If Yes

Do you believe you have a legal exemption from submitting a compliance report? (Yes or No)

If Yes

On what basis do you believe this? (Maximum 500 characters)

If you did not offer designated services (you will only be presented with the Your feedback and Review and submit sections of the form):

Are you sure?

You have been enrolled as providing designated services during this period.

• If you offered any designated services during the reporting period, you must change the answer that you provided above.
• If you have stopped providing designated services and do not expect to provide designated services again, you must request removal from the Reporting Entities Roll in addition to completing this form.
• If you have stopped providing designated services but are likely to provide designated services again in the future, you do not need to request removal from the Reporting Entities Roll. However, AUSTRAC may be in touch with you to understand your plans to recommence providing designated services.

Digital currency exchange services

Providing a digital currency exchange service means exchanging money (whether Australian or foreign currency) for digital currency, or exchanging digital currency for money.

Does your business offer any of the following products and/or services? (Select all that apply)

• Stable coins
• Privacy coins
• Non-fungible tokens
• Initial coin offering (ICO) tokens
• Cryptocurrency ATM and/or kiosk
• Retail exchange
• Instant exchange
• Peer to peer exchange
• Over the counter (OTC) brokerage
• Crypto payment provider
• Decentralised finance (DeFi) lending

What did you use these blockchain technologies for? (Select all that apply)

• Transaction monitoring
• Additional information as part of identifying and risk rating customers
• Additional investigation which may feed into SMR reporting
• Other (What other purpose did you use these blockchain technologies for?) (maximum 200 characters)

De-banking

De-banking means a situation in which a financial institution withdraws banking services to a business. AUSTRAC understands there is industry-wide concern due to the risk of de-banking. Information provided under this question will only be used to help AUSTRAC establish a picture of the extent of this concern.

If Yes

Please specify the nature of the merger/acquisition. (Maximum 500 characters)

Employee

A person who is employed and paid through wages or salary or under contract.

Key personnel

For remitters and digital currency exchange providers – key personnel means beneficial owner(s), director(s), AML/CTF compliance officer or any other individuals who have the ability to influence business decisions over the entity’s finances and operations.

For all other enrolled entities that DO NOT provide either remittance or digital currency exchange services – key personnel means the AML/CTF compliance officer.

How did you provide designated services in 2024? (Select all that apply)

• ATM
• IDM
• Electronic gaming machines
• Email
• Face to face
• Fax
• Mobile application
• Remittance platform
• Self-service gambling terminal
• Telephone
• Website
• Video conferencing
• Broker
• Mail
• Trading platform
• Online banking
• Wallet
• Non-ADI Agent (Newsagency or Post Office)
• Additional method(s)
• None

Designated services

IDM

Intelligent Deposit Machine, a type of advanced ATM that offers self-service transaction facilities which credits cash and cheque deposits to recipient accounts.

Mobile application

Is software, often called an 'app', designed to run on a mobile device, such as a smartphone or tablet.

Remittance platform

A system that enables funds transfers for remittance purposes.

If you are a remittance network provider, whose affiliates conduct transactions using your remittance platforms, you MUST select this option.

Self-service gambling terminal

A terminal at which customers can credit or withdraw from an account or place a bet or wager. Self-service gambling terminal does NOT include an electronic gaming machine.

Additional method(s)

Select this option if you provided designated service(s) using methods other than, or in addition to, those that are listed.

If you enter more than one 'Additional method', please separate them with a comma.

Were any of the above delivery methods introduced in 2024? 

• ATM
• IDM
• Electronic gaming machines
• Email
• Face to face
• Fax
• Mobile application
• Remittance platform
• Self-service gambling terminal
• Telephone
• Website
• Video conferencing
• Broker
• Mail
• Trading platform
• Online banking
• Wallet
• Non-ADI Agent (Newsagency or Post Office)
• Additional method(s)
• None

Delivery methods

Channels through which your business provides or delivers the designated services.

If No

Why did your business not conduct an ML/TF risk assessment for the new delivery method? (Maximum 500 characters)

Outsourcing

Did your business outsource any of the following AML/CTF functions in 2024? (Select all that apply)

• Customer identification
• AML/CTF program development
• Transaction monitoring
• Transaction reporting
• Enhanced customer due diligence
• AML/CTF training
• None

Outsourcing AML/CTF compliance functions

For the purposes of the Compliance Report, ‘Outsourcing’ is considered to be:

Entering into an agreement with a third party to undertake aspects of the AML/CTF program on your behalf.

• Includes using any overseas businesses, even if this business is related to your business.
• Excludes using a domestic business that is related to your business.
• Excludes use of third party software applications and lists.

Customer identification

Program development

Transaction monitoring

Transaction reporting

Have you confirmed that your outsourced functions are tailored to your business and its ML/TF risks? (Yes or No) 

Please see AUSTRAC’s guidance on Engaging AML/CTF advisors.

AML/CTF program

Sole trader or individual

If your business operates as a sole trader or an individual, you are still required to have an AML/CTF program.

If No

Explain why you do not have an AML/CTF program (Maximum 500 characters)?

AML/CTF program

Explain why you do not have an AML/CTF program.

AML/CTF program approval

Approved program

Approved means adoption of the initial program or approval of changes to your program by your board, senior management or equivalent.

Sole Trader

If your business operates as a sole trader or an individual, then the sole trader or individual will need to approve the program.

Governing Board

If your business does not have a governing board, then your senior management will need to approve the program.

What prompted these changes? (Select all that apply)

• AUSTRAC compliance assessment
• AUSTRAC enforcement action
• AUSTRAC engagement, feedback or guidance
• Change of AML/CTF Compliance Officer
• Changes to your ML/TF risk assessment
• Newly identified risks
• New designated service
• New technology or delivery method
• Regular scheduled review
• Internal review of systems or procedures
• Advice from industry body
• Advice from external consultant or service provider
• Media reports
• Independent review
• Changes to legislation
• Changes to designated business group
• Changes to management or ownership
• Additional reason(s) for changes (please specify) (Maximum 200 characters)

Changes to AML/CTF Program

The events that prompted changes to the program may have occurred outside of the reporting period.

Media Reports

Reports include, but are not limited to, newspaper articles, news websites, social media.

Additional reason(s)

Select this option if you have reasons other than, or in addition to, the reasons that are listed.

If you enter more than one ‘Additional reason’, please separate them with a comma.

When was Part A of your AML/CTF program most recently independently reviewed? (Maximum 20 characters)

Please see AUSTRAC's guidance on Engaging AML/CTF advisors

Why has Part A of your program not been independently reviewed? (optional)

Enter reason below (Maximum 500 characters)

How often does your AML/CTF program state that your Part A AML/CTF program must be independently reviewed?

Tick the most appropriate option.

• Annually
• Every two years
• Every three years
• Less frequently than every three years
• Program review is based on the triggering of an event (i.e. change in business structure)
• Program does not specify frequency of independent reviews
• Other (please specify) (Maximum 80 characters)

What prompted this review? (Select all that apply)

• AUSTRAC compliance assessment
• AUSTRAC enforcement action
• AUSTRAC engagement, feedback or guidance
• Change of AML/CTF Compliance Officer
• Changes to your ML/TF risk assessment
• Newly identified risks
• New designated service
• New technology or delivery method
• Regular scheduled review
• Internal review of systems or procedures
• Advice from industry body
• Advice form external consultant or service provider
• Media reports
• Independent review
• Changes to legislation
• Changes to the designated business group
• Changes to management or ownership
• Additional reason(s) for the independent review 

Reasons for review

The events that prompted this review. These may have occurred outside of the reporting period.

Media Reports

Reports include, but are not limited to, newspaper articles, news websites, social media.

Additional reason(s)

Select this option if you have reasons other than, or in addition to, the reasons that are listed.

If you enter more than one ‘Additional reason’, please separate them with a comma.

How was the independent review conducted?

• Internally
• Externally
• Combination

Service provider type

• Accountant
• Lawyer
• Auditor
• Consultant
• Other (Please specify) (Maximum 80 characters)

Service provider name

Legal business name of the provider (Maximum 100 characters)

Did you report internally to the Board or Senior Management on any of the following matters in 2024? (Select all that apply)

• AML/CTF risk awareness training statistics
• AUSTRAC engagement, feedback, or guidance
• Changes to ML/TF risk assessment
• Independent review or remediation
• Newly identified risks
• Performance of outsourced functions
• Staff compliance or non-compliance with AML/CTF program or policies
• Transaction monitoring information
• Internal AML/CTF statistics
• AML/CTF uplift activities
• Other matter(s) (please specify) (Maximum 200 characters)
• Did not report internally to the Board or Senior Management regarding above matters in 2024

Reporting internally 

Means informing your board, senior management or equivalent through a recorded notification (e.g. email, written brief, attendance at a minuted meeting.)

Other matter(s)

Select this option if you reported on any other matter(s) other than, or in addition to, the matters that are listed.

If you enter more than one ‘Other matter’, please separate them with a comma.

ML/TF

ML/TF means money laundering and terrorism financing.

What prompted this risk assessment? (Select all that apply)

• AUSTRAC compliance assessment
• AUSTRAC enforcement action
• AUSTRAC engagement, feedback, or guidance
• Change of AML/CTF Compliance Officer
• Newly identified risks
• New designated service
• New technology or delivery method
• Regular scheduled review
• New risk assessment methodology
• Advice from industry body
• Advice from external consultant or service provider
• Media reports
• Independent review
• Changes to legislation
• Additional reason(s) for risk assessment (Please specify) (Maximum 200 characters)

Reasons for risk assessment

Media Reports

Reports include, but are not limited to newspaper articles, news websites, and social media.

Additional reason(s)

Select this option if you had reason(s) other than, or in addition to, the reasons that are listed.

If you enter more than one 'Additional reason', please separate them with a comma.

Assessment

What employee checks do you conduct? (Select all that apply)

• Check licensing
• Open source searches
• Police checks
• Other qualification checks
• Reference checks
• Sanction and PEP checks
• Social media review
• News and media
• Bankruptcy checks
• Credit checks
• ASIC banned and disqualified person checks
• Identification checks
• Additional check(s) (please specify) (Maximum 200 characters)

Employee check

Third party providers

You have also conducted a check if you use a third party provider for employee due diligence. Select the checks that they undertake on your behalf.

Open source searches

Information searches using publicly available sources on the internet.

PEP

A PEP is a politically exposed person.

Social media review

Information searches on social network online platforms.

Additional check(s)

Select this option if you conducted checks other than, or in addition to, those that are listed.

If you enter more than one ‘Additional check’, please separate them with a comma.

AML/CTF training

What AML/CTF training did you provide? (Select all that apply)

• Training for new employees
• Regularly scheduled refresher training
• Training on request
• ACAMS (Supported the funding of and enrolment in any certification or course)
• Role specific training
• Additional training (Please specify) (Maximum 200 characters)

AML/CTF training type

Additional training

Select this option if you provided training other than, or in addition to, the types that are listed. If you enter more than one ‘Additional training’, please separate them with a comma.

Updates to AML/CTF training program

Includes changes to the content of training, the way in which training was delivered, who it was delivered to, or how frequently it was delivered.

What prompted this update? (Select all that apply)

• AUSTRAC compliance assessment
• AUSTRAC enforcement action
• AUSTRAC feedback & guidance
• Changes to your ML/TF risk assessment
• New designated service
• Newly identified risks
• Internal review of systems or procedures
• New technology or delivery methods
• Advice from industry body
• Advice from external consultant or service provider
• Media reports
• Independent review
• Changes to legislation
• Additional reason(s) for update (Please specify) (Maximum 200 characters)

Updates to AML/CTF training program

Includes changes to the content of training, the way in which training was delivered, who it was delivered to, or how frequently it was delivered.

Media Reports

Reports include, but are not limited to newspaper articles, news websites, and social media.

Additional reason(s)

Select this option if you had reason(s) other than, or in addition to, the reasons that are listed.

If you enter more than one 'Additional reason', please separate them with a comma.

Customers

Approximately how many customers/members do you have?

• 1-100
• 101-1,000
• 1,001-10,000
• 10,001-100,000
• 100,001-1 million
• More than 1 million

What are your customer types? (Select all that apply)

• Individual
• Company
• Trustee
• Partnership
• Association
• Registered co-operative
• Government body

Customer types

These are the types of customers that you provide designated services to.

Customer verification

What customers did your organisation use alternative identification procedures to identify?

Select all that apply

• Aboriginal and Torres Strait Islander peoples 
• People and businesses affected by natural disasters such as floods or bushfires 
• People affected by family and domestic violence 
• People experiencing periods of homelessness 
• People who are or have recently been in prison 
• Refugees, asylum seekers and recent migrants to Australia (including people from culturally and linguistically diverse backgrounds) 
• Intersex, transgender and gender diverse people 
• People living in remote areas 
• People who have difficulty providing identification due to health or ageing-related reasons 
• Other/s (Please specify) (Maximum 200 characters)

What alternative types of identification does your organisation accept? (Select all that apply)

• Referee statements 
• Government correspondence 
• A community ID or indigenous organisation membership card (for Aboriginal and Torres Strait Islander peoples) 
• A customer’s self-attestation (statement) of their identity 
• Other/s

Risk assessment

How many of your customers are high risk or above?

Number of customers (Maximum 6 characters)

High risk customer

You are required to assess what you consider to be a high risk customer relationship within your business. This assessment should be set out in your AML/CTF program. Factors that you should take into account include:

• The legal structure of your customer (i.e. individual, company, trustee)
• The beneficial owners of your customer (if applicable)
• Whether your customer is a politically exposed person
• The source of funds and wealth of your customer
• The nature and purpose of the business relationship with your customers
• The control structure of your non-individual customers
• The types of designated services that you provide
• The methods by which you provide designated services
• The foreign jurisdictions with which you deal.

Politically Exposed Persons (PEPs)

When your business uses a broader PEP definition than that prescribed by the AML/CTF Act, you may choose to answer based on that definition.

How did you identify PEPs? (Select all that apply)

• Media review
• Open source searches
• Commercial or external database
• Sanctions list
• Self-certification or declaration by customer
• Additional identification method(s) (Please specify) (Maximum 200 characters)

Politically Exposed Persons (PEPs) identification

When your business uses a broader PEP definition than that prescribed by the AML/CTF Act, you may choose to answer based on that definition.

Open source searches

Information searches using publicly available sources on internet.

Commercial database

A database of information developed and maintained by a commercial entity and made available to customers. This is the information for which you are likely to pay or subscribe for.

Additional method(s)

Select this option if you identify PEPs using methods other than, or in addition to, the methods that are listed.

If you enter more than one 'Additional identification method', please separate them with a comma.

A Broker is a person that facilitates transactions (including provision of information) between parties.

This includes instances where a reporting entity, for example a financial institution provides designated services to a customer who may first be introduced to the financial institution through a broker (for example, finance/mortgage broker).

This question is seeking to understand whether the reporting entity obtains applicable customer identification information that may have originally been obtained by the broker in the course of their engagement with a customer.

Unusual or potentially suspicious activity

How did your staff report unusual or potentially suspicious activity? (Select all that apply)

• Email (internal)
• Online form (internal)
• Paper form (internal)
• Verbal conversation (internal)
• Submit SMR to AUSTRAC (external)
• Additional reporting methods (internal)
• Additional reporting methods (external) 
• Staff did not identify and report any unusual or potentially suspicious activity in 2024

Reporting of unusual or suspicious activity

Unusual or potentially suspicious activity means any circumstances where you suspect that a person or transaction may be linked to a crime. This includes where you reasonably suspect that a person is committing a crime, is not who they claim to be, or could be a victim of a crime.

You or your staff may report unusual or potentially suspicious activity by escalating the matter to a specified person or area within your business or by submitting a suspicious matter report (SMR) directly to AUSTRAC.

Internal

Reporting processes within your business.

External

Reports to, and engagement with, AUSTRAC.

Online form

A digital form that is accessible and editable online.

SMR

SMR means suspicious matter report.

Additional method(s)

Select this option if you report methods other than, or in addition to, the methods that are listed.

If you enter more than one 'Additional method', please separate them with a comma.

Transaction Monitoring Program (TMP)

Is your TMP manual, automated or both?

• Manual
• Automated
• Both

Transaction Monitoring Program (TMP)

Manual

Transactions are added to a spreadsheet, or ledger, and manually reviewed for any potential anomalies, outliers or unusual activity.

Automated

A series of predefined rules built into a software program or system. The rules are then run over your transaction data and alerts generate whenever a transaction 'hits' on a rule.

Transaction Monitoring Program (TMP) rules

TMP rules

Any rules, logic or thresholds that are used to identify unusual or potentially suspicious transaction activity.

What prompted you to review your TMP rules? (Select all that apply)

• AUSTRAC compliance assessment
• AUSTRAC enforcement action
• AUSTRAC feedback & guidance
• Newly identified risks
• New designated service
• New technology or delivery method
• Regular scheduled review
• Change of AML/CTF Compliance Officer
• Changes to your ML/TF risk assessment
• High ratio of false positives
• Advice from industry body
• Advice from external consultant or service provider
• Media reports
• Independent review
• Changes to legislation
• Changes to product offerings
• Changes to management of ownership
• Internal audit
• Additional reason(s) for review (Please specify) (Maximum 200 characters)

Review of TMP rules

High ratio of false-positives

A significant proportion of the matters identified through a particular rule or threshold are deemed not to be suspicious.

Media reports

Reports include, but are not limited to, newspaper articles, news websites, social media.

Additional reason(s) for review

Select this option if you had reason(s) other than, or in addition to, those that are listed.

If you enter more than one 'Additional reason', please separate them with a comma.

Enhanced Customer Due Diligence (ECDD)

Which ECDD measures did you undertake in 2024? (Select all that apply)

• Extra information gathered (directly from the individual or business)
• Extra information gathered (informally via open source searches, commercial or external databases, news or media)
• Verify or re-verify KYC information
• Verify or re-verify beneficial owner information
• More detailed analysis of transaction monitoring
• Sought senior management approval for continuing a business relationship with a customer
• Sought senior management approval for whether a designated service should be provided
• More analysis of KYC information
• Collected Source of Funds
• Collected Source of Wealth
• Additional method(s) (Please specify) (Maximum 200 characters)

Conducting ECDD

Extra information gathered

Collection of extra information from the customer or third party sources to clarify already collected KYC or beneficial owner information, or to identify the source of wealth and funds of the customer and beneficial owners.

KYC information

Know-Your-Customer information.

Senior management approval

An approval by senior management for continuing the business relationship and the provision of a designated service to the customer.

Additional method(s)

Select this option if you used method(s) other than, or in addition to, those that are listed.

If you enter more than one 'Additional method', please separate them with a comma.

What feedback, guidance or engagement did you receive? (Select all that apply)

• Correspondence from AUSTRAC in relation to your business specifically
• Correspondence from AUSTRAC in relation to your industry
• Correspondence from AUSTRAC in relation to all Reporting Entities
• AUSTRAC publications in relation to your industry
• AUSTRAC publications in relation to all Reporting Entities
• Other (Please specify) (Maximum 200 characters)
• No feedback, guidance material or correspondence was received from AUSTRAC in relation to your business' compliance during 2024

What did you do in response to this? (Select all that apply)

• Communicated or escalated feedback internally
• Conducted training
• Increased AML/CTF resourcing
• Reviewed or changed AML/CTF program
• Reviewed or changed ML/TF risk assessment
• Reviewed or changed transaction monitoring rules
• Back-captured transaction reports
• No action required
• Independent review
• Additional action(s) (Please specify) (Maximum 200 characters)

Response to AUSTRAC feedback

ML/TF

ML/TF means money laundering and terrorism financing.

Additional action(s)

Select this option if you took action other than, or in addition to, those that are listed.

If you enter more than one 'Additional action', please separate them with a comma.

The following general questions have been included to better understand the effectiveness of AUSTRAC’s efforts with a view to continued improvement. 

AUSTRAC’s guidance materials are useful in helping my business comply with its AML/CTF obligations. [Select the most applicable]

• Strongly agree
• Agree
• Neither agree or disagree
• Disagree
• Strongly disagree

AUSTRAC’s approach to collaboration, engagement and communications with my business is effective. [Select the most applicable]

• Strongly agree
• Agree
• Neither agree or disagree
• Disagree
• Strongly disagree

How do you rate your understanding of the potential consequences if your business fails to comply with its AML/CTF obligations? [Select the most applicable]

• Very good understanding
• Good understanding
• Some understanding
• Limited understanding
• No understanding

Do you consider AUSTRAC’s regulatory approach in the last 12 months has been consistent with its published policies? [Select the most applicable]

• Always
• Mostly
• Sometimes
• Rarely
• Never
• Unknown 

Thank you for completing the compliance report.

AUSTRAC is focussed on providing better assistance and guidance to our reporting entities and your feedback would be appreciated. Please take a moment to answer the following questions.

What did AUSTRAC do well to help your compliance? (optional) (Maximum 500 characters)

What could AUSTRAC have done much better? (optional) (Maximum 500 characters)