Who Should Be Your AML/CTF Senior Manager? What the Law Actually Requires (2026)

Reforms to the AML/CTF Act that took effect on 31 March 2026 established specific governance requirements for reporting entities. Under this framework, businesses must appoint an AML/CTF senior manager who holds personal, non-delegable obligations to approve risk assessments and compliance policies.

With the 1 July 2026 deadline approaching for newly regulated Tranche 2 entities, understanding the statutory definition of this role is a regulatory priority. This article explains the legal requirements for selecting a senior manager so reporting entities can meet AUSTRAC expectations and manage money laundering and terrorism financing risks.

Interactive Tool: See If Your Senior Manager Meets the Legal Requirements

The Three-Role Governance Framework for Reporting Entities

Identifying the Three Distinct Governance Roles

Every reporting entity must establish a clear governance structure to protect their business from criminal misuse and maintain compliance with anti-money laundering and counter-terrorism financing laws, a process often managed with guidance from specialist AML/CTF compliance lawyers.

The three mandatory roles are as follows:

• Governing body: This is the board of directors or an equivalent body. It holds the primary responsibility for the entity’s governance and executive decisions, providing oversight of AML/CTF compliance at the highest level.
• Senior manager: This individual is responsible for approving the AML/CTF program and making key compliance decisions. Unlike other roles, a senior manager’s functions under the AML/CTF Act involve directly and personally meeting specific obligations.
• AML/CTF compliance officer: This officer handles the day-to-day management of the AML/CTF program, ensuring that all policies and procedures are correctly implemented throughout the business.

A critical distinction exists between these roles. The governing body and the AML/CTF compliance officer generally oversee compliance, whereas the senior manager must personally approve critical components like risk assessments and AML/CTF policies.

Applying Governance Flexibility for Smaller Businesses

While the governance framework requires three separate functions, it allows for flexibility depending on the size and structure of the reporting entity. The roles are typically held by different people to ensure a separation of duties.

In smaller businesses, it is permissible for one person to take on multiple governance responsibilities. For instance, a sole trader can act as the governing body, senior manager, and AML/CTF compliance officer simultaneously. Ultimately, this flexibility ensures that smaller reporting entities can meet their obligations without needing a large corporate structure.

The Statutory Definition of a Senior Manager

Decision-Making Authority Over Job Title

Under Section 5 of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (‘AML/CTF Act‘), a senior manager is defined as “an individual who makes, or participates in making, decisions that affect the whole, or a substantial part, of the business of the reporting entity.” This definition establishes a functional test, meaning the role is determined by a person’s actual authority rather than their corporate title.

AUSTRAC guidance clarifies that the key factor is the individual’s ability to make or influence strategic or operational decisions. Furthermore, these decisions do not need to be related to anti-money laundering and counter-terrorism financing, and a person does not need to be a C-suite executive to qualify.

Depending on the business structure, a senior manager could be:

• A business owner or director;
• A general manager; or
• A money laundering reporting officer who holds a leadership position.

Appointing External Personnel as Senior Managers

The definition of a senior manager in Section 5 of the AML/CTF Act refers to “an individual” without stipulating that they must be an employee of the reporting entity. This wording provides flexibility, particularly for smaller businesses or newly regulated entities building their governance frameworks.

As a result, a reporting entity can appoint external personnel to the role, provided that person has genuine decision-making authority over the business. Ultimately, the focus remains on the function the person performs rather than their employment relationship with the entity.

Does Your Senior Manager Have to Be an Employee?

No, a senior manager does not have to be an employee. As established by the functional test, the role is defined by authority rather than employment status.

This flexibility allows smaller reporting entities, including those captured under the Tranche 2 reforms, to appoint an external individual with the appropriate seniority. For such an appointment to be compliant, two conditions must be met:

• The individual must genuinely possess the required decision-making authority over the whole or a substantial part of the business.
• The individual must be able to personally fulfil the non-delegable statutory obligations associated with the senior manager role.

Can Your Senior Manager Be Based Offshore?

Yes, but only if they hold genuine corporate power over the Australian entity.

Because the statutory definition under Section 5 of the AML/CTF Act is purely functional, an individual residing overseas can legally fill the role if they make or influence strategic decisions affecting a substantial part of the local business. For example, a foreign director or a global head of risk within a multinational corporate structure may qualify.

However, local businesses and newly regulated Tranche 2 entities cannot simply contract an offshore compliance consultant or virtual assistant to act as their Senior Manager. If that overseas individual does not hold direct operational decision-making authority over the core Australian business, the appointment fails AUSTRAC’s statutory test.

The Non-Delegable Obligations of Your Senior Manager

A senior manager’s responsibilities under the anti-money laundering and counter-terrorism financing framework are personal and direct. Consequently, these obligations cannot be delegated to a compliance officer or any other personnel within the reporting entity.

Approving the Risk Assessment & AML/CTF Policies Including Any Updates

Under Section 26P of the AML/CTF Act, a senior manager must personally approve the reporting entity’s ML/TF risk assessment and all AML/CTF policies. This responsibility also extends to any subsequent updates or amendments to these documents. Furthermore, Section 26P(2) requires that any updates to the ML/TF risk assessment are notified in writing to the governing body as soon as practicable.

Approving or Being Informed of Certain Customer Relationships Before Entry

Your AML/CTF policies must specify which types of business relationships require a senior manager to either approve them or be informed about them before the relationship is established. Ultimately, this ensures there is appropriate oversight at a senior level for customer engagements that may present a higher risk.

Approving Third-Party CDD Arrangements

If your reporting entity plans to use a third party to handle aspects of customer due diligence (CDD), a senior manager must approve this arrangement. This includes giving approval for any written agreement with a third party that will be responsible for collecting and verifying CDD information on your behalf.

Approving High-Risk Customer Onboarding

Senior manager approval is mandatory before providing any designated service to a high-risk customer. This requirement applies specifically when your business has reasonable grounds to believe a customer, beneficial owner, or agent is a:

• Foreign politically exposed person (PEP);
• High-risk domestic PEP; or
• High-risk international organisation PEP.

In addition, this obligation applies if an existing customer is later identified as falling into one of these high-risk PEP categories. In such cases, senior manager approval must be obtained before continuing to provide designated services.

Approving Any Other Circumstances Specified in Your Policies

A senior manager must provide approval for any other situations outlined in your entity’s AML/CTF policies. For example, this includes giving approval before your business provides a designated service to a customer in a nested services relationship. Therefore, your policies must clearly identify any additional circumstances that require senior manager approval and specify which senior manager is authorised to provide it.

Appointing Multiple Senior Managers for Your Reporting Entity

Allocating Specific Tasks Among Multiple Managers

A reporting entity has the flexibility to appoint more than one senior manager to fulfil its anti-money laundering and counter-terrorism financing obligations. This approach allows a business to distribute the personal and non-delegable responsibilities of the role across different individuals who hold the necessary decision-making authority.

According to AUSTRAC guidance, specific tasks can be assigned to different senior managers, such as:

• Approving the AML/CTF program: one senior manager could be responsible for the program and its associated risk assessment; and
• Approving high-risk customer relationships: another could be tasked with approving these relationships before they are established.

Ultimately, this division of labour can be particularly useful in larger or more complex organisations where different senior personnel oversee distinct operational areas.

Documenting the Division of Responsibilities

When a reporting entity chooses to appoint multiple senior managers, it is essential to clearly document the division of their responsibilities. This ensures there is no ambiguity about who is accountable for each specific obligation, creating a clear framework for governance and oversight.

Your AML/CTF policies must identify which senior manager is responsible for each designated task, as this documentation is a key component of demonstrating compliance to AUSTRAC. Specifically, records should clearly state the name of each appointed senior manager and specify their individual AML/CTF responsibilities.

This level of detail ensures that all statutory obligations are covered and that there is a clear audit trail for any approvals or decisions made.

AUSTRAC Record-Keeping Expectations for Reporting Entities

Documenting Senior Manager Appointments & Responsibilities

Under Section 116(1) of the AML/CTF Act, reporting entities must maintain records that are reasonably necessary to demonstrate compliance with their obligations. To meet AUSTRAC’s expectations, your documentation must clearly show how your senior managers have fulfilled their responsibilities.

Your records should include the following details for each appointed senior manager:

• Name and responsibilities: The person’s full name and their specific AML/CTF responsibilities.
• Appointment date: The date they were appointed to the senior manager role.
• Qualification reasons: The reasons the individual qualifies as a senior manager, detailing the aspects of their role that give them authority to make or influence decisions affecting a substantial part of your business.

These records are a critical part of your governance framework and provide the evidence AUSTRAC will review to assess your compliance. Furthermore, according to Section 116(3), these records must be retained for seven years.

Recording Customer Escalations & Approvals

In addition to documenting appointments, reporting entities must keep detailed records of any business relationships that require senior manager approval. Consequently, this creates a clear audit trail demonstrating that high-risk decisions receive appropriate oversight.

When a customer relationship is escalated for approval, your records must show:

• Customer details: The name of the customer and the specific reasons for the escalation.
• Authorised manager: The name and role of the senior manager who was authorised to approve the relationship.
• Decision particulars: The date the decision was made and the reasoning behind the approval or denial.

A practical way to manage approvals for documents like the risk assessment and AML/CTF policies is to use version control. This process can record key details such as the approval date, the name of the approver, the document version, and the next scheduled review date.

Common Mistakes to Avoid

Appointing the Wrong Person

A frequent error is selecting a senior manager based on their job title rather than their actual authority. As outlined earlier, Section 5 of the AML/CTF Act relies on a functional test.

Appointing someone who lacks genuine strategic or operational decision-making power fails this statutory requirement. As long as they meet the functional definition, your appointed senior manager could be:

• A business owner;
• A general manager; or
• A money laundering reporting officer with a leadership role.

Treating Approval as a Formality

As established under Section 26P, the obligations of a senior manager are personal and cannot be delegated. A common mistake is for the appointed individual to treat their approval responsibilities as a simple sign-off or “rubber-stamping” exercise without genuine consideration.

A senior manager must personally engage with and approve critical elements—including the risk assessment, policies, and high-risk customer relationships—to ensure the reporting entity’s framework is robust and effective, a standard formally tested through independent AML/CTF program reviews. Ultimately, a failure to genuinely review these documents undermines the entire governance structure.

Failing to Update When Things Change

Your governance framework is not a static document, and it must adapt to changes within your business. Reporting entities sometimes fail to update their senior manager appointments and related policies when significant changes occur.

These events can include:

• Changes in key personnel;
• Corporate restructures; and
• Shifts in the business model or services offered.

Your policies and records must always reflect the current position of your business. If a person’s role changes and they no longer meet the functional definition of a senior manager, your documentation must be updated to appoint a new individual who does.

Not Recording the Reasoning

Simply naming a senior manager in your AML/CTF program is not enough to demonstrate compliance. As required by AUSTRAC’s record-keeping expectations, your documentation must explicitly detail the reasoning behind their qualification for the role.

Failing to record how their authority satisfies the functional test means you cannot prove to AUSTRAC that your appointment satisfies the legal requirements.

What This Means for Tranche 2 Entities

Establishing Your Governance Framework Before July 2026

For businesses newly captured by the Tranche 2 reforms, such as those in the legal, accounting, and real estate sectors, AUSTRAC expects a complete compliance framework to be in place by the 1 July 2026 commencement date.

To meet these regulatory expectations, your business must take several preparatory steps. Key actions to complete before the deadline include:

• Enrolling as a reporting entity with AUSTRAC, a process that opened on 31 March 2026.
• Developing and implementing a comprehensive AML/CTF program tailored to your specific money laundering and terrorism financing risks.
• Appointing a qualified AML/CTF compliance officer to manage day-to-day compliance.
• Identifying and formally appointing a senior manager who has the authority to approve your risk assessment and AML/CTF policies.
• Training all relevant personnel on their obligations under the new framework and your internal processes.

Managing ML/TF Risks as a Regulatory Priority

AUSTRAC has clearly stated that a failure to manage money laundering and terrorism financing risks is a serious regulatory concern. As a result, newly regulated entities are expected to proactively establish robust systems and controls rather than attempting to retrofit compliance measures after the deadline.

Building your compliance structure correctly from the beginning is more effective than addressing deficiencies during a regulatory review. After the commencement date, AUSTRAC will prioritise enforcement action against any entity that wilfully ignores its obligation to enrol or is found to be complicit with financial crime.

Conclusion

Correctly appointing an AML/CTF senior manager based on their genuine decision-making authority is a critical governance obligation for every reporting entity. Fulfilling the role’s personal, non-delegable responsibilities and maintaining detailed records are essential for demonstrating compliance to AUSTRAC, particularly for Tranche 2 entities approaching the 1 July 2026 deadline.

If you need assistance establishing your governance framework or preparing your AML/CTF program, you can contact our AML/CTF compliance lawyers at Click Legal for specialist advice.

Frequently Asked Questions