What AML compliance records should Tranche 2 businesses keep?
Tranche 2 businesses should keep AML records that show their compliance work actually happened: risk assessment, customer due diligence, beneficial ownership checks, staff training, escalation decisions, program reviews, and corrective actions.
Records are the evidence layer
The AUSTRAC starter-pack material includes many record-producing forms: onboarding forms, initial CDD forms, enhanced CDD forms, escalation forms, unusual activity review forms, personnel forms, annual reports, effectiveness checks, and program maintenance forms. Each form points to a practical evidence need.
In a manual setup, those records can end up in inboxes, shared drives, spreadsheets, and printed files. That makes review difficult. Software should reduce that fragmentation by keeping the AML record with the relevant client, task, program step, or staff member.
Useful evidence categories
- Business risk assessment and review history.
- Customer onboarding and CDD completion records.
- Beneficial ownership and control notes.
- Enhanced CDD decisions and follow-up tasks.
- Staff responsibilities and AML/CTF role assignments.
- Training completion and refresher evidence.
- Escalation and unusual activity decision records.
- Program maintenance, effectiveness testing, and governance records.
Evidence should answer review questions
A good AML record is not just a saved file. It should answer the practical questions someone will ask later: who completed this step, when did they do it, what information did they consider, what decision was made, what was escalated, and what changed afterward?
AUSTRAC starter-pack material points to this need through annual reports, effectiveness checks, client onboarding checks, enhanced CDD checks, suspicious matter reporting checks, compliance officer checks, and independent evaluation responses. Each one is about proving that the program is operating and being maintained.
Record quality framework
| Weak record |
Stronger evidence |
| A file name with no context |
A record linked to the customer, matter, staff member, or program review. |
| A checklist with no owner |
A completed task showing who performed it and when. |
| A risk note without reasoning |
A risk decision connected to customer facts, risk factors, controls, and review dates. |
| A policy PDF only |
Version history, program updates, training evidence, and effectiveness checks. |
Where AML Shield fits
AML Shield is relevant for businesses that want AML records and audit trails to sit inside the same workspace as CDD, training, risk assessment, and program setup. Review AML Shield platform capabilities and pricing for current product details.
Frequently asked questions
Why do AML records matter?
AML records help a business show what it did, when it did it, who was responsible, and how decisions were made.
What records should software make easier to keep?
Software should make it easier to keep risk assessment, CDD, beneficial ownership, training, escalation, program maintenance, and review evidence.
What makes AML evidence useful later?
Useful evidence is dated, linked to the right customer or program step, shows who completed the action, and explains the decision made.
Why are scattered AML records a risk?
Scattered records make it harder to prove that AML steps were completed consistently, reviewed on time, and connected to the business's risk assessment.