Back to Articles
15 min readAML/CTF · Starter Kits · AUSTRAC

AUSTRAC's Program Starter Kits: What's Inside and How to Use Them

In January 2026, AUSTRAC published five sector-specific starter kits — the first time any AML/CTF regulator in the world has provided this level of practical support to business. Here's what they contain, who they're for, and how to turn them into your compliance program.

Executive Summary

Every Tranche 2 reporting entity must have an AML/CTF program in place before providing a designated service from 1 July 2026. AUSTRAC's program starter kits provide a practical starting point for small, low-complexity businesses (15 or fewer personnel) in five sectors: real estate, accounting, conveyancing, precious metals and stones, and legal profession.

Each kit contains four documents — a Risk Assessment, a Policy Document, a Process Document, and a Customise Guide — that together form the foundation of your AML/CTF program. The kits follow a three-step lifecycle: Customise (before July), Use (from July), and Maintain (ongoing).

1

What Are the Starter Kits?

Background and context

When Parliament passed the AML/CTF Amendment Act in November 2024, it brought an estimated 90,000 new businesses into the regime — most of them small firms that had never dealt with anti-money laundering compliance before. AUSTRAC recognised that telling a three-person conveyancing practice to “develop an AML/CTF program” without guidance would be impractical and potentially set businesses up to fail.

In January 2026, AUSTRAC published five sector-specific program starter kits. In the words of AUSTRAC CEO Brendan Thomas, the kits mark the first time that any AML/CTF regulator anywhere in the world has provided this level of practical support to businesses entering the regime.

The kits are designed for small, low-complexity businesses that meet specific suitability criteria (typically 15 or fewer personnel, Australian-resident clients, not regularly dealing with high-risk customers). Larger or more complex businesses will need to build custom programs — but even they can use the starter kits as a reference point.

Important: The starter kits are a starting point, not a finished compliance program. AUSTRAC is explicit that you cannot rely on the kit alone. You must customise it to your business, have it approved by your senior manager, and maintain it as your business and risks evolve.

2

The Five Sector Kits

Click each sector for suitability criteria and links

3

The Four Documents Inside Each Kit

What they contain and which Rules they map to

Regardless of sector, every starter kit contains the same four documents. Once customised to your business and approved by your senior manager, these documents form your AML/CTF program. They must be version-controlled, dated, and retained for 7 years.

01Risk Assessment

Identifies the money laundering, terrorism financing, and proliferation financing (ML/TF) risks your business may reasonably face in providing its designated services.

Key Contents
Customer types and risk factors (individuals, bodies corporate, trusts, overseas entities)
Designated services you provide and their inherent risk
Delivery channels — face-to-face, remote, intermediated
Geographic risk — countries your customers come from or transact with
AUSTRAC pre-populated risk factors specific to your sector
Your risk appetite and tolerance settings
Regulatory basis: AML/CTF Rules 2025 — Rule 5-1Review frequency: At least annually, or when significant changes occur
02Policy Document

Three parts that define what your business must do and when. This is the document that your governing body (senior manager) must approve.

Key Contents
Part A — Personnel: Compliance officer appointment, personnel roles, training requirements, personnel due diligence (PDD)
Part B — Customers: CDD requirements by customer type, when to apply initial/ongoing/enhanced/simplified CDD, PEP screening, sanctions, source of funds
Part C — Maintain Program: Review schedule, effectiveness checks, program amendments, annual report to governing body, record-keeping requirements
Regulatory basis: AML/CTF Rules 2025 — Rules 5-2 to 5-16Review frequency: At least every 3 years, and whenever significant changes occur
03Process Document

Standard operating procedures (SOPs) that tell your staff exactly what to do in each situation. This is the document staff use day-to-day.

Key Contents
Customer onboarding — how to collect and verify identity (KYC)
Risk rating — how to assign and review customer risk scores
Sanctions screening — checking DFAT consolidated list and other sanctions lists
PEP screening — identifying politically exposed persons (domestic and foreign)
Adverse media — how to conduct and document adverse media checks
Source of funds and source of wealth — when and how to ask
Suspicious matter identification — red flags and indicators by sector
Reporting — how to file SMRs, TTRs, and cross-border movement reports
Tipping off — what staff can and cannot disclose
Record-keeping — what to retain and for how long (7 years)
Regulatory basis: AML/CTF Rules 2025 — Part 5 (Division 2) and Part 6Review frequency: As needed when processes change or new risks emerge
04Customise Guide

A step-by-step guide to tailoring the starter kit to your specific business. This is not a compliance document itself — it is the instruction manual for turning the kit into your program.

Key Contents
Review which designated services you provide
Determine your risk appetite — what customers and transactions you will and won't accept
Configure country risk ratings (FATF lists, AUSTRAC guidance)
Assign personnel roles — who is the compliance officer, who does CDD, who approves escalations
Complete Personnel Due Diligence (PDD) for all staff handling designated services
Get senior manager (governing body) approval
Document version control — date, version number, approver
Regulatory basis: Not a legislative requirement — AUSTRAC practical guidanceReview frequency: Use once during initial setup, then as needed for major program changes
4

The Three-Step Lifecycle

Customise, Use, Maintain

AUSTRAC structures every starter kit around a three-step lifecycle. This is not a one-time exercise — it is a continuous cycle. You customise your program before 1 July 2026, use it from that date, and maintain it for as long as you provide designated services.

1

Customise

Before 1 July 2026

Download the starter kit for your sector. Follow the Customise Guide to tailor the Risk Assessment, Policy Document, and Process Document to your specific business. Assign personnel roles, complete PDD, set your risk appetite, and get senior manager approval.

Download your sector's starter kit from AUSTRAC
Follow the Customise Guide step by step
Review and tailor the Risk Assessment to your business
Adapt the Policy Document (Parts A, B, C)
Adapt the Process Document SOPs
Assign your AML/CTF compliance officer
Complete Personnel Due Diligence for relevant staff
Get senior manager (governing body) approval
Enrol with AUSTRAC (opens 31 March 2026)
2

Use

From 1 July 2026

Apply your AML/CTF program to every designated service you provide. Conduct CDD on every new customer before providing the service. Monitor ongoing relationships. Report suspicious matters to AUSTRAC. Keep records.

Conduct initial CDD on every new customer
Apply risk ratings to customers and transactions
Screen against sanctions lists and PEP databases
Assess source of funds and source of wealth where required
Escalate high-risk matters to senior manager
File suspicious matter reports (SMRs) within required timeframes
File threshold transaction reports (TTRs) for $10K+ cash
Maintain records of all CDD, decisions, and reports
3

Maintain

Ongoing

Your AML/CTF program is not a set-and-forget document. You must regularly review and update it to ensure it remains effective and reflects changes to your business, risks, and the law.

Review your Risk Assessment at least annually
Review your AML/CTF program at least every 3 years
Conduct effectiveness checks (independent evaluation)
Update program when significant changes occur
Provide annual report to governing body
Ensure ongoing training for all relevant personnel
Retain all records for a minimum of 7 years
Monitor AUSTRAC guidance updates and adjust accordingly
5

When the Starter Kit Is Not Enough

Suitability limits and when you need a custom program

The starter kits are explicitly designed for small, low-complexity businesses. AUSTRAC provides suitability criteria for each sector kit, and if your business does not meet those criteria, you should treat the kit as a reference but build a more comprehensive program. You may need a custom program if:

Your business has more than 15 personnel
You regularly deal with high-risk clients (PEPs, complex structures, overseas entities)
You assist with overseas property transactions
You provide fully remote self-service options
You sell property you own (developers with direct sales)
You are acquiring another practice or transferring clients from another practice
Your business provides services across multiple regulated sectors with complex interactions

If any of these apply, AUSTRAC's guidance is clear: you can consider whether parts of the starter kit may be adapted, but you cannot rely on it to meet AUSTRAC's regulatory expectations. Your program must reflect the size, nature, and complexity of your business and the risks it faces.

6

Related Articles

Continue reading

The Three Documents That Define Australia's AML/CTF Regime
The Act, Amendment Act, and Rules explained.
Read article
Table 6: The 9 Services That Make Lawyers, Accountants & Conveyancers Reporting Entities
Are you caught? Line-by-line breakdown with scenarios.
Read article
Why Your Real Estate Agent, Lawyer & Accountant Now Have to Ask Where Your Money Comes From
The 6 professions now regulated.
Read article
7

References & Further Reading

Primary sources

  • AUSTRACProgram Starter Kits — Main Page Link
  • AUSTRACReal Estate Program Starter Kit: Getting Started Link
  • AUSTRACAccounting Program Starter Kit: Getting Started Link
  • AUSTRACConveyancing Program Starter Kit: Getting Started Link
  • AUSTRACLegal Profession Program Starter Kit: Getting Started Link
  • AUSTRACDealers in Precious Metals, Stones and Products Guidance Link
  • AUSTRACMedia Release — AUSTRAC Backs Newly Regulated Sectors with Release of Starter Kits Link
  • Federal Register of LegislationAML/CTF Rules 2025 — Part 5 (AML/CTF Programs) Link

Need Help Digitising Your Starter Kit?

lex-aml takes AUSTRAC's paper starter kits and turns them into a live operational platform — with digital CDD workflows, automated risk scoring, and built-in reporting.

Request Early Access
SA
Sumit Arora
16 February 2026

Disclaimer: This article is published by GetPost Labs Pty Ltd, a technology company building compliance software. All content is for educational purposes only and does not constitute legal, financial, or compliance advice. While we make every effort to ensure accuracy, this article may contain errors or omissions. Always refer to the authoritative text on legislation.gov.au and seek professional advice for your specific circumstances. If you spot an error or have a suggestion, please reach out to sumit@getpostlabs.io.