AML Workflows: The Make-or-Break for Client and Staff Experience

In our last article “Ready or Not: Are Law Firms Prepared for Australia’s AML Reforms?”, we explored the readiness gap facing Australian law firms ahead of Tranche 2. The message was clear: most firms feel confident, but few are operationally prepared for the shift that AML/CTF obligations will bring on 1 July 2026.

With less than a year until the legislation takes effect, what should law firms be doing now? The simple answer is to just get started. As Gary Spalding from Dentons New Zealand recalls:

“The hardest part wasn’t the rules, it was the people. We had to shift culture, not just policy.”

Specifically, the first step is for firms to translate  high-level obligations into practical policies and everyday workflows that staff can follow and clients will accept. 

AML will literally touch every part of the firm, and against the backdrop of Actionstep’s 2025 research where 71% of firms say client satisfaction is their top priority, 79% plan to win new business through superior client service, 59% cite talent retention as a strategic challenge, and 74% say staff are already time-poor, workflows become make-or-break.

In that context, AML is not just a compliance project. It’s a client experience issue, a staff experience issue, and a workload issue. If it’s implemented in a way that feels heavy, manual or disconnected, it will cut directly across the very priorities firms say matter most.

Handled well, though, AML can be folded into existing processes with minimal friction. The difference comes down to design: clear scope, simple workflows and technology that supports rather than hinders.

1. Setting your AML approach and risk framework

The first decision is deciding how AML will apply in practice. Some smaller firms may prefer a “whole-of-firm” approach – treat all clients as in-scope, so nothing slips through. For larger or more diversified practices, a targeted model usually works better: AML checks apply to defined practice areas (for example, conveyancing, trust account activities or high-value transactions), while other services remain outside scope.

Documenting those boundaries is crucial. Without clarity, staff either apply checks inconsistently or default to “do everyone”, which quickly overwhelms capacity. As Kari Benninghaus of Foley Douglas recalls:

“At one point, we tried the ‘just do everyone’ approach because it seemed easier – but it really wasn’t. Capacity quickly became an issue, things fell through the cracks, and it became harder to track what was complete.”

• Kari Benninghaus, Foley Douglas

The second step is setting a risk framework that defines how much due diligence is required in different scenarios. Get this wrong and you either under-check (and risk penalties) or over-check (and frustrate both clients and staff). Typical risk factors include client type, geography, service line, transaction size, delivery channel and whether a client is a PEP or on a sanctions list. 

The goal is proportionate effort: low-risk clients move quickly through streamlined checks, while higher-risk matters trigger enhanced due diligence and closer oversight. As Gary Spalding from Dentons put it:

“Your risk assessment isn’t a document – it’s your strategy. It guides everything. If it’s wrong, everything built on top of it will be too.”

This is where the Actionstep research becomes real. With 71% of firms prioritising client satisfaction, over-checking low-risk clients will undermine that goal. With 74% of staff already time-poor, wasting hours on unnecessary checks is unsustainable. And with 59% citing talent retention as a strategic priority, forcing lawyers into manual, duplicative work risks driving frustration higher.

A clear approach and risk framework prevents those outcomes. 

2. Designing simple, risk-aligned workflows

Once your approach and risk framework are clear, the next step is turning them into everyday workflows that staff will follow and clients will accept. This is also when you need to think about integration – where data lives, how checks are triggered and what flows back into Actionstep.

Start with the “happy path” (a low-risk individual) and map the process from first contact to approval, keep it short and give each step an owner. Then add branches for more complex cases – companies, offshore clients, PEPs etc.

Key considerations to bake in now:

• Data location: Where will ID documents and verification reports live – the AML platform, your Document Management System (DMS), or both? Aim for a single source of truth; define retention and on-shore storage.

“A common thing I’d run into [doing AML-PMS integrations] in New Zealand was data living in two places. That’s fine until you’re two years down the track revisiting a client; then you’re spending too much time flicking between systems, piecing together half the data here and half there. It’s a massive time waster and a big pain point for firms.”

• André Fisher, Actionstep

• AML trigger: Will checks start automatically when a matter opens, or by staff action? If manual, who owns it and where in Actionstep does that button sit?
• Structured fields: Many firms will want to add new data points in their PMS or CRM (e.g. PEP status, source of funds, risk rating). Capture them consistently, not in free-form notes.

“Our CRM couldn’t handle what we needed. We didn’t plan for searchable AML fields – like who was verified, when and when it’s due again.”

• Lisle Clements, Grant Thornton

• Ownership & permissions. Decide which roles request documents, review risk, approve escalations; restrict access to sensitive documents (least-privilege)
• Alerts & OCDD. Who gets reminders for refresh cycles and risk re-assessments – authors, intake, compliance – and via which channel?
• Client experience. Use branded, secure portals or web forms and plain-English requests; preview the comms before go-live to avoid back-and-forth.
• Audit trail & reporting. Ensure every step (trigger, checks, approvals) is captured and exportable for review.

“There’s no point in having an all-singing, all-dancing policy [and related workflow] if it’s not user-friendly… If it’s too complex… people just won’t do it.”

• Michelle Garlick, Weightmans

Why it matters:

• Clients expect smooth onboarding – 71% of firms say it’s the top driver of revenue.
• Staff workload – 74% already feel time-poor.
• Digital maturity is lagging – only 41% rate their client tech positively.

Get these workflows right and AML becomes business-as-usual. Get them wrong and you add friction for clients, frustration for staff and gaps in compliance.

3. Testing before committing

Paper workflows look good in theory, but the real test is whether they hold up under pressure – for compliance, clients and staff.

Firms overseas learned the hard way: slick demos don’t guarantee compliance. Tools that could verify IDs often fell short on layered entities, ongoing monitoring, or integration back into the PMS.

“Without integration, you’re stuck doing manual data entry or double entry. AMLCOs would comment all the time on how tiresome and frustrating it is.”

• André Fisher, Actionstep, on the feedback he received when speaking to AMLCOs before their PMS and AML solution was integrated

With less than a year to go, Australian firms can avoid that mistake by trialling real scenarios now:

• Low-risk individual (the happy path)
• Medium complexity – e.g. a local company with multiple directors
• High-risk – e.g. an overseas trust or PEP

Then measure what matters:

• Compliance: did the process capture everything AUSTRAC expects?
• Client experience: was it clear, easy to follow, branded and secure?
• Staff workload: did it cut duplication or add to it?
• Data flow: did results feed back into Actionstep cleanly?
• Scalability: could you run 50 of these in a month?

The aim isn’t perfection, it’s proof. Early testing shows whether your workflows and integrations will stand up to clients, staff and regulators alike. And it gives you time to fix what doesn’t.

4. Document, communicate, iterate

Finally, document your workflows and scope decisions. This isn’t just for compliance. It’s also for clarity: staff need to know the “rules of the game”, and clients need to be told upfront what to expect.

And be ready to adjust. Early feedback from staff and clients will highlight where friction remains. Iteration is not a sign of failure – it’s how firms overseas moved from clunky to smooth.

“When you bring in a system like First AML alongside your PMS, you’ve got to bake it into your current workflows. It shouldn’t feel like a whole new process – it should be familiar to staff and easy to configure so the change is seamless.”

• André Fisher, Actionstep

The bigger picture

Actionstep’s research proves that firms are prioritising client satisfaction, talent retention and digital improvement as their pathways to growth. AML workflows will directly affect all three.

• Client satisfaction: Smooth AML onboarding builds confidence, clunky processes destroy it.
• Talent retention: Streamlined workflows reduce frustration and make staff feel supported, not overloaded.
• Technical maturity: Integrating AML into core systems ensures data flows cleanly, reduces duplication and strengthens the firm’s overall client experience.

Tranche 2 compliance is mandatory. But how you implement it will determine whether it becomes a drag on your firm – or a catalyst for better client and staff experiences.In our first article we asked, “Are firms ready?” Now, by focusing on workflows, you can answer: you’re on your way.