We use cookies to enhance your experience and analyse traffic. Privacy Policy

    Skip to main content
    Home
    Programs
    Portal
    Working with your solicitor on AML/CTF
    1 December 2025Implementation

    Working with your solicitor on AML/CTF documentation

    Having your solicitor review and customise your AML/CTF program is essential. Here's how to make that collaboration efficient and effective.

    Why you need legal review

    Generic compliance documents provide a starting point, but your solicitor adds essential value by:

    • Customisation: Tailoring generic provisions to your specific business structure, services and risk profile
    • Integration: Ensuring AML/CTF procedures mesh with your existing operations and other legal obligations
    • Risk assessment: Reviewing your risk assessment against their knowledge of your business
    • Professional opinion: Providing legal opinion that your program meets the Act's requirements
    • Updates: Advising on any recent regulatory guidance or industry developments

    Digital Products + Solicitor = Best Value

    Using pre-built compliance documents doesn't eliminate the need for legal review, but it can reduce the time required. Our related law firm estimates approximately 10 hours to confirm setup and customise documentation for a client. Time and costs will vary widely depending on your firm's complexity, risk profile and specific requirements.

    Choosing the right solicitor

    Not all solicitors have AML/CTF experience. Look for someone with:

    Essential qualifications:

    • AML/CTF experience: Direct experience with the Act and AUSTRAC obligations
    • Industry knowledge: Understanding of your specific sector (law practices, accounting firms, real estate, etc.)
    • Practical approach: Focus on workable solutions, not just theoretical compliance
    • Current knowledge: Up to date with Tranche 2 changes

    Where to find AML/CTF solicitors:

    • Your state's law society directory (search for "AML/CTF" or "financial services")
    • Referrals from professional associations in your industry
    • Industry peers and professional networks
    • Compliance consultancies with legal teams

    Preparing for your solicitor meeting

    Maximise efficiency and minimise costs by being well-prepared:

    Documents to provide:

    • 1.
      Your compliance documents

      Provide the full AML/CTF program documentation, highlighting any areas you've already customised or have questions about

    • 2.
      Business information
      • Business structure (sole trader, partnership, company)
      • List of services you provide
      • Which services are designated services
      • Typical client types and transaction values
      • Number of staff and their roles
    • 3.
      Current procedures

      Any existing client identification, onboarding, or verification processes

    • 4.
      Questions and concerns

      List specific areas where you need guidance or have concerns

    Questions to ask your solicitor:

    1. Does the program adequately cover the risks specific to my business?
    2. Are there any services I provide that I've incorrectly categorised as in or out of scope?
    3. What additional procedures should I consider given my client base?
    4. How should I handle [specific scenario relevant to your business]?
    5. What are the most common compliance issues you see in my industry?
    6. How should I document the compliance officer's role and authority?
    7. What ongoing support can you provide after the program is implemented?

    Key areas for customisation

    Your solicitor should focus on these critical areas:

    1. Risk assessment

    The risk assessment must reflect your actual business:

    • Services: Review the listed designated services and remove/add as appropriate
    • Customer types: Customise customer risk categories to match your client base
    • Geographic risks: Adjust if you regularly deal with specific jurisdictions
    • Risk ratings: Ensure risk levels reflect your business's actual exposure
    • Controls: Document your specific control measures

    2. Customer due diligence procedures

    CDD procedures should align with your workflow:

    • Verification methods: Specify whether you'll use electronic verification, document verification, or both
    • Timing: Clarify when CDD occurs in your engagement process
    • Responsibility: Identify which staff members handle verification
    • Special cases: Document procedures for trusts, companies, SMSFs specific to your practice

    3. Compliance officer

    Clearly define the compliance officer role:

    • Name and position: Identify the specific person appointed
    • Authority: Document their decision-making authority
    • Resources: Specify budget, time allocation, access to legal advice
    • Reporting lines: Clarify who they report to (partners, board, etc.)
    • Backup: Identify a deputy or alternate compliance officer

    4. Record keeping

    Specify your actual record keeping systems:

    • Storage location: Document where records are kept (practice management system, specific folders, etc.)
    • Retention schedules: Align with your existing document retention policies
    • Access controls: Define who can access AML/CTF records
    • Backup procedures: Document how records are protected

    5. Suspicious matter reporting

    Tailor reporting procedures to your organisation:

    • Escalation path: Specify exactly who staff report suspicions to
    • Assessment process: Define how the compliance officer evaluates potential SMRs
    • Decision authority: Clarify who makes final decision to submit SMR
    • Record keeping: Document what records are kept of SMR decisions

    The review process

    A typical solicitor review follows this process:

    Step 1
    Initial review

    Solicitor reviews your template documents and business information to understand scope and requirements (1-2 hours)

    Step 2
    Consultation meeting

    Discussion of your business, clarification of designated services, identification of specific risks (1-2 hours)

    Step 3
    Customisation

    Solicitor makes necessary amendments to template, adds business-specific procedures (2-4 hours)

    Step 4
    Review draft

    You review customised program, provide feedback, ask questions (your time)

    Step 5
    Finalisation

    Solicitor incorporates feedback, provides final program and implementation advice (1 hour)

    Step 6
    Board/partner approval

    Program is formally adopted by your business (your time)

    Total solicitor time: Varies widely by firm complexity and requirements. Our related law firm estimates approximately 10 hours to confirm setup and customise documentation for a client.

    Budgeting for legal review

    Understanding the cost structure helps with planning:

    Legal review costs:

    • Hourly rates vary widely:

      Depending on solicitor experience, location and your firm's complexity

    • Document review time estimate:

      Our related law firm estimates approximately 10 hours to confirm setup and customise your documentation. Time and costs vary widely based on your firm's complexity, risk profile and specific requirements.

    Questions to ask about fees:

    • How do you structure fees for this type of work?
    • What's included in the review (just the program, or training materials and other documents too)?
    • What's not included (e.g., ongoing advice, independent reviews)?
    • How will you bill if questions arise after finalisation?
    • Do you offer retainer arrangements for ongoing compliance support?

    What to do with the finalised program

    Once your solicitor has finalised your AML/CTF program:

    1. Board/partner approval: Have your board or partners formally adopt the program with a written resolution
    2. Implementation planning: Create an implementation timeline and checklist
    3. Staff training: Train all relevant staff on the new procedures
    4. System setup: Configure practice management systems with required checklists and workflows
    5. AUSTRAC enrolment: Complete your enrolment by 29 July 2026 (portal opens 31 March 2026)
    6. Go live: Begin applying procedures to all new designated service engagements from 1 July 2026
    7. Monitor and refine: Track implementation effectiveness and adjust as needed

    Ongoing relationship with your solicitor

    Consider establishing an ongoing relationship for:

    • Ad hoc questions: Specific scenarios or unusual clients
    • Program updates: When regulations change or your business evolves
    • Independent reviews: Biennial reviews of program effectiveness
    • SMR support: Assistance with complex suspicious matter assessments
    • AUSTRAC liaison: Representation if AUSTRAC raises compliance questions

    Some businesses arrange an annual retainer (e.g., $1,000-3,000) for a set number of advisory hours. This provides peace of mind and usually results in lower hourly rates.

    Red flags in legal advice

    Be cautious if your solicitor:

    • Dismisses templates entirely and insists on full bespoke development (may be unnecessary)
    • Provides generic advice without asking about your specific business
    • Suggests overly complex procedures that don't fit your business size or risk
    • Can't explain the rationale for their suggested changes
    • Hasn't kept current with Tranche 2 changes
    • Recommends delaying compliance preparations ("wait and see what AUSTRAC says")

    Good legal advice is practical, proportionate and clearly explained. Don't hesitate to seek a second opinion if something doesn't feel right.

    Read our complete Tranche 2 Guide

    Key dates, affected sectors, obligations and how to prepare

    Ready to get started?

    HeadStart Docs™ provides free AML/CTF program documents tailored to your sector as a starting point that require lawyer review and customisation.