obligation does not apply where the compliance officer and the governing body are the same person (Rule 5-7(3)). The kit escalation procedures - including formal escalation registers and mandatory second-reviewer sign-offs - go well beyond this reporting requirement and add administrative overhead that is not prescribed by the legislation, particularly for smaller practices.

Missing LPP Form for Lawyers

The Legal Professionals kit does not include the Legal Professional Privilege (LPP) notification form required under s 242 of the Act. This is a mandatory reporting document for lawyers claiming privilege over information that would otherwise be reportable. Its absence from a kit specifically designed for legal professionals is a notable oversight.

Ease of Implementation

The kits are static Word documents requiring manual customisation, filing and tracking. There is no digital workflow, no automation and no version control. For a reporting entity starting from scratch, the implementation burden is significant. Every document must be individually downloaded, edited, saved and stored, with no mechanism to track completion, flag overdue reviews or maintain an audit trail of changes.

Legislative References

The kits do not cite specific provisions of the AML/CTF Act 2006 or AML/CTF Rules 2025 against each requirement or form. Without section references, a reporting entity cannot easily verify what statutory obligation a particular document is intended to satisfy or confirm whether their customised version still meets the legislative standard. This makes independent verification and audit preparation considerably harder.

Full Assessment

The tables below show each requirement we assessed, whether it is included in the AUSTRAC kits and what is missing or incomplete.

1. ML/TF Risk Assessment

2. AML/CTF Policies

3. Governance

4. Personnel & Training

5. Independent Evaluation

6. Customer Due Diligence

7. Reporting

8. Record Keeping

9. Reporting Groups

Sector-Specific Issues

Beyond the general assessment above, each sector kit has unique issues worth noting.

Conveyancing

• References Table 5 (Real Estate) when conveyancers fall under Table 6 (Professional Services).
• Missing Item 3: holding or managing client funds via trust accounts, which is a routine conveyancing activity.
• Missing Item 6: trusts, which conveyancers regularly encounter in property transactions.

Legal Professionals

• Missing the LPP notification form (s 242), a mandatory reporting document for lawyers claiming privilege.
• Limited coverage of Table 6 Items 4 (company formation), 5 (shelf companies), 7 (nominee director), 8 (nominee shareholder) and 9 (registered office).

Precious Product Dealers

• Kit focused narrowly on jewellers. Does not address other businesses in the precious products sector such as opal dealers, bullion dealers, pawnbrokers, cash converters or scrap metal dealers.
• No coverage of the broader "precious products" definition under s 5A(6), which captures any item made from, containing or having precious metals or stones attached.

Real Estate Agents

• No coverage of property developers, who have separate obligations.
• TTR effectiveness testing included despite cash transactions being rare in real estate.

Accounting Professionals

• TTR effectiveness testing included, though most accounting practices rarely handle $10,000+ in physical currency.
• Limited coverage of designated service triggers beyond basic Table 6 Item 1.

The Manual Setup Problem

Even where the kits do cover a requirement, every document is a static Word file. That means:

• Every form must be manually customised, saved, filed and tracked
• No version control or document audit trail
• No automated reminders for periodic reviews or training renewals
• Designed for businesses with fewer than 15 staff
• Ongoing maintenance burden: estimated 100+ hours per year for manual compliance management

What the Kits Do Well

To be fair, the AUSTRAC starter kits provide a legitimate free starting point. Several areas are well covered:

• Good CDD form coverage across entity types (individual, body corporate, trust, government)
• Effectiveness testing forms are comprehensive
• Personnel due diligence forms cover sole practitioner scenarios
• Getting started guides are helpful for orientation

Conclusion

The kits are a starting point, not a complete AML/CTF program. They must be reviewed and customised for your specific circumstances and designated services.

8 mandatory requirements from the Act and Rules are not addressed at all. A further 12 are only partially covered. Businesses with reporting groups, international dealings or higher-risk profiles will need additional documentation beyond what the kits provide.

If you are a Tranche 2 reporting entity preparing for your AML/CTF obligations, we recommend using the free AUSTRAC kits as a reference point, but engaging professional advice to ensure your program meets the full requirements of the Act and Rules. Our AML/CTF practice can assist with program development, gap analysis and independent evaluations.

The AUSTRAC free starter kits can be downloaded from AUSTRAC's website.

This article is for general information purposes only and does not constitute legal advice. You should seek professional advice tailored to your specific circumstances before acting on any information in this article. Liability limited by a scheme approved under Professional Standards Legislation.