Search

Quality and consistency through collaboration

All.Corporate & Commercial.Funds & Financial Services

If you have ever thought that your business doesn’t have to worry about the laws to do with anti-money laundering or terrorist financing (AML/CTF) then you probably are one of many Australian businesses that think the same way. Did you know that one of the most common AML offences in Australia are related to tax evasion or identity theft?

It comes as a great shock to many businesses that they are subject to the AML laws and after this week’s reforms there will be an estimated 73,000 more businesses required to consider AML/CTF compliance. Your business might be one of them!

This new round of reforms brings Australia into line with the rest of the world by extending the AML/CTF regime to designated services performed by the following:     

  • Accountants
  • Lawyers
  • Real estate agents and dealers
  • Conveyancers
  • Trust and company service providers, including custodial service providers
  • Insolvency and restructuring practitioners
  • Dealers in precious metals, jewels and stones.

Key points:

  • Law—The Anti-Money Laundering and Counter-Terrorism Financing Amendment Bill 2024 (Bill) amends the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Act), the Anti-Money Laundering and Counter- Terrorism Rules Instrument 2007 (No.1) (Rules) and associated regulations.
  • New designated services—The Bill captures businesses not previously subject to the AML/CTF regime, referred to as tranche two entities and as listed above.
  • Virtual assets—The Bill also extends its scope to a broader range of virtual assets, including non-fungible tokens (NFTs) and other fungible tokens.
  • Existing programs—If you already comply with the AML/CTF regime, you need to review and update your program, including your staff training.
  • New powers— AUSTRAC will have new powers to compel the production of information and conduct examinations, so being organised and up to date is increasingly important.
  • Timeframe—With the exception of the tipping off reforms, which start in March 2025, full compliance with the new regime is required from 1 July 2026.
  • AML/CTF programs and policies—Creating an AML/CTF compliance program or updating an existing one can require significant preparation and you need to start this process to ensure you have the right data, technology, training and compliance practices in place to avoid significant penalties. AML/CTF programs will require an outcomes-based approach and allow businesses to tailor their AML/CTF programs to their specific risk profiles.
  • Reporting entities—If you are a reporting entity, you will need to develop and maintain policies, procedures, systems and controls to identify and achieve two outcomes:
    • risk management and mitigation, and
    • internal compliance management.

What happens if I don’t comply?

Non-compliance with AML/CTF laws can result in severe penalties for some contraventions, including:

  • Fines—Up to 100,000 penalty units ($33,000,000) for corporations and 20,000 penalty units ($6,600,000) for individuals.
  • Imprisonment—Up to two years for certain offences, such as those relating to tipping off or recklessly or intentionally failing to comply when compelled by AUSTRAC’s new examination and production powers.

What does compliance look like?

Newly regulated entities

For those new to this regime, be aware that the lead time needed to comply may be much longer than you think. You need to:

  • Review—Review your clients, internal systems and processes.
  • Risk analysis—Gather the necessary data and conduct risk analyses for each team.
  • Program—Develop a new program appropriate for your risk levels, including record keeping, customer due diligence (CDD), monitoring and notification requirements.
  • Training—Train the board and staff about their responsibilities and how to identify suspicious activities.
  • Maintenance—Implement processes to ensure ongoing compliance, including regular reviews, risk assessments and audits.
  • Enrol—Be ready to enrol with AUSTRAC from 31 March 2026 (the last day for enrolment being 29 July 2026).

To ensure no systemic failures are overlooked, it’s crucial that these reviews are comprehensive and involve multiple teams, including legal, compliance, IT, and finance. Some years ago CBA agreed to a $700 million penalty for over 53,000 breaches resulting from systemic failures in its intelligent deposit machines. With each breach attracting a penalty, this could have been worse.

Although 2026 might seem distant, we know from experience that these processes take time. You will enjoy your holiday break more if you already have a plan of action in place.

Currently regulated entities

Businesses already under the AML/CTF regime need to ensure they remain compliant by:

  • Updates—Regularly reviewing and updating their AML/CTF policies and procedures.
  • Program—Ensuring their program satisfies the clarified requirements in
  • Audits and Training—Conducting regular audits and provide ongoing training to staff.
  • Enhanced Due Diligence—Applying enhanced due diligence for high-risk customers and transactions.
  • Newly designated services—Identify any newly designated services

Let us help you

We have been doing AML/CTF programs since the original laws were introduced. Some common failures we see include:

  • Off the shelf programs not tailored to the specific business’ needs and compliance obligations.
  • Not conducting program reviews, independent audits or training when required.
  • Not conducting AML/CTF risk awareness training every 3 months if required under their program.
  • Not making the program easily digestible and easy to follow.
  • Outsourcing KYC checks without understanding the liability consequences (e.g. the difference between appointing an agent to conduct KYC checks and relying on the KYC checks conducted by another reporting entity on your behalf).
  • Not keeping programs up to date with changing processes (e.g. not updating the program as new electronic verification processes are adopted).

What are some things I can get started with?

The first step is to get your house in order. We can help you:

  • Determine if the new regime applies to you.
  • Determine what data and due diligence you need to conduct to develop your program.
  • Develop or review your AML/CTF Program and implement changes specific to your needs.
  • Conduct independent audits of your AML/CTF program in accordance with requirements.
  • Train your staff in accordance with requirements and the specific needs of your business.
Return To Top