AUSTRAC Tranche 2 reforms are coming — accountants, lawyers, conveyancers, real estate & dealers are being brought into the AML/CTF regime.
AMLCompliant
BlogAm I captured? — free check
AML/CTF · Tranche 2 guide

The AML/CTF Compliance Officer (AMLCO): Role, Duties and How to Appoint One

8 min read · General information, not legal advice · Updated 2026-06-12

Key takeaways

  • The AMLCO is your firm's named, accountable person for the AML/CTF program and the point of contact with AUSTRAC — a real working role, not a title on a form.
  • In a small firm the role usually sits with an owner, partner or senior practice manager; the key tests are seniority, independent judgement, capacity and competence, and the same person can hold it alongside other duties.
  • Appoint properly: choose the right person, define the role in writing, grant real authority and time, record it in your program, train them, and plan a backup.
  • Appointing an AMLCO does not move the legal obligations away from the firm — they stay with the reporting entity and its senior management, with serious failures risking significant civil and criminal penalties.
  • A template kit can supply the AMLCO position description and governance structure, but the substance must reflect your firm; this is general information, not legal advice, and depends on the designated services you provide.

You run a real estate agency, a conveyancing or accounting practice, a law firm, or you deal in precious metals or stones, and you have worked out that Tranche 2 brings your firm into Australia's AML/CTF regime once you provide certain designated services. One of the core obligations is to appoint an AML/CTF compliance officer — the AMLCO — and now you have to decide who that will be. In a five-person firm, that decision often comes down to you, a partner, or your practice manager.

This article explains what the AMLCO actually does, who can take the role in a small business, and how to appoint one properly so the person is set up to succeed rather than handed a title and left exposed. This is general information, not legal advice, and your firm's obligations depend on the specific designated services you provide.

What an AML/CTF compliance officer is

The AML/CTF compliance officer (AMLCO) is the named, accountable person responsible for your firm's AML/CTF program — the governance, the ML/TF risk assessment, and the policies, procedures, systems and controls that put them into practice. They are the point of contact between your firm and AUSTRAC (the Australian Transaction Reports and Analysis Centre), and the person senior management looks to for assurance that the program is working.

It helps to be clear about what the role is not. The AMLCO is not a box you tick by writing a name on a form. It is not a job that can sit dormant between audits. And it is not a way to push all the legal risk onto one junior staff member while the owners look away — the obligation rests with the reporting entity, and the AMLCO needs the standing to do the job. The role is meant to be a real, working function with a real person behind it.

What the AMLCO actually does

Day to day, the AMLCO owns the program and keeps it alive. In practice the duties usually include:

  • Owning the AML/CTF program — making sure the governance arrangements, the ML/TF risk assessment, and the written policies and procedures exist, stay current, and reflect what the firm actually does.
  • Overseeing customer due diligence — ensuring CDD/KYC is carried out at onboarding, that beneficial owners are identified, that higher-risk customers get enhanced due diligence, and that ongoing CDD keeps customer information current.
  • Overseeing transaction monitoring — making sure staff watch for unusual or suspicious activity and know how to escalate it.
  • Handling reporting to AUSTRAC — overseeing suspicious matter reports (SMRs) when a relevant suspicion is formed, and threshold transaction reports (TTRs) for physical currency of AUD 10,000 or more, all lodged through AUSTRAC Online, while protecting against tipping off.
  • Looking after record-keeping — ensuring records are kept, generally for seven years.
  • Driving training and awareness — making sure staff understand the controls they are expected to operate.
  • Reporting to senior management — briefing the owners or board on how the program is performing and where the gaps are.
  • Being the AUSTRAC contact — the person the regulator deals with on AML/CTF matters.

The thread running through all of it is accountability. The AMLCO is the person who can answer, with evidence, the question 'how do you know your controls are working?'

Who can be the AMLCO in a small firm

In a small business you usually do not have a dedicated compliance hire, so the question is which existing person takes it on. There is room to be practical here, and the same person can hold the role alongside other duties — but the choice matters.

Good candidates tend to share a few features:

  • Seniority and authority. The AMLCO needs enough standing to set policy, require staff to follow procedures, and escalate a problem without being overruled for commercial convenience. In a small firm this often points to an owner, a partner, or a senior practice manager.
  • Independence of judgement. The person must be able to decide that a matter is suspicious and should be reported, even when the client is valuable. If the role sits with someone whose pay depends entirely on closing the deal, that judgement is compromised.
  • Time and capacity. The role is real work. Whoever takes it needs genuine time set aside, not an extra line on an already full plate.
  • Fit-and-proper standing. The person should be appropriately trustworthy and competent for a role that handles sensitive obligations.

A common and workable pattern in a small firm is for an owner or principal to be the AMLCO, with the practice manager handling much of the day-to-day operation under their oversight. As the AUSTRAC rules are finalised, confirm any specific expectations about who may hold the role for your sector.

How to appoint your AMLCO: the steps

Appointing an AMLCO is more than a name on a page. Treat each item below as 'done' only when it is written down and the person has genuinely accepted it.

  • Choose the right person — weigh seniority, independence, capacity and competence against the criteria above.
  • Define the role in writing — set out the AMLCO's responsibilities, decision-making authority, and reporting line to senior management in a clear position description.
  • Grant real authority and resources — give the person the power to set and enforce policy, access to records and systems, and protected time to do the work.
  • Record the appointment in your AML/CTF program — name the AMLCO in your governance documents so the role is visible and traceable.
  • Brief senior management — make sure the owners or board know who the AMLCO is, what they are responsible for, and how they will be kept across the program.
  • Provide training — ensure the AMLCO genuinely understands the obligations, the firm's risk assessment, and the AUSTRAC Online reporting process.
  • Plan a backup — decide who covers the role during leave or absence so reporting and oversight never lapse.
  • Link the role to your AUSTRAC enrolment — be ready to provide the required details as you enrol with AUSTRAC ahead of 1 July 2026.

The aim is an AMLCO who is empowered and informed, not just nominated. A name with no authority behind it is a gap a reviewer will spot quickly.

Accountability: what the AMLCO carries — and what stays with the firm

It is worth being precise about where responsibility sits, because the wrong assumption can leave both the firm and the individual exposed.

The AML/CTF obligations belong to the reporting entity — your firm. Appointing an AMLCO does not transfer those obligations away from the business or its senior management; it gives the firm a named person to run and answer for the program. Senior management retains responsibility for making sure the program exists, is resourced, and is actually followed.

What the AMLCO carries is operational accountability: keeping the program current, ensuring CDD and monitoring happen, overseeing SMR and TTR reporting, and flagging problems to the owners. Where AML/CTF controls fail seriously, the consequences for the firm can include significant civil and criminal penalties, which is exactly why the role needs to be genuine and supported rather than nominal.

For the person taking it on, the practical protection is the same thing that makes the role effective: documented authority, real time to do the work, a clear reporting line, and senior management that backs their decisions. An AMLCO who is given the title but denied the resources is set up to fail, and that helps no one.

Common mistakes when appointing an AMLCO

Most of the problems firms run into come from a handful of avoidable errors:

  • Naming someone too junior. If the AMLCO can be overruled whenever it is commercially inconvenient, the role cannot work.
  • Treating it as a title, not a job. An appointment with no time, authority or resources behind it is a gap dressed up as a control.
  • A conflict of interest. Putting the role with someone whose income depends entirely on closing deals undermines the independent judgement the role requires.
  • No backup. When the sole AMLCO is on leave, reporting and oversight should not stop. Plan cover in advance.
  • No training. A person who does not understand the obligations or the firm's own risk assessment cannot run the program, however senior they are.
  • Forgetting to document it. If the appointment, the responsibilities and the authority are not written into the program, you have nothing to show a reviewer.

A faster way to set the role up properly

You do not have to draft the governance scaffolding from a blank page. A well-built, audit-ready template kit typically includes an AMLCO position description, the governance and oversight section of the program, and the registers and reporting procedures the role depends on — so your effort goes into choosing the right person and tailoring the detail rather than inventing the format. For a small firm, that can turn a slow drafting exercise into a focused decision and a short tailoring pass, while still producing documents that reflect your business.

Whatever route you take, the substance is what matters: a real person, with real authority, a clear written mandate, and the backing of senior management. This article is general information and not legal advice, and your obligations depend on the specific designated services you provide. Confirm the detail with AUSTRAC or a qualified adviser before you finalise your appointment.

Frequently asked questions

Do I have to appoint an AML/CTF compliance officer?
Yes — appointing an AMLCO is one of the core obligations for a reporting entity under Australia's AML/CTF regime. If your firm provides specified designated services as a Tranche 2 entity, you will need a named, accountable compliance officer. New obligations are due to commence on 1 July 2026, so confirm your position with AUSTRAC or a qualified adviser.
Can the business owner be the AMLCO in a small firm?
In a small firm, yes — an owner or principal is often a sensible choice because they have the seniority and authority the role needs. The same person can hold the AMLCO role alongside their other duties, provided they have genuine time, independence of judgement, and the competence to run the program. The practice manager commonly handles much of the day-to-day operation under the owner's oversight.
What does an AML compliance officer actually do day to day?
The AMLCO owns the AML/CTF program: keeping it current, overseeing customer due diligence and transaction monitoring, handling SMR and TTR reporting through AUSTRAC Online, looking after record-keeping, driving staff training, and briefing senior management. They are also the firm's contact point with AUSTRAC. The common thread is being able to show, with evidence, that the controls are working.
Is the AMLCO personally liable if something goes wrong?
The AML/CTF obligations rest with the reporting entity — the firm — and its senior management, not solely with the AMLCO. Appointing a compliance officer does not transfer those obligations away from the business. The AMLCO carries operational accountability for running the program, which is why the role needs documented authority, time and senior backing rather than being nominal. Confirm specifics with a qualified adviser.
Does the AMLCO have to be a full-time or dedicated hire?
Not for a small firm. The role can be held by an existing senior person alongside other duties, as long as they have real, protected time to do the work and the authority to enforce the program. What matters is that the function is genuinely performed, not whether it is a standalone position. Plan a backup so oversight and reporting continue during leave.
What happens if my firm doesn't appoint a compliance officer?
Failing to meet AML/CTF obligations, including appointing an AMLCO, can expose your firm to significant civil and criminal penalties where breaches are serious. Just as important, without a named owner the rest of the program tends to drift and gaps go unnoticed. As the AUSTRAC rules are finalised, build the role now and confirm the detail with AUSTRAC or a qualified adviser.

Sources

This article is general information only and is not legal or compliance advice. Your obligations depend on the designated services you provide. Confirm your position with AUSTRAC (austrac.gov.au) or a qualified adviser.

The Complete AML/CTF Kit

Get your AML/CTF program sorted — without the consultant bill

Audit-ready, editable Word templates for Australian Tranche 2 reporting entities — AML/CTF program, ML/TF risk assessment, CDD/KYC, SMR & threshold registers, record-keeping and an AUSTRAC enrolment checklist. Instant download.

Get the Complete AML Kit — $197Am I captured? — free check