AML/CTF reforms: Governance and accountability under the new framework

by Alanah McAliece

Under the amended Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Act) and the Anti-Money Laundering and Counter-Terrorism Financing Rules 2025 (Rules), the reforms commencing 31 March 2026 embed governance and oversight obligations on reporting entities and require those obligations to be reflected in the AML/CTF program.

AML/CTF compliance can no longer operate solely as a standalone compliance function. The Act and Rules impose defined responsibilities on the governing body, senior managers and the AML/CTF compliance officer.

Governing body responsibilities

The governing body is responsible for ensuring the reporting entity takes reasonable steps to identify, assess, manage and mitigate money laundering and terrorism financing risks.

This includes ongoing oversight of:

  • the ML/TF risk assessment and any updates;
  • compliance with AML/CTF policies; and
  • the effectiveness of systems, controls and monitoring arrangements.

Governing bodies must take reasonable steps to ensure that AML/CTF obligations are being met. This requires active engagement, regular reporting and documented consideration of risk and compliance matters.

Senior manager obligations

One or more senior managers must be identified as responsible for approving:

  • the ML/TF risk assessment and any updates;
  • the AML/CTF policies and any updates;
  • entering into a reliance agreement with a third-party provider; and
  • commencement or continuation of designated services in specified high-risk circumstances, including where a foreign politically exposed person is involved.

These approvals must be given by a senior manager and cannot be treated as a purely administrative function.

AML/CTF compliance officer

Each reporting entity must designate an AML/CTF compliance officer who is fit and proper, at management level and resident in Australia.

The compliance officer must oversee and coordinate day-to-day compliance with the Act and Rules, provide reports to the governing body at least annually, and act as the primary contact with AUSTRAC.

The governing body must ensure the role is appropriately resourced, independent and has sufficient authority to discharge its functions.

To read more about the expanded role of the AML/CTF compliance officer, see our separate article here: AML/CTF reforms: New statutory requirement for AML/CTF compliance officers.

Governance in smaller businesses

In smaller businesses, including sole traders and micro businesses, one person may hold all three governance roles. While separate reporting between roles will not be required in those circumstances, the individual must still fulfil the obligations of each role and document key decisions and approvals.

Practical considerations

Governing bodies should ensure that:

  • AML/CTF risk and compliance are standing agenda items;
  • updates to the ML/TF risk assessment and AML/CTF policies are formally approved and recorded;
  • reporting from the AML/CTF compliance officer is documented and considered; and
  • transitional implementation plans are monitored and documented.

Early education and formalised oversight frameworks will assist reporting entities to demonstrate reasonable steps and sustained engagement ahead of commencement.

For further information about the reformed governance framework, please contact Chris Mee at cmee@cnmlegal.com.au or Alanah McAliece at amcaliece@cnmlegal.com.au, or call 07 3211 4010.

You might also like
AML/CTF reforms: What you need to know about the new reporting group framework
AML/CTF reforms: Is your program fit for the new framework?