Summary of AML/CTF obligations for new regulated entities

From 1 July 2026, anti-money laundering and counter-terrorism financing (AML/CTF) obligations will apply to certain services typically provided by the following professions and businesses (Tranche 2 businesses): 

  • real estate professionals – such as real estate agents, buyers’ agents and property developers
  • dealers in precious stones, metals and products 
  • lawyers 
  • conveyancers 
  • accountants 
  • trust and company service providers. 

Additional virtual asset-related services will also come under AML/CTF regulation from 31 March 2026.

To check if you provide services that will be regulated under these changes and have AML/CTF obligations: 

If you are newly regulated under these changes, this page provides a summary of your key obligations.

AUSTRAC will develop guidance and educational materials to support new regulated entities to implement effective AML/CTF measures. 

AUSTRAC will provide further guidance in 2025, including guidance on: 

  • the scope of the new regulated services 
  • core obligations and how they can be practically implemented. 

AUSTRAC is also developing AML/CTF starter programs kits for small businesses in Tranche 2 sectors. The kits aim to increase the effectiveness of AML/CTF programs and will provide an AML/CTF program for a typical low complexity small business. They will reflect sector-wide money laundering, terrorism financing and proliferation financing risk and industry practice. 

Guidance will be developed in close consultation with industry peak bodies and will be released for public consultation in mid-2025. 

On this page

Key obligations summary

The key obligations for businesses regulated by AUSTRAC are:

  • Enrol and register with AUSTRAC
  • Develop and maintain an AML/CTF program tailored to your business
  • Conduct initial and ongoing customer due diligence
  • Report certain transactions and suspicious activities
  • Make and keep records

In meeting AML/CTF obligations, the relevant laws also provide clear protections for information or documents that may be subject to legal professional privilege.

Understanding and meeting your AML/CTF obligations is essential to protect your business from misuse by criminals and ensure you comply with Australia’s AML/CTF laws.

1: Enrol and register with AUSTRAC

If you provide one of the new services regulated by AUSTRAC, you must enrol with AUSTRAC. Virtual asset service providers, including those providing the newly regulated virtual asset services, must also apply to register with AUSTRAC. 

You can subscribe for updates on AML/CTF reform to receive more information about when you can enrol and register. 

Enrol

Enrolment involves providing basic information about your business, such as its structure, services, key personnel, and contact details. You must also update your details when they change.

You must enrol with AUSTRAC within 28 days of providing a regulated service (known as a designated service) to avoid penalties. If you are a business that provides any of the newly regulated virtual asset services, these new laws will commence on 31 March 2026. This means you will have until 28 April 2026 to enrol.

If you are providing other newly regulated designated services, the new laws commence on 1 July 2026, and you must enrol by 29 July 2026. 

Register 

Obligations related to the new virtual asset services regulated by AUSTRAC commence from 31 March 2026. If you provide one of these designated services, you must, in addition to enrolling, apply to register with AUSTRAC before 31 March 2026. 

From 31 March 2026, you must not provide virtual asset-related designated services before AUSTRAC has confirmed your registration. Criminal penalties apply for non-compliance. 

2: Develop and maintain an AML/CTF program tailored to your business

An AML/CTF program protects your business from criminal exploitation through money laundering, terrorism financing, and proliferation financing. It helps you fulfil your AML/CTF obligations and contributes to a safer Australian financial system. 

Your AML/CTF program must contain:

  • ML/TF/PF risk assessment: Identifies and assesses the risks of money laundering terrorism financing and proliferation financing your business may reasonably face in providing its designated services.
  • AML/CTF policies: Your business must develop and maintain policies, procedures, systems and controls that appropriately manage and mitigate your business’ risks. These policies must also ensure that you comply with your AML/CTF obligations and be appropriate to the nature, size and complexity of your business.

Your AML/CTF program must be documented and approved by a senior manager of your business. It must be kept up-to-date to reflect significant changes to your business and relevant ML/TF/PF risk products released by AUSTRAC, and independently evaluated at least once every 3 years. 

Your AML/CTF program must be subject to appropriate governance arrangements. This includes oversight by a governing board or senior management, and the appointment of a fit and proper person as an AML/CTF compliance officer to oversee day-to-day implementation. If you are a sole trader, you can take on these responsibilities yourself. 

If you wish to share the costs of compliance with other businesses and fit within the framework established by the AML/CTF Act and Rules, you may be able do so within a reporting group. Entities in a reporting group share some or all risk management and compliance arrangements including those set out in a group AML/CTF program established by a lead entity of the group. The reporting group concept is currently being finalised through changes to the AML/CTF Rules

3: Conduct customer due diligence

Customer due diligence (CDD) helps you understand who your customers are and the ML/TF/PF risks they may bring to your business. The AML/CTF Act establishes the following CDD obligations: initial CDD, ongoing CDD, enhanced CDD and simplified CDD. 

We discuss initial CDD and ongoing CDD in more detail below. 

The information you collect and verify to complete CDD will depend on the ML/TF/PF risk profile of the customer, with enhanced CDD being applied in higher risk scenarios and simplified CDD being available in low risk scenarios. 

Initial customer due diligence

Initial CDD involves establishing certain information about a customer on reasonable grounds before providing them with a designated service. This ensures that you identify and mitigate relevant ML/TF/PF risks from the beginning of your relationship with the customer. 

Based on collected and verified information, you must establish if the customer, any beneficial owner, or agent is: 

  • who they claim to be
  • subject to targeted financial sanctions – domestic or international restrictions that prevent dealing with their assets or making assets available to them. The Department of Foreign Affairs and Trade publishes a consolidated list of individuals and entities subject to targeted financial sanctions
  • a politically exposed person (PEP) – a person who holds a prominent public position in a government body or international organisation
  • a relative or close associate of a PEP.

Ongoing customer due diligence

Ongoing CDD involves monitoring and managing ML/TF/PF risks throughout the customer relationship. This includes: 

  • monitoring transactions and behaviours for suspicious activity 
  • updating the customer ML/TF/PF risk profile in response to various triggers
  • reviewing, updating and re-verifying information as needed. 

Ongoing customer due diligence helps protect your business  from potential ML/TF/PF activities.

Pre-commencement customers

You will not be required to perform initial or ongoing CDD on a pre-commencement customer until: 

  • you are required to file a suspicious matter report in relation to the customer 
  • there is a significant change in the nature and purpose of the business relationship with a customer which results in the ML/TF/PF risk of the customer being assessed as medium or high. 

This is intended to reduce the regulatory burden of regulating your existing customers, while ensuring that they are subject to appropriate customer due diligence measures when their risk profile changes. 

4: Report certain transactions and suspicious activity

Reporting certain transactions and suspicious activities maintains the integrity of the financial system and aids law enforcement in combating crime. 

The types of reports you may need to submit to AUSTRAC are: 

  • Suspicious matter reports (SMR): When you suspect on reasonable grounds that a person is not who they claim to be or that a matter is linked to criminal activity or proceeds of crime.
  • Threshold transaction reports (TTR): For individual physical currency transactions valued at A$10,000 or higher. 
  • International value transfer service reports (IVTS): For all international transfers of value transactions.
  • Cross border movement reports: Submit when carrying physical currency or bearer negotiable instruments payable to bearer valued at A$10,000 or higher into or out of Australia.
  • Annual compliance reports: Submit an annual report summarising how you have met your AML/CTF obligations in the previous year.

5: Make and keep records

You must make and maintain accurate and complete records for at least 7 years. 

These records provide evidence of your due diligence, risk management practices and compliance with AML/CTF obligations. Your records include documents related to your:

  • AML/CTF program
  • customer due diligence
  • transaction records
  • staff training sessions
  • audit results.

The new laws will provide clear protections for the disclosure of information or documents that may be subject to legal professional privilege. 

The common law doctrine of legal professional privilege will remain unchanged under the reformed laws. This ensures that the AML/CTF Act does not require disclosure of any information or document that a person reasonably believes is subject to legal professional privilege. 

The process for asserting privilege involves providing a dedicated legal professional privilege form in lieu of the requested information. This form will be available on the AUSTRAC website at a later date.

Further details on the process for managing and resolving assertions and claims of legal professional privilege will also be provided through Ministerial guidelines at a later date.

These changes come into effect on 1 July 2026. You can find out more in Schedule 4 to the AML/CTF Amendment Bill 2024.

Subscribe for updates on AML/CTF reform.

Subscribe now

The content on this website is general and is not legal advice. Before you make a decision or take a particular action based on the content on this website, you should check its accuracy, completeness, currency and relevance for your purposes. You may wish to seek independent professional advice.

Last updated: 11 Dec 2024
Page ID: 1158

Was this page helpful?

Was this page helpful?
Please note that feedback you provide here will be used only for the purpose of improving our website. If you have a specific question about your AML/CTF obligations, please contact us.