The rulebook
AML policy framework
The framework training is grounded in, so staff learn to apply what the firm actually does.
AML policy frameworkAML
training
The best policies fail if the people applying them cannot recognise a red flag or do not know what to do with it. AML training is a control the law requires and the SRO audit checks. A single generic deck reaches no one. Role-appropriate training gives client-facing staff, back office, and the board what each actually needs to recognise and do, grounded in the firm’s own framework and documented to the standard the audit expects. Trained on what the firm does, not on theory.
At a glance
Each role trained on what it must do.
Grounded in your framework, documented for audit.
- Status
- Mandatory, audit-checked
- Scope
- Staff, management, board
- Style
- Role-appropriate, not generic
- Grounded in
- The firm’s own framework
- Proof
- Documented who, what, when
The essentials
What AML training is
AML training is the obligation, under the framework around the Anti-Money Laundering Act, to ensure staff involved in the business understand their anti-money-laundering duties, and the SRO audit checks it happened, was appropriate, and is documented. The point is practical: people who can recognise a red flag and know how to escalate it. Role-appropriate, grounded in the firm’s own framework and documented, it makes the rest of the controls work; generic and undocumented, it is a finding.
Who this is for
- financial intermediaries meeting the training obligation;
- firms relying on a generic deck that teaches no one;
- firms onboarding new staff who need training;
- firms whose training records have gone stale.
Where it fits
Training is a control in the policy framework, tested at the SRO audit and pitched to the firm’s risk assessment.
By role
Training by role
Each group is trained on what its work actually requires: the recognise-and-do skill for its part of the framework, not a single deck pitched to no one.
| Role | What the training covers |
|---|---|
| Client-facing staff | Recognise red flags, escalate, never tip off |
| Back office | Monitoring and record-keeping they touch |
| Management & board | Oversight role, the firm’s risk, accountability |
| AML officer | The deepest, operational knowledge |
The risk assessment shows where the firm’s exposure sits, and therefore who most needs training and on what. We map the training to the firm’s roles and risk, so each group gets the right depth: the front line learns to spot and escalate, the board learns to oversee, and no one who matters is missed.
How we work
How we deliver it
Grounded in the firm’s own framework, pitched by role, kept current, and documented for audit.
- Step 1
Map roles to needs
Using the firm’s risk and roles to decide who needs training and at what depth.
- Step 2
Ground in the framework
Building the training around the firm’s real red flags, onboarding and escalation path, not generic theory.
- Step 3
Deliver by role
Training client-facing staff, back office and the board each at the right altitude for their part.
- Step 4
Document it
Recording who was trained, on what and when, to the standard the SRO audit expects.
- Ongoing
Refresh & onboard
Training new joiners and refreshing the team when the rules, products or risk change.
Budget
What it costs
Cost depends on the size of the team, the number of roles to address and whether the firm wants a one-off programme or an ongoing schedule with refreshers and new-joiner training. Training grounded in the firm’s own framework carries a little more setup than a generic deck and far more value.
We scope and quote against the firm’s team and risk. Pricing is on request.
Discuss your training
What it takes
What effective training requires
Training that actually changes behaviour and survives audit rests on:
- content pitched to each role’s real responsibilities;
- grounding in the firm’s own framework and risk;
- coverage of everyone whose work touches AML;
- a regular cadence plus new-joiner training;
- documentation of who was trained, on what, when.
Staff who recite the theory but miss the red flag are untrained
The failure mode of AML training is the team that has “done the course” (sat through a generic module, ticked the box) and still does not recognise an unusual transaction or know whom to tell. Training measured by attendance rather than capability gives the firm a record and no protection. The test is whether people can spot a red flag in the firm’s actual work and escalate it correctly, which is why the training has to be grounded in the firm’s own framework, not in theory. We train for that practical capability, and document it, so the firm has both.
Why Goldblum
Training, in detail
Training that gives each role the practical recognise-and-do skill, grounded in the firm’s framework and documented for audit, is what makes the controls work. That is the work this firm does.
By role
What each person must do
Client-facing staff, back office and the board each trained at the right depth for their part, not a single deck that reaches no one.
Grounded
On your framework, not theory
Training built around the firm’s real red flags, onboarding and escalation path, so people learn to apply it, not to recite it.
Provable
Documented for the audit
A record of who was trained, on what and when, to the standard the SRO expects — capability and proof, kept current.
Related
Around training
The test
SRO audit preparation
The audit that checks training happened, was appropriate, and is documented.
SRO audit preparationRun it for me
External AML officer
The officer who keeps training connected to the live framework, under one mandate.
External AML officer
FAQ
AML training: FAQ
01Is AML training mandatory?
Yes. A financial intermediary must ensure that staff involved in the business are trained on their anti-money-laundering obligations, and the SRO audit checks that the training happened, was appropriate, and is documented. Training is one of the controls the framework requires, alongside the risk assessment, policies, onboarding, monitoring and screening. Untrained staff are a weak point: the best policies fail if the people applying them do not recognise a red flag or know what to do with it. The obligation is to train the right people on the right things and to be able to prove it.
02What does 'role-appropriate' mean?
It means each person is trained on what their role actually requires, not put through a single generic deck. Client-facing staff need to recognise red flags at onboarding and during a relationship and know how to escalate; back-office staff need to understand the parts of monitoring and record-keeping they touch; management and the governing body need to understand their oversight responsibility and the firm's risk. A one-size course either overwhelms some and underserves others or pitches to the middle and reaches no one. Role-appropriate training gives each group what it needs to do its part, which is also what an auditor expects to see.
03Who needs to be trained?
Everyone whose work touches the AML obligations, which in most financial intermediaries is more people than first assumed. Client-facing staff clearly, but also those handling transactions, records and onboarding documentation, and management and the governing body in their oversight role. The AML officer needs the deepest knowledge. The risk assessment helps identify where the firm's exposure sits and therefore who most needs training and on what. We map the training to the firm's roles and risk, so the right people get the right depth and no one who matters is missed.
04How often must training be refreshed?
Periodically, and when something changes: new staff need training when they join, and everyone needs a refresh when the rules, the firm's products or its risk profile shift. Training delivered once and never repeated goes stale as people forget and as obligations evolve, and an auditor will note training records that stop years ago. A regular cadence, plus onboarding for new joiners and updates when the framework changes, is the baseline. We set a schedule appropriate to the firm and keep the training current rather than a one-off event.
05Does training have to be documented?
Yes. Undocumented training is, to an auditor, training that did not happen. The firm needs to show who was trained, on what, when, and that the content was appropriate to their role. A record of attendance, the materials used and the dates is what demonstrates the control is real. This is the same principle as everywhere in AML: the SRO tests not just whether the firm has an obligation but whether it can prove it met it. We deliver the training and produce the documentation, so the firm has both the capability and the proof the audit asks for.
06What should client-facing staff learn?
To recognise the red flags that arise at onboarding and through a relationship, and to know exactly what to do when they see one: escalate to the AML officer, not decide alone. Concretely: the indicators of an unusual or higher-risk client or transaction, the firm's escalation path, the importance of complete onboarding due diligence, and why they must never tip off a client about a concern or report. Client-facing staff are the firm's first line of defence; training them to spot and escalate, rather than to apply rules mechanically, is what makes the front line work. We pitch their training to that practical recognise-and-escalate skill.
07What about training the management and the board?
Management and the governing body need training pitched to their oversight role, not the operational detail. They are accountable for the firm's AML compliance (they own the risk assessment and approve the framework), so they need to understand the firm's money-laundering risk, their responsibilities, and what good oversight looks like, without needing to run the controls themselves. Board-level AML awareness is something auditors increasingly look for, because a framework the board does not understand is a framework it cannot genuinely own. We provide training at the right altitude for management and the governing body.
08Can training be off-the-shelf?
A generic course can cover the basics, but it cannot teach staff the firm's own risk, products, clients and escalation path, which is what makes training useful rather than a box-tick. The most effective training is grounded in the firm's actual business: the red flags that arise in its work, its onboarding process, its escalation route. An off-the-shelf module that never mentions how the firm actually operates leaves staff knowing the theory but not the practice. We build training around the firm's real framework, so people learn to apply it, not just to recite it.
09Can training be delivered online, or must it be in person?
Either works, and the right format depends on the audience and the content. Foundational awareness for a dispersed team can be delivered effectively online, with materials and a record of completion; deeper sessions for client-facing staff or the governing body often benefit from a live, interactive format where people can raise the firm's real situations and ask questions. What matters to the audit is not the delivery channel but that the training was appropriate to the role and is documented. We deliver in whichever format suits the firm (online, in person or a mix) and produce the records either way, so the choice is about effectiveness, not compliance.
10Can Goldblum deliver the training?
Yes. We deliver role-appropriate AML training for staff, management and the governing body, grounded in the firm's own risk, products and framework, pitched to what each role must recognise and do, and documented to the standard the SRO audit expects. We can train new joiners, refresh the existing team on a schedule, and update everyone when the rules or the business change. Where we also operate the firm's AML function under an external officer mandate, the training stays connected to the live framework, so people are trained on what the firm actually does.
Is your team trained on your framework, or a generic deck?
Tell us your roles and risk. A partner delivers role-appropriate AML training grounded in your own framework — documented to the standard the audit expects.