What Part A covers
Part A documents how the agency identifies, mitigates and manages ML/TF risk. It includes the agency's ML/TF risk assessment, the systems and controls (CDD, ongoing monitoring, sanctions screening, reporting), the AML/CTF Compliance Officer's role and authority, staff training, independent review, and the procedures the agency follows when risk thresholds are crossed.
Part A is not a generic compliance document. AUSTRAC expects it to reflect the agency's actual risk profile, including the customer types served (local owner-occupiers, interstate investors, offshore buyers), the property segments worked (residential, commercial, prestige, off-plan), and the channels through which customers and funds arrive.
What Part B covers
Part B is the customer identification procedure. It sets out how the agency captures identity, beneficial ownership and risk indicators for individuals, companies, trusts and other entity types. It describes the documentary evidence accepted, the verification method used (in-person, remote, third-party reliance), and the ongoing CDD cadence by risk band.
Part B is the procedure your sales agents follow at intake. It needs to be operationally usable, not just legally complete. Caltury's Part B template ties directly into the customer onboarding flow your agents actually use, so the document and the workflow stay in sync.
- Individual identification: name, DOB, address, photo ID
- Company identification: incorporation details, beneficial owners >= 25%
- Trust identification: trustee, settlor, class of beneficiaries
- Verification methods: in-person, remote ID, document verification service
- Ongoing CDD: cadence by risk band, triggers for re-screen
How Caltury generates your Program
Caltury's Program builder walks through the agency's risk profile in a structured questionnaire, then generates Part A and Part B as a single document tailored to your agency. The output references the AML/CTF Act 2006 by section, the AML/CTF Rules by chapter, and AUSTRAC guidance where it applies. You review, edit and sign as the AML/CTF Compliance Officer.
The Program is regenerated whenever the agency's risk profile changes (new submarket, new buyer cohort, new staff). Old versions are retained in the audit log for the full 7-year retention period. The current version is exportable as PDF on demand for any AUSTRAC enquiry.
Common questions
Can I use a free generic AML Program template I found online?
Technically you can, but AUSTRAC's expectation is that the Program reflects the actual risk profile of the practice. A generic template that does not name the practice's risk indicators, customer types, geographies and procedures is unlikely to satisfy an inspection. Caltury's Program is generated against your actual answers, not a template the inspector has seen before.
How often does the Program need to be updated?
There is no fixed cadence in the Act. Practically, the Program should be reviewed at least annually and updated whenever the agency's risk profile changes meaningfully. An independent review is required at least every three years.
Who signs the Program?
The named AML/CTF Compliance Officer, who is typically the agency principal or licensee. The Compliance Officer's signature attests that the Program reflects the agency's actual procedures and risk-management approach.
Can multiple offices in one agency share one Program?
Yes, if they operate under one legal entity. The Program describes how the agency manages risk across all offices. Where individual offices have meaningfully different risk profiles (different customer types, different geographies), the Program identifies those differences.
This page is general information about Australian AML/CTF obligations. It is not legal advice. AUSTRAC has not reviewed this content. For situations specific to your practice consult an Australian-qualified lawyer or AML/CTF adviser.