When does the firm need to add support staff who don't directly do CDD?

Any staff member performing any part of the AML process - including data collection from clients, sending VOI links, uploading documents, following up clients on incomplete VOIs - should be added to the platform as a user with an appropriate role so their activity is audit-traced. AUSTRAC's record-keeping rules expect the firm to identify who performed what part of the CDD; this is hard to satisfy if the staff member is operating outside the platform.

The good news: adding users doesn't change subscription pricing within the included user cap (1-5 on Starter, 6-25 on Professional, 26-Unlimited on Enterprise). So a Frontline Staff user added for audit-tracing purposes adds zero marginal cost.

The constraints:

• Each user must complete the training modules for their assigned role before performing any designated-services work.
• Each user must have individual email and individual mobile for MFA - shared inboxes aren't permitted.
• For staff who only need training (not operational platform access), the Training-Only role doesn't count against the user cap.

If support staff genuinely don't touch AML - pure admin, marketing, finance - they don't need to be added. The threshold is whether they perform any compliance-relevant action on a customer.

Related articles

• easyAML (Platform) Set-up Checklist
• How do I Complete my AML/CTF Training?
• If as a customer we need more users for training but don't want to upgrade tier, what are our options?
• Which training modules are mandatory for which roles?
• How does staff training get assigned in the platform?