Topical anchor · Tier 1 + Tier 3
From 1 July 2026, Australian legal practices providing designated services are AUSTRAC reporting entities, with enrolment required by 29 July 2026. The obligations include an anti-money-laundering / counter-terrorism-financing (AML/CTF) program — Part A risk-management processes and Part B customer identification (including beneficial owners and politically-exposed persons, PEPs) — customer due diligence (CDD) with simplified and enhanced tiers, source-of-wealth checks in some circumstances, and reporting and record-keeping. This audit does not opine on your legal obligations; it examines whether your Sharedo platform can evidence them.
Do intake work types capture the identity-verification fields, beneficial-owner structures, PEP flags, and risk-rating fields the program needs — as structured data, not free text?
Is there an enforced phase gate so a matter cannot progress from intake to active work without CDD completion? A control that relies on memory is not a control.
Are periodic or event-driven ongoing-CDD review triggers configured for higher-risk matters?
Can the platform distinguish a simplified from an enhanced due-diligence path by matter risk, or is every matter treated the same?
Is the CDD evidence structured and queryable for an AUSTRAC record-keeping request — or trapped in free-text notes? The free-text lens tests whether CDD facts are being recorded in notes rather than fields, the tell-tale of a control that exists on paper but not in the data.
Configuration capture confirms which CDD fields and phase gates exist. Where the Intelligence add-on is engaged, the on-premise free-text lens tests whether CDD facts are actually being recorded in structured fields or scattered through notes. Client data never leaves a controlled environment.
The intake work type had no CDD checkpoint between the 'Received' and 'Active' phases — matters could open and progress without verification evidence attached. Of five expected CDD controls, one was configured.
| Expected CDD control | Configured? |
|---|---|
| Identity-verification fields on the intake work type | Absent |
| Beneficial-owner structure captured | Absent |
| Politically-exposed-person (PEP) flag | Absent |
| Risk-rating field (drives simplified vs enhanced due diligence) | Weak |
| Enforced phase gate: no progression without CDD complete | Absent |
Walk into enrolment — and any later AUSTRAC engagement — knowing your matter system can produce the evidence, rather than discovering the gap mid-audit. You receive a concrete, rule-referenced list of the configuration changes that close each gap.