AML Compliance for Financial Planners: What You Actually Need to Do
The 2026 AML/CTF reforms have landed. For financial planners, the obligations are real but manageable, if you understand which rules apply to your specific practice. This guide cuts through the complexity.
This guide is based on AUSTRAC's Quick Guide: AML/CTF Program for Financial Planners (January 2026) and current AUSTRAC and OAIC guidance. If you are not yet fully compliant, the most important thing you can do right now is develop an Implementation Plan, this demonstrates a good-faith commitment to AUSTRAC and positions you defensibly.
Your Core Obligations as a Financial Planner
Every financial planning practice that provides a designated service under the AML/CTF Act must have two foundational documents in place before providing that service: a risk assessment and a documented AML program. These cannot be borrowed from a product provider or licensee, they must reflect your specific business.
Must be tailored to your specific practice, client base, products, and delivery channels. Using a risk assessment from your product provider or licensee is not sufficient under the AML/CTF Act.
A written program that describes how your practice identifies, manages, and mitigates money laundering and terrorism financing risk, including what controls you have in place. Must be approved by a compliance officer.
You must identify and verify all customers before providing a designated service. This applies even if your obligations are simplified (see Section 2 below).
If you choose to retain copies of verified identity documents, document the business rationale in your AML Program. Keeping copies is not required under the new AML laws, and may create Privacy Act exposure.
Simplified Obligations or Full Compliance? How to Decide
Not all financial planners face the same level of obligation. If your practice only makes arrangements for clients to receive a designated service from another provider, such as a platform, fund manager, or insurer, your obligations are significantly simplified. However, this exemption disappears if you provide any "Tranche 2" designated services.
If in doubt, review AUSTRAC's guidance on professional designated services to check whether specific activities in your practice trigger full obligations.
Initial Customer Identification and Verification
Customer identification and verification must be completed before you provide the designated service, not after, and not simultaneously. The following options apply to standard (low/medium risk) customers. High-risk customers require additional measures including source of funds verification and enhanced due diligence.
Sufficient alone
- Australian passport
- Driver's licence
- Proof of age card
- Foreign national identity card
Both required
- Birth certificate
- Citizenship certificate
- Government concession card
- Utility bill
- Commonwealth, state, territory, or local government notice
Automated option
- Customer's full name
- Date of birth or residential address
- Document Verification Service (DVS)
- Credit reporting agency record
- Other reliable independent electronic data
Record-Keeping: What to Collect, What to Store
Two separate laws govern what you must record and what you must not keep. Understanding how they interact is essential, and the interaction creates a clear default position for modern compliance.
You are not required to retain scanned copies or photocopies of identity documents. You only need to record the type and content of the data collected.
You must not keep more personal information than is reasonably necessary. Collecting ID document copies when they are not required is a direct breach of this principle.
You should not collect scanned copies or photocopies of identity documents. If you do collect them, document the reason in your AML Program.
Not Fully Compliant Yet? Develop an Implementation Plan
If your practice is not yet fully compliant with the 2026 obligations, the most important step is to develop and document an Implementation Plan. AUSTRAC has stated explicitly that it recognises compliance takes time, but it expects good-faith effort and evidence of progress. A documented plan is your strongest defence in any regulatory interaction.
An Implementation Plan creates a defensible position
AUSTRAC's regulatory expectations make clear that reporting entities which demonstrate genuine effort to comply, documented through an implementation plan with milestones and accountability, will be treated very differently from those who ignore their obligations. Read AUSTRAC's Quick Guide for Financial Planners →
Need help getting your AML program in order?
LiteAML works with financial planning practices to build tailored risk assessments, AML programs, and affordable compliance tools.
- AUSTRAC, Quick Guide: AML/CTF Program for Financial Planners (January 2026)
- AUSTRAC, Initial CDD for Individuals (Reform)
- AUSTRAC, Record-Keeping Overview (Reform)
- AUSTRAC, Professional Designated Services (Tranche 2)
- AUSTRAC, Regulatory Expectations for Implementation of AML/CTF Reforms
- OAIC, Privacy Guidance for Reporting Entities under the AML/CTF Act