Anti-Money Laundering and Counter-Terrorism Financing Act


    Anti-Money Laundering and Counter-Terrorism Financing Act

    The Australian AntiMoney Laundering and CounterTerrorism Financing Act 2006 (‘the AML/CFT Act’) provides for obligations and offences in relation to reporting entities which provide designated services. The Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No. 1) provide detail for the broader obligations set out in the AML/CTF Act. 

    Last Updated: July 30, 2019

  • Requirements

    The AML/CFT Act imposes several obligations on ‘reporting entities’, which are financial institutions which provide designated services. 

    According to guidance released by the Australian Transaction Reports and Analysis Centre (‘AUSTRAC’) AML/CFT Act, reporting entities must: 

    • implement an AML/CFT programme, which specifies how the reporting entity complies with the AML/CFT act. The programme must be a written document showing how it identifies, mitigates and manages the risk of products or services being used for money laundering or terrorism financing, and must be appropriate to the level of risk the business or organisation may reasonably face; 
    • undertake an AML/CFT risk assessment; 
    • appoint an AML/CFT compliance officer; 
    • implement an employee due diligence programme; 
    • carry out a procedure to verify a customers identity before providing a designated service to the customer; and 
    • keep full and accurate records regarding customer transactions, customer identification procedures, and the reporting entity’s AML/CFT programme.

    In addition, under Part 8 of the AML/CFT Act, a financial institution must not enter into a correspondent banking relationship with: 

    • a shell bank; or 
    • another financial institution that has a correspondent banking relationship with a shell bank. 

    Before a financial institution enters into a correspondent banking relationship with another financial institution, the financial institution must carry out a due diligence assessment. 

    If a financial institution has entered into a correspondent banking relationship with another financial institution, the financial institution must carry out regular due diligence assessments. 

  • How OneTrust Helps

    OneTrust Vendorpedia simplifies third-party risk management by combining automation with aggregated vendor research to streamline the vendor engagement lifecycle, from onboarding to offboarding. The platform helps organizations conduct faster and more in-depth security and privacy reviews. 

    Vendorpedia is backed by the world’s largest and most up-to-date database of privacy and security laws, frameworks, and standards, which directly power and enrich OneTrustVendorpedia. Research is generated by 30 in-house security and privacy experts and a network of 500 lawyers across 300 jurisdictions. 

    For additional details on Vendorpedia, read more here. 

Want to learn more? Login to the full DataGuidance platform.

About OneTrust

OneTrust is the #1 most widely used privacy, security and third-party risk technology platform trusted by more than 3,000 companies to comply with the CCPA, GDPR, ISO27001 and hundreds of the world’s privacy and security laws. OneTrust's three primary offerings include OneTrust Privacy Management Software, OneTrust PreferenceChoice™ consent and preference management software, and OneTrust Vendorpedia™ third-party risk management software and vendor risk exchange. To learn more, visit or connect on LinkedIn, Twitter and Facebook.