AML/CTF reforms: New statutory requirements for AML/CTF compliance officers

by Alanah McAliece

From 31 March 2026, the amended Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Act) and the Anti-Money Laundering and Counter-Terrorism Financing Rules 2025 (Rules) impose explicit statutory requirements in relation to the AML/CTF compliance officer role.

For many reporting entities, the AML/CTF compliance officer has historically operated as a functional compliance contact. Under the reformed regime, the role carries defined eligibility criteria, governance expectations and operational responsibilities that require reassessment and formal documentation.

Mandatory designation and continuity

A reporting entity must designate an AML/CTF compliance officer at all times while it provides designated services. If the designated individual ceases to be eligible or is unable to perform the role, the reporting entity must promptly designate another eligible individual and notify AUSTRAC within the required timeframe. Ongoing continuity of the function is required.

Contingency arrangements, including reserve or acting appointments, should be clearly documented to support operational continuity.

Eligibility criteria

The AML/CTF compliance officer must:

  • be a fit and proper person;
  • operate at management level;
  • have sufficient authority, independence, access to resources and expertise to properly perform the role; and
  • be an Australian resident.

Existing appointments should be reviewed against these criteria. In particular, reporting entities should assess whether the individual:

  • has sufficient seniority within the organisation;
  • has direct access to the governing body; and
  • has the practical capacity to influence policy, escalation and remediation decisions, and to retain control over the content of reports provided to the governing body.

Outsourcing the function does not remove the obligation to ensure eligibility and authority requirements are satisfied, and the reporting entity remains responsible for ensuring the external compliance officer has the authority and resources to perform the role effectively.

Core responsibilities

The compliance officer is responsible for:

  • overseeing day-to-day compliance with AML/CTF obligations;
  • coordinating development, implementation and maintenance of the AML/CTF program;
  • overseeing the development, review and update of the ML/TF risk assessment;
  • acting as the primary point of contact with AUSTRAC; and
  • coordinating reporting, escalation and remediation activities.

The AML/CTF compliance officer must report to the governing body at least once every 12 months on AML/CTF compliance, including the entity’s compliance with its AML/CTF policies and the extent to which those policies appropriately manage and mitigate ML/TF risks.

The role is a governance and control function, not merely an administrative reporting position.

Relationship with the governing body

The compliance officer must have clear and documented reporting pathways to the governing body. Boards are required to exercise ongoing oversight of AML/CTF risk and compliance. The compliance officer will typically be the conduit for that oversight.

Reporting lines should evidence:

  • regular reporting to the Board;
  • escalation of material risk issues; and
  • communication of updates to the ML/TF risk assessment and AML/CTF policies.

Informal or unclear reporting structures may expose the entity to governance deficiencies.

Reporting group considerations

Where the reporting entity is part of a reporting group, an AML/CTF compliance officer of one member may also act for another member, provided the eligibility requirements are satisfied for each entity. Where this occurs, each entity must assess whether the individual remains fit and proper, including whether any conflict of interest or workload constraint creates a material risk that the individual will not act properly. Where group-wide AML/CTF policies are overseen by a lead entity, the AML/CTF compliance officer must have sufficient authority and access to information to effectively oversee compliance for the relevant member.

Temporary absence and alternate arrangements

The reporting entity must ensure that the functions of the AML/CTF compliance officer are fulfilled at all times. Where the designated AML/CTF compliance officer is temporarily absent, the entity must ensure that appropriate arrangements are in place to oversee and coordinate compliance during the period of absence. A temporary absence does not, of itself, require the formal designation of a replacement AML/CTF compliance officer, provided the functions of the role continue to be effectively discharged.

In determining whether the functions of the AML/CTF compliance officer continue to be met during a period of absence, the governing body should have regard to:

  • the length of the absence;
  • the effectiveness of arrangements established to oversee and coordinate compliance;
  • the effectiveness of arrangements for communication with AUSTRAC during the absence; and
  • the nature, size and complexity of the business.

If the absence becomes prolonged, or if the effectiveness of interim arrangements is in doubt, the entity should designate another eligible individual as AML/CTF compliance officer. Where possible, entities should identify additional eligible individuals who could be designated promptly if required.

Practical steps

Reporting entities should:

  • review the current appointment against eligibility criteria;
  • document a fit and proper assessment, including periodic reassessment;
  • confirm management level status and authority;
  • formalise reporting lines to the governing body;
  • document contingency arrangements; and
  • ensure the role is adequately resourced.

Early review of the compliance officer framework will reduce governance risk ahead of commencement.

For further information regarding AML/CTF compliance officer obligations and governance arrangements, please contact Chris Mee at cmee@cnmlegal.com.au or Alanah McAliece at amcaliece@cnmlegal.com.au, or call 07 3211 4010.