How AMLAUS maps to your legal obligations under the AML/CTF Act 2006
How does AMLAUS satisfy our Tranche 2 obligations?
AMLAUS was purpose-built for Tranche 2. Every obligation under the AML/CTF Act — customer identification (Part 2), ongoing due diligence, suspicious matter reporting (Part 3, Section 41), and record-keeping (Part 10) — is handled as an automated workflow. Your agents complete their normal deal process. AMLAUS handles the compliance layer in the background, ensuring nothing is missed before July 1, 2026 enforcement begins.
Is AMLAUS endorsed by AUSTRAC?
AUSTRAC does not endorse specific compliance platforms. However, AMLAUS is built to produce exactly the documentation and reporting that AUSTRAC requires under their published guidance. When AUSTRAC reviews your compliance program, AMLAUS provides the evidence trail — every verification, every screening result, every decision — in the format they expect.
How are Suspicious Matter Reports (SMRs) generated?
When AMLAUS detects suspicious indicators — unusual transaction patterns, sanctions matches, adverse media hits, or anomalous property dealings — it generates a pre-populated SMR with all required fields, supporting evidence, and citations. Your compliance officer reviews, approves, and submits. The entire process takes minutes, not hours. Every SMR is logged with an immutable audit trail.
How do Threshold Transaction Reports (TTRs) work?
Any transaction of $10,000 or more triggers automatic TTR generation. AMLAUS captures the required party details, transaction information, and supporting documentation. Reports are formatted to AUSTRAC specifications and queued for your compliance officer's review before submission.
How are International Funds Transfer Instructions (IFTIs) handled?
When a transaction involves international funds — foreign deposits, offshore transfers, or cross-border payments — AMLAUS flags the IFTI obligation automatically. It pre-populates the report with sender/receiver details, originating institution, and transaction specifics as required under Chapter 17 of the AML/CTF Rules.
Does AMLAUS cover beneficial ownership identification?
Yes. For every entity involved in a transaction — companies, trusts, partnerships, foreign entities — AMLAUS identifies and verifies beneficial owners. For companies, this means tracing through to natural persons with 25%+ ownership or control. For trusts, it identifies trustees, appointors, beneficiaries, and settlors. This directly satisfies AML/CTF Rules Chapter 4 requirements.
How long are compliance records retained?
Seven years minimum, as required by the AML/CTF Act. Every record — verifications, screening results, reports, decisions, and communications — is retained with cryptographic proof of integrity. Records cannot be altered or deleted during the retention period. When AUSTRAC requests historical data, you produce it in minutes.
Can we present AMLAUS to AUSTRAC as evidence of our compliance program?
Absolutely. AMLAUS generates a complete, auditable compliance program that demonstrates your firm's commitment to AML/CTF obligations. Every verification is timestamped, every screening is logged, every decision is recorded with the officer's identity. This is precisely the kind of evidence AUSTRAC looks for when assessing whether a reporting entity has met its obligations.
How AMLAUS works for firms with hundreds or thousands of agents
How quickly can we deploy across all our offices?
48 hours. Day one: platform configured for your agency structure, offices, and user roles. Day two: agents connected, first verifications running. No IT infrastructure required. No consultants. No 18-month roadmaps. Your agents log in, complete a brief onboarding, and start processing deals with compliance coverage from their first transaction.
Can management see what every agent is doing?
Yes. The Enterprise Dashboard gives principals and compliance officers real-time visibility across every office. You see every deal being processed, every verification completed, every AUSTRAC submission filed — and critically, every gap. If an agent hasn't completed a required check, you know immediately. Not when AUSTRAC tells you.
How does the employee compliance scorecard work?
Every agent receives a compliance rating based on their verification thoroughness, documentation completeness, response times to flagged items, and adherence to required procedures. Management can view individual scores, team averages, and office-level metrics. Agents who consistently follow process are recognised. Agents who cut corners are identified before they create exposure.
Can we identify which employees are exposing the company to risk?
That's exactly what the Enterprise Dashboard is designed for. It highlights agents with incomplete verifications, skipped steps, high-risk deals without proper documentation, and overdue compliance actions. You see the specific deals, the specific gaps, and the specific risk — not a vague report weeks after the fact. This is how you protect a $33 million per contravention exposure.
How do franchise groups get consolidated reporting?
Franchise principals get a roll-up view across all offices and all agents. Compliance metrics, screening volumes, report submissions, risk flags, and employee scorecards — all aggregated for board-level reporting. You can drill down from national overview to individual office to specific agent to specific deal. One dashboard. Complete visibility.
What happens if an agent skips a compliance step?
AMLAUS doesn't allow it. Required verification steps are enforced in the deal workflow. If an agent attempts to progress a deal without completing mandatory checks, the system blocks progression and alerts the compliance officer. There are no workarounds. This is how you ensure consistent compliance across thousands of agents.
How identity verification works for your team and your clients
Do our employees need to complete KYC before using AMLAUS?
Yes. Every user must complete identity verification before accessing the platform. This ensures only authorised personnel handle compliance-sensitive data and creates an accountability chain. If AUSTRAC ever questions who made a compliance decision, you have verified identity records for every user who touched the system.
What identity verification do buyers and sellers go through?
Full Customer Identification Procedure (CIP) as required under AML/CTF Rules Chapter 4. For individuals: government-issued photo ID, proof of residential address, and verification against the Document Verification Service (DVS). For foreign nationals: passport verification plus additional source of funds documentation. All verification results are stored with the deal record.
How is beneficial ownership verified for companies and trusts?
Companies are verified against the Australian Business Register (ABR) for ABN/ACN validation, then beneficial owners are identified through ASIC company extract data. Trusts require trust deed review, identification of all trustees, appointors, and beneficiaries. AMLAUS flags complex structures — layered companies, foreign trusts, nominee arrangements — for enhanced due diligence automatically.
How we protect your firm's data with bank-grade security
How is our data protected?
Every piece of data is encrypted — in transit using TLS 1.3 (the same standard used by major banks) and at rest using AES-256 encryption. Access is controlled through role-based permissions: agents see only their deals, office managers see their office, principals see everything. Multi-factor authentication is enforced for all compliance-sensitive actions.
Can other agencies see our data?
No. AMLAUS enforces strict multi-tenant data isolation. Your firm's data exists in a completely separate context from every other firm on the platform. There is no mechanism — accidental or otherwise — for one agency's data to be visible to another. This is enforced at the database level, not just the application level.
Where is our data stored?
Your data is stored in enterprise-grade cloud infrastructure with automatic backups, redundancy, and disaster recovery. All data remains accessible to Australian regulatory authorities as required. Infrastructure is monitored 24/7 with automated threat detection and incident response.
Is the audit trail tamper-proof?
Yes. Every compliance record is cryptographically anchored using Merkle proof technology — the same mathematical framework used in banking and legal evidence systems. Once a record is created, it cannot be modified, backdated, or deleted. If anyone attempts to alter a record, the cryptographic chain breaks and the tampering is immediately detectable.
What happens if there's a data breach?
AMLAUS maintains a comprehensive incident response plan aligned with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988. In the event of a breach: immediate containment, assessment of affected data, notification to the OAIC within required timeframes, and direct notification to affected individuals. All encryption means that even in a breach scenario, data remains protected.
How we screen every entity against international databases in real-time
What sanctions databases does AMLAUS screen against?
Nine international databases, updated continuously: DFAT Consolidated Sanctions List (Australia), OFAC SDN List (United States), UN Security Council Sanctions, EU Financial Sanctions Facility, UK HMT Sanctions, OpenSanctions (global PEP and sanctions aggregator), GLEIF for legal entity verification, GDELT for adverse media monitoring, and FATF high-risk jurisdiction lists. Every entity is screened against all nine simultaneously.
How current is the screening data?
Sanctions lists are refreshed continuously. When DFAT updates the consolidated list, AMLAUS reflects the change within hours, not weeks. Adverse media monitoring runs against international news sources in near real-time. This means an entity that was clean yesterday but sanctioned today is flagged on their next transaction — not discovered during your annual review.
How does adverse media screening work?
AMLAUS monitors international news sources for mentions of entities involved in your transactions. It identifies articles related to money laundering, fraud, corruption, terrorism financing, and organised crime. Relevant articles are flagged with the entity, the risk category, and a direct link to the source. Your compliance officer reviews genuine media hits, not false positives from generic name matching.
What is a PEP and how are they detected?
A Politically Exposed Person is someone who holds — or has recently held — a prominent public function. This includes heads of state, senior politicians, judicial officials, military officers, and their close associates and family members. AMLAUS screens against over 200,000 PEP records globally. If a buyer, seller, or beneficial owner is a PEP, enhanced due diligence is triggered automatically.
How does property intelligence work?
AMLAUS analyses the complete transaction history of any Australian property — every sale, every ownership change, every price movement. It identifies AML red flags: rapid resales (flipping), unusual price movements, multiple transactions by related parties, and properties used in layered ownership structures. This is intelligence that no manual process or form-based tool can replicate at scale.
How AMLAUS fits into your agents' daily workflow without disruption
How much time does an agent spend on compliance per deal?
Less than five minutes. Your agents enter the deal details they already capture — buyer, seller, property, price. AMLAUS handles everything else: identity verification, sanctions screening, beneficial ownership checks, risk scoring, and documentation. The agent sees a simple green/amber/red status. Compliance happens in the background while they focus on selling.
Does AMLAUS integrate with our existing systems?
AMLAUS is designed to work alongside your existing CRM and property management systems. Agents access AMLAUS through a web browser — no software installation required. For enterprise clients, we offer API integration so compliance data flows directly into your existing workflows. Your IT team doesn't need to build anything.
What training do our agents need?
A 30-minute onboarding session. AMLAUS is designed so that anyone who can use a web browser can use the platform. There are no complex procedures to memorise. The system guides agents through each step and prevents them from skipping required actions. Most agents are fully proficient within their first two deals.
Can agents still close deals while compliance is processing?
Yes. AMLAUS processes verifications and screenings in the background. Agents can continue managing their pipeline, communicating with clients, and progressing deals. When a compliance check completes, the agent is notified instantly. The only hold point is if a high-risk flag requires compliance officer review before the deal can proceed — which is exactly how it should work.
The investment case for enterprise-grade compliance
What does AMLAUS cost compared to building an internal compliance team?
An internal compliance team costs $500,000 to $1 million per year for a single firm — salaries, training, legal advice, systems, and ongoing management. And it still relies on human judgment and manual processes. AMLAUS provides superior coverage at a fraction of that cost, with consistent enforcement across every agent and every deal. The ROI is immediate.
Is there a pilot program?
Yes. We offer a 30-day pilot program with no long-term commitment. Deploy across a single office, run real deals through the platform, and measure the results. You'll see exactly how much time agents save, how many compliance gaps are caught, and what your reporting looks like. Most firms expand to full deployment before the pilot ends.
What's the contract commitment?
We offer flexible terms designed for enterprise adoption. Monthly billing with annual discount options. No lock-in contracts for pilot programs. For enterprise-wide deployments, we work with your procurement team to structure terms that align with your financial calendar and approval processes. The goal is to make adoption as frictionless as the platform itself.
Ready to protect your firm?
Tranche 2 enforcement begins July 1, 2026. The firms that move first set the standard. The firms that wait absorb the risk.
BOOK A DEMOamlaus.com · AML/CTF Act 2006 Compliant · AUSTRAC-Ready