Common questions about using SimpleAML and meeting your AUSTRAC obligations.
The sidebar follows the correct order. Work through it top to bottom:
SimpleAML is designed for desktop use. On phones and tablets the layout will not display correctly — use a laptop or desktop computer for the best experience.
Recommended browser: Google Chrome. Chrome stores your data reliably with no automatic expiry. Safari (on both Mac and iPhone/iPad) may automatically delete your browser data if you have not visited the app in 7 days — this is a Safari privacy feature that cannot be disabled. For compliance records you cannot afford to lose, Chrome is the right choice.
No account is required. Just open the app and enter your firm name to get started.
SimpleAML stores records locally in your browser on your device. It does not currently provide multi-user cloud sync. You should export and back up your records regularly. This means your data is tied to the specific browser and device you are using. If you clear browser data, switch browsers, or change devices, your records will not move automatically.
AUSTRAC's risk-based framework requires your own written assessment for key areas — not just a checkbox. A tick box shows you completed a step. A written narrative shows you understood it and applied it to your specific firm.
During an AUSTRAC audit you'll be asked to explain and defend your assessments. The areas that specifically require written answers include:
The Dashboard is your live compliance heartbeat. It answers one question: are we currently AML-compliant, and what needs fixing?
At the top right you'll see your overall status verdict — one of three:
Below the verdict is the Compliance Status table showing all 8 areas with their current status, followed by an operational snapshot of your clients, staff, and incidents. Any attention items appear at the bottom as a clickable to-do list — each item links directly to the relevant screen.
The AML/CTF Compliance Report tab generates a PDF summary of your firm's compliance position across all 8 sections of SimpleAML. It is designed to help you prepare for AUSTRAC's Compliance Report when requested — it is not submitted to AUSTRAC directly.
The report covers:
AUSTRAC requires reporting entities to submit a Compliance Report when requested (typically annually). Generate this report to prepare that information. You can also generate it at any time — before enrolment, after a significant change, or when an auditor asks.
Go to New Client in the sidebar. Fill in the client's details including entity type, designated service, jurisdiction and the nature of the relationship. Add at least one individual for identity screening, then set a risk rating and review date. Click Record Compliance Profile to save.
CDD must be completed before you provide a designated service to a client — not after.
Each client is assigned Low, Medium or High risk based on their industry, jurisdiction, the designated service being provided, and any suspicious matter or threshold transaction triggers. The rating determines how often a review is required:
High Risk clients also require enhanced CDD — source of funds documentation, associates screening, and a written reason for proceeding.
No. SimpleAML does not accept file uploads of any kind. There is no document storage, no file attachments, and no links to external documents.
This is by design. Think of it this way:
The Register attests to what is in the Cabinet. If AUSTRAC audits your firm, they will ask to see both — SimpleAML shows them the record of every check performed, and your filing system shows them the underlying evidence.
For example, when you record a sanctions screening for a client individual, you enter the provider, date, result, and reference ID into SimpleAML. The actual screening report from NameScan (or wherever) gets saved into your practice's filing system. SimpleAML records that it happened — your Cabinet holds the proof.
The Dashboard will show an attention item for clients with incomplete CDD. Go to Client Register in the sidebar, find the client, and click Edit to update their record. Update any details that have changed — risk rating, service, individual screening — and save. The previous version is preserved in the client's history.
If a client's circumstances change significantly (e.g. new beneficial owner, change of jurisdiction, new designated service), this may trigger a higher risk rating and require enhanced CDD before continuing to provide services.
SimpleAML is a register — it records that checks occurred, not the underlying documents. For each individual you record the key compliance details rather than storing the underlying source documents in the app. Instead, for each individual you record:
The actual evidence documents — DVS results, screening reports, copies of ID — must be stored separately in your practice's filing system (SharePoint, Google Drive, physical file). Record where they are stored in the client's document location field so an auditor can find them.
For High Risk clients, enhanced CDD is required — including source of funds, which should also be documented and stored in your practice's records.
This may be related to your browser or computer's regional settings. If your device is set to a US locale, some date fields may display in mm/dd/yyyy format while you're entering a date.
Once saved, SimpleAML is designed to display dates in Australian format (dd/mm/yyyy) — but if you're seeing American-format dates after saving, try changing your computer's region settings to Australia and see if that resolves it.
AUSTRAC uses the term "personnel" broadly — it covers anyone involved in your AML/CTF program, including employees, contractors, consultants and partners. For most small accounting firms this means all staff who have contact with clients or handle compliance tasks.
Staff vetting must be completed before appointment for anyone in a compliance role, and reviewed annually.
The SMR & Incident Register is where you record suspicious matters and threshold transactions that arise during your client work. Under the AML/CTF Act, reporting entities must submit a Suspicious Matter Report (SMR) to AUSTRAC when they form a suspicion that a transaction may relate to money laundering, terrorism financing, or other criminal activity.
For each incident you record: the client involved, the date identified, the nature of the suspicion, the AMLCO's review and outcome, and the AUSTRAC reference number if a report was submitted.
Yes — go to AML/CTF Compliance Report in the sidebar and click Generate AML/CTF Compliance Report (PDF). Your browser will open a print dialog — select Save as PDF → Portrait → A4 for the complete document. Record where you saved it using the storage location field so you can find it later.
You can also use Export SimpleAML Data (JSON) in About & Support to download a complete backup of all your app data, which can be imported back into SimpleAML on any device at any time.
ML — Money Laundering. Making illegally obtained money appear legitimate. For example a client using your trust account to layer funds from an undisclosed source.
TF — Terrorism Financing. Providing funds or financial services — knowingly or unknowingly — that support terrorist activities.
PF — Proliferation Financing. Funding the development or acquisition of weapons of mass destruction. A newer requirement added to the reformed AML/CTF Act.
When SimpleAML refers to ML/TF/PF risk it means: what is the risk that your firm's services could be used to launder money, finance terrorism, or finance weapons proliferation. Your Firm Risk Assessment documents your assessment across all three categories.
PF Statement (Services tab) is your firm's policy declaration — what your firm will and won't do regarding proliferation financing. For example: "Our firm will not provide services to any entity subject to UN Security Council sanctions."
PF Risk Assessment (Client Base & Geography tab) is your evidence-based analysis — your actual exposure to PF risk based on your real client base, services and jurisdictions. It requires a rating (Low/Medium/High) and written justification.
Designated services are the specific accounting services that trigger AML/CTF obligations under Tranche 2. Your obligations apply based on what services you provide, not simply because you are an accountant.
Common examples include receiving or managing client funds, creating or restructuring companies or trusts, acting as a nominee, selling shelf companies, or assisting with in-scope transactions involving bodies corporate or legal arrangements.
AMLCO stands for AML/CTF Compliance Officer. Every reporting entity must appoint one before enrolling with AUSTRAC. The AMLCO oversees the firm's AML/CTF program, acts as the primary regulatory liaison with AUSTRAC, and is responsible for filing SMRs and TTRs.
For sole practitioners you will typically be your own AMLCO. SimpleAML's Appointments tab includes a "Fill All Roles" shortcut for this purpose.
Complete your Firm Profile, Risk Assessment, and AML/CTF Program first — then the AUSTRAC Enrolment tab will unlock and guide you through the controls declaration.
SimpleAML stores records locally in your browser on your device. It does not currently provide multi-user cloud sync. You should export and back up your records regularly.
The practical implication is that your data is tied to the specific browser on the specific device where you use SimpleAML. If you clear your browser data, switch browsers, or change devices, the data will not be there automatically.
If you clear your browser data, or switch to a different browser or device, your records will not move automatically. The app will appear empty unless you have exported and restored a backup.
The only way to recover your data is from a previously exported backup file. This is why exporting regularly is important — treat it like saving a file.
simpleaml-backup-YYYY-MM-DD.json will downloadUnder the AML/CTF Act, all records must be retained for a minimum of 7 years from the date the record was made or the transaction was completed. This includes customer identification records, transaction records, and AML/CTF program documentation.
We strongly recommend regular data exports stored in your practice's document management system.
We strongly recommend Google Chrome. Chrome is available on both Mac and Windows, is free to download, and stores your SimpleAML data reliably with no automatic expiry.
Other browsers that work well include Microsoft Edge and Mozilla Firefox. Both handle browser storage reliably.
Safari is not recommended — including on Mac desktop. Safari has a privacy feature called Intelligent Tracking Prevention (ITP) that automatically deletes website data — including your SimpleAML records — if you have not visited the app in 7 days. This applies to both Safari on iPhone/iPad and Safari on Mac.
For a sole practitioner who sets up their compliance program in April and returns to add a client in August, that is more than enough time for Safari to delete everything.
Currently SimpleAML is designed for one person managing compliance on one device. If two people open the app on different devices they will each see different data — there is no automatic syncing between devices.
For an office team right now the most practical approach is to use one designated computer and browser as the primary SimpleAML device. Export your data regularly and share the backup file with team members who need a copy.
At the moment, the practical approach is to use one designated browser and device as the primary SimpleAML location, then share exported backups internally when needed.
SimpleAML does not currently provide multi-user cloud sync. Records stay in the browser on the device you are using.
If you want a copy on another device, use Export Data in the Tools section to create a backup, then use Import Data on the other device if needed.
Yes — SimpleAML is free during beta. No subscription, no credit card, no hidden fees. It was built by a compliance professional who saw sole practitioners and small firms struggling with systems designed for large organisations.
We may introduce optional paid features in the future but the core compliance tool will always have a free tier.
SimpleAML was created by Chris Wong, a finance transformation specialist with 20+ years experience across IAG, TAL, Wesfarmers and Stockland. Chris holds a Master of Insurance & Risk Management from Deakin University and is a CPA.
SimpleAML is developed and maintained by Click Seed Pty Ltd (ABN 87 656 256 567). The tool was built after a sole practitioner Chartered Accountant came to Chris stressed about Tranche 2 with less than 100 days to the deadline — and couldn't find anything simple enough.
Use our contact form or from inside the app click About & Support → Contact Support or the Help button in the top right.
SimpleAML is actively developed and user feedback directly shapes what gets built next.
No. SimpleAML is a compliance assistance tool only. You are responsible for ensuring your own compliance with AUSTRAC requirements. Seek independent legal or compliance advice if you are uncertain about your obligations.
SimpleAML walks you through every AUSTRAC requirement step by step. Free, no account needed.