Everything Australian SMEs ask us about AUSTRAC Tranche 2.

CompareAML is free for Australian businesses. We are paid by vetted providers — primarily a fixed price per qualified lead, set per vertical and disclosed in their partner agreement. Some providers opt into a single-digit success fee on the first sale, and a small number of Founding Partners pay an ongoing trailing percentage in return for category exclusivity. Every dollar a provider pays us comes from their margin and is never added to the price you receive. Lead pricing is the same regardless of your eventual deal size, so we have no incentive to push you up market. Featured placements are clearly labelled, and independent matching always appears above sponsored rows. The platform is operated by AML Intelligence Network Pty Ltd (ABN 44 696 407 600). Full breakdown on our 'How we're paid' page.

Yes. CompareAML uses Australian-hosted infrastructure, encrypts personal data in transit (TLS 1.2+) and at rest (AES-256), and restricts access to a small named team. When you submit the form, your brief is shared with the providers in your matched shortlist so they can contact you directly with a tailored quote — that is how the service works, and it is disclosed at the point of submission. We do not share your details with anyone outside that shortlist, and we never sell data to anyone, ever. Our handling is aligned with the Australian Privacy Act 1988 and the Australian Privacy Principles, and our full Privacy Policy details retention, your rights, and how to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you are unsatisfied. We are operated by AML Intelligence Network Pty Ltd, an Australian company.

Important nuance: AUSTRAC enrolment is a status held by the reporting entity (you), not by your software vendor. Compliance providers help you complete AUSTRAC enrolment and meet ongoing reporting obligations — they do not enrol on your behalf, and they do not need their own enrolment to provide the software. The exceptions are providers offering services like remittance or digital currency exchange, which themselves require AUSTRAC registration. Every CompareAML provider is independently vetted on AUSTRAC alignment, Australian SME fit, and demonstrated sector experience — see our methodology on the About page.

Yes. After we send your shortlist, you can email hello@compareaml.com.au at any time for further questions about the providers, additional matches if your situation changes, or general AUSTRAC Tranche 2 questions. Our team responds to emails within one business day (Monday to Friday, AEST). We do not provide legal or compliance advice — for that you should engage one of the matched providers — but we do help you navigate the comparison and shortlist process. We also publish ongoing regulatory analysis on the blog and maintain the 80+ term glossary as the Tranche 2 reform evolves.

Run a 30-minute scoping call with each. Bring your service mix, expected onboarding volume, and one specific edge case (e.g. a complex trust client). Score each provider on: clarity of the program documentation, depth of the CDD workflow for your hardest case, transparency of pricing including per-check fees, support model, and exit terms. Almost every other variable is secondary.

Most do, with varying maturity. LEAP, Smokeball and Triconvey have native connectors with most legal-focused providers. Xero Practice Manager, Karbon and FYI typically work via Zapier or webhook integrations. Salesforce and HubSpot are webhook-based. Always ask for a live demo of the integration with your specific PMS — 'we integrate with X' can mean a polished native connector or a half-finished CSV export.

We vet every provider against five criteria (AUSTRAC alignment, demonstrated SME pricing, verifiable Australian clients, English-speaking AU support, Australian or aligned-jurisdiction data handling) and only list providers who clear all five. We're paid the same per qualified lead regardless of which provider you choose. Our editorial table sits above any sponsored rows and uses identical formatting. Vendors don't pay to be listed; they pay per qualified lead once they are.

CompareAML is operated by AML Intelligence Network Pty Ltd (ABN 44 696 407 600), an Australian company. The editorial team is a small group of compliance specialists and journalists with backgrounds in AML, regtech and Australian SME services. Senior contributors are listed on the About page. The site has no investor pressure to promote any specific vendor.

No. Your details are shared only with the providers in your matched shortlist so they can contact you directly with a tailored quote — that's how the matching service works, and it's disclosed at the point of submission. We don't share your information with anyone outside that shortlist, and we never sell data. Our handling aligns with the Australian Privacy Act 1988 and the Australian Privacy Principles.

One click in any email. Your details are removed from the mailing list immediately and your retention is reduced to the statutory minimum. You can also email hello@compareaml.com.au and we'll handle it manually.

Email hello@compareaml.com.au with the details. We take provider conduct seriously — our credibility with users is worth more than any individual provider's lead spend. Substantiated complaints lead to a formal review, and we have removed providers from the directory before. The independence of the editorial table is a structural commitment, not marketing.

If you operate in legal services, accounting, real estate, bookkeeping, pubs and clubs (gaming), financial services, or precious metals and stones, and you provide a 'designated service' as defined in section 6 of the AML/CTF Act 2006, then Tranche 2 obligations apply to you from 1 July 2026. The Act captures specific activities — managing client funds, real estate transactions, company formation, dealing in bullion above thresholds — not entire professions, so a firm can have a mix of in-scope and out-of-scope work. AUSTRAC's published impact analysis estimates approximately 100,000 Australian businesses are newly captured. The fastest way to confirm your position is the free 3-minute risk assessment, which maps your services to the designated-service list.

Most CompareAML providers can stand up a basic AUSTRAC Tranche 2 aligned program in 2–4 weeks of elapsed time, broken into three phases: AUSTRAC enrolment and risk assessment (week 1), program documentation and CDD onboarding (weeks 2–3), and staff training plus first-customer dry-run (week 4). Larger or multi-jurisdiction firms typically need 6–8 weeks, and law firms with complex trust account structures sit at the upper end of that range — our internal data across recent matchings shows legal firms average 4.2 weeks and accounting firms 2.8 weeks. The compressed window matters because most reputable providers stop accepting last-minute onboardings 4–6 weeks before 1 July 2026 to protect quality.

Section 175 of the AML/CTF Act provides civil penalties of up to A$22 million per contravention for body corporates and A$4.4 million per contravention for individuals (100,000 and 20,000 penalty units respectively). AUSTRAC can also issue enforceable undertakings, remedial directions, and infringement notices, and contraventions are publicly reported. Tranche 1 enforcement history shows penalties scale rapidly with the volume of contraventions: A$1.3 billion against Westpac in 2020 and A$700 million against the Commonwealth Bank in 2018. AUSTRAC has signalled an education-first supervisory posture in the months immediately after 1 July 2026 — but that is a posture, not a legal grace period, and the enrolment obligation crystallises on day one.

Multi-sector firms — a legal practice with a real estate licence, an accounting firm running a bookkeeping subsidiary — must build a single AML/CTF program that covers every designated service they provide. Tell us each sector you operate in on the matching form, and we will prioritise providers with breadth across those categories rather than single-sector specialists. Full-suite providers like AMLHUB, AML SmartGuard, and Complispace are built for this scenario; some sector specialists (AML Manager / Lawmaster for legal-only) are a poor fit. The risk assessment also has a multi-sector branch that scopes obligations across each line of service.

A Reporting Entity is any business that provides a designated service — that's the default. A Designated Business Group (DBG) is an optional structure that lets two or more related reporting entities (e.g., partner firms in a national network, or a parent company and its subsidiaries) share a single AML/CTF program, a single compliance officer, and consolidated reporting. DBGs reduce duplication for groups but add governance overhead — every member is jointly accountable for the shared program. Most SMEs operate as standalone reporting entities. Larger franchise networks and multi-entity professional services firms often elect DBG status. Election is via AUSTRAC Online and can be reversed.

There is no legal requirement that your AML platform be Australian-owned or Australian-hosted, but practical alignment matters. AUSTRAC's published guidance, the AML/CTF Act terminology, the document types accepted for KYC (e.g., Medicare card, driver licence formats), and the SMR/TTR submission format are all Australia-specific. Overseas platforms designed for FATF-aligned but different regimes (FinCEN in the US, FCA in the UK) often need significant local configuration to handle Australian beneficial ownership rules and AUSTRAC's reporting templates. CompareAML's directory only includes providers that explicitly support the Australian regime — most are Australian companies and the rest have local teams and Australia-aligned product configuration.

Yes — the Act looks at the service provided, not the employment status of the provider. A freelance bookkeeper providing a designated bookkeeping service (e.g., handling client funds, BAS lodgements that involve managing client money) is just as captured as an employee bookkeeper inside a firm. Sole traders are reporting entities in their own right and need their own AUSTRAC enrolment, their own program, and their own records. The one nuance: if you exclusively provide outsourced services to another reporting entity (e.g., you're a contractor doing CDD work for a law firm under their program and brand), the principal entity may carry the obligations — but this needs to be documented in a written outsourcing agreement that both parties stand behind.

KYC (Know Your Customer) is one part of an AML program — specifically the customer identification and verification component (Part B in Australian terms). AML (Anti-Money Laundering) is the umbrella term for everything: risk assessment, KYC, transaction monitoring, sanctions screening, suspicious matter reporting, training, governance, and independent review. Internationally, KYC is sometimes used loosely to mean the whole compliance stack; in Australia, the AML/CTF Act and Rules consistently distinguish them. When a vendor markets itself as 'KYC software', check whether it covers only identity verification (in which case you need additional tools for monitoring and reporting) or the full program (in which case the marketing is just informal).

Eight weeks is enough to stand up a defensible — not perfect — program. Week 1: complete the free risk assessment, scope which of your services are designated, and shortlist 2–3 providers via CompareAML. Week 2: sign with a provider and start onboarding. Weeks 3–5: complete your Part A (general program) and Part B (customer identification) documentation, name a compliance officer in writing, and configure ID verification + sanctions/PEP screening. Weeks 6–7: enrol with AUSTRAC, run staff training and capture attestations, and complete a test onboarding end-to-end. Week 8: document the audit trail, schedule your first independent review for month 12, and brief partners or directors. If you cannot commit a principal's time across these 8 weeks, the only realistic path is a managed service like AML SmartGuard or Complispace — they will compress the calendar by doing most of the documentation and configuration work themselves.

Generally no. Most standard professional indemnity policies in Australia explicitly exclude regulatory penalties, fines, and the cost of defending civil penalty proceedings — including AUSTRAC enforcement action under section 175 of the AML/CTF Act. PI may cover negligence claims from a client who suffered loss because of an AML failure (e.g., a delayed settlement), but it will not pay an AUSTRAC penalty. Some insurers now offer a separate 'regulatory defence' or 'management liability' extension that covers legal costs (not the penalty itself) for AUSTRAC investigations. Talk to your broker before 1 July 2026 — wordings vary widely and several insurers have tightened exclusions specifically for Tranche 2 risk. The cheapest insurance is a defensible program: documentation, training records, and evidence of CDD on every in-scope client.

Sometimes, via a Designated Business Group (DBG). The AML/CTF Act lets two or more related reporting entities (e.g., a parent company and its subsidiaries, or sister firms under common control) elect DBG status and share a single AML/CTF program, a single compliance officer, and consolidated reporting. Election is via AUSTRAC Online and requires a written agreement between members. The trade-off: every member becomes jointly accountable for the shared program, so a failure at one entity exposes all of them. Most SMEs with 2–3 related entities find DBG worthwhile because it eliminates duplicated documentation and training. Unrelated businesses you own (e.g., a law firm and a separate real estate agency with different ownership structures) generally cannot share a program — each is a standalone reporting entity.

No, not all at once. The AML/CTF Rules require CDD on customers from the point you begin providing a designated service to them. For existing clients, you have two practical options: (1) verify them at the next material interaction (next file opening, next matter, next transaction), which is the most common approach; or (2) run a bulk re-verification campaign in the months after 1 July if your client base is small enough. Either way, you must apply ongoing CDD — including reviewing higher-risk clients on a documented schedule — from day one. Most full-suite providers include a 'back-book remediation' workflow that helps you prioritise existing clients by risk and verify them progressively without halting your business.

No — one written AML/CTF program covers your entire reporting entity, regardless of how many offices, branches, or practice locations you operate from. What you do need is consistent application across locations: the same CDD standards, the same training, the same escalation paths, and the same record-keeping. Multi-location firms often add location-specific risk annexes (e.g., a Sydney CBD office handling more international clients than a regional office) inside a single Part A program, but the program itself is one document. If you operate through multiple legal entities (e.g., a NSW Pty Ltd and a Vic Pty Ltd under common ownership), each entity is its own reporting entity and either needs its own program or a shared program via Designated Business Group election.

AUSTRAC compliance assessments range from a desk-based document review (most common for SMEs in the first 12–24 months of Tranche 2) to an on-site assessment lasting 1–5 days. Standard requests include: your written AML/CTF program (Part A and Part B), the most recent risk assessment, training records and attestations, a sample of CDD files across customer risk tiers, your SMR/TTR register, the most recent independent review report, and evidence of board/senior management oversight. AUSTRAC will then issue a draft findings letter, you respond, and AUSTRAC issues a final report — typically with required remediation actions and timelines. Enforcement (penalties, enforceable undertakings) is reserved for serious or repeated failures, not first-cycle gaps. The single best preparation is keeping your audit pack exportable on demand from your AML platform.

Yes, indirectly. AUSTRAC penalties themselves don't strip professional registration, but most state-based regulators (the Law Society, CPA Australia, CA ANZ, the Tax Practitioners Board, state real estate regulators) treat serious AML breaches as professional conduct matters. A material AUSTRAC finding can trigger a referral, a separate investigation, and disciplinary action up to and including suspension or cancellation of your practising certificate or licence. The Tax Practitioners Board has been particularly explicit: failure to comply with AML/CTF obligations may breach the Code of Professional Conduct under the Tax Agent Services Act. Treat AML compliance as a licence-protection activity, not just a regulatory tick-box.

AUSTRAC does not certify or accredit AML software vendors — anyone can claim 'AUSTRAC alignment' in marketing. Real signals of alignment: (1) the program documentation explicitly references the AML/CTF Act sections and Rules chapters by number; (2) the platform uses Australian terminology (designated service, reporting entity, SMR, TTR, IFTI) consistently; (3) ID verification connects to Australian electronic data sources (DVS-equivalent providers); (4) the SMR/TTR workflow generates output in the AUSTRAC Online-compatible format; and (5) the provider can name actual reporting entities using the platform and ideally provide references. Every CompareAML provider has been independently vetted on these criteria — see our methodology on the About page. Beware overseas platforms repurposed for the Australian market without local configuration; they often miss beneficial ownership requirements specific to Australian trust structures.

Yes. Sole practitioners and micro-firms (1–3 staff) can run a genuinely simple program: a 6–10 page Part A, a 3–5 page Part B, a single named AMLCO (you), an off-the-shelf risk assessment template adapted for your service mix, and a self-serve platform handling ID verification, screening, and record-keeping. Indicative cost is A$129–A$299 per month for the platform plus A$5–A$15 per ID check. Annual training is a 1-hour module you complete yourself; the independent review can be scoped down to a 4–8 hour engagement (A$1,500–A$3,000) every 2–3 years. The AML/CTF Act is explicitly risk-based — a sole conveyancer running 50 settlements a year is not held to the same documentation standard as a national group running 50,000. Use the matching form and select 'sole trader / 1 staff' to see providers built for your scale.

A designated service is a specific activity listed in section 6 of the AML/CTF Act 2006 that triggers AML obligations. Examples relevant to Tranche 2 include acting in the buying or selling of real estate, managing client money in the course of legal services, forming a company or trust, dealing in bullion above prescribed values, and providing certain gaming services. The Act captures activities, not professions — so a solicitor doing pure litigation is generally out of scope, while the same solicitor handling a real estate settlement is in scope from 1 July 2026.

The reform commences on 1 July 2026. From that date you must have completed AUSTRAC enrolment, have a documented Part A and Part B program in place, and be applying CDD to every in-scope customer. AUSTRAC has signalled an education-first supervisory posture for the first 12–24 months — but the legal obligations crystallise on day one and there is no statutory grace period.

Yes. Enrolment as a reporting entity must be completed before you provide a designated service after 1 July 2026. The enrolment is online through AUSTRAC Online and typically takes 30–60 minutes once you have your ABN, business details, and your nominated AML Compliance Officer's information ready. Most providers walk you through it as part of onboarding.

No. The AML/CTF Act applies to any business providing a designated service, regardless of size. Sole practitioners are subject to the same core obligations as multi-office firms. The 'risk-based approach' built into the Rules means a sole conveyancer's program will be much shorter and simpler than a national firm's, but the obligation to have a program is identical.

You're still a reporting entity and you still need a documented program covering that activity. Many low-volume firms run a minimal self-serve platform (A$129–A$199/month) that's effectively dormant most months and activates around the in-scope work. The cost of a program is not proportional to volume — the cost of not having one when an in-scope client appears is.

Pure residential property management (rent collection, maintenance, leasing) is generally out of scope. The designated services in real estate are around the buying and selling of property. Where a property manager facilitates a sale of a managed property, that activity falls back into scope and the agency's program must cover it.

Generally no — migration advice is not a designated service in itself. However, migration agents who hold or move client funds, form Australian companies or trusts on behalf of clients, or assist with property purchases will trigger Tranche 2 obligations for those specific activities. Scope your service mix carefully.

easyAML is genuinely free until 1 July 2026 — full platform access at no cost during the implementation ramp-up. Beyond July, the lowest credible self-serve platforms (TrustSoft, MemberCheck, NameScan) sit at A$129–A$199/month. The cheapest credible managed service is around A$650/month. Cheaper than that usually means a generic template with no operational support — a false economy.

An accountant or in-house lawyer can absolutely run an AML/CTF program day-to-day, and many will — AUSTRAC explicitly contemplates this through the Compliance Officer role. The question is whether they have the time, the regulatory specialism, and the supporting tooling to do it well. Generalist professionals typically need either (a) a software platform that codifies CDD, screening and reporting workflow, or (b) an outsourced AML officer service that provides the specialist expertise on a fractional basis. The risk of running it informally without either is that gaps only surface at the first SMR, the first AUSTRAC compliance assessment, or the first independent review — by which point remediation costs many multiples of what good tooling would have.

Yes — and the AML/CTF Act explicitly anticipates this through the requirement that your AML/CTF program documentation belongs to you, the reporting entity, regardless of which platform produced it. Most CompareAML providers offer monthly or annual contracts (a few enterprise deployments are 2–3 years), and you can export your customer records, screening logs, and program documents to take to a new provider. Switching cost is usually the implementation effort with the new provider rather than any contractual penalty. The most common reason firms switch is outgrowing a self-serve platform and moving to a configured mid-market or managed service as transaction volume scales.

Many CompareAML providers will assess what you have and fill the gaps rather than insisting you start over. Common in-progress states include: a draft risk assessment with no Part B procedures, CDD running on a spreadsheet, or training materials but no documented governance process. The risk assessment tool is the fastest way to identify which gaps matter most before 1 July 2026 — it produces a personalised priority list. Most providers offer a 'health check' or 'gap analysis' as part of their onboarding, and a few (Complispace, AMLHUB) explicitly market a remediation pathway for partially built programs.

AUSTRAC enrolment is an online form completed via AUSTRAC Online. For a sole trader or single-director company with straightforward ownership, the form takes 30–60 minutes to complete and the enrolment is usually confirmed within 1–3 business days. Larger structures with multiple beneficial owners, foreign shareholders, or designated business groups can take 2–3 weeks because AUSTRAC may come back with follow-up questions. You must be enrolled before you provide your first designated service after 1 July 2026 — there is no grace period for enrolment itself. Most CompareAML providers will draft your enrolment with you as part of onboarding so you don't have to learn AUSTRAC Online from scratch.

Yes. Section 8.6 of the AML/CTF Rules requires every reporting entity's Part A program to be independently reviewed at 'appropriate' intervals — in practice every 2–3 years for low-risk SMEs and annually for higher-risk firms. The reviewer must be independent of the people who designed and operate the program (an external consultant, an internal audit team, or a partner from outside the AML function). The review tests whether your program is appropriate for your risk profile and whether it's actually being followed. Budget A$3,000–A$15,000 for an external SME review depending on complexity. Several CompareAML providers either include a review in higher tiers or partner with reviewers.

Section 107 of the AML/CTF Act requires reporting entities to keep records of customer identification, transactions, and the AML/CTF program itself for seven years. The seven-year clock starts from the end of the customer relationship for KYC records, from the date of the transaction for transaction records, and from the date a program version is superseded for program records. Records must be retrievable in a form that allows AUSTRAC to inspect them — encrypted backups in a vendor system are fine; a shoebox of paper in a storage unit technically complies but is not defensible at audit. Most CompareAML providers retain records inside the platform for the full seven years and offer export on demand.

Section 8.4 of the AML/CTF Rules requires every reporting entity to designate a senior employee as the AML/CTF Compliance Officer (AMLCO), in writing, with sufficient authority to ensure the program is implemented. For most SMEs the AMLCO is a partner, principal, director, or practice manager — not a junior staffer. The role does not require a specific qualification, but it does require time, training, and visible authority to escalate issues. Sole traders are their own AMLCO by default. Firms with no suitable internal candidate can appoint an outsourced AMLCO via a managed service (AML SmartGuard, AMLHUB Connect, Complispace) — typically A$1,500–A$2,500 per month for a fractional named officer with documented responsibilities. Whoever you appoint, they need annual training, board/senior management reporting lines, and a documented backup for when they're unavailable.

Part A covers your general systems and controls — risk assessment, governance, training, monitoring, reporting and the AMLCO role. Part B covers customer identification — how you onboard individual customers, identify beneficial owners of corporate clients, and apply enhanced due diligence to higher-risk customers. The Rules require both, and most providers ship templates for each.

The AMLCO must be a senior person with the authority to escalate decisions to senior management. In a 1–5 person firm this is typically the principal. In a 5–20 person firm it is usually a senior partner or office manager. The role can be combined with another role; what matters is that the person can credibly own the program and is named in writing in your Part A.

Annually at a minimum. The AML/CTF Rules require ongoing training appropriate to staff roles. Most providers ship a 60–90 minute annual module with role-specific scenarios and an attestation captured automatically. Schedule it in the same week each year — bundling with insurance renewal works well — to create a natural compliance cadence.

An independent review is a structured assessment of your program by someone not involved in its day-to-day operation. The Rules don't prescribe a frequency, but the practical baseline is annually for the first two years of a new program, then every two years for stable, low-risk SMEs. Cost ranges from A$2,500 (sole practitioner) to A$15,000+ (multi-office).

You can use a template as a starting point — that's exactly what every paid provider gives you — but you must tailor it to your specific business, named services, named compliance officer, and documented risk assessment. AUSTRAC will see straight through a verbatim generic program. The value of paying a provider is the platform that operationalises the template, not the words on the page.

Customer ID records (seven years from end of relationship), transaction records (seven years from the transaction), SMR/TTR records (seven years from the report), training records (seven years from the training), and program documents (seven years after replaced). Records must be retrievable on demand in a form AUSTRAC can read — cloud storage in your AML platform is fine, an unindexed shared drive is not.

An SMR is a confidential report you must submit to AUSTRAC when, in the course of providing a designated service, you form a suspicion on reasonable grounds that the matter may relate to money laundering, terrorism financing, tax evasion, proceeds of crime, or another serious offence. The reporting deadline is 24 hours for terrorism financing suspicions and 3 business days for money laundering and other suspicions, measured from when the suspicion was formed. SMRs are confidential — you must not tip off the customer or any third party that an SMR has been or may be filed. Failure to lodge a required SMR is a civil penalty offence; lodging in good faith protects you from civil and criminal liability under section 235 of the Act.

Section 32 of the Act prohibits providing a designated service to a customer whose identity has not been verified to the standard required by your Part B program. If the customer refuses to provide ID, you cannot provide the service. You should also consider whether the refusal — combined with any other indicators — meets the threshold for an SMR. In practice this rarely escalates: most legitimate customers cooperate once they understand the obligation is regulatory, not commercial. Modern AML platforms make ID verification a 30-second task on a phone, which significantly reduces friction. The high-risk scenarios are where customers fail verification because their documents don't match electronic data sources — your program needs an enhanced due diligence path for these cases, not an automatic refusal.

Practically nothing — they are used interchangeably in commercial materials. CDD (Customer Due Diligence) is the term used in the AML/CTF Act and Rules. KYC (Know Your Customer) is the older banking term still used by most software vendors. The activity is the same: identify the customer, verify the identification, identify beneficial owners where the customer is non-individual.

A beneficial owner is any individual who ultimately owns 25% or more of a non-individual customer or who exercises effective control over it. For a Pty Ltd with two shareholders, you verify both. For a discretionary trust, you identify the trustee, the appointor and any beneficiary receiving material distributions. Failure to identify beneficial owners adequately is the single most common AUSTRAC enforcement finding under Tranche 1.

Within 3 business days of forming a suspicion on reasonable grounds, in the course of providing a designated service, that the matter relates to money laundering, terrorism financing or another serious offence (24 hours for terrorism financing). The threshold is 'suspicion on reasonable grounds' — lower than balance of probabilities but higher than vague unease. Tipping-off is a separate offence: do not tell the customer.

A TTR is required for any cash or cash-equivalent transaction at or above A$10,000 connected to a designated service. Filed within 10 business days. No judgement involved — if the threshold is hit, you file. A single transaction can be both an SMR and a TTR; if so, file both — they go to different desks at AUSTRAC.

Australian persons must screen against the DFAT Consolidated List and the UN Security Council Consolidated List. Most platforms also screen against OFAC (US), OFSI (UK) and the EU Consolidated List as a default. The cost difference between Australia-only and full multi-jurisdiction screening is typically A$50/month — not worth the saving.

An electronic check that matches at least one government-issued identifier (driver licence, passport, Medicare card, ImmiCard) against the issuing authority's data, plus a biometric or document-authentication step. Most platforms layer in liveness detection and a face-match against the document photo. The result is a structured verification record you can produce on demand.

You cannot provide the designated service without completing CDD. Document the refusal, the date and any context, and decline to proceed. If the refusal accompanies other red flags (urgency, third-party funds, unusual structure), consider whether the threshold for an SMR has been met — non-cooperation alone is not a suspicion, but combined with other indicators it often is.

Indicative pricing across the 14 vetted providers on CompareAML ranges from A$0 (easyAML is free until 1 July 2026) to A$2,500+ per month for fully managed services. The largest band — self-serve subscriptions for SMEs that will run AML in-house — sits between A$129 and A$650 per month, with pay-per-check screening tools (NameScan, StackGo) charging per ID verification rather than a monthly fee. Mid-market configurable platforms (AMLHUB, Complispace) range A$700–A$2,000/mo, and enterprise quote-based deployments (First AML, Equifax) are priced per implementation. Add 30–80 hours of internal time for documentation, training and onboarding regardless of which provider you choose. See the compare page for the band-by-band breakdown.

Providers vary on five dimensions that matter most for SME buyers: (1) product type — full suite, screening only, GRC platform, managed service, or practice-management add-on; (2) sector focus — some specialise in legal, others span 4–5 sectors; (3) pricing model — flat monthly subscription, pay-per-check, or quote-based; (4) support model — pure self-serve, configured implementation, or outsourced AML officer; and (5) onboarding speed (1 week through to 8 weeks). The /compare page shows all 14 providers across 10 criteria side-by-side, and individual provider pages add features, integrations, case studies and pricing tiers. The right answer almost always depends on whether you want to run AML in-house with software (self-serve) or have it run for you (managed).

Does the program cover the designated services I actually provide? Is electronic ID verification included or pay-per-check? How does the platform handle SMSF trustees, discretionary trusts and corporate clients? Can I export an audit pack on demand? What's the support SLA in business hours? What happens to my data if I leave? What's the contract term and the exit cost?

A managed service is worth the premium if no one at the firm wants to learn the AML/CTF Rules in depth, you handle complex client structures, you've missed the early-mover window, or you'd rather pay A$1,500–A$2,500 per month than risk an audit failure. If you have a senior staffer with the time and inclination to own AML, software-only at A$200–A$650/month delivers the same compliance outcome at significantly lower cost.

Self-serve platforms typically offer monthly rolling contracts. Mid-market and managed services are usually annual. Enterprise quote-based deployments can be 2–3 years. Most providers will offer a discount for annual prepayment. Insist on a clean exit clause and a documented data export process before signing anything longer than 12 months.

Most providers offer some form of evaluation: easyAML is free until July 2026, several self-serve platforms offer 14–30 day trials, and managed services typically offer a free gap analysis or scoping workshop. 'Free trial' wording sometimes covers what is functionally a sales process — always read the conversion terms before connecting your real client data.