As AML requirements tighten, most firms are not starting from zero. However, the issue is not whether something exists — it is whether what exists will stand up to scrutiny.
From what I am seeing across our client firms, there are several consistent gaps.
First, many firms do not yet have a documented AML program. Processes may exist informally, but without formal documentation, they are difficult to demonstrate, enforce, or audit.
Second, client due diligence is inconsistent. Initial checks may be performed, but there is little standardisation in how risk is assessed, recorded, and reviewed.
Third, ongoing monitoring is often absent. AML is not a “point-in-time” exercise, yet many firms treat it as part of onboarding rather than a continuous obligation.
Fourth, there is an over-reliance on manual processes or junior staff. This creates both quality risk and scalability issues, particularly as client volumes increase.
Finally, there is a persistent assumption that smaller firms are unlikely to be targeted. This is a dangerous misconception. Regulatory focus is expanding, and like the ATO, enforcement is increasingly data-driven.
The reality is that most firms are partially compliant at best. They are not ready for this.
Understanding where your gaps are is the first step. Addressing them in a structured way is the next.
At our upcoming webinar on 22nd April, we will be joined by Dr Mathew Leighton Daly, Special Counsel at HWLE Lawyers and an academic at Sydney University specialising in AML and Financial Crime. We will walk through the most common failure points and how to assess your current position against emerging expectations.
Register here: https://fjzdo.share-eu1.hsforms.com/2hjjl1x24ThmAIGR6dv2sng