top of page
Search

New AML/CTF obligations: It’s time to act

  • Hall Advisory
  • 7 hours ago
  • 7 min read

The clock is ticking! New Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) obligations were passed into law on 29 November 2024, with most of the changes effective from March and July 2026. It may seem a while away, but the amount of work required to comply means you need to start preparing now. Waiting until the last minute could put your business at serious risk of fines, penalties, and reputational damage.


Here's a summary of the changes, who’s affected, the timelines and what you need to do to stay on the right side of the law.


Changes to AML/CTF obligations


Why the update?


The Financial Action Task Force (FATF) identified several critical deficiencies in the Australia's Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) regime which includes:


FATF identified the following deficiencies:


  • Inadequate coverage of designated non-financial businesses and professions (DNFBPs) – Australia received a ‘not compliant’ rating

  • Weak customer due diligence (CDD) Measures

  • Insufficient Enforcement and Compliance Mechanisms


These discoveries triggered the need to enhance legislation and expand powers for AUSTRAC (Australian Transaction Reports and Analysis Centre) as the Financial Intelligence Unit (FIU).​ Of the four types of FIU models (judicial, law enforcement, administrative or hybrid), AUSTRAC is currently hybrid, combining features of the other three models.


The new AML/CTF reforms, regulated by AUSTRAC, ensure requirements to identify risks and prevent/ disrupt criminal activities keep up with a constantly changing criminal environment. They also lift our laws to meet international standards set by the global financial crime watchdog, Financial Action Task Force.


AUSTRAC has been granted improved information gathering powers to ensure it can effectively fulfil its dual role as the AML/CTF regulator FIU in Australia. These new powers include the ability to conduct examinations to obtain information and issue of notices to produce documentation.


What are the changes?


The new AML/CTF reforms bring substantial changes to Australia's financial crime framework. Let's break down the key shifts:


Expanding AUSTRAC's regulation to high-risk industries


  • AUSTRAC's oversight now extends to industries with heightened money laundering risks

  • Certain designated services are captured:

    • Real estate professionals

    • Dealers in precious stones, metals and products

    • Professional service providers (lawyers, accountants, conveyancers and trust and company service providers)

  • Virtual asset service providers see expanded regulation beyond the previous digital currency exchange rules


Financial services reforms


  • A new value transfer obligation requires tracking and documenting the flow of funds between entities

  • The definition of bearer negotiable instruments has expanded significantly – stored value cards and similar payment instruments now require proper monitoring


These changes address vulnerabilities that criminals previously exploited to shift illegal funds


AML/CTF program requirements


  • The traditional Part A and Part B structure has been completely eliminated. Organisations must now maintain a single, comprehensive AML/CTF program.

  • The consolidated approach increases accountability at the highest organisational levels as full board approval is mandatory for the entire program, not just sections


This creates significant implications for entities that previously operated under simplified or modified compliance arrangements.


Customer due diligence


  • Reforms enhance customer risk, know your customer (KYC) and ongoing customer due diligence requirements with more frequent and rigorous monitoring obligations

  • Substantial revisions to designated service exemptions particularly impact the superannuation sector as the reforms now require more rigorous identity verification for members

  • RSE licensees face a challenging compliance puzzle – meeting new KYC requirements while accepting mandatory super contributions


The conflict between AML/CTF verification standards and superannuation laws creates a regulatory tension as the industry awaits guidance on this unresolved compliance question.


Tipping off offence


  • The reforms strengthen provisions against disclosing information that might prejudice an investigation into money laundering or terrorism financing

  • Telling customers about monitoring or investigations can now trigger serious penalties

  • Both individuals and corporations face increased consequences for breaches – tipping off will be a criminal offence with up to two years imprisonment, 120 penalty units, or both


The broader scope aims to protect the integrity of financial intelligence gathering.

The Financial Transaction Reports Act 1988 has also been repealed as part of this suite of regulatory uplifts.


Who is impacted?


The reforms apply to these new high-risk industry entities for the first time (Tranche 2 entities):


✔ Real estate professionals – agents, buyers’ agents, property developers

✔ Dealers in precious metals, stones & related products

✔ Lawyers

✔ Conveyancers

✔ Accountants

✔ Trust and company service providers

✔ Additional services provided by virtual asset service providers


Less significant changes are pending for (Tranche 1 entities):


✔ Financial services organisations – AUSTRAC registered entities


Adjustments to the AML/CTF regime are being made to increase flexibility, reduce regulatory impacts and support businesses to better prevent and detect financial crime, along with changes to better meet international standards set by the FATF.


Not sure whether the reforms apply to you? Find out using this online tool by AUSTRAC.


What are the timelines?


There are a few dates to take note to keep track of the changes:


  • Changes to tipping off offence – from 31 March 2025

  • Updated obligations for current reporting entities – from 31 March 2026

  • Regulation of virtual asset service providers – from 31 March 2026

  • Regulation of new high-risk industries – from 1 July 2026


Consultation on the AML/CTF Rules supporting the revised AML/CTF Act closed on 14 February 2025. The new Rules are expected to be finalised by July 2025, the core guidance by September 2025 and the Tranche 2 guidance by January 2026.


What action is needed?


The key steps for compliance differ between current reporting entities and new high-risk industry entities. Here’s what the two groups need to do to comply on time:

New high-risk industry entities

Current reporting entities (financial services)

✅ Enrol & register with AUSTRAC

  • Enrol within 28 days of providing a regulated service

  • Virtual asset service providers must register by 31 March 2026

  • Other newly regulated businesses must enrol by 29 July 2026

✅ Develop & maintain an AML/CTF program

  • Identify and assess money laundering & terrorism financing risks

  • Implement AML/CTF policies & procedures

  • Appoint an AML/CTF compliance officer

  • Review and update your program every 3 years

✅ Conduct Customer Due Diligence (CDD)

  • Verify customer identity and assess risk

  • Monitor transactions & update risk profiles

  • Identify politically exposed persons (PEPs) & sanctioned entities

✅ Report suspicious transactions & large transfers

  • Suspicious Matter Reports (SMR) – transactions linked to crime

  • Threshold Transaction Reports (TTR) – cash transactions A$10,000+

  • International Value Transfers (IVTS) – cross-border transactions

  • Annual Compliance Reports – prove your compliance efforts

✅ Keep & maintain records for 7 Years

  • AML/CTF program documents

  • Customer due diligence & transaction records

  • Staff training logs and audit results

✅ Review AML/CTF program

  • Upgrade any current ‘tick a box’ approach with appropriate measures to effectively identify, assess and mitigate AML/CTF and (weapons of mass destruction) proliferation financial risks.

  • Ensure an overarching AML/CTF risk assessment is undertaken to identify all material AML/CTF and proliferation risks that the registered entity is exposed to.

  • Ensure that proportionate risk mitigation measures are in place to respond to the material risks faced.

  • Clarify roles and responsibilities of the Board and AML/CTF officer of the registered entity.

  • Simplified reporting structures to allow associated entities to more efficiently mitigate common material risks across the group.

  • Simplified obligations for Australian companies operating offshore through branches and subsidiaries.

✅ Review CDD processes

  • Clarification of when registered entities must undertake initial and ongoing CDD processes.

  • Clarification of when enhanced CDD must be undertaken.

  • Clarification of when simplified CDD may be undertaken.

✅ Adjust processes for assisting investigations

  • Refined provisions for keep open notices to allow a registered entity to refrain from undertaking CDD activities if reasonable belief established that the customer could be alerted to a criminal investigation underway.

  • Registered entities not required to continue to provide a designated service.

✅ Adjust processes for tipping off offences

  • Clarification of offence for disclosing information in circumstances that may or may not reasonably prejudice an investigation.

  • Increased flexibility for disclosure for legitimate purposes, including more effective identification and management of AML/CTF and proliferation financial risks across a reporting group.

✅ Adjust process for value transfer obligations (as relevant)

  • Revision of concepts and terminology from funds transfer and designated remittance arrangements to a consolidated value transfer chain and information reporting, irrespective of the transfer technology used.

  • Update of concepts and terminology to replace international funds transfer instruction (IFTI) reports with international value transfer service (IVTS) reports.

✅ Adjust process for bearer negotiable instruments (as relevant)

  • Revision of definition of ‘bearer negotiable instrument’ to a FATF aligned definition, excluding ‘non-bearer’ and ‘non-negotiable’ instruments for the purposes of cross-border movement reporting obligations.

  • Provisions commence from 1 July 2026.

✅ Consider changes for digital asset sector (as relevant)

  • Inclusion of additional designated services for the:

    • Exchange of different types of virtual assets.

    • Transfer of virtual assets.

    • Safekeeping and administration of virtual assets.

    • Facilitation of an issuer’s offer / sale of a virtual asset.

  • Revision of definition of ‘virtual asset’ to ensure the capture of additional asset types such as stablecoins and non-fungible tokens (NFTs).


Why act now?

With short timelines for organisations to move into compliance, there’s no time to wait for the final Rules and guidance materials.


⏳ Compliance is not an overnight process – policies, training, and risk assessments take time

⚠️ Avoid heavy fines & criminal penalties for non-compliance

💼 Delays could impact your ability to do business

🔍 Demonstrate due diligence early to regulators & clients

📈 Position yourself ahead of competitors who wait too long

What are the penalties for non-compliance?


After receiving a ‘not compliant’ rating from FATF, AUSTRAC will need to show robust supervision to prove itself and meet FATF’s expectations. That includes strict application of penalties and sanctions. Here are the types of penalties and enforcement actions:


Civil penalty orders: Courts can impose substantial financial penalties for AML/CTF breaches. Corporations face fines up to 100,000 penalty units (currently $33 million). Individuals risk fines up to 20,000 penalty units (currently $6.6 million).


Enforceable undertakings: AUSTRAC may require an entity to formally commit to specific actions to remedy non-compliance.


Infringement notices: Issued for breaches of specific provisions, these result in set financial penalties without court proceedings.


External audits and risk assessments: AUSTRAC may require businesses to appoint external auditors or conduct risk assessments of their AML/CTF compliance frameworks.


Criminal penalties: For certain offences, such as tipping off or intentionally failing to comply with AUSTRAC’s new examination and production powers, individuals can face up to two years in prison. Providing financial support to terrorists or sanctioned entities can also result in serious criminal charges.


How we can help


Our international and local experts bring unique expertise and experience, including:

 

✔ Former UNODC practitioners

✔ UK regulatory specialists

✔ AML/CFT supervisors of obligated entities

✔ Former Financial Intelligence Unit (FIU) Directors

✔ Experts in AML/CTF application & supervision globally


Our team draws on deep, practical expertise from global AML/CTF implementation and supervision, supporting you with:


  • Regulatory change advisory, including program updates for the new requirements and new program development for Tranche 2 entities ahead of 2026.

  • Ongoing resourcing support, to help meet regulatory role obligations and strengthen internal capacity.

  • Independent AML/CTF program reviews, meeting AUSTRAC’s three-year review requirement.


Don’t wait – get compliant today by contacting us now to secure your business’s compliance. Get in touch.




Recent Posts
bottom of page