In part two of this two-part article, Fiona Halsey delves into what is required of an Anti-Money Laundering Compliance Officer within law firms. The legislated obligations of the AMLCO were set out in part one of this article.
Those broad requirements will translate into many tasks. Their daily and operational tasks are likely to include:
- Policy and procedure management: Ensuring that the firm’s policies and procedures are appropriate and effective, and conducting periodic testing of these systems.
- Staff support and troubleshooting: Serving as the first point of contact for queries and reports from staff and acting as a troubleshooter for compliance issues.
- Software oversight: Checking that AML software is functioning correctly and reviewing any reports generated by the system.
- Human resources liaison: Supervising Know Your Employee (KYE) processes and liaising with HR regarding new staff members.
- Reporting to governance: Carrying out the necessary work to prepare and deliver a written report to the governing body at least every 12 months.
- Client onboarding issues: Dealing with situations where the firm wishes to take on a client but encounters problems with Customer Due Diligence (CDD).
- Risk awareness: Ensuring that everyone within the firm understands “red flags” and stays up to date with current trends in AML CTF.
- Regulatory reporting: Ensuring all AUSTRAC reports, including Suspicious Matter Reports (SMRs), are filed accurately and on time.
- Training oversight: Making sure all relevant staff (including the AMLCO themselves) undertake required training and follow established procedures.
- AUSTRAC communication: Receiving, considering, and responding to both general and customized communications from AUSTRAC.
- Independent evaluations: Arranging for an independent evaluation of the firm’s program at least once every three years and addressing any issues arising from that evaluation.
- Cultural leadership: Taking active steps to enhance the AML CTF culture within the firm.
Training requirements for the AMLCO
It is expected that the AMLCO will have a high level of training for the role, although obviously that will be developing during the first few years. AUSTRAC suggests that they will require external training, and are expected to be across current developments. As mentioned in part one of this article, the AMLCO is not required to have any particular secondary or tertiary qualifications.
Personal liability and statutory protections
The role of the AMLCO could involve significant personal exposure to civil, criminal, and professional risks. While the reporting entity is typically the primary target of regulatory action, individuals can be held personally liable under the Act:
- Civil penalties: Under Section 175, the Federal Court may order an individual to pay a pecuniary penalty for contravening civil penalty provisions, with a cap of 20,000 penalty units.
- Criminal prosecution: Personal criminal liability applies to specific offences, including “tipping off” (disclosing information regarding an SMR or AUSTRAC notice), providing false or misleading information to the regulator, or failing to comply with AUSTRAC notices. Tipping off, in particular, carries a penalty of up to two years’ imprisonment.
- Professional consequences: For legal practitioners, serious findings of non-compliance or reckless disregard for obligations can lead to disciplinary action by professional bodies, potentially resulting in the suspension or loss of a practising certificate.
To balance these risks, Section 235 of the AML CTF Act provides a statutory “shield” for officers acting in good faith. Legal proceedings do not lie against a person for actions or omissions done in good faith to comply with the Act. Additionally, it is a valid defence to prove that the individual took reasonable precautions and exercised due diligence to avoid a contravention.
In practice, it seems as though AMLCOs have generally only been prosecuted overseas in situations of personal gross negligence or criminality.
Sole practitioners
Many sole practitioners will be the AMLCO for their firms. Those sole practitioners are not required to provide an annual report to the governing body (i.e. themselves) but must fulfil all other required responsibilities.
What happens when the AMLCO is on leave?
Provided it is not for an overly long period, the functions can be undertaken by another person within the business. The AMLCO should as part of their overall responsibilities put in place procedures to ensure that their functions are fulfilled in their absence. An example of this would be to ensure that there is an arrangement so that while the AMLCO is away, any emails from AUSTRAC to the AMLCO are quickly diverted to another suitable person.
Can there be more than one AMLCO for an organisation?
The legislation does not contemplate more than one AMLCO per organisation. The overall tenor is that there should be one person who is responsible in this role.
Conclusion
For those considering the AMLCO role after 30 June 2026, the position represents a shift from traditional legal practice toward a specialised governance function. It requires a combination of technical expertise, administrative discipline, and the professional fortitude to maintain independent oversight within a commercial environment. While the role carries substantial personal and professional risks, the statutory framework provides protections for those who execute their duties with due diligence and in good faith.
This is a broad summary of the law, and has been condensed for readability. You must consider the law yourself before making decisions.
