On this page

• What is tipping off
• Types of information protected by the tipping off offence
• Who the tipping off offence applies to
• What it means to prejudice an investigation
• Disclosures that are not likely to be considered tipping off
• Reducing the risk of tipping off
• Managing customers to reduce the risk of tipping off
• Examples: Tipping off risks when dealing with customers
• In detail – disclosing Information to different persons and entities
• Related pages
• Related legislation

What is tipping off

Tipping off is disclosing certain types of information to another person, where it would or could reasonably be expected to prejudice an investigation. This includes:

• investigations of an offence against Commonwealth, State or Territory law, and 
• investigations under Commonwealth, State or Territory proceeds of crime laws.

Tipping off is a criminal offence. The maximum penalty for tipping off is imprisonment for 2 years or 120 penalty units, or both. 

It does not matter whether you know or think an investigation has started. You need to consider the consequences that disclosing information could have on an investigation, if there was one now or in the future. Generally, if an investigation is complete or finalised, it is unlikely that the disclosure of Information would or could prejudice that completed investigation. 

Types of information protected by the tipping off offence

Throughout this guidance, ‘Information’ means all of the types of information listed in this section. 

Information about suspicious matter reports (SMRs)

This includes:

• information that establishes you submitted an SMR, or that a requirement to submit an SMR has been triggered
• a report made or prepared for the purposes of meeting your SMR obligations, including any copies
• any document purporting to set out information contained in an SMR

Information about notices given to you under sections 49 and 49B of the AML/CTF Act

This includes:

• that you are or were required to give information or produce a document in response to a notice
• that you have given information or produced a document in response to a notice

Information about suspect transaction reports 

The Financial Transaction Reports Act 1988 is no longer in force as of 7 January 2025. However, the following information is still covered by the tipping off offence if you were a cash dealer prior to 7 January 2025:

• that you formed a suspicion about a transaction 
• that you provided certain information to the AUSTRAC CEO through a suspect transaction report (SUSTR) or in response to a relevant notice, and
• any information from which someone could reasonably infer that the above information was given to AUSTRAC.

Who the tipping off offence applies to

The tipping offence applies if you are (or were previously):

• a reporting entity
• an officer, employee or agent of a reporting entity
• a person required to give information or produce documents under a notice issued under section 49 or 49B of the AML/CTF Act.

The tipping off offence applies whether you create, share or receive the Information.

What it means to prejudice an investigation

You must not disclose Information where it would or could reasonably be expected to prejudice an investigation. Prejudicing an investigation means doing something that could negatively affect an investigation. You do not need know a disclosure will negatively affect an investigation. Whether a disclosure would or could reasonably be expected to prejudice an investigation will often depend on a combination of: 

• what information is disclosed
• who the disclosure is made to 
• how the disclosure is made; and
• when the disclosure is made.

For example, you could prejudice an investigation if you: 

• tell a customer or their known associate that you have provided, or need to provide, an SMR or further information to AUSTRAC in relation to their activities
• tell a customer that you suspect they are using your services to engage in criminal conduct, or give them enough Information that they understand you have formed such a suspicion requiring you to report to AUSTRAC
• accidentally disclose Information publicly, for example if a staff member publishes the information on your website 
• disclose Information to someone who may share it more widely. For example, disclosing Information to a journalist about suspicions you hold about a person’s criminal conduct or the activities you have reported in SMRs or SUSTRs. 

In these examples, the customer or an associate could be ‘tipped off’ that you are suspicious of their conduct and that you are required to submit an SMR or respond to a notice. This may prompt them to change their behaviour to avoid detection by law enforcement and make investigations more difficult. 

Disclosures that are not likely to be considered tipping off

You will not generally breach the tipping off offence if you disclose Information:

• to comply with requirements in Commonwealth, State or Territory laws. For example, laws to prevent scams, such as the Scams Prevention Framework, or state-based gambling laws
• to appropriately manage ML/TF risks in your business. For example, disclosures to staff or senior management in your business, a reporting entity in your designated business group or corporate group or external service providers for this purpose
• in the process of supporting due diligence in a merger or acquisition involving your business
• to meet your AML/CTF obligations or manage ML/TF risks. For example, to consultants supporting you with AML/CTF remediation and uplift, or to your lawyer to seek legal advice on your AML/CTF obligations
• to participate in activities of the Fintel Alliance, including through disclosures made between reporting entities engaging in these activities
• if your SMR obligation has not been triggered and you are asking a customer reasonable questions or conducting enhanced customer due diligence. 

Disclosures of Information to Australian law enforcement, intelligence or regulatory agencies will also not generally breach the new tipping off offence. 

These agencies include, but are not limited to, Commonwealth, state and territory police and agencies that have investigative functions, such as the:

• Australian Taxation Office
• National Anti-Corruption Commission 
• Australian Border Force
• Australian Criminal Intelligence Commission. 

Sharing information with other third parties

You are not prohibited from disclosing Information to third parties under the new tipping off offence if it would not or could not reasonably be expected to prejudice an investigation. 

For example, you might engage a third party to assist you to manage your ML/TF risks and meet your AML/CTF obligations. You could disclose Information to those third parties without tipping off, if the disclosure would not or could not reasonably be expected to prejudice an investigation. 

AUSTRAC expects you to have appropriate controls in place to manage the risk of tipping off when engaging with third parties. For more information, refer to the below sections on Reducing the risk of tipping off, and Outsourcing to external service providers. 

While the tipping off offence may not prohibit these kinds of disclosures, it does not authorise them. Other legal restrictions may apply when disclosing Information to third parties, including the Privacy Act 1988. 

Reducing the risk of tipping off

Tipping off can occur if you do not have suitable controls in your business to prevent tipping off. This includes when sharing Information within a reporting group or to a third party.

AUSTRAC recommends that you consider implementing policies to prevent tipping off from 31 March 2025, when the new offence will begin to apply. From 31 March 2026, you will be required to adopt and maintain AML/CTF policies in your AML/CTF program to prevent tipping off. 

AUSTRAC recommends that you: 

• identify Information held by your business
• identify the situations where disclosing Information would or could reasonably be expected to prejudice an investigation
• determine the measures you will apply to prevent tipping off when disclosing or dealing with Information.

Information controls

The controls in this section are examples of how to reduce the risk of tipping off and are not exhaustive. 

AUSTRAC recommends that you apply controls that are appropriate for your business. Your business may have existing procedures in place that you can also apply to Information.

For example, you could:

• restrict access to Information to those with a genuine need to know, including third party service providers with access to your systems
• de-identify any Information that is distributed more widely across your business 
• when discussing trends and insights, disclose generally identified patterns of behaviour rather than mentioning specific customers or transactions
• implement and review audit trails of who accesses Information and when
• use a legally enforceable undertaking to ensure that Information is kept confidential by employees and any third parties you engage.

It is also important to maintain good security practices such as:

• secure electronic document storage
• password protection of documents 
• secure document destruction of physical copies.

When sharing Information with third parties, AUSTRAC recommends that you:

• only disclose Information to people that have a genuine need to know
• consider what legal obligations apply to third parties in foreign countries that you are sharing Information with, to ensure they are consistent with your obligations under the AML/CTF Act
• consider whether third parties you may share Information with have adopted suitable controls to prevent tipping off, such as those outlined above
• attach conditions to the further use of Information you provide to third parties to prevent the Information getting back to the subject.

Employee training and due diligence

You must provide training to your employees to ensure they understand the tipping off offence. AUSTRAC recommends that you provide regular training on preventing tipping off to all staff that have access to Information, and provide specific training for staff in customer facing roles. 

You must also conduct due diligence on your employees to determine their suitability for roles in your business.

Refer to AUSTRAC's guidance on employee training and employee due diligence for further information. 

Managing customers to reduce the risk of tipping off

Tipping off risks may arise when managing customer relationships, for example when:

• requesting further information from a customer, including when applying enhanced customer due diligence (CDD)
• deciding to end the business relationship, and you need to explain the reasons for doing so to the customer.

To reduce this risk, AUSTRAC recommends that, where possible, you provide the customer with genuine reasons for engaging with them that do not mention their suspicious conduct. 

Some examples are provided below, however these are not exhaustive. You are best placed to determine whether a reason is appropriate, considering your overall obligations.

When you interact with a customer in relation to any Information or suspicious activity, AUSTRAC recommends you document your interactions and any steps you took to reduce the risk of tipping off. 

Making further enquiries into customer activity

Conducting reasonable enquiries into customer activity that may be unusual is not by itself considered tipping off. The tipping off offence does not prevent you from telling a customer that you need to collect further information to comply with your AML/CTF obligations to know your customer. However, when making enquiries into customer activity, you must not disclose Information if it would or could be likely to prejudice an investigation. 

Instead, where possible AUSTRAC recommends you provide the customer with genuine reasons for engaging with them on the issue that do not indicate you are suspicious of their conduct. 

For example, you could say that relevant steps are required to: 

• comply with AML/CTF legislation or other legal obligations to, for example, know your customer
• make sure you have the most up to date customer details on file
• collect additional information as part of your company’s standard processes and procedures in certain situations
• resolve issues with customer information or identification documents that require additional verification. 

To further reduce the risk of tipping off, you may consider using:

• standardised communications and forms
• scripts for staff to use when engaging with customers to make further enquiries.

Choosing to end a business relationship with a customer

If you decide to end a business relationship, AUSTRAC recommends that where possible you provide genuine reasons for doing so that do not indicate you are suspicious of their conduct. You must ensure that you do not disclose Information to the customer.

Depending on your regulatory and other obligations, and the situation you are dealing with, reasons could include: 

• the general nature of the customer’s activities fall outside your business’s risk appetite
• the customer has failed to respond to your requests that they provide further details within a reasonable timeframe, or in a satisfactory way
• your business has made the decision not to fund the additional systems and controls that would be required to manage regulatory obligations associated with their account
• other reasons that demonstrate you have a commercial basis to end a business relationship.

Refer to AUSTRAC’s further guidance on managing high-risk customers.

Engaging with customers who are not the subject of a suspicion

Sometimes, a person who is not the subject of your suspicion may be affected by the conduct reported in an SMR. For example, a person who has been the target of a scam or identity fraud.

The tipping off offence does not prohibit you from disclosing Information to help the person resolve the issue or to recover their losses from the activity, as long as it would not or could not reasonably be expected to prejudice an investigation. 

AUSTRAC recommends you have controls in place to ensure that any disclosure of Information:

• is only made to people with a genuine need to know, and 
• is limited to the Information that is necessary to assist the person.

Dissuading clients or customers from criminal activity

Under section 123(4), it is not an offence to disclose Information that relates to the affairs of your customer or client, in good faith, to dissuade them from activities that could be an offence under Commonwealth, state or territory law. This applies if you:

• are a legal practitioner 
• are a qualified accountant
• carry on a business that uses legal practitioners to provide professional legal services
• carry on a business that uses qualified accountants to provide professional accountancy services. 

AUSTRAC recommends you:

• focus on how their activities could break the law and possible penalties of doing so
• do not disclose the existence of an SMR or SUSTR, or a relevant notice
• do not disclose you are required to report or have reported the customer or client’s activities under an SMR or notice. 

Examples: Tipping off risks when dealing with customers

The following are examples of tipping off risks that could arise when dealing with customers.

Example 1 – Reducing tipping off risks for a bank during enhanced CDD

Sammy is a customer of SomeBank. He receives a regular payment from Services Australia, and works part time. He has been a customer of SomeBank for several years. For the majority of this time, transactions on his account were everyday expenses and regular payments from Services Australia and his employer, who is a well-known hospitality business.

Recently, Sammy started receiving a high number of small deposits into his account. These transfers come from other domestic accounts with labels like “gift” and “tickets”. He has also started withdrawing large amounts of cash from his account, and spending money at high-end stores. 

SomeBank’s transaction monitoring system flags these as unusual transactions. The bank’s financial crime team reviews the information collected during onboarding and throughout the relationship. SomeBank decides to carry out enhanced CDD to gather further information about the transactions, and whether they suspect the transactions are linked to a crime. 

A staff member calls Sammy to discuss the recent transactions, and asks about why they were made and the source of funds. SomeBank tells Sammy the checks are necessary because the bank is required to follow up on any significant changes to account activity under their AML/CTF obligations and policy to protect customers. 

Sammy provides an explanation for their transactions, but the source of funds does not match the information the bank has, and does not align with any verifiable legitimate activity. 

The bank is also aware Sammy’s behaviour aligns with some of the indicators of money laundering that are associated with drug trafficking, as identified in AUSTRAC risk products. The bank decides they have reasonable grounds for a suspicion that Sammy is engaged in money laundering activity and submits an SMR within three business days. They also document their interaction with the customer, including the reason they told the customer for their enquiry. 

SomeBank did not tip off the customer while undertaking enhanced CDD because:

• the bank framed its enquiries as its processes to follow up on changes to account activity under its AML/CTF obligations and customer protection policies 
• the bank did not provide the customer with enough information to establish they had reasonable grounds to suspect that Sammy was engaging in criminal activity.

Example 2 – Reducing tipping off risks for a remittance service provider during enhanced CDD

SmallSend is an independent remittance service provider that provides money transfer services to and from a small number of countries. The business consists of two partners who co-manage the business and have equal say in the functions of the business.

One of SmallSend’s customers is Alice, an international student studying at university in Australia. Alice has been living in Australia for approximately 11 months. Each month, she receives payments from her parents for living and general expenses. The exact amount she receives each month varies, however the payments are always relatively low and consistent with a student’s expenses while living in shared accommodation.

Recently, there has been a change in Alice’s regular transactions. She has been presenting large amounts of cash at SmallSend and requesting remittances to a country that is different from where her parents live. The recipients are several different individuals.

SmallSend’s manual transaction monitoring program flags these transactions as unusual. Following its AML/CTF policies, one of the partners determines they must undertake enhanced CDD to identify if Alice’s funds and transactions are for legitimate purposes.

SmallSend contacts Alice to ask her for additional information about the source of funds for these new transactions. SmallSend explains to Alice that this process is required under AML/CTF legislation when significant changes occur in customer activity and in line with the company’s policy. 

SmallSend does not mention their reporting obligations, and does not suggest that they suspect Alice could be engaging in criminal activity. 

Alice’s explanation raises some concerns about the legitimacy of the source of funds. She claims that the funds are from her friends, and she is doing them a favour because her friends are in a rush to send the money and do not have time to set up their own accounts. She is not able to provide any evidence of where the original funds came from. 

SmallSend is aware of the risk of international students being recruited by criminals to facilitate money transfers to their associates in other countries. 

SmallSend concludes that they have reasonable grounds to suspect that Alice is engaged in money laundering based on the:

• change in Alice’s transaction activity
• unsatisfactory explanation of the source of funds, and
• lack of any previous history with the countries or individuals receiving the payments.

SmallSend submits an SMR to AUSTRAC within three business days, describing the circumstances and their belief that Alice may be transferring illegally obtained funds.

SmallSend did not tip off Alice while carrying out enhanced due diligence by:

• presenting the request for information as a general requirement under AML/CTF legislation and company policies to follow up on significant changes in account activity, rather than because they thought the behaviour was suspicious 
• avoiding references to SMR obligations or potential concerns that Alice was engaged in money laundering or criminal activity.

Example 3 – Careless disclosures leading to tipping off

Thomas, a long-time patron of a popular pub, has recently changed his gambling behaviour. 

Thomas has started to visit the gaming area frequently, inserting large amounts of cash into the electronic gaming machines, and then collecting and cashing out tickets without playing. Previously, Thomas’s visits to the pub were consistent with casual small value gaming, and regular spending on food and drinks. 

The gaming attendant at the pub flags these changes in behaviour and thinks the large amounts of cash is unusual and suspicious, and discusses the matter with the duty manager. The attendant and the manager consider submitting an SMR to AUSTRAC. 

The attendant later discusses Thomas’s behaviour with the duty manager in the presence of another employee, who has a friendly relationship with Thomas and has no training on his tipping off obligations. 

This employee later informs Thomas that his behaviour was flagged as suspicious and could be reported to AUSTRAC. Thomas, realising he may soon be reported, abruptly stops visiting the pub and moves to a different state to avoid detection.

This situation constitutes tipping off because:

• an employee disclosed to the suspect both that they were likely to be reported and that the business flagged his behaviour as suspicious 
• the disclosures would reasonably be expected to prejudice an investigation, as Thomas was likely to alter his behaviour when he learned of the information. 

Tipping off could have been avoided if the pub had implemented appropriate controls to ensure such suspicions were not discussed in a setting where they could be overheard.

In detail – disclosing Information to different persons and entities

Outsourcing to external service providers

You may need to disclose Information to external service providers, for example, to help review or uplift your AML/CTF reporting, transaction monitoring, or record-keeping functions. 

The tipping off offence may not apply to your external service provider. You must not disclose Information to this entity if it would or could reasonably be expected to prejudice an investigation. 

AUSTRAC recommends you verify that your external providers have appropriate controls in place to reduce the risk of tipping off. For further information, see Reducing the risk of tipping off.

You might engage an external provider who operates in a foreign country. In these cases, AUSTRAC recommends you consider whether the laws of that country are consistent with your obligations under the AML/CTF Act.

For example:

• you might submit an SMR about a foreign politically exposed person from a particular country, and
• disclose Information to an external service provider based in that country, and
• the laws and processes in that country mean there is a substantial known risk that the foreign politically exposed person will obtain this Information from the external service provider.

If this is the case, AUSTRAC recommends you select a different service provider who does not carry the same risks. 

Courts or tribunals 

Section 123(6) of the AML/CTF Act provides that you cannot be required to disclose Information to a court or tribunal, unless it is in a proceeding to give effect to the Act. 

Courts and tribunals typically operate publicly, and disclosing Information in a proceeding may lead to this Information getting back to the subject of an SMR or notice, or their associate.

It is unlikely that you will be tipping off if you simply state that particular transactions occurred.

AUSTRAC recommends you consider seeking your own legal advice before you disclose Information in court or tribunal proceedings. 

Information is commonly requested in court or tribunal proceedings following a business’s decision to:

• stop providing services to a customer, or
• dismiss a staff member because of their high ML/TF risk. 

Providing staff and customers with genuine reasons for their dismissal that do not disclose that you are suspicious of their conduct can help reduce the likelihood that you may be asked to produce Information in Court or tribunal proceedings.

For further information, refer to Managing customers to reduce the risk of tipping off.

Related pages

• Suspicious matter reports
• Financial services for customers that financial institutions assess to be higher risk

Related legislation

• Section 123 of the AML/CTF Act – offence of tipping off 
• Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024