AUSTRAC Expands Anti-Money Laundering Rules to Professional Services with Tough New Compliance Requirements
- 8 minutes ago
- 5 min read
Australia has introduced sweeping reforms to its anti-money laundering and counter-terrorism financing framework, with AUSTRAC significantly broadening its regulatory oversight to include several professional service industries that were previously outside the scope of the regime. Effective from July 1, 2026, the revised legislation requires legal practitioners, accountants, conveyancers, real estate agents, and precious metals dealers to implement comprehensive internal systems designed to identify, manage, and reduce the risks of money laundering and terrorism financing. Businesses that fail to meet these new obligations face substantial civil penalties, with the maximum court-imposed fine for corporations currently standing at 22.2 million Australian dollars for each systemic breach. Under the expanded framework, any business providing designated services must enroll with the national financial intelligence agency within exactly 28 days of commencing those services. The legislative changes are intended to strengthen safeguards across sectors that have historically been vulnerable to financial crime, ensuring that illicit proceeds cannot easily enter the Australian economy through property transactions, legal structures, trusts, or shell companies.

For the thousands of newly regulated businesses now captured by the legislation, understanding whether they provide designated services represents the first essential step toward compliance. The foundation of the new regulatory framework is the development of a tailored risk management program that reflects the nature of each organization's operations. Designated services include a range of professional activities such as assisting clients with the purchase or sale of real estate, managing client bank accounts, organizing capital contributions for company formation, and administering trusts or other corporate structures. Whenever a business performs any of these specified activities, it immediately becomes a reporting entity subject to federal anti-money laundering and counter-terrorism financing requirements.
An effective compliance framework begins with a comprehensive assessment of the organization's exposure to financial crime risks. This risk assessment forms the basis for every subsequent compliance measure and requires businesses to evaluate numerous factors, including the characteristics of their clients, the methods through which services are delivered, the jurisdictions in which they operate, and the types of financial transactions they facilitate. After identifying these potential vulnerabilities, reporting entities must formally document and implement policies and procedures specifically designed to address the risks they have identified. These controls include establishing a two-part compliance program that combines organization-wide risk management with robust customer identification and verification measures.
Strong governance is another central component of the updated regulatory regime. Organizations must clearly allocate compliance responsibilities to specific individuals throughout the business. A designated compliance officer is responsible for managing the day-to-day operation of the anti-money laundering program, while senior management must formally approve the organization's compliance strategy. Ultimate accountability, however, remains with the governing body, which is responsible for ensuring that the organization consistently satisfies its regulatory obligations. Regular reviews and independent audits must also be conducted to verify that the compliance framework continues to function effectively and remains aligned with changing legislative requirements.
Customer due diligence has become a critical safeguard under the expanded framework, ensuring that professional services cannot be used anonymously to facilitate financial crime. Before providing any designated service, reporting entities must identify and verify the identity of every client. This process requires collecting essential information such as legal names, residential addresses, and dates of birth. Where the client is a company, trust, or other legal arrangement, businesses must also identify and verify the beneficial owners who ultimately exercise control over the entity. This requirement is intended to prevent complex ownership structures from concealing the true source of wealth or the individuals directing financial activities.
The legislation also requires professional service providers to adopt a risk-based approach when assessing customers. Clients classified as presenting low or moderate risk are subject to standard customer due diligence procedures, while enhanced customer due diligence becomes mandatory for higher-risk relationships. Enhanced scrutiny applies in situations involving politically exposed persons, customers connected to non-cooperative jurisdictions, or entities with particularly complicated ownership arrangements. In such cases, businesses must take additional steps to determine the source of the customer's funds and verify the customer's overall wealth before proceeding with designated services.
If a reporting entity cannot successfully verify a customer's identity, it must refuse to provide the requested designated service. In addition, the organization must determine whether the inability to complete customer verification creates grounds for submitting a suspicious matter report to AUSTRAC. Compliance obligations do not end once a customer relationship has been established. Reporting entities are also required to conduct ongoing customer due diligence by periodically reviewing customer information to ensure that risk profiles remain current and accurately reflect any changes throughout the business relationship.
Transaction monitoring forms another key element of Australia's financial intelligence system. Regulated entities must continuously monitor customer activity and identify transactions that differ from expected behavioral patterns. When employees identify unusual or potentially suspicious activity, they are required to escalate the matter to the organization's compliance officer, who will determine whether a suspicious matter report should be lodged with the regulator. Such reports must be submitted within three days after forming a suspicion, while matters involving suspected terrorism financing carry a significantly shorter reporting deadline of just 24 hours.
Beyond suspicious matter reporting, businesses must also comply with mandatory threshold transaction reporting obligations. Any physical cash transaction involving 10,000 Australian dollars or more must be reported to AUSTRAC within 10 business days. Reporting entities are likewise required to report international funds transfer instructions whenever funds are sent into or out of Australia on behalf of a client. These reporting requirements provide financial intelligence authorities with valuable information that helps analysts trace financial flows, identify suspicious patterns, and uncover broader criminal networks operating across multiple jurisdictions.
Maintaining comprehensive records remains essential for demonstrating compliance during regulatory examinations. Organizations must retain all documents relating to customer due diligence, transaction histories, and approvals associated with their compliance programs for a minimum period of seven years. These records must be securely maintained while remaining readily accessible so they can be produced during inspections conducted by regulators or law enforcement agencies.
The expansion of Australia's anti-money laundering regime into professional services represents a significant shift in the country's broader strategy to combat financial crime. Professionals working in legal, accounting, conveyancing, real estate, and precious metals industries are expected to move beyond viewing regulatory compliance as a simple administrative obligation and instead embed it within their everyday business operations. Creating a strong culture of compliance is increasingly viewed as essential for preventing organizations from unintentionally facilitating money laundering activities that could expose them to severe financial penalties while causing lasting damage to their professional reputation.
Technology is expected to play an increasingly important role in helping businesses, particularly small and medium-sized firms, meet their expanding compliance obligations. Automated digital solutions can simplify customer identity verification, perform sanctions and politically exposed person screening against international databases, and monitor customer transactions continuously for unusual activity. Despite the efficiencies offered by technology, however, responsibility for meeting regulatory requirements remains firmly with the reporting entity itself. Ongoing staff education is equally important to ensure employees can recognize warning signs of financial crime, detect attempts to structure transactions to avoid reporting thresholds, and understand the appropriate internal escalation procedures.
By implementing the recommended compliance programs, utilizing available starter kits, and following official implementation guidance, professional service providers can significantly reduce the risk of their businesses being exploited by criminal organizations. Maintaining strong anti-money laundering and counter-terrorism financing controls not only enables organizations to satisfy their legal obligations but also strengthens the integrity, stability, and reputation of Australia's broader financial system.
By fLEXI tEAM





Comments