New AML/CTF obligations: It’s time to act
- Hall Advisory
- 7 hours ago
- 7 min read
The clock is ticking! New Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) obligations were passed into law on 29 November 2024, with most of the changes effective from March and July 2026. It may seem a while away, but the amount of work required to comply means you need to start preparing now. Waiting until the last minute could put your business at serious risk of fines, penalties, and reputational damage.
Here's a summary of the changes, who’s affected, the timelines and what you need to do to stay on the right side of the law.

Why the update?
The Financial Action Task Force (FATF) identified several critical deficiencies in the Australia's Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) regime which includes:
the AML/CTF Act,
the AML/CTF Rules (the Rules), and
FATF identified the following deficiencies:
Inadequate coverage of designated non-financial businesses and professions (DNFBPs) – Australia received a ‘not compliant’ rating
Weak customer due diligence (CDD) Measures
Insufficient Enforcement and Compliance Mechanisms
These discoveries triggered the need to enhance legislation and expand powers for AUSTRAC (Australian Transaction Reports and Analysis Centre) as the Financial Intelligence Unit (FIU). Of the four types of FIU models (judicial, law enforcement, administrative or hybrid), AUSTRAC is currently hybrid, combining features of the other three models.
The new AML/CTF reforms, regulated by AUSTRAC, ensure requirements to identify risks and prevent/ disrupt criminal activities keep up with a constantly changing criminal environment. They also lift our laws to meet international standards set by the global financial crime watchdog, Financial Action Task Force.
AUSTRAC has been granted improved information gathering powers to ensure it can effectively fulfil its dual role as the AML/CTF regulator FIU in Australia. These new powers include the ability to conduct examinations to obtain information and issue of notices to produce documentation.
What are the changes?
The new AML/CTF reforms bring substantial changes to Australia's financial crime framework. Let's break down the key shifts:
Expanding AUSTRAC's regulation to high-risk industries
AUSTRAC's oversight now extends to industries with heightened money laundering risks
Certain designated services are captured:
Real estate professionals
Dealers in precious stones, metals and products
Professional service providers (lawyers, accountants, conveyancers and trust and company service providers)
Virtual asset service providers see expanded regulation beyond the previous digital currency exchange rules
Financial services reforms
A new value transfer obligation requires tracking and documenting the flow of funds between entities
The definition of bearer negotiable instruments has expanded significantly – stored value cards and similar payment instruments now require proper monitoring
These changes address vulnerabilities that criminals previously exploited to shift illegal funds
AML/CTF program requirements
The traditional Part A and Part B structure has been completely eliminated. Organisations must now maintain a single, comprehensive AML/CTF program.
The consolidated approach increases accountability at the highest organisational levels as full board approval is mandatory for the entire program, not just sections
This creates significant implications for entities that previously operated under simplified or modified compliance arrangements.
Customer due diligence
Reforms enhance customer risk, know your customer (KYC) and ongoing customer due diligence requirements with more frequent and rigorous monitoring obligations
Substantial revisions to designated service exemptions particularly impact the superannuation sector as the reforms now require more rigorous identity verification for members
RSE licensees face a challenging compliance puzzle – meeting new KYC requirements while accepting mandatory super contributions
The conflict between AML/CTF verification standards and superannuation laws creates a regulatory tension as the industry awaits guidance on this unresolved compliance question.
Tipping off offence
The reforms strengthen provisions against disclosing information that might prejudice an investigation into money laundering or terrorism financing
Telling customers about monitoring or investigations can now trigger serious penalties
Both individuals and corporations face increased consequences for breaches – tipping off will be a criminal offence with up to two years imprisonment, 120 penalty units, or both
The broader scope aims to protect the integrity of financial intelligence gathering.
The Financial Transaction Reports Act 1988 has also been repealed as part of this suite of regulatory uplifts.
Who is impacted?
The reforms apply to these new high-risk industry entities for the first time (Tranche 2 entities):
✔ Real estate professionals – agents, buyers’ agents, property developers
✔ Dealers in precious metals, stones & related products
✔ Lawyers
✔ Conveyancers
✔ Accountants
✔ Trust and company service providers
✔ Additional services provided by virtual asset service providers
Less significant changes are pending for (Tranche 1 entities):
✔ Financial services organisations – AUSTRAC registered entities
Adjustments to the AML/CTF regime are being made to increase flexibility, reduce regulatory impacts and support businesses to better prevent and detect financial crime, along with changes to better meet international standards set by the FATF.
Not sure whether the reforms apply to you? Find out using this online tool by AUSTRAC.
What are the timelines?
There are a few dates to take note to keep track of the changes:
Changes to tipping off offence – from 31 March 2025
Updated obligations for current reporting entities – from 31 March 2026
Regulation of virtual asset service providers – from 31 March 2026
Regulation of new high-risk industries – from 1 July 2026
Consultation on the AML/CTF Rules supporting the revised AML/CTF Act closed on 14 February 2025. The new Rules are expected to be finalised by July 2025, the core guidance by September 2025 and the Tranche 2 guidance by January 2026.
What action is needed?
The key steps for compliance differ between current reporting entities and new high-risk industry entities. Here’s what the two groups need to do to comply on time:
New high-risk industry entities | Current reporting entities (financial services) |
✅ Enrol & register with AUSTRAC
✅ Develop & maintain an AML/CTF program
✅ Conduct Customer Due Diligence (CDD)
✅ Report suspicious transactions & large transfers
✅ Keep & maintain records for 7 Years
| ✅ Review AML/CTF program
✅ Review CDD processes
✅ Adjust processes for assisting investigations
✅ Adjust processes for tipping off offences
✅ Adjust process for value transfer obligations (as relevant)
✅ Adjust process for bearer negotiable instruments (as relevant)
✅ Consider changes for digital asset sector (as relevant)
|
Why act now?
With short timelines for organisations to move into compliance, there’s no time to wait for the final Rules and guidance materials.
⏳ Compliance is not an overnight process – policies, training, and risk assessments take time
⚠️ Avoid heavy fines & criminal penalties for non-compliance
💼 Delays could impact your ability to do business
🔍 Demonstrate due diligence early to regulators & clients
📈 Position yourself ahead of competitors who wait too long
What are the penalties for non-compliance?
After receiving a ‘not compliant’ rating from FATF, AUSTRAC will need to show robust supervision to prove itself and meet FATF’s expectations. That includes strict application of penalties and sanctions. Here are the types of penalties and enforcement actions:
Civil penalty orders: Courts can impose substantial financial penalties for AML/CTF breaches. Corporations face fines up to 100,000 penalty units (currently $33 million). Individuals risk fines up to 20,000 penalty units (currently $6.6 million).
Enforceable undertakings: AUSTRAC may require an entity to formally commit to specific actions to remedy non-compliance.
Infringement notices: Issued for breaches of specific provisions, these result in set financial penalties without court proceedings.
External audits and risk assessments: AUSTRAC may require businesses to appoint external auditors or conduct risk assessments of their AML/CTF compliance frameworks.
Criminal penalties: For certain offences, such as tipping off or intentionally failing to comply with AUSTRAC’s new examination and production powers, individuals can face up to two years in prison. Providing financial support to terrorists or sanctioned entities can also result in serious criminal charges.
How we can help
Our international and local experts bring unique expertise and experience, including:
✔ Former UNODC practitioners
✔ UK regulatory specialists
✔ AML/CFT supervisors of obligated entities
✔ Former Financial Intelligence Unit (FIU) Directors
✔ Experts in AML/CTF application & supervision globally
Our team draws on deep, practical expertise from global AML/CTF implementation and supervision, supporting you with:
Regulatory change advisory, including program updates for the new requirements and new program development for Tranche 2 entities ahead of 2026.
Ongoing resourcing support, to help meet regulatory role obligations and strengthen internal capacity.
Independent AML/CTF program reviews, meeting AUSTRAC’s three-year review requirement.
Don’t wait – get compliant today by contacting us now to secure your business’s compliance. Get in touch.