Can the initial Risk Assessment be conducted by someone other than the Compliance Officer?

easyAML allows the Risk Assessment to be drafted by Senior Management, CDD User, or another suitably senior role, not only the Compliance Officer. The CO must sign off the final result, but the initial drafting can sit elsewhere.

When this matters in practice:

• Sole CO situations where the CO is also the practitioner and the firm wants a senior advisor or director to do the initial draft.
• Larger firms where the CO oversees the process but a senior operations or risk lead does the data gathering.
• Multi-entity groups where each entity's Risk Assessment is drafted locally and the group CO signs each one off.

How to set it up: in Account Settings → Users, edit the user and change their role to one with Risk Assessment access (Senior Management is typical). The Board Member role does not have access to the Risk Assessment by default - board members are intended as oversight, not as drafters - so a board member who needs to participate should be reassigned to Senior Management.

AUSTRAC's view: the Compliance Officer remains accountable for the Risk Assessment regardless of who drafts it. The CO must understand it, agree with the methodology, and be able to defend it to an external auditor or to AUSTRAC.

Related articles

• easyAML (Platform) Set-up Checklist
• How can reporting groups be formed under AUSTRAC's framework?
• Which training modules are mandatory for which roles?
• What happens when the CO goes on extended leave?
• What are the User Access Levels and Roles?