AML/CTF Reform is coming, Boards require vigilance

What should a company board understand about the changing regulations regarding Australian AML/CTF laws?

Introduction

Boards, Responsible Managers and Compliance Officers of Australian Financial Services Licence (‘AFSL’) holders and law firms, accounting practices and real estate agencies need to be aware of the significant reforms underway in Australia's anti-money laundering and counter-terrorism financing (‘AML/CTF’) regime.

The Australian Transaction Reports and Analysis Centre (‘AUSTRAC’), the government agency responsible for AML/CTF oversight, has released a second exposure draft of its updated AML/CTF Rules as part of the Federal Government’s reform package to modernise financial crime compliance and expand regulation to more business sectors under ‘Tranche 2’ reforms. Tranche 2 reforms in the context of AML/CTF regulations refers to the expansion of AML/CTF obligations to Designated Non-Financial Businesses and Professions (‘DNFBP’).

These AML/CTF reforms are not minor. They introduce broader reporting requirements, new customer due diligence rules, and impact a much wider set of businesses, especially those operating in private capital, legal and financial/accounting/real estate services.

Boards should now be reviewing their AML/CTF governance arrangements to ensure readiness for what is expected to become law by March 2026 for existing entities, and July 2026 for newly captured professions.

Who is AUSTRAC?

AUSTRAC is the federal agency responsible for preventing money laundering, terrorism financing, and serious financial crime in Australia. It regulates entities under the AML/CTF Act and works closely with law enforcement, industry and government.

In 2025, AUSTRAC is leading the rollout of Tranche 2 reforms, which bring legal, accounting and other professional service providers under the AML/CTF regime for the first time, something recommended by the global Financial Action Task Force (‘FATF’).

What’s Changing in the AML/CTF Rules?

AUSTRAC’s Second Exposure Draft of the AML/CTF Rules outlines several key changes that boards should prepare for and understand, for example:

1. Enhanced AML/CTF Programs

• If you already captured under existing AML/CTF regulations (i.e. Tranche 1), organisations should now conduct a review of their AML/CTF Programs and develop or update their program to ensure that their AML/CTF program is compliant with the new regulations.

• Organisations should create AML/CTF programs tailored to their business, covering risk assessments, internal policies, controls, procedures, training and ongoing reviews.

• Existing reporting groups are also subject to updated program requirements including appointing a lead entity to harmonise group-level AML/CTF measures, for example group-wide reporting structures being standardised across domestic and foreign subsidiaries, as required.

• Board oversight and evidence of governance engagement with the AML/CTF reforms will be expected as part of AUSTRAC’s supervisory reviews.

2. Updated Customer Due Diligence Rules

• Boards should note the new flexibility to delay verification of customer identity in low-risk scenarios, something not previously permitted, however risk-based approaches must be properly documented and justified.

• Changes to ‘PEP’ – for example, obtain ‘senior manager’ approval prior to a reporting entity providing designated services, and the requirement to conduct checks on politically exposed persons (‘PEP checks’) of a customer. 

3. Virtual Assets and the ‘Travel Rule’

Boards overseeing crypto-related businesses or fintech investments should be aware of new rules requiring detailed payer/payee information to accompany digital asset transfers (the ‘Travel Rule’).

• The Travel Rule, formally known as FATF Recommendation 16, is a global anti-money laundering standard that requires Virtual Asset Service Providers (‘VASP’) to collect and share originator and beneficiary information during virtual asset transfers, similar to requirements for traditional financial institutions.

• The Travel Rule changes bring Australia into closer alignment with global AML/CTF frameworks for digital finance.

4. Suspicious Matter and Threshold Transaction Reports

AUSTRAC has noted new approved forms of suspicious matter reports (‘SMR’) and threshold transaction reports (‘TTR’) and more prescriptive content requirements being introduced for SMRs and TTRs under the reforms.

• for SMR, the date the suspicious matter reporting obligation arose, information about the person completing the report, information about the entity that has formed the suspicion, and information about the suspicious matter.

• for TTR, information about the threshold transaction and, if the transaction involves an account, product, transfer of property or virtual asset, information about that account, product, transfer of property or virtual asset.

5. Regulation of New Sectors (Tranche 2)

From July 2026, the updated AML/CTF regime will extend to lawyers, accountants, real estate agents, and trust service providers i.e. DNFBPs. Note, AUSTRAC will finalise Tranche 2 sector-specific guidance by the end of 2025 following industry feedback.

• These professions for example, must implement AML/CTF Programs, conduct client verification, submit AUSTRAC reports, and train staff.

• Boards in these sectors need to understand that AUSTRAC will apply similar governance expectations to those already faced by financial institutions captured under previous AML/CTF laws, i.e. compliance will be critical for lawyers, accountants, real estate agents, and trust service providers under Tranche 2 reforms.

Boards Must Take a Proactive Approach

Much like the Australian Securities and Investments Commission’s (ASIC) expectations around cyber risk governance, AUSTRAC is making it clear that AML/CTF is a board-level responsibility.

Boards should:

• Ensure their AML/CTF Program is up to date and in line with updated reforms, implemented, actively monitored and periodically reviewed.

• Understand the organisation’s risk exposure to AML/CTF, and how the business’s controls are set to mitigate that risk.

• Take responsibility for AUSTRAC reporting compliance, including the timeliness and accuracy of suspicious matter reports.

Failure to comply with AML/CTF laws is not just a technical breach, this type of compliance failure can expose the business to serious legal, reputational and financial risks, including civil penalties under the AML/CTF Act.

Potential Consequences for Non-compliance

Entities that fail to comply with these updated AML/CTF laws face a range of enforcement options including civil penalty orders up to $33 million for businesses and $6.6 million for individuals, enforceable undertakings, infringement notices, remedial directions and in some cases, the appointment of an external auditor to review AML/CTF compliance.

Relevance to AFSL Holders and Private Capital Boards

For AFSL holders and private capital fund managers, these rule changes present both a regulatory compliance obligation and an investor confidence opportunity. Demonstrating a high level of AML/CTF compliance may offer a competitive edge, particularly with institutional investors who are under tighter AML/CTF governance expectations.

For example, superannuation funds, family offices and fund managers that allocate capital to private capital investments are likely to increasingly demand assurance that AML/CTF obligations are met to a high/institutional standard by investment managers.

Conclusion

The next 12 months will be critical for all organisations to understand the scope of change regarding AML/CTF reforms.

Boards must act now by reviewing their governance structures, understanding the practical implications of the updated rules, and seeking external advice where needed. AUSTRAC will expect not just policy documents, but clear evidence that boards and senior management understand and own their AML/CTF obligations.

If your board does not yet have a compliance expert or governance professional who is experienced with AML/CTF reform, I am excited to offer your team guidance or support, whether by reviewing your current AML/CTF Program, advising your Risk/Compliance Committee, or joining your board sub-committee to help your board navigate these significant compliance changes.

AML/CTF reform is coming, and board-level leadership will be essential to navigating these reforms efficiently, honestly and fairly.

https://www.andrewsmcneil.com/