The staff training trap: Why “once a year” isn’t enough under Tranche 2
As businesses prepare for Tranche 2 AML/CTF reforms, staff training is quickly becoming one of the most underestimated parts of compliance. Many business owners that we speak to assume that if staff complete a training module once a year, the training requirement of their AML compliance is covered. But under Australia’s AML/CTF framework, it’s not that simple. Effective AML training is not about ticking a box. You need to ensure that your team can actually identify risk, apply your processes and respond appropriately when something doesn’t look right. And AUSTRAC has specifically called out the difference between training that is technically “completed” and training that is genuinely effective.
The problem with “tick-and-flick” training
Most people have experienced compliance training that feels more like an obstacle than education. A long video. A rushed quiz. A token certificate at the end. Sometimes staff can skip through most of the content and repeatedly guess answers until they eventually pass. Technically, training may have occurred. But practically? Very little gets absorbed when this training method is utilised. That creates a dangerous gap between:
- having evidence of training,
and - having a team that actually understands its obligations
Under Tranche 2, that training (and ultimately, knowledge) gap matters. A lot.
If one of your staff members misses a red flag or fails to escalate concerns appropriately, regulators will look at whether the training that staff member received was fit for purpose.
What AUSTRAC actually expects
AUSTRAC’s guidance makes it clear that AML/CTF training should be ongoing, risk-based and relevant to the role of the staff member. The expectation is not simply that businesses provide information. Instead, you need to be able to demonstrate that as a result of your training, your staff understand:
- The Money Laundering and Terrorism Financing risks relevant to your business
- Their responsibilities under your business’s AML/CTF program
- How to identify suspicious activity
- What to do when concerns arise (including documentation and escalation protocols)
Importantly, AUSTRAC also expects businesses to maintain records demonstrating that training has occurred. This means businesses need to think beyond completion certificates and consider the broader effectiveness of their training approach.
You can explore AUSTRAC’s broader guidance on AML/CTF programs and training expectations here.
What effective AML training actually looks like
Good AML training is practical and connects directly to the work your team performs every day. For example:
- a conveyancer should understand risks around source of funds inconsistencies or unusual ownership structures
- a real estate agent should know how to escalate suspicious payment arrangements
- an accountant should recognise when complex entities or trust structures warrant closer scrutiny
This doesn’t mean every team member needs deep technical expertise. In fact, one of the biggest mistakes businesses make is overwhelming staff with information that isn’t relevant to their role.
Effective training should be proportionate and role-specific, as well as realistic for that position. Staff should leave training sessions understanding what potential red flags look like and what steps they should take next when they identify these flags. That’s very different from simply “passing” a module.
Why annual training alone usually isn’t enough
A once-a-year training session might satisfy a calendar requirement, but on its own, it rarely builds lasting awareness. Your business’s AML culture is something that AUSTRAC will also be looking at - seeing how AML awareness and compliance fits into your team’s day-to-day client interactions and transactions, and the overarching attitudes towards this.
This is why many businesses we talk to are moving toward more continuous training models, such as:
- onboarding modules for new starters
- short refresher sessions throughout the year
- scenario-based discussions at team meetings (real-life examples are excellent for this)
- periodic updates when regulations or risks change
There is no one-size-fits-all model. Each business needs to determine what is appropriate for its size, risk profile and team structure. The key point is this: Training should be viewed as an ongoing process, not a single yearly event.
How to train without overwhelming your team
One reason businesses fall back on annual “tick-and-flick” training is because they assume the alternative will consume too much time. In reality, effective training often works better in smaller, more manageable formats. Shorter, more focused training can be easier to retain and apply, as well as less disruptive operationally. For example, a 15-minute discussion around a real-world scenario may have more impact than an hour-long generic presentation.
Similarly, reinforcing concepts gradually throughout the year often produces better outcomes than trying to deliver everything at once. Remember, the goal is not to turn every staff member into a compliance expert. It is to ensure they can confidently identify issues relevant to their role and know what to do next.
We shared a more comprehensive insight into how to communicate Tranche 2 to your team without overwhelming them over on a recent blog.
What regulators look for as evidence
When reviewing training, regulators generally look at more than attendance records. They want to see whether training:
- Aligns with your AML/CTF program
- Reflects the risks relevant to your business
- Is appropriate for different staff roles
- Is actually being maintained over time
For example, if your AML/CTF program identifies overseas transactions as a higher-risk area, your training should reflect that. Similarly, if your onboarding team handles customer due diligence, training should specifically address those responsibilities.
Businesses should also maintain records showing:
- Who completed training (and the date the training occurred)
- What content was covered
This is where structured systems become important. Once you consider managing multiple staff, onboarding cycles and refresher requirements, manual tracking quickly becomes difficult (and don’t forget new starters). New staff are often the biggest blind spot in AML training. Your business may have a solid annual training process, but if someone joins midway through the year, there can be long gaps before they receive meaningful AML guidance, which creates obvious risk. New starters should receive AML/CTF training as part of onboarding, particularly if they are involved in client interactions, transaction handling or risk assessment processes.
It’s also important to note that training does not need to be exhaustive on day one. You need to first ensure that your staff understand the basics of the AML/CTF framework and your business’s escalation process, as well as the specific risks relevant to their role. From there, knowledge can continue developing over time.
Training is about culture, not certificates
We touched on AML culture earlier, but this definitely deserves it’s own section. One of the biggest mindset shifts under Tranche 2 is understanding that compliance is not just documentation. It’s behaviour and attitudes too. Staff training plays a major role in shaping that behaviour and those attitudes. A business with strong AML awareness tends to:
- Identify issues earlier
- Escalate concerns more consistently
- Apply processes more confidently
That culture comes from ongoing, positive engagement, not from a once-a-year video.
AUSTRAC says “A strong AML/CTF culture reflects how a business values and prioritises AML/CTF.” This starts at the top and filters down across your team. As a business owner or senior manager, it is your responsibility to ensure that a positive AML culture is nurtured within your business.
Building a training framework that actually works
The most effective AML training programs are structured, trackable and integrated into the broader compliance framework of the business. That’s exactly what easyAML is designed to support. Rather than relying on standalone training sessions or disconnected records, easyAML helps you to onboard your staff, deliver engaging AML/CTF training that they’ll actually remember, track completion and maintain clear documentation (all within the broader AML program).
You can get started for free (including preliminary staff training modules), with no lock-in contracts, no credit card required and no commitments. Take a look now at https://easyaml.com/get-started/