AUSTRAC has been working hard on a variety of fronts over the past year, making excellent use of its highest budget and staffing levels to date.
Important areas of attention have been:
- completing and preparing the industry for the suite of regulatory reforms being introduced through the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (Amended AML/CTF Act) and Anti-Money Laundering and Counter-Terrorism Financing Rules 2025 (New Rules);
- publishing a set of guidance notes regarding compliance with important reform areas;
- pursuing a variety of enforcement actions, including those in line with its most recent Fintech and cash-intensive sector regulatory priorities; and
- looking for additional authority to outlaw high-risk services.
#Regulatory reform
As a result of the Amended AML/CTF Act and Rules, the Australian AML/CTF environment is undergoing modifications that are expected to be among the most important regulatory advancements to be implemented in the upcoming year for both new and current reporting organizations.
The changes for new (or "Tranche 2") reporting entities will go into effect on July 1, 2026, while the changes for existing reporting entities will mostly take effect on March 31, 2026.
The preparation for the reforms should already be well under way for both new and current reporting organizations.
Some of the crucial changes that should already be at the forefront of consideration for current reporting organizations are as follows:
#Modifications to program requirements and risk assessment
It is anticipated that the reforms in this area will necessitate a significant rewrite of current risk assessment and policy materials in order to satisfy a wider variety of particular expectations in the updated regime, as outlined below, as well as to accommodate changes in terminology and layout.
#Modifications to reporting groups' organizational structure and effects
The idea of a reporting group's "lead entity" is introduced by the changes. A member of the group that offers designated services cannot, among other things, control the lead entity. Additional compliance requirements and possible regulatory penalties for non-compliance within the group are associated with being a lead entity. Therefore, if a reporting group is formed, reporting entities should carefully evaluate which entity should be the lead entity and how that entity will handle its enhanced regulatory obligations.
#Structural modifications to the responsibilities and exposures of governance
A "senior manager" must now be appointed by reporting entities to make important choices about the AML/CTF program and specific business partnerships. Senior managers are required to approve continuing ties related to specific PEPs, nested services, and dependence arrangements. It is not possible to assign these approvals. Therefore, in order to prevent commercial matters from being delayed by permission requirements, reporting firms should think about having several senior managers in charge of various AML/CTF responsibilities.
#Compliance with sanctions
In addition to making ensuring that their AML/CTF policies include sanctions-related policies and procedures, reporting organizations must incorporate proliferation funding considerations into their risk identification, mitigation, and management processes. In order to comply with the Amended AML/CTF Act, reporting companies must carefully prepare sanctions controls. Merely lifting and shifting an existing framework for financial sanctions compliance into the AML/CTF regulations created for the Amended AML/CTF Act is unlikely to be suitable.
#A new framework for customer due diligence (CDD)
A new framework for doing initial customer due diligence (ICDD) is one of the revisions that significantly alter the current CDD methodology. For instance, the New Rules eliminate safe harbor processes for fulfilling minimal criteria and specify minimum Know Your Customer information that must be gathered as part of ICDD prior to the provision of a specified service. The New Rules also outline the situations in which it may be necessary to postpone verifying some ICDD data until after a specific service has been rendered.
#Improvement of value transfers
Among the more important aspects of the reforms are modifications to designated services related to value transfers and flow on requirements. Many reporting entities' systems are anticipated to be significantly impacted by these. Important modifications include new guidelines for identifying "ordering institutions" and "beneficiary institutions," modifications to the information that must be gathered, validated, tracked, and transmitted (such as the clarification that "payee information" refers to the payee's "full name"), and a number of exemptions from the requirements of the travel rule. When value transfers take place inside a single jurisdiction, firms operating outside of Australia may be eligible for certain exemption. However, the facts and whether the controls in place guarantee that the modification's requirements can be met will determine whether this relief is available.
Early in 2026, AUSTRAC declared that it was collaborating with the Department of Home Affairs to finalize transitional regulations intended to provide reporting organizations more time to adhere to certain new requirements.
Most significantly, the following are anticipated to be included in the proposed transitional rules:
- a three-year transition period during which current reporting businesses must adhere to the new ICDD regulations;
- extended deadlines for notifying AUSTRAC of AML/CTF compliance officers;
- staggered deadlines for initial independent evaluations for Tranche 2 reporting entities;
- clarification of registration arrangements for remittance providers and virtual asset service providers; and
- a postponement of new international value transfer service reporting requirements until 2029, with current IFTI obligations continuing in the interim.
Final revisions to regulatory guidelines and scheduling requirements should be monitored as industry gets ready for implementation.
#Strengthened enforcement and increased authority
AUSTRAC announced its regulatory goals for the 2025–2026 fiscal year in July 2025. These priorities included enhancing risk management by organizations whose exposure to cash generates specific vulnerabilities, virtual asset service providers, and the digital currency exchange industry.
This has thus resulted in a number of recent enforcement proceedings, such as:
- Civil penalty proceedings against pokies operator, Mount Pritchard District, and Community Club began in July;
- separate civil penalty proceedings against Castra Licensee Pty Ltd and Princeton Securities (NSW) Pty Ltd began in December for allegedly failing to submit their compliance reports for the 2023 calendar year;
- infringement notices were issued in September against Revolut Payments Australia Pty Ltd for failing to submit international funds transfer instruction reports on time and in October against Cryptolink for late reporting of threshold transactions;
- Binance Australia, Western Union, and Airwallex to appointing external auditors;
- an enforcement investigation into Bendigo and Adelaide Bank's compliance with its AML/CTF obligations.
- closely examining different cryptocurrency ATM providers.
The Australian government declared in October that it will try to implement a new authority that would allow the AUSTRAC CEO to limit or outright forbid specific high-risk goods, services, and delivery methods. It is suggested that this authority be used to lower the danger of money laundering related to items that are thought to be high-risk, like cryptocurrency ATMs.
The government published a consultation paper in December to get input on the suggested new framework. Although the exposure draft is still pending, the new framework will be presented as an amendment to the AML/CTF Act.
The proposal would allow the AUSTRAC CEO to use the new authority based on a non-exhaustive list of criteria, such as whether it is in the public interest to prevent or disrupt serious financial crime and whether there are workable alternatives that would allow the relevant designated services to continue.
Before using their authority, the AUSTRAC CEO would be required by the proposed framework to communicate with those who are likely to be impacted by a decision. The consultation document does point out that there can be situations where engagement is impractical, such as when a decision needs to be taken quickly. A decision taken by the AUSTRAC CEO would not be void in those situations (which are not further defined or explained in the consultation paper).
If implemented, these capabilities might significantly affect business models in high-risk industries and constitute a major regulatory interference into otherwise legal operations.
#Anticipating 2026
Reporting organizations can anticipate an assertive and strategic regulatory environment as AUSTRAC entered 2026 with a new regime, enhanced capabilities, and a clear focus on high-risk sectors. A major change has occurred with the adoption of the Amended AML/CTF Act and New Rules, which require organizations to improve governance, update compliance frameworks, and incorporate sanctions and proliferation financing considerations into their risk programs. Although AUSTRAC's enforcement efforts in 2025 indicate a willingness to take decisive action, we expect its approach in 2026 to be more focused, focusing on vulnerabilities in digital assets, cash-intensive enterprises, and intricate transfer-of-value agreements. For reporting organizations to successfully navigate this changing environment, careful planning and strong internal involvement are essential.