Thousands of Australian reporting entities have deployed compliance software and assumed the job is done. It is not. Technology without expertise is not compliance — it is liability dressed up as a dashboard.
Compliance software vendors are exceptionally good at one thing: making compliance look like a product you can purchase. The gap between a system being live and your obligations being met is where enforcement actions are born.
Buying a fire extinguisher is not a fire safety program. Neither is buying compliance software. Without trained people and tested procedures, the tool is useless when it matters most.
A hospital full of equipment with no doctors is not healthcare. Compliance software without expert oversight is exactly the same — impressive infrastructure, zero professional judgement.
No court would accept "I used a legal drafting tool" as a defence for a defective contract. AUSTRAC takes the same view of compliance platforms used without professional guidance.
Not sure where your compliance gaps are?We offer a plain-language gap assessment — fast, practical, and fixed-scope.
Request a Gap AssessmentThe AML/CTF Act 2006 and AML/CTF Rules 2025 impose specific, context-sensitive obligations. AUSTRAC does not audit your software — it audits your program, your decisions, and your governance.
Written AML/CTF ProgramApproved by senior management. Tailored to your specific business — not a template.
ML/TF Risk AssessmentMust precede your program. Covers your customer types, products, channels, and jurisdictions — done by analysis, not algorithm.
Customer Due DiligenceIdentity verification, beneficial ownership, PEP screening, and enhanced due diligence — applied with judgement, not just ticked boxes.
Ongoing Transaction MonitoringAlerts must be reviewed, investigated, and documented — by a person who understands what they are looking at.
Suspicious Matter ReportsA professional judgement call — not a software output. SMRs filed incorrectly or late carry serious consequences.
Independent Program ReviewA legal obligation — and it must be genuinely independent. An internal review using your own software does not satisfy this requirement.
Staff TrainingBefore staff commence relevant duties — and periodically thereafter. Software cannot train your people.
Governance & AccountabilitySenior management must own the program. AUSTRAC holds people accountable — not platforms.
Not sure if your program meets these requirements?We'll review your existing documentation and tell you exactly where the gaps are.
Book a Program ReviewCompliance technology serves a genuine function. The problem is the assumption that it does more than it actually does. Here is the honest picture.
Each of the three core software functions requires a qualified compliance professional to make it count.
Software flags unusual transactions against thresholds. That is where its role ends. An alert is not a finding — it is a question asking is this suspicious?
A compliance expert analyses the customer's full risk profile, reviews transaction history, assesses context, and makes a documented, defensible decision. Unreviewed alerts accumulating in a queue are a liability — not a compliance program.
Screening tools flag name matches regardless of context. In high-volume environments, false positive rates routinely exceed 95%. Every hit requires a human decision: clear, escalate, or report.
AUSTRAC expects documented, reasoned decisions on every sanctions hit — not just a cleared status. An expert provides the judgement to distinguish a false positive from a genuine concern and records it defensibly.
Case management software routes tasks, assigns owners, and tracks deadlines. It cannot assess whether underlying facts constitute suspicious activity or draft a defensible investigation narrative.
Expert case management means owning the investigation — the analysis, reasoning, regulatory judgement, and documented outcome. Only a qualified compliance professional can deliver this.
Is your team equipped to review, analyse, and document compliance decisions?We provide expert oversight across monitoring, screening, and case management — on a flexible engagement basis.
📞 Talk to an ExpertMany compliance platforms offer auto-generated AML/CTF programs and risk assessments. These documents are created without any analysis of your actual business — and they do not satisfy the AML/CTF Act.
AUSTRAC explicitly requires your AML/CTF Program to reflect the nature, size, and complexity of your specific business. A bakery in Ballarat and a mortgage broker in Brisbane have entirely different ML/TF risk profiles — yet a template program treats them identically. Worse, if AUSTRAC examines your program and finds it does not reflect your actual operations, you are exposed to the same enforcement consequences as having no program at all.
| Legal Requirement | Template / Auto-Generated Program | Expert-Developed Program |
|---|---|---|
| Business-specific ML/TF risk assessment | ✘ Generic placeholder. Not based on your customer types, products, or channels. | ✔ Conducted through structured analysis of your actual business model. |
| Reflects operational reality | ✘ Describes a hypothetical business — not yours. Operational alignment not tested. | ✔ Developed through direct engagement with your team and processes. |
| Senior management approval | ✘ Approval of a document your management has not substantively reviewed. | ✔ Program built for senior management to understand, own, and approve genuinely. |
| Risk-based approach | ✘ Controls are generic — not calibrated to your actual risk exposure. | ✔ Controls proportionate to your assessed risk profile — not a default configuration. |
| Defensible under AUSTRAC audit | ✘ Cannot be explained or defended because it was not designed for your business. | ✔ Every control and procedure has a documented rationale anchored to your risk assessment. |
| Keeps pace with regulatory change | ✘ Updates depend on vendor release cycles — not your compliance obligations. | ✔ Expert review cycle ensures your program reflects current law and AUSTRAC guidance. |
"A program that sits in a drawer — untested, untailored, and unowned — is not a compliant program. It is a document."
— AUSTRAC Enforcement Focus, Program Alignment
Do you have a template program that hasn't been reviewed against your actual business?We'll assess it, identify the gaps, and help you build something defensible.
Review My ProgramAUSTRAC requires proportionate controls. Not every business needs a compliance platform. The architecture should fit the risk — not the other way around.
Low transaction volumes, limited product types, and a straightforward customer base. AUSTRAC mandates proportionate controls — not platforms. A well-designed manual compliance program built by an expert is often more defensible than a misconfigured system.
Many mid-tier businesses already operate CRMs, banking platforms, or ERPs. Compliance functionality can often be built into or layered onto existing infrastructure — avoiding data duplication and keeping compliance embedded in the operational workflow.
Larger entities with dedicated compliance platforms still need expert oversight to configure, calibrate, and operate them correctly. Technology scales the process. Expertise governs the outcome. Both are required.
For businesses with functioning core systems — CRMs, banking platforms, ERPs — a standalone compliance platform does not simplify your architecture. It often fragments it.
Customer records maintained in two separate systems with no single source of truth. Every update must be made twice — and often isn't. Audit risk grows with every discrepancy.
Discrepancies between your compliance system and your business system surface under AUSTRAC audit at precisely the wrong moment — when you need to demonstrate control, not confusion.
Staff toggling between systems increases error rates, reduces accountability, and creates gaps in the audit trail that cannot easily be explained to a regulator.
Costly, ongoing technical effort to keep two systems synchronised. Effort that grows with every system update, regulatory change, or staff turnover.
A compliance system that looks complete and current on screen — but is actually reflecting stale or mismatched data from an out-of-sync source system.
Platform licensing, implementation, training, and ongoing maintenance — none of which guarantees you are actually compliant. Cost and compliance are not the same thing.
Not sure what your compliance architecture should look like?We assess your existing systems and design a right-sized solution — before you spend on software you may not need.
Get an Architecture AssessmentRemove any one of these and your compliance program has a structural gap. Gaps are what enforcement actions are built on.
The right tools, correctly configured and proportionate to your business scale and risk profile. Technology that fits — not technology that was sold to you.
A documented, bespoke AML/CTF Program. Board-level accountability. A risk assessment that reflects your actual operating environment — not a template.
Qualified human judgement applied to every alert, every case, every regulatory change, and every audit response. This is what compliance actually looks like.
AUSTRAC has demonstrated a clear and consistent willingness to pursue enforcement action against entities of every size. The question is not whether they will — it is whether you will be ready.
Beyond financial penalties: regulatory remediation requirements that consume significant management time, reputational damage affecting customer and counterparty relationships, mandatory enforceable undertakings, and in serious cases — suspension or cancellation of your licence to operate. With Tranche 2 reforms now in effect, AUSTRAC's supervisory attention is expanding to entirely new sectors. Entities that treated software procurement as a compliance solution are precisely those the expanded enforcement program is designed to address.
Are you confident your program would withstand AUSTRAC scrutiny today?An independent review is both a legal obligation and your first line of defence.
Book an Independent ReviewWe combine CAMS-certified specialist knowledge with plain-language guidance — so your compliance program works in the real world, not just on paper.
CAMS (Certified Anti-Money Laundering Specialist) is the global professional standard for AML/CTF practice. It represents not just knowledge of the rules, but the analytical capability to apply them to real-world complexity.
We know what AUSTRAC looks for in an enforcement context. Our programs and reviews are built to withstand scrutiny — because a compliant program shouldn't just look good, it should hold up when it counts.
A one-person accountancy practice has very different needs to a mid-size law firm. We tailor every engagement to your actual business — not a hypothetical version of it. No templates. No placeholders.
Every engagement produces written deliverables — programs, assessments, reports — that you can implement, present to your board, and rely on in a regulatory context. No vague recommendations.
From solo practitioners newly caught by Tranche 2 reforms to established financial services providers — we work with businesses of every size and complexity across all regulated sectors.
We quote clearly before we start. Whether it's a standalone review or full program development, you'll know exactly what you're getting and what it costs — no billing surprises.
The right compliance architecture starts with the right expertise. Whether you need a program built from scratch, an independent review, or expert oversight of your existing systems — we are ready to help.
Compliance program reviews · AML/CTF architecture · AUSTRAC audit support · Tranche 1 & 2 obligations