Australia's AML/CTF Regime Enters New Era with 2026 Reforms Set to Reshape Compliance Landscape

Australia is undergoing the most sweeping changes to its anti-money laundering and counter-terrorism financing (AML/CTF) framework in decades, as the Amended AML/CTF Act 2024 and the accompanying Second Exposure Draft AML/CTF Rules prepare to take effect on 31 March 2026. These changes, spearheaded by AUSTRAC, promise a fundamental overhaul of compliance obligations and extend the regulatory net to a broader array of sectors, with significant implications for reporting entities across the country.

At the core of the reformed regime is a streamlined, modernized approach designed to enhance oversight without stifling innovation. Any business offering designated services—spanning real estate agents to virtual asset service providers—must enrol on the Reporting Entities Roll within 28 days of launching operations. The registration process for remittance and virtual asset providers is particularly rigorous, incorporating thorough assessments of money laundering and terrorism financing (ML/TF) risks, evaluation of compliance frameworks, and scrutiny of key personnel qualifications before approvals are granted.

Mandatory program obligations will include comprehensive risk assessments, implementation of AML/CTF policies tailored to each entity’s risk profile, integration of financial sanctions controls, and strict due diligence on personnel. For businesses operating within larger structures, reporting groups—either formed automatically through control relationships or voluntarily by agreement—must designate a lead entity responsible for ensuring group-wide compliance. As defined under section 236B, the lead entity will carry overarching accountability, though internal delegation of obligations remains permissible under documented arrangements.

Customer due diligence (CDD) requirements have also evolved considerably following extensive consultation feedback. Among the notable changes, the requirement to collect a customer’s place of birth has been eliminated, while date of birth only needs to comply with global travel rule thresholds in applicable cases. A more pragmatic approach to verification timelines has been introduced, allowing for delayed CDD on low-risk clients, provided appropriate risk mitigation measures are in place and outstanding checks are completed within 30 days. Entities dealing with low-risk, regulated customers—such as listed public companies or government agencies—may also apply simplified due diligence and are exempt from conducting beneficial ownership checks when justified by a demonstrably low ML/TF risk.

The reforms further clarify obligations surrounding trust beneficiaries, limiting requirements to identifying beneficiaries of fiduciary arrangements rather than indirect customer relationships. In another major efficiency measure, businesses engaged in mergers or acquisitions can rely on existing customer records when absorbing another reporting entity’s client base, as these records will be recognized as satisfying initial CDD duties. This "deemed compliance" provision is expected to significantly reduce onboarding duplication in corporate transactions.

Reporting duties have been upgraded to reflect emerging financial technologies and payment methods. AUSTRAC has modernized both Suspicious Matter Reports (SMRs) and Threshold Transaction Reports (TTRs), enabling the collection of more granular information. SMRs are required for any suspected ML/TF activity or related serious offences, while TTRs must be submitted for all cash transactions of AU$10,000 or more. The new forms include fields tailored to digital asset movements, telegraphic transfers, and contemporary payment tools, giving regulators and law enforcement richer, actionable insights.

Under the revised travel rule, institutions involved in value transfers—including those handling tokenised card payments—must collect, verify, and pass on identifying information for both payer and payee with every domestic or international transfer. Certain low-value or excluded transfers may be exempt, subject to conditions detailed in the Rules.

For larger organizations, reporting groups present a strategic mechanism to centralize AML/CTF obligations. A group is automatically formed when one entity controls another, but businesses can also form groups through mutual agreement. The lead entity assumes compliance responsibility for the group, though obligations can be delegated internally, provided appropriate documentation supports such arrangements and record access remains transparent. Meanwhile, the new framework retains class exemptions from the 2007 Rules for select sectors, including certain securities offerings, commodity warehousing operations, and debt collection activities. Chapters addressing salary packaging, warrants, and deposits have been updated for clarity while remaining in force under the amended legislation.

With the 31 March 2026 implementation date fast approaching, businesses must begin preparing for compliance now. The first step is confirming whether any designated services are offered, and if so, completing enrolment on the Reporting Entities Roll within the 28-day window. Remitters and digital asset firms, in particular, should ready detailed registration packages that include documented AML/CTF programs, personnel vetting results, risk assessments, and supporting evidence of qualifications.

AML/CTF policies will need to be updated to incorporate new financial sanctions procedures, reflect changes to verification timeframes, and integrate the relaxed CDD approach for low-risk, regulated entities. Beneficiary identification protocols should also be adjusted to align with clarified requirements under the new Rules. Independent evaluations of program design and effectiveness are strongly encouraged, alongside comprehensive training for all personnel to ensure awareness of new obligations, including how to handle SMRs, TTRs, and travel rule compliance.

Businesses within corporate structures should assess whether to establish or revise reporting groups, designate a lead entity, and document internal compliance responsibilities. Clear recordkeeping procedures must be maintained to demonstrate adherence to group-wide obligations.

AUSTRAC is inviting submissions until 27 June 2025 on any aspects of the new framework requiring clarification or additional guidance. Stakeholder engagement during this phase offers a vital opportunity to shape implementation outcomes and ensure practical alignment with sector needs.

Ultimately, the success of these sweeping reforms hinges on timely, strategic action. Embracing the Second Exposure Draft AML/CTF Rules is essential for businesses seeking to navigate Australia’s fast-evolving financial crime compliance landscape. By investing now in updated policies, systems, and personnel training, and maintaining open channels with AUSTRAC, entities can build robust, resilient compliance frameworks that align with international standards and help safeguard the integrity of the Australian financial system.

By fLEXI tEAM