Tranche 2 AML/CTF Acronyms Guide for Accounting Firms
A practical glossary explaining the most common acronyms you will see in AUSTRAC guidance, vendor material, and AML/CTF program documents, and what each term means in practice for accounting firms.
This glossary explains the most common acronyms you will see in AUSTRAC guidance, vendor material, and AML/CTF program documents, and what each term means in practice.
---
Core regime, regulators, and standards
| Acronym | What it stands for | What it means in practice for an accounting firm | |---------|-------------------|------------------------------------------------| | AML | Anti money laundering | Controls and processes to reduce the risk your services are used to clean criminal proceeds. | | CTF | Counter terrorism financing | Controls and processes to reduce the risk your services are used to fund terrorism. | | AML/CTF | Anti money laundering and counter terrorism financing | Shorthand for the full compliance regime: program, onboarding checks, monitoring, reporting, and record keeping. | | AUSTRAC | Australian Transaction Reports and Analysis Centre | The regulator and financial intelligence unit. You enrol with AUSTRAC and submit reports like SMRs. | | FATF | Financial Action Task Force | Global standard setter. Many expectations in guidance and risk language align to FATF concepts. | | DFAT | Department of Foreign Affairs and Trade | Maintains Australian sanctions information and consolidated lists used for sanctions screening. | | UN | United Nations | Sanctions and listings often originate from UN frameworks and are implemented locally through Australian law. |
---
Scope and who is captured
| Acronym | What it stands for | What it means in practice for an accounting firm | |---------|-------------------|------------------------------------------------| | T2 | Tranche 2 | Shorthand for the expansion of AML/CTF obligations to additional sectors, including certain professional services. | | DS | Designated service | A specific service type listed in the AML/CTF legislation. Providing a DS is what can make you a reporting entity. | | RE | Reporting entity | An organisation that provides a designated service and must meet AML/CTF obligations. | | RG | Reporting group | A group of related entities that can manage some AML/CTF obligations together under defined conditions. | | DNFBP | Designated non financial business and profession | International umbrella term for professions like lawyers, accountants, and real estate related services in AML contexts. You may see this in global materials. |
---
Risk concepts and risk documents
| Acronym | What it stands for | What it means in practice for an accounting firm | |---------|-------------------|------------------------------------------------| | ML | Money laundering | The process of disguising criminal proceeds as legitimate. Your controls aim to prevent enabling it. | | TF | Terrorism financing | Raising or moving funds to support terrorism. Risk can exist even where funds come from legitimate sources. | | PF | Proliferation financing | Funding linked to the spread of weapons of mass destruction. Often considered alongside ML and TF risk. | | WMD | Weapons of mass destruction | Term used in PF contexts, mainly tied to sanctions and high risk jurisdictions. | | RBA | Risk based approach | Scaling controls to risk. Lower risk may allow lighter measures, higher risk requires stronger measures and documentation. | | IRA | Inherent risk assessment | The baseline risk of your services, customers, delivery channels, and geographies before controls are applied. | | RRA | Residual risk assessment | The risk level remaining after your controls are applied. This is the risk you are actually carrying. | | ML/TF RA | Money laundering and terrorism financing risk assessment | A document that identifies your key risks and how you manage them. Often the anchor for your program design. |
---
Program, governance, and assurance
| Acronym | What it stands for | What it means in practice for an accounting firm | |---------|-------------------|------------------------------------------------| | Program | AML/CTF program | Your internal system of controls, procedures, and governance to meet obligations. | | Part A | AML/CTF program Part A | Risk controls and ongoing obligations: governance, risk assessment, training, monitoring, reporting, record keeping, and review. | | Part B | AML/CTF program Part B | Customer identification and verification procedures: how you do CDD and verify identity. | | CO | Compliance officer | The nominated person responsible for oversight of AML/CTF compliance, including reporting and program operation. | | IR | Independent review | A periodic review of the program to test whether it is effective and complied with. | | QA | Quality assurance | Ongoing testing of files and processes to confirm checks are being performed correctly and documented properly. | | SOP | Standard operating procedure | Step by step instructions for staff, often mapping to key AML tasks like CDD, ECDD, and SMR escalation. | | TNA | Training needs analysis | A method to determine who needs what AML training, how often, and how it will be assessed. |
---
Customer onboarding and identity checks
| Acronym | What it stands for | What it means in practice for an accounting firm | |---------|-------------------|------------------------------------------------| | CDD | Customer due diligence | The set of checks to identify the customer, verify identity, understand purpose, and assess ML and TF risk. | | Initial CDD | Initial customer due diligence | What you must do before providing the designated service, unless a limited exception applies. | | OCDD | Ongoing customer due diligence | Ongoing monitoring, updating customer information, and responding to changes in risk over time. | | ECDD | Enhanced customer due diligence | Stronger checks required for higher risk customers or scenarios, with additional evidence and approval. | | SDD | Simplified due diligence | Lighter checks that may be acceptable in clearly low risk cases, if allowed and justified by your risk framework. | | KYC | Know your customer | Industry shorthand for CDD activities and data: identity, purpose, risk, screening, and ongoing updates. | | KYB | Know your business | KYC applied to businesses and entities: registration details, directors, controllers, and beneficial owners. | | CID | Customer identification | Collecting identifying information about a customer or entity, before verification. | | IDV | Identity verification | Verifying identity information, typically using documents, data sources, or electronic verification. | | eID | Electronic identity verification | Digital verification methods, often through third party services and data matching. | | DOB | Date of birth | Common identity data point for individuals, typically required for verification and matching. | | ABN | Australian Business Number | Key identifier for Australian entities in KYB checks. | | ACN | Australian Company Number | Key identifier for companies. Often used alongside ABN and ASIC record checks. | | ASIC | Australian Securities and Investments Commission | Company registry source for verifying company details, officeholders, and status. |
---
Ownership, control, and high risk customers
| Acronym | What it stands for | What it means in practice for an accounting firm | |---------|-------------------|------------------------------------------------| | BO | Beneficial owner | The individual who ultimately owns or controls a customer. Identifying BOs is central for entities and structures. | | UBO | Ultimate beneficial owner | The final natural person at the end of ownership chains, especially where there are multiple layers. | | DOC | Director or controller | People who exercise control over an entity. Often relevant for KYB and BO analysis. | | PEP | Politically exposed person | A person in a prominent public position, plus certain close associates and family members. Often triggers ECDD. | | RCA | Relative or close associate | Category used in PEP frameworks for people connected to a PEP and therefore higher risk. | | HRC | High risk customer | Internal label for customers who require ECDD and enhanced monitoring, based on your risk model. | | HRJ | High risk jurisdiction | Countries or regions associated with elevated ML, TF, or sanctions risk, often triggering ECDD. |
---
Screening and adverse information
| Acronym | What it stands for | What it means in practice for an accounting firm | |---------|-------------------|------------------------------------------------| | Sanctions | Sanctions screening | Checking customers and beneficial owners against sanctions lists to avoid prohibited dealings. | | AM | Adverse media | Checking credible negative news for links to crime, corruption, fraud, or other ML and TF indicators. | | WL | Watchlist | A broader screening list that may include sanctions, PEPs, and other risk indicators used by screening tools. |
---
Transactions, monitoring, and reporting to AUSTRAC
| Acronym | What it stands for | What it means in practice for an accounting firm | |---------|-------------------|------------------------------------------------| | SMR | Suspicious matter report | A report to AUSTRAC when you suspect suspicious activity or cannot be satisfied about identity or legitimacy. | | STR | Suspicious transaction report | International term often used instead of SMR. In Australia you will mostly see SMR. | | TTR | Threshold transaction report | Report related to certain cash transactions above the relevant threshold, where applicable to the designated service. | | IFTI | International funds transfer instruction | A report type related to moving funds into or out of Australia, where applicable to the designated service. | | IFTI ECA | International funds transfer instruction, electronic funds transfer out of Australia | A subtype label sometimes used in systems and vendor material for outbound international transfers. | | IFTI DCA | International funds transfer instruction, electronic funds transfer into Australia | A subtype label sometimes used in systems and vendor material for inbound international transfers. | | CMT | Case management tool | Software or workflow for managing alerts, escalations, ECDD approvals, and reporting decisions. | | TM | Transaction monitoring | Ongoing monitoring to detect unusual or suspicious patterns. For professional services this often looks like matter monitoring and behavioural red flags. | | Red flags | Suspicion indicators | Practical signals that warrant escalation, more evidence, or an SMR decision, such as complex structures without rationale. |
---
Record keeping and confidentiality
| Acronym | What it stands for | What it means in practice for an accounting firm | |---------|-------------------|------------------------------------------------| | RKR | Record keeping requirements | The obligation to keep evidence of CDD, risk decisions, monitoring, reporting decisions, training, and reviews. | | RO | Reporting obligation | Internal shorthand for the requirement to submit AUSTRAC reports like SMRs, where triggers are met. | | TO | Tipping off | Prohibition on alerting a customer that an SMR has been made or that an investigation is underway, in certain circumstances. |
---
Common business structure acronyms seen in files
| Acronym | What it stands for | What it means in practice for an accounting firm | |---------|-------------------|------------------------------------------------| | PTY LTD | Proprietary limited company | Common entity type. Requires KYB checks and beneficial ownership analysis. | | SMSF | Self managed super fund | Often involves trustees, controllers, and beneficiaries. Expect more complex BO and control mapping. | | TFN | Tax file number | Sensitive identifier. Use only where necessary and ensure it is handled securely under your data controls. | | POA | Power of attorney | May affect who is acting on behalf of a customer. Ensure authority is verified and recorded. |
---
Practical shorthand used in procedures
| Acronym | What it stands for | What it means in practice for an accounting firm | |---------|-------------------|------------------------------------------------| | EWI | Early warning indicator | A signal that risk may be increasing, prompting a review, KYC refresh, or ECDD. | | KYC Refresh | KYC refresh | An update of identity, ownership, and risk information triggered by time, events, or risk changes. | | POC | Proof of control | Evidence showing who controls an entity or trust arrangement, often required when structures are complex. | | SOF | Source of funds | Evidence of where the specific funds for a transaction or matter come from. | | SOW | Source of wealth | Evidence of how the customer acquired their overall wealth over time. | | EDD Pack | Enhanced due diligence pack | Internal bundle of extra evidence, approvals, and notes required to justify onboarding or continuing a high risk relationship. |
---
Important note
This guidance is general information to help you understand obligations and plan implementation. It is not legal advice. Requirements depend on the services you provide and your circumstances.