Australia’s AML/CTF Regime Enters a New Era: What AUSTRAC’s 2025 Rules Mean for Compliance Professionals

Australia is preparing for its most substantial overhaul of anti-money laundering (AML) and counter-terrorism financing (CTF) obligations in nearly two decades.

The release of AUSTRAC’s Second Exposure Draft (ED2) of the 2025 AML/CTF Rules this May has signaled a regulatory transformation that will reshape compliance across financial institutions, fintechs, virtual asset service providers (VASPs), and other designated services.

With the final implementation date set for March 2026, compliance professionals are entering a critical period of recalibration, adaptation, and alignment with a new global standard.

This reform comes in response to a combination of international pressure, risk assessment findings, and the desire to bring Australia’s AML/CTF framework in line with Financial Action Task Force (FATF) guidelines. As AUSTRAC moves to consolidate its position as a leading regulator in financial crime prevention, entities across the sector will need to move quickly to understand and operationalize these sweeping changes.

Rewriting the Rulebook: A Risk-Based and Globally Aligned Framework

At the heart of this transformation is the AML/CTF Amendment Act 2024, which has laid the groundwork for a rewritten and modernized compliance framework. According to AUSTRAC, this new regime replaces the “fragmented and outdated 2007 Rules” with a streamlined, technologically conscious framework intended to keep pace with emerging threats and evolving services.

The revised rules will be split between two core instruments: the Anti-Money Laundering and Counter Terrorism Financing Rules 2025, containing the operational obligations, and the updated AML/CTF (Class Exemptions and Other Matters) Rules 2007, which will house sector-specific exemptions and transitional measures.

AUSTRAC has engaged the industry through an open consultation process to help refine these rules. The regulator emphasized, “This co-design approach ensures a framework that is robust, flexible, and fit for a digital economy.”

These reforms seek to widen the net. Real estate professionals, dealers in precious metals and stones, legal and accounting practitioners, and VASPs will now fall under the AML/CTF regime—many for the first time. This is an intentional move to close gaps that have long existed in Australia’s regulatory reach, aligning it more closely with international models seen in Singapore, the UK, and Hong Kong.

Enrolment, CDD, and the Rise of Granular Oversight

Among the most impactful changes are the updates to entity registration and customer due diligence (CDD). Entities offering designated services must now enroll with AUSTRAC within 28 days of beginning operations. Crucially, the information required for this enrollment has been expanded. AUSTRAC wants to understand not just the services being offered, but “the size, nature, and complexity of your operations,” as well as risk indicators such as employee numbers and industry affiliations.

For remittance service providers and VASPs, the bar is even higher. Registration will now involve a comprehensive vetting process that includes the applicant’s AML/CTF risk exposure, the robustness of its compliance framework, the background of key personnel, and international affiliations. AUSTRAC notes that this pre-operational scrutiny is designed to “prevent de-banking of legitimate providers while ensuring bad actors are excluded from the system.”

CDD requirements have also been sharpened. Simplified CDD will still be permitted for low-risk clients such as government entities and regulated public companies. However, verifying place of birth—a contentious requirement in the past—will be removed except in high-risk scenarios, while date of birth remains essential. New allowances for “delayed verification” aim to support business continuity, provided risks are managed and identity checks are completed within 30 days.

The rules also address ownership transparency. AUSTRAC clarifies when reporting entities must investigate beneficial ownership chains, stating that firms “are not required to verify the customers of your customers” unless certain risk thresholds are triggered. In merger and acquisition contexts, deemed compliance provisions now offer clearer pathways for managing transferred customer bases.

Financial Sanctions and SMRs: Integrating National Security into AML Practice

Australia’s enhanced AML/CTF regime pays particular attention to the emerging risks tied to international sanctions evasion. Under Section 4-12 of the new rules, all reporting entities must implement sanctions compliance policies. These must include procedures to prevent designated services from being provided to sanctioned entities, enforce asset freezing, and avoid any return of frozen assets.

This is a direct response to FATF’s previous criticism that Australia had not effectively integrated sanctions enforcement into its AML/CTF obligations. AUSTRAC now mandates that “every reporting entity must have policies to address financial sanctions compliance as part of their AML/CTF program.”

Suspicious Matter Reports (SMRs) and Threshold Transaction Reports (TTRs) remain central to the reporting architecture, but are being modernized. Reporting forms will require more detailed data on transaction participants and suspicious behaviors. Entities must report all large cash transactions above AUD 10,000 or its foreign equivalent and ensure coverage across a broader spectrum of services, including virtual asset transactions and non-bank financial services.

Another major addition is Australia’s alignment with the global “travel rule,” which requires payer and payee information to accompany international and virtual asset transfers. This reform strengthens cross-border intelligence sharing and transaction tracking capabilities. Transitional measures are being offered to give industry time to adapt—especially for self-hosted crypto wallets and decentralized platforms.

Preserving Proportionality: Updated Exemptions and Carve-Outs

While the rules bring stricter obligations, they also retain flexibility through carefully scoped exemptions. Low-risk services like administrative salary packaging, debt collection, friendly society benefit funds, and risk-only life policies remain exempt.

AUSTRAC has clarified when and how reporting obligations can be delegated within corporate groups and defined that “only entities providing designated services are required to enroll.” For entities undergoing mergers, acquisitions, or customer transfers, the rules now offer a simplified compliance pathway, reducing duplication and uncertainty.

Non-operating holding companies may also act as lead reporting entities—so long as they satisfy certain control and governance requirements. AUSTRAC notes that this change was made in response to “industry feedback seeking clarity on compliance responsibilities within complex group structures.”

Countdown to Compliance: What Firms Must Do Now

AUSTRAC is actively soliciting feedback on ED2 until June 27, 2025. The regulator has asked for submissions addressing compliance burdens, the use of data for enforcement and intelligence, the practicality of updated forms, and how best to manage risks associated with new technologies and payment systems.

“Early engagement is key,” AUSTRAC emphasized, encouraging firms to begin revising their AML/CTF programs immediately. Key action items for reporting entities include:

• Reviewing and updating CDD and onboarding procedures

• Assessing and documenting beneficial ownership chains

• Strengthening internal sanctions compliance policies

• Training staff on updated reporting thresholds and digital asset obligations

• Preparing for stricter registration scrutiny, especially for remitters and VASPs

• Testing and upgrading transaction monitoring systems to align with the new rules

The final rules will take effect by March 2026, giving firms a limited window to ensure readiness and avoid compliance failures.

A System Built for the Future

Australia’s 2025 AML/CTF Rules are not simply a regulatory refresh—they are a foundational restructuring aimed at modernizing how financial crime is detected, prevented, and prosecuted. AUSTRAC is building a compliance framework that reflects the complexity of today’s financial landscape, while embedding resilience for the future.

As AUSTRAC puts it: “The new rules are designed to position Australia as a global leader in the fight against money laundering and terrorism financing.”

Firms that recognize this shift early and act decisively will be better prepared not only for the compliance challenges of 2026, but for the broader reputational and operational demands of conducting business in an increasingly scrutinized global environment. 

By fLEXI tEAM