AMLHive - Your Virtual Compliance Officer.Compliance Assured. Clients Verified. Agency Protected.
AML/CTF Compliance

The Australian AML/CTF Act — A Plain-English Overview

The Anti-Money Laundering and Counter-Terrorism Financing Act 2006is Australia’s primary law for detecting and deterring financial crime. Substantially amended in 2024, it now extends to real estate, legal, accounting and other professional services from 1 July 2026. This guide explains what the Act is, who it covers, and what you must do to comply.

What is the AML/CTF Act?

The Anti-Money Laundering and Counter-Terrorism Financing Act 2006(Cth) — commonly called the “AML/CTF Act” — is a Commonwealth statute enacted to prevent the financial system from being misused for money laundering, terrorism financing, and other serious crimes.

The Act establishes a risk-based regulatory framework administered by AUSTRAC (Australian Transaction Reports and Analysis Centre), Australia’s financial intelligence unit and AML/CTF regulator. AUSTRAC has dual roles: it collects and analyses financial intelligence and it enforces compliance with the Act.

The Act operates alongside the AML/CTF Rules — subsidiary legislation made by the AUSTRAC CEO — which provide detailed requirements on customer due diligence, record-keeping, program content, and reporting. Where the Act sets the framework, the Rules fill in the operational detail.(Source: AUSTRAC, “About the AML/CTF Act”, retrieved 23 May 2026)

The 2024 reforms: what changed?

The Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 received Royal Assent on 10 December 2024 and made the most significant changes to the AML/CTF regime since it was first enacted. The key reforms are:

  • Extension to new industries (“Tranche 2”) — real estate agents, property developers, legal practitioners, accountants, trust and company service providers, and dealers in precious metals and stones must comply from 1 July 2026.
  • Simplified program structure — the AML/CTF program framework was restructured to be more risk-based and accessible to smaller entities, moving away from the previous prescriptive Part A/Part B format.
  • Modernised customer due diligence (CDD) — obligations were updated to align with FATF Recommendations, including clearer beneficial ownership requirements and a new “ongoing CDD” concept.
  • Business groups — new rules allow related entities to share AML/CTF program infrastructure and customer due diligence information within a designated business group.
  • Tipping-off expanded — the prohibition on tipping off a subject of a Suspicious Matter Report was broadened and clarified.

Most of the reforms affecting existing reporting entities commenced on 31 March 2026.(Source: AUSTRAC, “About the reforms”, retrieved 23 May 2026)

Who must comply?

The AML/CTF Act applies to any person or entity that provides a designated service listed in Schedule 1 of the Act. These providers are called reporting entities.

Designated services were originally confined to financial services and certain other sectors (“Tranche 1”). From 1 July 2026, the list expands materially to include:

  • Financial services — banks, credit unions, building societies, insurance, securities dealers, foreign exchange services, remittance providers, digital currency exchanges (since 2018).
  • Gambling services — casinos, wagering operators, gaming machine operators.
  • Bullion dealing — buying or selling bullion on behalf of another person.
  • Real estate services (from 1 Jul 2026) — agents and buyer’s agents brokering sales, and developers selling property they developed.
  • Legal practitioners (from 1 Jul 2026) — when managing client funds, forming entities, or acting on property transactions.
  • Accountants & bookkeepers (from 1 Jul 2026) — when providing listed services such as company formation or managing client funds.
  • Trust and company service providers (from 1 Jul 2026) — forming companies, providing nominee or registered office services.
  • Dealers in precious metals & stones (from 1 Jul 2026) — buying or selling above prescribed thresholds.

(Source: Anti-Money Laundering and Counter-Terrorism Financing Act 2006, Schedule 1; AUSTRAC, “Who we regulate”, retrieved 23 May 2026)

Your six core obligations

Every reporting entity — regardless of size or industry — must meet the following six obligations under the AML/CTF Act:

  1. Obligation 01
    Enrol with AUSTRAC

    You must enrol your business on the AUSTRAC Reporting Entities Register before — or within 28 days of — providing a designated service. Enrolment is free and completed through AUSTRAC Online. Failure to enrol is itself a civil penalty offence.

  2. Obligation 02
    Adopt an AML/CTF Program

    You must adopt, maintain, and comply with a written AML/CTF program before you begin providing designated services. The program must be based on your money-laundering and terrorism-financing (ML/TF) risk assessment, set out controls to manage that risk, assign a named Compliance Officer, and include staff training arrangements. Programs must be reviewed regularly and whenever your risk environment changes.

  3. Obligation 03
    Customer Due Diligence (CDD)

    Before providing a designated service, you must collect, verify and retain information about your customer — their name, date of birth, address, and the nature and purpose of the relationship. For companies, trusts and other structures you must also identify beneficial owners (those who ultimately own or control 25% or more). Enhanced due diligence applies for higher-risk customers such as politically exposed persons (PEPs) and their associates.

  4. Obligation 04
    Ongoing Monitoring

    You must monitor transactions and the customer relationship on an ongoing basis and update customer information when it is no longer current or reliable. This includes periodic rescreening against PEP and sanctions lists and reviewing unusual transaction patterns for red flags.

  5. Obligation 05
    Transaction Reporting — SMR, TTR & IFTI

    Three types of reports must be submitted to AUSTRAC through AUSTRAC Online: (i) a Suspicious Matter Report (SMR) when you form a reasonable suspicion about a customer or transaction — strict statutory timeframes apply and tipping off is prohibited; (ii) a Threshold Transaction Report (TTR) for physical cash transactions of A$10,000 or more; (iii) an International Funds Transfer Instruction (IFTI) for each international transfer you send or receive on behalf of a customer.

  6. Obligation 06
    Record-Keeping (7 Years)

    You must retain records of customer identification and verification, transactions, AML/CTF program documents, and risk assessments for at least 7 years after the relevant event. All records must be in English (or readily convertible to English) and be retrievable for AUSTRAC on request.

(Source: Anti-Money Laundering and Counter-Terrorism Financing Act 2006, Parts 2, 3, 5, 7; AUSTRAC, “Obligations and guidance”, retrieved 23 May 2026)

Key legislative dates

  1. 12 December 2006
    AML/CTF Act enacted
    The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 received Royal Assent, establishing Australia’s AML/CTF regime for Tranche 1 entities — primarily financial services, gambling and bullion dealers.
  2. 3 April 2018
    Digital currency exchanges added
    Cryptocurrency exchanges (digital currency exchange providers) became reporting entities, required to enrol and comply with the AML/CTF Act.
  3. 10 December 2024
    AML/CTF Amendment Act 2024 — Royal Assent
    The most significant reform since 2006: the Tranche 2 extension, simplified program framework, and modernised CDD obligations became law.
  4. 31 March 2026
    Reforms commence for existing entities
    Updated AML/CTF program, CDD, ongoing monitoring, and business group reforms commenced for entities already regulated under Tranche 1.
  5. 1 July 2026
    Tranche 2 obligations commence
    Real estate, legal, accounting, TCSP and precious-metals businesses must have an AML/CTF program in place and be enrolled with AUSTRAC before providing a designated service.
  6. 29 July 2026
    Final enrolment deadline
    AUSTRAC enrolment must be submitted no later than 28 days after first providing a designated service. Entities who first provide services on 1 July 2026 must enrol by this date.

(Source: AUSTRAC, “AML/CTF Reform — About the reforms”; Federal Register of Legislation, retrieved 23 May 2026)

What your AML/CTF Program must contain

An AML/CTF program is a living document — it must reflect your current business structure and risk environment. At a minimum it must include:

  • ML/TF risk assessment — a documented assessment of the money-laundering and terrorism-financing risks associated with the designated services you provide, the customers you serve, the channels you use, and the jurisdictions you operate in.
  • Controls to manage risk — policies, procedures, systems and controls that are reasonably designed to mitigate the risks you have identified. Controls must be proportionate to your risk level.
  • AML/CTF Compliance Officer — a named individual responsible for your program who has appropriate knowledge, skills and seniority to carry out that role.
  • Employee due diligence — procedures for screening staff and contractors who have access to customer information or who might be in a position to facilitate financial crime.
  • Customer due diligence procedures — your process for identifying, verifying and monitoring customers, including identifying beneficial owners and applying enhanced diligence where required.
  • Ongoing training — arrangements to ensure staff understand their AML/CTF obligations, can recognise red flags, and know how to escalate concerns.
  • Independent review — periodic independent review of the program to assess its effectiveness. The reviewer can be an internal audit function or an external party.

AUSTRAC publishes sector-specific program starter kits for real estate, legal, accounting and other Tranche 2 industries. While these starter kits are a useful starting point, they must be customised to reflect your actual business risk.(Source: AUSTRAC, “AML/CTF program requirements”, retrieved 23 May 2026)

What happens if you don’t comply?

AUSTRAC has a graduated enforcement approach. Actions range from education and remedial directions to infringement notices, enforceable undertakings, and Federal Court civil penalty proceedings.

Key penalty thresholds under the amended Act:

  • Up to 100,000 penalty units per contravention for a body corporate — at the 2025 rate of $330 per unit, that is up to A$33 million per contravention.
  • Up to 20,000 penalty units for an individual — up to A$6.6 million per contravention.
  • Criminal liability for the most serious offences, including wilful non-compliance, structuring transactions to avoid reporting thresholds, and knowingly facilitating money laundering.

Beyond direct penalties, non-compliance carries significant reputational risk: AUSTRAC publishes all enforcement actions publicly. In the financial sector, major cases have resulted in penalties exceeding A$1 billion (Westpac, 2020 — A$1.3 billion; CBA, 2018 — A$700 million).(Source: AUSTRAC, “Consequences of not complying”; Crimes Act 1914, s 4AA (penalty unit value), retrieved 23 May 2026)

AML/CTF compliance checklist

Use this checklist to assess your current readiness. Any unchecked item represents a compliance gap.

Build your AML/CTF Program with AMLHive

AMLHive helps Australian reporting entities meet every obligation in this guide — from enrolment and program management through to KYC verification, ongoing screening, and AUSTRAC reporting.

Start free until 30 June 2026Read the Tranche 2 guide

Frequently asked questions

What is the difference between the AML/CTF Act and the AML/CTF Rules?

The AML/CTF Act is the primary legislation passed by Parliament — it sets the framework, defines obligations, and establishes penalties. The AML/CTF Rules are subordinate legislation made by the AUSTRAC CEO under powers granted by the Act. The Rules contain the detailed operational requirements, such as the specific information you must collect for customer verification, the content of an AML/CTF program, and the form of reports. Both have the force of law.

What is a “reporting entity”?

A reporting entity is any person or company that provides a “designated service” listed in Schedule 1 of the AML/CTF Act. The designation is based on the service provided, not the type of business. A real estate agency that brokers sales is a reporting entity from 1 July 2026; the same agency providing property management only is not (as at the current reform schedule).

Do the obligations apply to my whole business or just some services?

AML/CTF obligations attach to each designated service you provide. Your AML/CTF program and CDD procedures must cover every designated service, but you are not required to apply AML/CTF obligations to non-designated business activities. In practice, most compliance programs cover the whole business to avoid inadvertent gaps.

What is a “beneficial owner” and do I need to identify them?

A beneficial owner is any individual who ultimately owns or controls 25% or more of a company, trust or other structure — or who otherwise controls the entity. Yes, you must identify and take reasonable steps to verify beneficial owners as part of your customer due diligence. If you cannot identify the beneficial owners, you should consider whether to proceed with the service and document your reasoning.

When must I lodge a Suspicious Matter Report (SMR)?

You must lodge an SMR if you form a suspicion on reasonable grounds that a transaction or customer activity is related to money laundering, terrorism financing, tax evasion, or another serious crime. Timeframes vary: for certain predicate offences, you must lodge within 24 hours; for others, within 3 business days. You must never tip off the customer that an SMR has been — or may be — filed.

What is a politically exposed person (PEP) and why does it matter?

A PEP is someone who holds, or has held, a prominent public position — for example, a head of state, government minister, senior judicial officer, military commander, or senior executive of a state-owned enterprise. Their close family members and associates are also treated as PEPs under the Rules. PEPs present a higher risk of corruption and bribery, so you must apply enhanced customer due diligence — including senior management approval — before providing them with a designated service.

How often must I review and update my AML/CTF program?

Your program must be reviewed whenever there is a material change to your business — for example, if you take on a new service type, enter a higher-risk market, or change your customer acquisition channel. In the absence of material changes, AUSTRAC expects an independent review at least every three years as a practical baseline, though some operators review annually.

Can a sole trader or small business have a simpler AML/CTF program?

Yes. The AML/CTF Act uses a risk-based approach, meaning your program must be proportionate to your actual risk profile. A sole-trader real estate agent with a small residential book in a low-risk market will have a materially different program to a national developer. AUSTRAC’s sector starter kits are specifically designed to help smaller businesses develop a compliant, proportionate program without needing specialist consultants.

Sources & further reading

Disclaimer: This guide is general information only and is not legal, financial or compliance advice. AMLHive is not affiliated with AUSTRAC or the Australian Government. You should obtain independent professional advice for your specific circumstances. Always check the current AUSTRAC guidance and the AML/CTF Act and Rules before relying on the information above.