Who Must Appoint an MLRO?

The AML/CTF Act uses the term Anti-Money Laundering Reporting Officer (AMLRO) — sometimes referred to in industry shorthand as the MLRO. Every reporting entity must appoint a natural person to this role, and the appointment must be documented in the entity's Part A AML/CTF program. For Tranche 2 entities — law firms, conveyancers, and real estate agents — this requirement became operative from July 1, 2026.

The AMLRO must be someone with sufficient authority within the organisation to carry out the functions of the role. This is not a clerical appointment. The AMLRO must be able to access client files, make filing decisions with AUSTRAC, escalate concerns to senior management, and direct staff on compliance matters. Appointing a junior administrator to the role without authority, resources, or genuine management support is a non-compliance that AUSTRAC will identify as a governance deficiency in any audit.

For a sole-practitioner firm, the principal will typically be the AMLRO. For a multi-partner practice, a designated partner should hold the role — ideally one with genuine interest in and time for compliance responsibilities. For a real estate agency, the principal licensee is the natural choice. The role should be formalised through a documented appointment and communicated to all staff so they know who to approach with AML/CTF concerns.

Core Legal Obligations of the AMLRO

The AMLRO carries several distinct legal obligations under the AML/CTF Act and the AML/CTF Rules. Understanding these obligations is essential — both for the person appointed to the role and for the firm principals who bear responsibility for the overall compliance framework.

The most critical obligation is receiving and assessing internal suspicious matter reports. When any staff member identifies indicators of potential money laundering or terrorism financing, they must report internally to the AMLRO. The AMLRO must assess every internal report and make a documented determination: file an SMR with AUSTRAC, or determine that the indicators do not meet the threshold and document the reasoning for not filing. There is no third option — every internal report must be assessed and resolved.

The AMLRO is also responsible for overseeing the firm's transaction monitoring function — ensuring that existing client relationships are monitored for unusual activity at appropriate intervals, and that the monitoring procedures documented in Part B are actually being applied. This requires periodic review of client risk profiles and transaction patterns, not just reactive assessment of concerns raised by staff.

The AMLRO must maintain the firm's SMR register, ensure that all AML/CTF records are retained in accordance with the seven-year minimum, and provide regular reporting to senior management on the firm's AML/CTF posture. These reporting obligations are part of what makes the role a senior governance function, not a back-office administrative task.

Day-to-Day Duties in a Small Firm

In a small law firm or conveyancing practice, the AMLRO role is unlikely to occupy a large proportion of the appointee's time under normal conditions. For a firm conducting 50-100 property transactions per year with a relatively homogeneous, low-risk client base, the day-to-day AML/CTF function might reasonably occupy two to four hours per week on average — more during busy periods, less during quieter ones.

The primary day-to-day activities include: reviewing customer due diligence documentation for new client matters before they commence designated services; assessing any concerns raised by staff about existing clients or transactions; reviewing SoW assessments prepared by staff before they are finalised; and maintaining the SMR register. These activities can be integrated into the normal client onboarding and matter management workflow without requiring a dedicated compliance team.

The AMLRO should also maintain awareness of AUSTRAC guidance and typologies as they are published. AUSTRAC periodically releases sector-specific guidance, risk assessments, and typology reports. For Tranche 2 entities in the property sector, these publications provide practical intelligence about how money laundering actually occurs in property transactions — which informs what red flags staff should be looking for and how Part B procedures should be calibrated.

For firms using Tranche, the platform consolidates many of the AMLRO's administrative functions. The compliance dashboard surfaces open items — unresolved SMR register entries, pending SoW reviews, training records approaching their 12-month refresh date — so the AMLRO can manage the function efficiently without relying on manual tracking across multiple systems.

Qualifications and Fitness for the Role

The AML/CTF Act does not prescribe specific qualifications for the AMLRO role. However, it does require that the person appointed be fit and proper — and the AML/CTF Rules require that the firm's employee due diligence procedures apply to persons in AML/CTF-sensitive roles, which explicitly includes the AMLRO.

In practice, fitness and propriety for the AMLRO role requires: sufficient knowledge of the AML/CTF framework to make competent assessments; sufficient authority within the organisation to act on those assessments; no disqualifying criminal history — particularly in relation to financial crime, fraud, or corruption; and no conflicts of interest that would impair objective assessment. A partner who has a personal relationship with a client whose file is under SMR assessment has a potential conflict that must be managed through internal escalation.

Formally, AUSTRAC does not require AMLRO certification. However, there are several respected certifications available in Australia — the Association of Certified Anti-Money Laundering Specialists (ACAMS) certification being the most widely recognised internationally — and firms whose AMLRO has completed relevant professional development are better positioned in any audit discussion about the competence of their compliance governance. For a small firm where the AMLRO has no prior financial crime background, completing a targeted AML/CTF training program before formally assuming the role is strongly advisable.

The Part A program must document the AMLRO's appointment — including their name, title, contact details, and the date of their appointment. It must also document the succession arrangement: who assumes AMLRO responsibilities if the designated officer is unavailable for an extended period? For sole-practitioner firms, this may be an external compliance consultant on a retainer arrangement.

What Happens When the MLRO Gets It Wrong?

The AMLRO is a designated compliance function holder, and their failures can attract personal liability in addition to corporate liability for the firm. AUSTRAC can name individual AMLROs in enforcement actions — not merely the entity — in circumstances where the failure is attributable to the individual's conduct or omissions rather than a systemic organisational failure.

The most significant individual risk scenarios are: knowingly failing to file an SMR when the obligation is triggered; disclosing to a client that an SMR has been filed or is being considered (tipping-off); providing false or misleading information to AUSTRAC; or actively directing staff not to comply with their AML/CTF obligations. Each of these can attract individual civil or criminal liability, separate from the entity's liability.

For negligent failures — where the AMLRO did not intend to breach the Act but failed to exercise appropriate diligence — the primary accountability mechanism is typically directed at the firm rather than the individual. However, AUSTRAC can still name the AMLRO in findings that are published as part of its formal enforcement actions, with obvious reputational and professional consequences.

For lawyers who hold the AMLRO role, there is an additional layer: conduct findings arising from AML/CTF non-compliance can be referred to the relevant Law Society or Legal Services Commissioner. A finding that a solicitor, acting as AMLRO, failed to file an SMR or engaged in tipping-off is likely to be treated as a serious professional conduct matter, with potential impact on their practising certificate.

Succession and Absence Planning

One of the most practically overlooked aspects of the AMLRO role is succession planning. What happens if the AMLRO is ill for an extended period, goes on parental leave, or leaves the firm? The AML/CTF obligations continue during that period — suspicious matter reports still need to be assessed, internal reports still need to be received, and the firm's compliance function still needs to operate.

The Part A program must address this. At a minimum, it should designate a named alternate AMLRO who can assume the function during the primary AMLRO's absence. For small firms where no suitable internal alternate exists, a pre-arranged engagement with an external compliance consultant — who can step in to perform AMLRO functions on a temporary basis — is the appropriate solution. That arrangement should be documented in the program before it is needed, not scrambled together after the primary AMLRO becomes unavailable.

For multi-partner law firms and larger real estate agencies, a more formal AMLRO succession structure may be appropriate. This might involve a primary AMLRO and a deputy AMLRO, with both trained to the same level and both having access to all relevant records and systems. The succession structure should be tested — at least notionally — in the annual review process, to confirm that the alternate arrangement is still viable given any personnel changes since the program was last updated.

Documenting the Appointment in Tranche

Tranche's wizard step for AMLRO appointment is designed to capture all information required for Part A compliance documentation. The step collects the AMLRO's full name, title, contact email and phone, date of appointment, and confirmation that the appointee has completed relevant AML/CTF training. It also captures the succession arrangement — either the name of an internal alternate or the engagement details of an external compliance consultant.

The output in the generated program manual includes a formal AMLRO appointment section with all required details, formatted in a way that is immediately usable as evidence of a documented, authorised appointment. The section is dated to the program adoption date and versioned so that subsequent changes — such as an AMLRO change following a personnel departure — are captured in the program version history rather than overwriting the original record.

Tranche also generates a separate AMLRO appointment confirmation document that can be provided to the appointee as evidence of their formal designation. This document is not required by the Act, but it is useful practice — it ensures the appointee is formally on notice of their role and responsibilities, which is relevant if questions later arise about whether they understood and accepted the obligations of the position.