Section 8.2 of the AML/CTF Rules requires every reporting entity to provide AML training to staff whose roles relate to the provision of designated services. Most SMEs read that and picture a multi-day course. The reality, for a typical 5–20 person firm, is closer to 60–90 minutes per person per year — if the program is structured well.
Who actually needs to be trained
- Anyone who onboards customers or completes CDD.
- Anyone who handles client money or instructs settlements.
- Anyone who can authorise a transaction above A$10,000.
- The AML compliance officer (deeper training, including SMR drafting).
- Partners, principals, and directors (governance overview, not operational detail).
Receptionists, IT staff, and junior administrators who don't touch CDD or transactions can be covered by a 15-minute awareness module — they need to know what to escalate, not how to draft an SMR.
What the annual module has to cover
- Your firm's specific designated services and risk profile.
- How to identify and verify customers, including beneficial owners.
- Red flags relevant to your sector (recent typology updates from AUSTRAC).
- How to escalate a suspicious matter internally — and the tipping-off rules.
- Record-keeping and the consequences of non-compliance.
How to deliver it without losing a day
Most full-suite providers (AMLHUB, Complispace, easyAML) include a built-in training module: 60 minutes of video, 10 minutes of role-specific scenarios, and an attestation captured automatically. Schedule it once a year in the same week as your insurance renewal — it batches the admin and creates a natural compliance cadence. Keep the attestation log inside your AML platform; do not rely on email confirmations that disappear in two years.