With the introduction of Tranche 2 AML/CTF reforms, a wave of new, mostly smaller entities, lawyers, accountants and real estate agents are now grappling with compliance obligations once reserved for the Tranche 1 entities. For many of these organisations, the immediate response is to adopt an off-the-shelf AML/CTF program, as a ready-made solution that promises swift compliance without the expense of external advisors or dedicated in-house expertise.

However, do these off-the-shelf programs truly deliver value? From our experience, while they can sometimes be effective, far too often, they fall short.

The Problem: One Size Rarely Fits All

There is undoubtedly a place for off-the-shelf programs. For small businesses with limited exposure to financial crime risk, a well-crafted template can provide the structure they need to meet their obligations without overcomplicating things.

However, the reality of what’s often sold under the “off-the-shelf” banner is alarming. We’ve personally seen examples of AML/CTF programs provided to small businesses, some with only a handful of staff, that were unnecessarily lengthy and poorly structured. These documents were littered with unnecessary commitments that would require a far larger team of compliance professionals to implement effectively, let alone one or two people juggling compliance alongside other roles within the business.

Why Does This Happen?

1. Lack of Scalability: Many providers produce templates designed for large businesses without scaling them down to reflect the nature, size, complexity and risk profile of the business acquiring the program.
2. Misaligned Incentives: It takes time and effort to adapt off-the-shelf programs for multiple entities, an investment some consultants may overlook, prioritising convenience over customisation and leaving small businesses with unworkable solutions.
3. Budget: Smaller businesses often operate with limited budgets and may see an off-the-shelf program as a cost-effective solution, at least in the short term, allowing them to minimise expenses where possible.
4. Tick-Box Mentality: Too often, the focus is on demonstrating that a program exists rather than ensuring it is fit for purpose.

The result? Small businesses are left with AML/CTF programs they can’t realistically implement, increasing their exposure to regulatory risk rather than reducing it.

The Solution: Professionals Need to Step Up

Off-the-shelf AML/CTF programs can work — but only if they’re built with the right principles in mind:

1. Right-Sized Documentation: The length, complexity, and commitments within the program must reflect the size, structure, and risk profile of the business.
2. Plain Language: Small business owners are not compliance experts. The program should be written in clear, actionable terms without excessive jargon.
3. Tailored Risk Assessments: Even within an off-the-shelf framework, the risk assessment should be specific to the business’s products, customers, delivery channels and geographic exposure.
4. Support: Simply handing over a document isn’t enough. Providers should offer guidance on how to implement the program day-to-day.

AUSTRAC’s Approach: A Contradiction Worth Noting

AUSTRAC has committed to developing AML/CTF starter kits, specifically for small businesses in Tranche 2 sectors. These kits are designed to provide simplified, low-complexity AML/CTF programs designed for entities with lower risk profiles. Yet this pragmatic initiative appears to conflict with AUSTRAC’s earlier guidance cautioning against template solutions. AUSTRAC itself has previously stated: ‘AUSTRAC recommends you avoid using template or global AML/CTF programs (which are not Australia-specific).’

This apparent contradiction reflects the challenge of balancing practicality with effectiveness. While AUSTRAC rightly cautions against generic solutions, its support for Tranche 2 starter kits acknowledges that small businesses require cost-effective, workable frameworks. The key lies in ensuring that any template, whether provided by AUSTRAC or a third party, is carefully tailored to the specific risk profile of the business to achieve compliance in an environment that demands a risk-based approach.

Final Thoughts: Trust and Accountability Matter

Off-the-shelf AML/CTF programs can serve a purpose, particularly for small businesses newly entering the regulated space, such as the Tranche 2 entities. However, these solutions must be genuinely fit-for-purpose, not just recycled templates with a new label.

Ultimately, it’s incumbent on the professionals offering these programs to move beyond the pursuit of a quick sale. They should look to deliver solutions that help businesses meet their obligations in a clear, practical way.

For small businesses navigating AML/CTF obligations, our advice is straightforward: if an off-the-shelf program feels overwhelming, it probably is — and that’s a red flag that should not be ignored.