When should I review my AML Program?

Mandatory annual review:

• Set a recurring calendar reminder each year
• Review should be completed by the same date annually
• Document your review with date and findings
  
  

Immediate review required when:

• Significant business changes occur (new products, services, or delivery channels)
• You enter new geographic markets
• Your customer base changes substantially
• You identify new ML/TF risks
• Regulatory requirements change
• AUSTRAC releases sector-specific guidance
• Your business structure changes (mergers, acquisitions, restructuring)
• You experience suspicious activity patterns
  
  

Best practice triggers:

• Major staffing changes in compliance roles
• Changes to transaction volumes or types
• Introduction of new technology platforms
• Feedback from internal or external audits
• Industry-wide risk alerts from AUSTRAC
  
  

Mandatory Independent Review:

• Every three years your program must be reviewed by an independent third party
• This is a legal requirement under the AML/CTF Act to ensure your program remains effective and compliant
• Independent reviewers provide objective assessment of your controls, identify gaps, and recommend improvements
• The review verifies that your documented procedures match actual business practices
• easyAML can help arrange this review for you with qualified compliance professionals