Tranche 2 Obligation #5 — Enterprise-Wide Risk Documentation

ML/TF Risk
Assessment

Your AML/CTF program must be built on a documented, risk-based assessment of your exposure to money laundering and terrorism financing. AUSTRAC requires assessment across four dimensions: customer, product/service, delivery channel and geography. KYCopilot structures and automates the entire process.

Start Your Assessment →Book a Demo

Free to start — no credit card required.

Assessment workflow

01

Map Your Designated Services

Identify every service that triggers your AML/CTF reporting obligations under Tranche 2 reforms.

02

Rate Each Risk Dimension

Score customer, product, channel and geographic risk on your program's calibrated scale with guided prompts.

03

Document Control Effectiveness

Rate the controls you have in place against each identified risk — producing a residual risk position.

04

Set Risk Appetite

Define and document your board-approved risk appetite statement — the benchmark against which residual risk is measured.

05

Version & Schedule Reviews

All assessments versioned with change history. 3-year independent review scheduled automatically. Triggered on material business change.

Four dimensions.
Fully assessed.

AUSTRAC requires assessment of all four risk dimensions. Skipping any one creates a gap in your program that AUSTRAC examiners will find.

person

Customer Risk

Systematic scoring of customer risk factors: PEP or associate status, complex corporate structures, high-risk jurisdictions, cash-intensive businesses and adverse intelligence.

Key factors

arrow_rightPEP / associate of PEP
arrow_rightComplex beneficial ownership
arrow_rightHigh-risk country of origin
arrow_rightCash-intensive business type
arrow_rightAdverse media or regulatory history
inventory_2

Product & Service Risk

Risk profiling of each designated service you provide — accounting for anonymity, cross-border capability, transaction speed and ML/TF misuse typologies.

Key factors

arrow_rightDegree of anonymity
arrow_rightInternational transfer capability
arrow_rightTransaction velocity and size
arrow_rightSector-specific AUSTRAC typologies
arrow_rightThird-party reliance exposure
share

Delivery Channel Risk

Assess the risk introduced by how services reach the customer: face-to-face, fully digital, agent networks, intermediaries and automated platforms.

Key factors

arrow_rightNon-face-to-face onboarding
arrow_rightThird-party introducers
arrow_rightAutomated / no-touch channels
arrow_rightDigital asset platforms
arrow_rightCorrespondent relationships
language

Geographic Risk

Country and jurisdiction risk ratings drawn from FATF grey/black lists, OFAC country programs, AUSTRAC guidance and independent risk indices.

Key factors

arrow_rightFATF grey / blacklist status
arrow_rightOFAC / UN sanctions exposure
arrow_rightDFAT country risk guidance
arrow_rightCorrespondent jurisdiction risk
arrow_rightBeneficial owner country of domicile

Inherent risk is just the start.
Residual risk is what AUSTRAC cares about.

warningStep 1

Inherent Risk

The ML/TF risk your business faces before any controls are applied. Determined by your customers, services, channels and geographies.

tuneStep 2

Control Effectiveness

How well your CDD, monitoring, reporting, training and governance controls mitigate your inherent risks. Rated on a calibrated effectiveness scale.

verifiedStep 3

Residual Risk

Your actual remaining exposure after controls are applied. This is compared against your risk appetite statement to identify gaps requiring remediation.

Structured. Documented.
Audit-ready.

assessment

Inherent & Residual Risk

Two-stage assessment — inherent risk before controls, residual risk after — giving your board and AUSTRAC a clear picture of your actual risk exposure.

account_tree

Linked to CDD Tiers

ML/TF risk assessment output directly drives CDD tier thresholds — so higher-risk customer types automatically trigger Enhanced Due Diligence.

history_edu

AUSTRAC-Aligned Methodology

Assessment framework structured against AUSTRAC's published guidance for tranche 2 entities — covering all four required risk dimensions.

sync

Triggered by Business Change

Automated alerts when you add a new service, expand to a new jurisdiction or onboard a significantly different customer segment — keeping your assessment current.

summarize

Board-Ready Reports

Executive summary and detailed working papers generated automatically — suitable for board presentation, AUSTRAC audit response and independent review.

verified

Independent Review Ready

Assessment records structured to satisfy the mandatory 3-year independent review requirement with full methodology documentation.

policy

Your program must reflect your actual risk

AUSTRAC's supervisory approach is explicitly risk-based. Entities with a higher ML/TF risk exposure are expected to have proportionally stronger controls. A generic, undocumented assessment is one of the most common compliance failures identified in AUSTRAC regulatory reviews.

Start Your Risk Assessment →

Know your risk.
Prove you know it.

AUSTRAC-aligned ML/TF risk assessment across all four required dimensions — structured, documented and review-ready from day one.

Get Started Free →