Skip to main content

AML/CTF COMPLIANCE

Compliance you can prove. Not just claim.

Built for Australian reporting entities under the AML/CTF Act. Encrypted SMR workflow, tamper-evident audit trail, and mandatory MFA — because checkbox compliance won't survive an AUSTRAC examination.

Get in touchSee Pricing
SHA-256 Hash-Chain AuditEncrypted SMR ContentMandatory MFAAUSTRAC Tranche 2 ReadyGeo-Blocked to Australia

THE REALITY

The starter kit gets you started. It doesn't keep you compliant.

AUSTRAC's free starter kit meets minimum requirements on day one. But ongoing client monitoring, encrypted suspicious matter report management with correct statutory deadlines, tamper-evident record keeping for seven years, and provable audit evidence when AUSTRAC comes knocking? That takes a purpose-built system.

CHAPTER ONE

Know your client. Verify their identity.

Customer due diligence at three levels — standard, simplified, and enhanced. PEP screening across nine categories including relatives and close associates. Beneficial owner tracking with control type and ownership percentage.

  • Standard, simplified, and enhanced CDD levels
  • PEP screening with 9 categories including RCA
  • Enhanced CDD with senior management approval gate
  • Beneficial owner identification and tracking
  • Biometric, manual, and electronic consent tracking
CUSTOMER DUE DILIGENCEStandardCDDSimplifiedCDDEnhanced+ Sr. Approval

CHAPTER TWO

Report suspicious matters. Meet every deadline.

Suspicious Matter Reports stored as AES-256-GCM encrypted binary — not plaintext, not hex text. Correct statutory deadlines enforced: 24 hours for terrorism-related matters, 3 business days for all others. Role-gated access restricted to compliance officers and owners. No-delete policy. Every access logged with IP address and user agent.

  • Encrypted SMR payload (AES-256-GCM, stored as binary)
  • 24-hour terrorism / 3-business-day standard deadlines
  • Role-gated access (compliance officer + owner only)
  • Tipping-off acknowledgment controls
  • SMR access logging with IP and user agent
  • AUSTRAC XML generation
Plaintext SMRAES-256-GCMBinary StorageCompliance officer + owner access only

ENCRYPTION PIPELINE

SMR Created

Plaintext report

Encrypted

AES-256-GCM

Stored

Binary payload

Access Check

Role-gated

Decrypted View

Compliance officer

CHAPTER THREE

Prove everything. To anyone. At any time.

Every action recorded in a SHA-256 hash-chain audit trail. Each entry is cryptographically linked to the previous one — if anyone tampers with a record, the chain breaks and the tampering is detectable. Seven-year retention. Legal hold capability prevents deletion of held records during investigations.

  • SHA-256 hash-chain audit trail (tamper-evident)
  • Legal hold on clients and SMRs during investigations
  • Enterprise risk assessment framework
  • Versioned AML/CTF programs (Part A + Part B)
  • Training modules with completion tracking
  • Data breach incident management with OAIC notification
SHAa3f9…c12eSHAb7d2…88afSHAe1c4…3d90SHAf2a8…b6c1SHA-256 linked • tamper = chain breaks

INTERACTIVE

a3f7b2...

Client Created

8e1c4d...

CDD Completed

f09a12...

SMR Filed

c72e8f...

Review Logged

19d4a7...

Report Sent

TRANSPARENT PRICING

Encrypted compliance. Flat rate.

Every competitor stores your SMRs as plain text. We encrypt them. Every plan includes AES-256-GCM encryption, SHA-256 hash-chain audit trails, and mandatory MFA. No per-transaction fees. No hidden costs.

Practitioner

$79+GST/mo

1 user

Solo accountant, bookkeeper, or conveyancer. Core AML compliance tools.

  • KYC/CDD (all 3 levels)
  • PEP screening (9 categories)
  • Encrypted SMR workflow
  • Tamper-evident audit trail
  • Risk assessment framework
  • AUSTRAC XML generation

Support: Help docs + email (48hr)

Start Free Trial
Most Popular

Practice

$149+GST/mo

Up to 10 users

Small to mid-size firms. Full compliance suite with team access.

  • Everything in Practitioner
  • Multi-user access
  • Legal hold capability
  • Versioned AML/CTF programs
  • Training modules with tracking
  • Compliance reporting dashboard

Support: Email (24hr response)

Start Free Trial

Enterprise

$299+GST/mo

Unlimited users

Large firms and groups. Multi-entity, custom SLA, dedicated onboarding.

  • Everything in Practice
  • Unlimited users
  • Multi-entity support
  • Dedicated onboarding
  • Custom integrations
  • SLA guarantee

Support: Priority email + chat + onboarding call

Start Free Trial

AUSTRAC Tranche 2

84

Days

:
5

Hours

:
40

Minutes

until accountants become reporting entities under the AML/CTF Act.

ARCHITECTURE

Security isn't a feature. It's the architecture.

AES-256-GCM Encryption

SMR content and identity documents encrypted with per-tenant key derivation. Stored as binary, not text.

SHA-256 Hash Chain

Every audit entry cryptographically linked to the previous. Tampering breaks the chain.

Mandatory TOTP MFA

Multi-factor authentication required for every user. No opt-out. Recovery codes provided.

Role-Gated Access

SMR access restricted to compliance officers and owners. No-delete policy enforced via RLS.

Geo-Blocking

Access restricted to Australian IP addresses. Infrastructure hosted in Sydney region.

Legal Hold

Prevents deletion of held records during investigations. Applied per-client or per-SMR.

The RedRock Ecosystem

Better together.

Ready to get compliant?

Tranche 2 takes effect 1 July 2026. Start building your compliance evidence trail now.

Get in touchView Pricing