Does the platform automatically detect when a new Risk Assessment should be triggered?

Yes. The platform continuously compares actual transaction patterns against the assumptions baked into your most recent Risk Assessment and flags when the two have diverged enough to warrant a refreshed RA. AUSTRAC's Rules require reporting entities to keep the Risk Assessment current and to review it when the business changes - this monitoring automates the early-warning step.

What triggers an RA review prompt:

• Sector shift - you're providing different designated services than the RA assumed (e.g. you've expanded from conveyancing into trust structuring).
• Customer mix shift - risk-rating distribution has changed materially (e.g. a higher proportion of customers are now Medium or High risk than the RA modelled).
• Geographic exposure shift - you're dealing with more foreign customers, higher-risk jurisdictions, or a different mix of state/territory exposure than before.
• Volume change - transaction volume has moved materially (up or down) from the RA baseline, often a sign that the business has changed shape.
• Structural change - you've added entities, moved into a Reporting Group, changed your Compliance Officer, or restructured.
• Regulatory update - AUSTRAC has issued new sector guidance that affects how the RA should be calibrated.

When triggered, the CO receives an in-platform alert and an email. Completing a refreshed RA takes ~10 minutes (most answers prefill from the existing RA) and the AML Program regenerates automatically off the new inputs.

See AUSTRAC's AML/CTF Program reform materials for the RA refresh expectations.

Related articles

• easyAML (Platform) Set-up Checklist
• Pre-commencement customers - what CDD obligations apply, and the risks of not completing initial CDD
• How to Complete Your ML/TF Risk Assessment
• When should a business request proof of source of funds and source of wealth?
• How do I access my AML program?