Webinar 3All sectorsAUSTRAC Official

Program Starter Kits: Risk

AUSTRAC walks you through the Risk section of the Program Starter Kit — showing how to identify the ML/TF risks your business faces, how the risk documents fit together, and how to build a practical understanding of your exposure to money laundering, terrorism financing and proliferation financing.

Source: AUSTRAC. For more detail on Program Starter Kits, visit austrac.gov.au/program-starter-kits.

Topics covered

  • 1What AUSTRAC's Program Starter Kits are and who they're for
  • 2How the risk documents in the kit fit together
  • 3Identifying ML/TF/PF risks specific to your business
  • 4Building a practical risk picture using the starter kit
  • 5Turning your risk assessment into AML/CTF controls

What is a Program Starter Kit?

AUSTRAC provides free, sector-specific template documents to help newly regulated businesses build their AML/CTF Program. The kits are a starting point — not a finished product. You must populate them with your own business specifics.

Download starter kits on AUSTRAC's website →

Written companion

Plain-language notes covering each topic in the webinar — for easy reference and staff training.

1

What are AUSTRAC's Program Starter Kits?

AUSTRAC's Program Starter Kits are free, sector-specific templates designed to help newly regulated businesses get their AML/CTF Program off the ground. They contain pre-structured documents covering the two required parts of every AML/CTF Program: the ML/TF Risk Assessment and the AML/CTF Policies. The kits are available on AUSTRAC's website and are tailored to specific sectors — so a law firm, an accountant, a real estate agent, and a VASP each receive a kit calibrated to the designated services they provide and the risks those services typically carry. Using the kit does not mean you copy it unchanged — the documents are starting points that you must populate with the specific details of your own business.

2

How the risk documents in the kit fit together

The Risk section of the Program Starter Kit typically contains several interconnected documents that must work together as a coherent whole. At the centre is the ML/TF Risk Assessment — a structured document that takes you from identifying the risk factors relevant to your business (the services you provide, the customers you serve, the channels you use, and the jurisdictions you touch) through to rating the overall inherent risk and the residual risk after controls are applied. Supporting documents in the Risk section may include risk-factor worksheets, customer risk scoring templates, and a risk summary that feeds into your AML/CTF Policies. The key principle is that the risk assessment must genuinely drive your controls — it is not a form to fill in after the fact.

3

Identifying ML/TF risks specific to your business

The risk identification process is where most businesses struggle. The starter kit provides a framework, but the substance must come from your own business. The key risk drivers to work through are: (1) the designated services you provide — each service carries inherent risks; (2) your customer types — individuals, businesses, high-net-worth clients, foreign nationals, PEPs, and their associated risk profiles; (3) your delivery channels — face-to-face, online, third-party intermediaries, and the risks each channel introduces; (4) the jurisdictions your business touches — both where customers are based and where funds flow; and (5) your transaction types and volumes — what patterns of activity you see and which warrant enhanced scrutiny. For each dimension, the risk assessment must reach a reasoned conclusion, not a generic one.

4

Proliferation financing risk in the starter kit

One of the most significant changes introduced by the AML/CTF reforms is the explicit inclusion of proliferation financing (PF) risk in the ML/TF Risk Assessment. PF is the financing of the development, production, acquisition, or movement of weapons of mass destruction — nuclear, chemical, biological, and radiological. This was not explicitly required under the old Part A framework. Under the reformed program structure, every reporting entity must assess their PF risk as a distinct category alongside money laundering and terrorism financing. In practice, PF risk for most reporting entities (other than those with direct exposure to sanctioned jurisdictions or dual-use goods) will be lower than their ML or TF exposure — but the assessment must be documented, reasoned, and not absent.

5

Turning your risk assessment into AML/CTF policies

The output of the risk identification and assessment process is not the risk assessment itself — it is your AML/CTF Policies. The policies are the control layer: the specific procedures your business will follow to mitigate the risks the assessment identified. There must be a clear and traceable link between each identified risk and the controls designed to address it. If your risk assessment identifies that high-risk customers require enhanced due diligence, your AML/CTF Policies must describe how enhanced CDD is triggered, what additional information is collected, and who approves the relationship. If your risk assessment identifies counterparty VASP risk, your policies must describe how counterparty due diligence is conducted before transacting. The starter kit's risk documents are designed so that, completed properly, they provide the factual foundation for building this control layer.

The essential rule for risk assessments

A risk assessment that does not reflect your actual business is not an AML/CTF risk assessment — it is a form-filling exercise. AUSTRAC's Program Starter Kit provides structure, but the substance must come from you: your services, your customers, your channels, your jurisdictions.

Two things AUSTRAC looks for when reviewing a risk assessment: (1) that the inherent risks identified match the business being described, and (2) that the controls in the AML/CTF Policies are clearly linked to the risks identified. Generic language — "we face medium ML risk" with no supporting reasoning — will not withstand scrutiny.

Build your ML/TF Risk Assessment in Veriqua

Veriqua's Program Documents module generates your ML/TF Risk Assessment from your own business data — pre-structured for your sector, covering ML, TF and PF risk, with senior-manager sign-off built in. No blank starter kit. No version-control headache.

The webinar embedded on this page is an official AUSTRAC publication. The written companion content on this page is general information only, current as at July 2026, and is not legal, financial or compliance advice. Obligations depend on the services you provide, your risk assessment and transitional timing. Please confirm your position against current AUSTRAC guidance and seek advice for your specific circumstances.