What audit logs are available?

A comprehensive audit log records every action across the platform - viewable in-platform by the Compliance Officer and exportable for the 3-year independent evaluation. AUSTRAC's record-keeping rules require reporting entities to maintain auditable records of CDD, training, reporting and governance for 7 years; easyAML retains all logs for that period automatically.

What's logged:

• User actions - logins, role changes, password resets, MFA changes.
• CDD actions - KYC requests sent, completed, force-matched, signed off; KYB unwraps performed; documents uploaded; UBO overrides applied.
• Risk Assessment changes - answers updated, RA approved, Program regenerated.
• Training events - module starts, completions, exemptions granted.
• Reporting - SMR / TTR / Annual Compliance Report drafts created, submitted, edited.
• Risk-rating overrides - who changed what, when, and why.
• Administrative changes - user invitations, role reassignments, sector changes, entity additions.

Every log entry shows the user, the action, the target object (customer, transaction, entity), the timestamp, and where relevant the before/after values.

For external audit: the auditor receives read-only access at no additional cost (every subscription tier) and can inspect the full audit history without needing data exports.

See AUSTRAC's AML/CTF Program reform materials for the record-keeping requirements.

Related articles

• easyAML (Platform) Set-up Checklist
• Glossary: Key Terms & Definitions
• Do I Need an Independent Audit for AML/CTF Compliance?
• How do I access my AML program?
• What does the Compliance Officer role actually require?