Prepared with reference to AUSTRAC guidance current as at May 2026. Requirements are evolving — seek legal or compliance advice before relying on this document for specific decisions.
This article translates AML/CTF obligations into the day-to-day workflows of an accounting practice. Rather than restating the law, it answers the practical question: what does this mean for what I do on Monday morning?
1. Engagement onboarding
The biggest change for most accounting staff is that onboarding a new client now has a legal sequence. You cannot start work on a designated service until certain steps are completed. Building these into your standard engagement process is the practical solution.
Standard onboarding checklist for a designated service
| # | Step | Who does it |
|---|---|---|
| 1 | Confirm whether the engagement involves a designated service (see Table 6) | Engagement partner or manager |
| 2 | Collect client identity documents — individual, company, or trust as applicable | Admin / client manager |
| 3 | Run electronic verification and PEP / sanctions screening via Firm Verify | Admin / client manager |
| 4 | Identify beneficial owners (companies: 25%+ shareholders; trusts: settlor, trustees, named beneficiaries) | Engagement partner |
| 5 | Ask about source of funds and document the client's answer | Engagement partner |
| 6 | Assign ML/TF risk rating (low / medium / high) and record your reasoning | Engagement partner |
| 7 | If high risk: obtain senior manager approval before proceeding | Senior manager |
| 8 | Sign the engagement letter. Work can now commence. | Partner |
ID verification in practice
The most common question is how do I ask for ID without making it awkward? Frame it as a standard practice step:
Suggested script for requesting ID
"As part of our compliance obligations, we're required to verify the identity of all new clients before we can commence work. We'll need a copy of your driver's licence or passport. We can do this electronically — I'll send you a secure link through our client verification system and it only takes a couple of minutes."
Using Firm Verify's Request ID Verification workflow, the client receives a secure link and completes verification directly on their device — no physical document collection needed. Results populate your CDD record automatically.
Source of funds — what to ask and how
Source of funds refers to the origin of the specific funds involved in the transaction or engagement — not a full audit of the client's finances. For most low-risk engagements, a simple documented question-and-answer is sufficient.
| Engagement type | What to ask |
|---|---|
| New company formation | "Where will the initial capital for the company come from?" Note the answer and how it was provided (verbally, email, document). |
| Property transaction assistance | "How are you funding the purchase?" Record the answer — savings, mortgage, proceeds of sale, gift, etc. |
| Trust establishment | "What assets will initially be settled into the trust and where do they come from?" |
| High-risk client | Request supporting documentation — bank statements, salary records, business financials, sale contracts. Self-reporting alone is insufficient. |
2. Structure advice
Advising on business and investment structures is core accounting work. Most of it is entirely legitimate. But certain types of structure requests carry inherent AML risk — not because the structures themselves are illegal, but because they are also the tools criminals use.
Structures that are legitimate but attract AML risk
| Structure | Why it attracts laundering risk | What to check |
|---|---|---|
| Layered corporate structures | Multiple holding companies create distance between assets and their true owner. Each layer makes it harder to identify who ultimately controls the asset. | Understand the commercial rationale. Identify ultimate beneficial owners through every layer. |
| Offshore holding structures | Holding assets or income in foreign jurisdictions — especially low-tax or secrecy jurisdictions — is a classic layering technique. | Identify the jurisdiction risk. Look up the country on FATF lists. Elevate risk rating if warranted. |
| Nominee directors or shareholders | Places someone else's name on ASIC records to conceal the true controller. A legitimate use case exists (privacy, group restructure) but it is also a core laundering method. | Verify both the nominee and the beneficial controller. Document the relationship and purpose clearly. |
| Back-to-back loans | Criminal deposits funds offshore, then borrows back via an intercompany loan — creating a deductible "interest" payment. The accountant may be asked to document or advise on the loan. | Is the lender genuinely arms-length? Is there a commercial rate and repayment schedule? Does the loan amount match the apparent offshore capacity? |
| Rapid entity creation | Multiple new entities formed quickly, with no apparent operational purpose, is a pattern associated with structured layering. | Ask why each entity is needed. Document the commercial purpose of each separately. |
Questions to ask yourself when advising on a structure
- Does it make commercial sense? Could you explain the structure in plain terms to a regulator and have it make sense?
- Who benefits and who controls? Is there any mismatch between the apparent owner (ASIC records, trust deed) and the person who gives instructions?
- Where does the money come from? If the structure involves the movement or management of funds, have you asked about and documented the source?
- Is there urgency without explanation? Pressure to complete quickly — especially involving cash or offshore elements — is a classic red flag.
- Would you be comfortable if AUSTRAC read your file notes? If not, that is worth paying attention to.
3. Tax work
Tax preparation and BAS services are not designated services and do not trigger AML/CTF obligations on their own. But tax work puts you in close contact with your clients' financial affairs — and it is through that contact that financial crime often becomes visible.
What tax work tells you
As a tax adviser, you see financial statements, bank accounts, transaction records, deductions, and asset registers. You are in a uniquely informed position. Signs that something may be wrong often surface in the tax file before they surface anywhere else.
| What you see in the tax file | The AML/CTF question to ask |
|---|---|
| Revenue far above industry benchmarks for a business of its size and type | Is this a genuine business or a front for cash commingling? |
| Large consulting fees to related parties with no apparent service provided | Are these genuine business expenses or a mechanism to move funds between related entities? |
| Capital introduced from offshore with no documentation of its origin | Where did this money actually come from? |
| Recurring loans to the principal that are never repaid, or repeatedly written off | Are these genuine loans or a mechanism to extract funds while avoiding tax? |
| Trust distributions to beneficiaries who appear to have no actual use of the funds | Are the distributions genuine, or is income being shifted to low-tax parties without genuine entitlement? |
| Assets (property, vehicles, art) inconsistent with disclosed income | Is there unexplained wealth that may indicate undisclosed income or criminal proceeds? |
When does tax advice cross into evasion territory?
The line between aggressive tax minimisation and tax evasion is a legal one. Your AML/CTF obligations are not triggered by aggressive-but-legal planning. They are triggered when you form a reasonable suspicion that a client is deliberately concealing income, falsifying documents, or omitting amounts from returns.
| Legal — no SMR obligation | Evasion — may require SMR |
|---|---|
| Trust distributions to low-tax beneficiaries within the terms of the deed | Distributions to beneficiaries who have no legal entitlement or who return funds to the controller |
| Legitimate deductions for genuine business expenses, properly documented | Deductions for fabricated expenses or invoices from related parties for services not provided |
| Holding investments in a company or trust structure for tax efficiency | Offshore structures with no real commercial purpose used to conceal income from the ATO |
| Documenting existing Div 7A loans for compliance purposes | Advising on how to backdate or restructure loans to avoid repayment obligations |
| Genuine tax disputes or aggressive-but-disclosed positions | A client asking you to prepare returns knowing amounts are materially understated |
4. Trusts, SMSFs and property
Three areas of accounting work that are especially attractive to those seeking to launder money: trusts, self-managed superannuation funds, and real property. Understanding why they are targeted helps you spot the difference between legitimate work and financial crime.
Trusts — why they are targeted
|
Why trusts are exploited
|
What to look out for
|
SMSFs — why they are targeted
SMSFs are legitimate vehicles for retirement savings. But their relatively light regulatory touch — compared to retail super funds — and the control they give trustees over investments make them attractive for financial crime, particularly in their later stages.
| SMSF red flag | Why it raises concern |
|---|---|
| Large, unexplained rollovers into the fund | Funds moving into the SMSF from an unclear source — particularly from overseas or third-party accounts — may represent placement of criminal proceeds. |
| Related-party property transactions at non-market values | Buying property from or selling to a related party at an inflated or deflated price is both a compliance breach and a potential laundering mechanism. |
| Loans from the SMSF to related parties | Generally prohibited under superannuation law. Where they occur, they may represent an attempt to extract funds from the superannuation environment. |
| Repeated restructures of the fund for no apparent legitimate reason | Each restructure event is a potential designated service — and repeated restructures with no purpose warrant closer scrutiny. |
| A third party giving instructions on behalf of the fund members | If someone other than the trustees is directing the fund's affairs, the true controller may not be who they appear to be. Verify authority to act. |
Property — why it is targeted
Residential and commercial real estate is one of the most common vehicles for money laundering globally. Property transactions are large, often involve overseas buyers, use layers of corporate and trust ownership, and leave a permanent public record — all characteristics that make them useful for integration of criminal proceeds.
- Cash purchases or large deposits from unexplained sources — particularly common in high-value residential markets.
- Multiple entities in the ownership chain with no apparent commercial rationale for each layer.
- Properties purchased, minimally improved, then rapidly resold at significantly different prices — a classic integration technique.
- Offshore buyers or beneficial owners in jurisdictions that make verification difficult.
- Third parties paying deposits or settlements with no documented relationship to the purchaser.
5. Record keeping
Documentation is your firm's primary evidence of compliance. If AUSTRAC ever reviews your practice — or if you need to explain a decision about a client — your records are the only objective account of what you knew, what you asked, and what you decided.
What to record and how long to keep it
| Record type | Retention | What to include |
|---|---|---|
| CDD records | 7 years | Identity documents collected, verification results, beneficial ownership mapping, PEP and sanctions screening results. |
| Risk assessments | 7 years | The risk rating assigned, the factors considered, and the reasoning for the conclusion. Include any subsequent reassessments and what triggered them. |
| Source of funds | 7 years | What the client stated, how they stated it (verbal, email, document), and any supporting documentation provided. |
| Escalation records | 7 years | What was escalated, when, to whom, what decision was made, and why. This is critical for demonstrating your firm took the right steps. |
| SMR records | 7 years | The fact that an SMR was filed, the date, and the reference number. Do not record the content of the SMR in a place accessible to the client or general staff — tipping off rules apply. |
| Ongoing monitoring notes | 7 years | Periodic review dates, what was reviewed, what changed, and any updated risk ratings. Even a brief note that "no changes identified, risk rating maintained as low" constitutes a compliant monitoring record. |
Practical record keeping habits
|
1
|
Document your reasoning, not just your conclusions"Low risk client" is not a compliant record. "Assessed as low risk — Australian resident individual, professional employment, no PEP or sanctions hits, funds from salary" is. AUSTRAC's compliance assessments focus on whether you can demonstrate why you made the decisions you did. |
|
2
|
Record at the time, not after the factContemporaneous notes carry far more weight than notes reconstructed later. Make a habit of recording source of funds, risk assessment, and screening results at the time of onboarding. |
|
3
|
Record decisions not to escalateIf you identified a potential concern and decided not to escalate, record that decision and why. This is as important as recording that you did escalate. |
|
4
|
Use your practice management system consistentlyFirm Verify maintains a central CDD record for each client. Use it. Records scattered across emails, notes, and file folders are difficult to produce in response to an AUSTRAC request and create compliance exposure. |
|
5
|
Retain records after the client leavesThe 7-year retention period runs from the date the record was made or the last time the designated service was provided — whichever is later. Records do not leave your firm when a client does. If you sell your practice, both parties need legal advice on how AML/CTF records are allocated. |