Australian AML/CTF Compliance Guide 2026

Updated March 2026 | 12 min read | By GoComply

Australia's anti-money laundering regime is one of the strictest in the world — and it's about to get stricter. With Tranche 2 expanding to lawyers, accountants, and real estate agents, and enforcement penalties reaching $1.3 billion, AML/CTF compliance has never been more critical.

Ask any AML/CTF question in the GoComply AI chatbot — covers the full AML/CTF Act, reporting deadlines, and enforcement cases with section references.

The Framework at a Glance

Element	Detail
Legislation	Anti-Money Laundering and Counter-Terrorism Financing Act 2006
Regulator	AUSTRAC (Australian Transaction Reports and Analysis Centre)
Applies to	All reporting entities providing designated services (ADIs, insurers, super funds, AFSL holders, gambling, bullion)
Key obligations	KYC, transaction monitoring, SMR/TTR/IFTI reporting, AML/CTF program, record keeping
Maximum penalty	Greater of $22.2M per contravention, 3x benefit, or 10% of turnover (capped at $555M)

Customer Due Diligence (KYC)

Standard CDD (Section 28-29)

Before providing a designated service, verify the customer:

Individuals: full name, date of birth, residential address — verified using passport, driver's licence, or electronic verification
Companies: full name, ABN/ACN, registered office, beneficial owners (25%+ ownership or control)
Trusts: trust name, type, trustee details, beneficiary details (where ascertainable), settlor for discretionary trusts

Enhanced CDD (Section 32)

Required for higher-risk situations:

Politically Exposed Persons (PEPs) — current/former government officials and associates
High-risk jurisdictions — FATF grey/black list countries
Correspondent banking — relationships with foreign financial institutions
Complex or unusual transactions — no apparent economic purpose
Non-face-to-face customers — online/remote onboarding

Reporting Obligations

Critical deadlines: Missing an SMR deadline is a civil penalty offence. Tipping off a customer about an SMR is a criminal offence (s123).

Report	Trigger	Deadline	Section
Suspicious Matter Report (SMR)	Suspicion of ML/TF on reasonable grounds	24 hours (terrorism), 3 business days (ML)	s41
Threshold Transaction Report (TTR)	Physical currency $10,000+	10 business days	s43
International Funds Transfer (IFTI)	All international transfers	10 business days	s45
Annual Compliance Report	All reporting entities	Annual	s47

AML/CTF Programs (Section 81)

Every reporting entity must maintain an AML/CTF program with:

Part A — General Program

Board and senior management oversight
ML/TF risk assessment (enterprise-wide, updated regularly)
Employee due diligence and screening
KYC and ongoing CDD procedures
Transaction monitoring
Reporting procedures (SMR, TTR, IFTI)
Record keeping (7-year retention)
Designated AML/CTF compliance officer
ML/TF risk awareness training for all relevant staff

Part B — Customer Identification

Minimum identification information to collect per customer type
Acceptable verification documents and methods
Electronic verification processes
Simplified CDD for lower-risk customers
Enhanced CDD procedures for higher-risk customers

Enforcement — The Numbers

Entity	Penalty	Year	Key Failure
Westpac	$1.3 billion	2020	23M unreported IFTIs, child exploitation payment failures
CBA	$700 million	2018	53,750 late TTRs, Intelligent Deposit Machine monitoring gaps
Crown Resorts	$450 million	2023	Junket operator CDD failures, unreported suspicious matters
Star Entertainment	$100 million	2023	Inadequate due diligence, weak transaction monitoring
SkyCity Adelaide	$67 million	2022	1,600+ customer identification failures

Total AUSTRAC penalties since 2018: over $2.6 billion. The message is clear — AUSTRAC will pursue massive penalties for systemic AML/CTF failures.

Tranche 2 — The Coming Expansion

The biggest AML/CTF expansion in Australian history is underway. From 2026, AML/CTF obligations extend to:

Real estate agents and buyer's agents
Lawyers and conveyancers
Accountants
Trust and company service providers
Dealers in precious metals and stones

Impact on existing reporting entities: Third-party reliance arrangements will expand, risk assessments need updating, and transaction monitoring must consider the changed landscape as previously unregulated professions come into scope.

AML/CTF and Operational Risk (CPS 230)

For APRA-regulated entities, AML/CTF compliance is an operational risk. Under CPS 230:

Transaction monitoring systems should be on your critical operations register
Sanctions screening tools are material service providers requiring CPS 230 oversight
Reporting system failures (SMR/TTR/IFTI) may trigger CPS 230 APRA notification
AML/CTF compliance officer should be covered in BCP key personnel provisions

Compliance Checklist

AML/CTF program current and Board-approved
ML/TF risk assessment updated within last 12 months
KYC procedures cover all customer types (individual, company, trust)
Enhanced CDD procedures for PEPs and high-risk customers documented
Transaction monitoring system operational and tested
SMR/TTR/IFTI reporting processes documented with clear escalation
Designated AML/CTF compliance officer notified to AUSTRAC
Staff training completed within last 12 months
Records retention policy covers 7-year minimum
Annual compliance report lodged with AUSTRAC
Third-party screening providers managed as material service providers (CPS 230)
Tranche 2 impact assessment completed

Get instant AML/CTF answers

Ask any question about AML/CTF obligations, reporting deadlines, or enforcement cases.

Try the AI chatbot free

This guide is for informational purposes. Consult qualified AML/CTF compliance professionals. Download the AML/CTF program review checklist from our resources page. GoComply chatbot covers the full AML/CTF Act.