Key Personnel

In Australia’s evolving regulatory landscape, Key Personnel are the primary anchors of accountability. As of 2026, AUSTRAC has shifted its focus from simple procedural compliance to a “governance-first” model.

This means the individuals leading a business are now directly responsible for the strength or failure of its Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) framework.

Whether you are an established financial institution or a Tranche 2 professional services firm, identifying and vetting your key personnel is no longer just an administrative task and it is a critical legal requirement.

What Are Key Personnel Under Australia’s AML/CTF Law?

Under the AML/CTF framework, Key Personnel are individuals who have the ability to influence or control business decisions, particularly those regarding finances and operations. AUSTRAC requires absolute transparency concerning these individuals to prevent “shadow directors” or criminal elements from exerting control over Australian reporting entities.

The regulatory importance of key personnel lies in accountability. If an entity fails to report a suspicious matter or lacks a functional AML program, AUSTRAC looks directly at the governance structure to determine where the oversight failed.

Key personnel are distinguished from general employees by their decision-making power; while a teller processes a transaction, a key person designs the system that monitors it.

Who Qualifies as Key Personnel?

The legal definition of key personnel depends on the entity type (company, trust, or partnership), but generally includes:

• Directors and Company Secretaries: Those officially listed on ASIC records.
• Senior Managers: Individuals who make or influence decisions affecting a substantial part of the business (e.g., CEOs, CFOs, or Store Managers in smaller entities).
• AML/CTF Compliance Officer: The person responsible for day-to-day oversight (must be at the management level).
• Beneficial Owners: Individuals who own or control 25% or more of the entity.
• Partners: Specifically in law or accounting firms now captured by the 2026 reforms.

Identifying these individuals accurately is a prerequisite for AUSTRAC enrolment. Failing to list a shadow director or a silent partner with significant control can result in immediate regulatory pushback.

Key Personnel vs Employees vs Compliance Officers

Key personnel are the people who can influence or control decisions about how the business is run, especially where those decisions affect AML/CTF risk. That is broader than just the AML/CTF compliance officer.

The compliance officer has a specific role: AUSTRAC says they must be at management level, fit and proper, and responsible for overseeing and coordinating day-to-day compliance with the Act, Rules, and regulations.

In practical terms, this means your board, senior managers, and compliance officer all have different responsibilities. The board or governing body should support governance and resourcing, while the compliance officer coordinates the program and reports on compliance.

AUSTRAC also says the compliance officer must report to the governing body at least once every 12 months.

Fit and Proper Person Requirements for Key Personnel

One of the most significant 2026 updates is the explicit requirement that certain key personnel – most notably the AML/CTF Compliance Officer – must be “fit and proper.” AUSTRAC’s expectation is that those in control possess the integrity and competence to manage financial crime risk.

When to Update Key Personnel Records

Key personnel details should not be treated as static. AUSTRAC’s enrolment and reform guidance shows that businesses must keep their compliance information current, and newly regulated businesses must enrol by the relevant 2026 deadline window. The compliance officer notification timing for newly regulated entities is also subject to transitional timing rules.

You should refresh key personnel records when there is a change in directors, senior management, compliance officer, governance structure, or AML/CTF responsibilities.

You should also review them when the business changes its services, adds new locations, or experiences a significant risk event. AUSTRAC’s personnel due diligence guidance supports ongoing review rather than a one-time check.

The Suitability Assessment

Under the new Rules, “Fit and Proper” is not a one-time check but an ongoing obligation involving:

• National Criminal History Checks: Must be conducted through an approved provider and typically refreshed periodically.
• Bankruptcy Searches: Ensuring key personnel are not under personal insolvency agreements that could create a conflict of interest or vulnerability.
• Adverse Media & Regulatory Findings: Reviewing if an individual has been the subject of civil or criminal proceedings related to professional activity.
• Competence & Judgment: Assessing whether the person has the skills to actually understand the business’s specific ML/TF risks.

Key Personnel Obligations Under the AML/CTF Act

Key personnel are the “engine room” of a firm’s compliance. Their specific obligations include:

• Program Oversight: Senior management must approve the AML/CTF Risk Assessment and all related policies.
• Reporting to the Board: The Compliance Officer must provide a formal report to the governing body at least once every 12 months.
• Resource Allocation: Ensuring the business has sufficient staff, IT systems, and training budgets to meet AUSTRAC standards.
• SMR Governance: Overseeing the escalation pathways for Suspicious Matter Reports (SMRs).

Personal Liability

AUSTRAC has increased its focus on individual accountability. In cases of “egregious” or systemic failure, directors and senior managers can face civil penalties and significant reputational damage if they cannot demonstrate they took “reasonable steps” to manage their entity’s risks.

Key Personnel and Tranche 2 AML Reforms

As of July 1, 2026, the “gatekeeper” professions – lawyers, accountants, real estate agents, and trust service providers are officially regulated entities. For many of these firms, the concept of “Key Personnel” is a major cultural shift.

In professional service firms, partners who traditionally focused on billable hours must now formalize their roles as “Senior Managers” under the Act. Informal governance arrangements are no longer acceptable. Newly regulated entities must enrol with AUSTRAC between 31 March and 1 July 2026, a process that requires a full disclosure of their key personnel and their suitability for the roles.

Common Compliance Mistakes Involving Key Personnel

• Notification Delays: Failing to notify AUSTRAC via AUSTRAC Online within 14 days of a change in key personnel or a Compliance Officer.
• The “Set and Forget” Check: Assuming a criminal check done five years ago is sufficient for the current “ongoing due diligence” requirement.
• Role Confusion: Appointing a junior staff member as the Compliance Officer who lacks the “independence and authority” required by law.
• Lack of Board Engagement: Directors who treat AML as a “tick-box” exercise without active oversight of the ML/TF risk assessment.

How to Strengthen Key Personnel Governance

To protect your business and its leaders, your AML/CTF Program should incorporate:

• Annual Fit and Proper Reviews: Regular refreshes of due diligence for all listed key personnel.
• Documented Governance Frameworks: Clear charters outlining the specific AML responsibilities of the Board versus the Compliance Officer.
• Independent AML Audits: Engaging external experts to verify that your key personnel are meeting their statutory oversight duties.
• Governance Training: Specialized briefings for directors and partners on their personal liability under the AML/CTF Act.

Why Governance Risk Is Rising

With the 2026 reforms, AUSTRAC is moving toward a more aggressive enforcement posture. The expansion of the regime to thousands of new entities means the regulator will rely heavily on Self-Reporting and Governance Accuracy. If your key personnel records are inaccurate, it is often viewed by AUSTRAC as a red flag for broader systemic non-compliance.

How “Tranche Two Consultants” Can Help

Navigating the “Fit and Proper” requirements and the complex notification deadlines of 2026 can be overwhelming for newly regulated firms. As specialist AML Consultants, Tranche Two Consultants provides end-to-end support to ensure your governance meets AUSTRAC’s high bar.

Our services include:

• Key Personnel Vetting & Due Diligence: Managed “Fit and Proper” assessments.
• Compliance Officer Training: Upskilling your management-level staff to meet the 2026 eligibility criteria.
• Governance Framework Design: Ensuring your Board/Partners have the oversight structures needed to avoid personal liability.
• AUSTRAC Enrolment & Registration: Managing the technical submission of your business and personnel details.