AlterspectiveSharedo Audit

Topical anchor · Tier 1 + Tier 3

Compliance & AML/CTF readiness (Tranche 2)

From 1 July 2026, Australian legal practices providing designated services are AUSTRAC reporting entities, with enrolment required by 29 July 2026. The obligations include an anti-money-laundering / counter-terrorism-financing (AML/CTF) program — Part A risk-management processes and Part B customer identification (including beneficial owners and politically-exposed persons, PEPs) — customer due diligence (CDD) with simplified and enhanced tiers, source-of-wealth checks in some circumstances, and reporting and record-keeping. This audit does not opine on your legal obligations; it examines whether your Sharedo platform can evidence them.

T1T3Intelligence
This domain is the topical anchor: the AML/CTF obligations now facing Australian law firms make it the fastest way to feel what an evidence-based audit is for.

1What we examine

CDD data is captured, not improvisedCFG-FF · CFG-WT

Do intake work types capture the identity-verification fields, beneficial-owner structures, PEP flags, and risk-rating fields the program needs — as structured data, not free text?

Phase gates enforce CDDCFG-PH

Is there an enforced phase gate so a matter cannot progress from intake to active work without CDD completion? A control that relies on memory is not a control.

Ongoing-CDD triggersCFG-PH

Are periodic or event-driven ongoing-CDD review triggers configured for higher-risk matters?

Risk-tiering is expressibleCFG-FF

Can the platform distinguish a simplified from an enhanced due-diligence path by matter risk, or is every matter treated the same?

roadmapRecord-keeping is queryable

Is the CDD evidence structured and queryable for an AUSTRAC record-keeping request — or trapped in free-text notes? The free-text lens tests whether CDD facts are being recorded in notes rather than fields, the tell-tale of a control that exists on paper but not in the data.

2How we examine it

Configuration capture confirms which CDD fields and phase gates exist. Where the Intelligence add-on is engaged, the on-premise free-text lens tests whether CDD facts are actually being recorded in structured fields or scattered through notes. Client data never leaves a controlled environment.

This is a readiness assessment of your Sharedo configuration, not legal advice on your AML/CTF obligations — obtain that from your money-laundering reporting officer and legal team. We report only what the platform can and cannot evidence.

3Example finding

Illustrative example — synthetic demonstration corpus

The intake work type had no CDD checkpoint between the 'Received' and 'Active' phases — matters could open and progress without verification evidence attached. Of five expected CDD controls, one was configured.

  • No CDD phase gate between 'Received' and 'Active' — matters open without verification
  • No beneficial-owner structure and no PEP flag on the intake work type
  • Risk-rating captured as free text in a single field with a 3% fill rate
1 / 5CDD controls configured on the intake work type
3%fill rate on the only risk-rating field found
Expected CDD controlConfigured?
Identity-verification fields on the intake work typeAbsent
Beneficial-owner structure capturedAbsent
Politically-exposed-person (PEP) flagAbsent
Risk-rating field (drives simplified vs enhanced due diligence)Weak
Enforced phase gate: no progression without CDD completeAbsent
Expected customer-due-diligence controls versus what the intake work type actually configures.

4The benefit

What you walk away with

Walk into enrolment — and any later AUSTRAC engagement — knowing your matter system can produce the evidence, rather than discovering the gap mid-audit. You receive a concrete, rule-referenced list of the configuration changes that close each gap.

← All audit domains See it in a full report