InternationalPropertyRethinking the AML Decision Tree: Precision vs. Automation

1 July 2026

 

In the rapidly evolving landscape of AML/CTF compliance, a visual decision tree is often a practitioner’s best friend. It simplifies complex legislative requirements into actionable steps. However, as our recent internal audit in June 2026 highlighted, even the most intuitive diagrams require constant refinement to stay aligned with the latest AUSTRAC guidance and the Anti-Money Laundering and Counter-Terrorism Financing Rules 2025.

We’ve updated our "Green-Orange-Red" framework, and we want to know: Does this reflect your reality on the ground, or are we missing a beat?

The "At a Glance" Refinements

Based on expert analysis of our workflow, we’ve identified several "Critical Decision Points" where the theory of the law meets the practice of law:

  • The "Red" Nuance: Our initial framework suggested that a "Red" result was an automatic "Do Not Act." We’ve refined this. While a Sanctions Match is a mandatory stop and requires an immediate Suspicious Matter Report (SMR) without "tipping off" the client, a High-Risk rating (without a sanctions match) is actually an invitation to do more work, not less. It triggers mandatory Enhanced Customer Due Diligence (CDD), including verifying the source of wealth and funds.
  • Sequencing Matters: We previously placed Verification of Identity (VOI) as Step 1. In practice, AUSTRAC expects KYC collection and initial risk identification to happen first, with VOI serving as the verification of that initial assessment.
  • The "Green" Myth: A "Green Tick" client (like our classic 80-year-old Australian resident selling their family home) allows for simplified CDD, but it does not mean zero ongoing obligations. Monitoring remains a "light-touch" requirement throughout the matter to watch for sudden changes, such as requests for offshore transfers.

Proposed Workflow: The New Standard?

  1. Collect KYC: Onboarding forms capture the "who, what, and where".
  2. Screening: Simultaneous checks for Sanctions, PEPs, and Adverse Media.
  3. Risk Rating: Categorizing into Green (Low), Orange (Medium), or Red (High).
  4. Action & Record Keeping: Retaining all documents, including the rationale for the risk rating, for 7 years.

Join the Discussion

We are striving for a "documented and defensible" process that doesn't bury our team in red tape.

  • Do you agree that Adverse Media screening should be a standard "Step 1" for all clients, even if not strictly mandated for low-risk cases?
  • Is the distinction between "High Risk" and "Sanctions Match" clear enough in your current workflow to avoid unnecessary service refusals?
  • How are you managing the "passive" ongoing monitoring for your lowest-risk files?

Compliance shouldn't happen in a vacuum. We’d value your feedback on whether this decision tree hits the mark for a busy practice or if there are "invisible" needs we haven't yet mapped.