AUSTRAC: Guide for new AML Documentation Requirements Effective July 2026

In 2025, anti-money laundering (AML) and counter-terrorism financing (CTF) obligations will become a critical focus for regulators, companies, and professionals worldwide. The increasing sophistication of financial crimes and the global interconnectedness of financial systems necessitate robust compliance measures to safeguard economic stability and security. Ensuring their compliance regimes are ready for the upcoming changes is a regulatory and strategic imperative. By aligning with international standards and implementing comprehensive AML/CTF programs, they can mitigate risks, enhance their reputation, and contribute to the global effort to combat financial crime. This proactive approach protects individual companies from legal and financial penalties and strengthens the integrity of the international monetary system.

Are you a compliance-ready AML/CTF professional?

The Tranche 2 reforms in Australia represent a significant expansion of the country’s Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) regime, including an expansion of individual professionals, not just companies, who must comply with AML/CTF requirements. These professionals include:

  1. Real Estate Professionals:
    • Real estate agents, buyers’ agents, and property developers must conduct customer due diligence, report suspicious transactions, and maintain comprehensive records.
  2. Legal Professionals:
    • Lawyers and conveyancers managing client funds, establishing companies, or facilitating large financial transactions must comply with AML/CTF obligations.
  3. Accounting Professionals:
    • Accountants who manage client funds, establish corporate structures, or facilitate significant financial transactions must adhere to AML/CTF regulations.
  4. Dealers in Precious Metals and Stones:
    • Individuals dealing in high-value goods such as precious metals and stones must implement AML/CTF measures to prevent money laundering through these assets.
  5. Trust and Company Service Providers:
    • Professionals setting up and managing trusts, companies, and other legal entities must comply with AML/CTF obligations.
  6. Virtual Asset Service Providers (VASPs):
    • Individuals providing services related to virtual assets, such as cryptocurrency exchanges, must adhere to AML/CTF regulations, including customer due diligence and transaction monitoring.

What to know about the new AML/CTF documentation requirements?

Starting 1 July 2026, to strengthen the integrity of financial systems and prevent financial crimes, here are the key aspects of the documentation requirements:

Enhanced Customer Due Diligence (CDD) Documentation:

  • Businesses must maintain comprehensive records of customer identification and verification processes.
  • Detailed risk assessments for high-risk customers must be documented, including the rationale for categorizing customers as high-risk.

Transaction Monitoring and Reporting:

  • All suspicious transactions must be documented with detailed descriptions of the activities and reasons for suspicion.
  • Regular audits of transaction monitoring systems and processes are required, with findings documented and reported to ASIC.

Training and Compliance Programs:

  • Documentation of employee training programs on AML/CTF policies and procedures is mandatory.
  • Records of compliance reviews and updates to AML/CTF programs must be maintained.

Beneficial Ownership Information:

  • Businesses must document the identification and verification of beneficial owners, especially in complex ownership structures.
  • Any changes in beneficial ownership must be promptly updated and documented.

Tip for dealing with clients’ cash to comply with AML regulations.

Customer Due Diligence (CDD)

  • Identification and Verification: Collect and verify clients’ identities using reliable, independent sources. This includes obtaining government-issued IDs and other relevant documents.
  • Risk Assessment: Assess each client’s risk level based on their location, type of business, and transaction patterns. High-risk clients require enhanced due diligence.

Transaction Monitoring

  • Continuous Monitoring: Implement systems to monitor transactions continuously for suspicious activities. Automated systems can help flag unusual transactions deviating from the client’s behaviour.
  • Suspicious Activity Reporting: Promptly report suspicious transactions to the relevant authorities, such as AUSTRAC in Australia.

Record Keeping

  • Documentation: Maintain comprehensive records of all transactions, customer identification, and due diligence processes. Records must be kept for a minimum period as required by law.
  • Audit Trails: Ensure all transactions have clear audit trails to facilitate necessary investigations.

Training and Awareness

  • Employee Training: Regularly train employees on AML policies and procedures. Ensure they understand their responsibilities and the importance of compliance.
  • Updates on Regulations: Stay informed about the latest AML regulations and ensure your compliance program is up-to-date.

Internal Controls and Policies

  • AML Program: Develop and implement a robust AML program that includes policies, procedures, and internal controls to prevent money laundering.
  • Independent Testing: Conduct regular independent testing of your AML program to ensure its effectiveness and compliance with regulations.

How to beware of breaches?

Here are some of the most common Anti-Money Laundering (AML) breaches reported by financial advisers:

  1. Inadequate documented policies and procedures: Financial advisers often fail to maintain comprehensive AML policies and procedures tailored to their risk profiles.
  2. Inadequate customer due diligence (CDD) procedures: This includes insufficient verification of customer identities and failure to understand the nature and purpose of client relationships.
  3. Inadequate enhanced due diligence (EDD) procedures: Advisers sometimes neglect to perform additional checks and monitoring for higher-risk clients.
  4. No ongoing CDD monitoring: Continuous monitoring of client transactions to detect suspicious activities is often lacking.
  5. No periodic review of compliance with money laundering regulations: Regular reviews to ensure compliance with AML regulations are sometimes overlooked.
  6. Inadequate firm-wide risk assessment: Advisers may not conduct thorough risk assessments to identify and mitigate potential AML risks.
  7. No or inadequate staff training on AML compliance: Staff members may not receive sufficient training on AML policies and procedures.
  8. Inadequate record keeping: Proper documentation of AML activities and decisions is sometimes missing.
  9. Use of third-party policies not tailored to the firm’s risk profile: Relying on generic AML policies from third parties that do not address the specific risks faced by the firm.
  10. Inadequate resource allocation to AML compliance: Insufficient resources dedicated to AML compliance can lead to gaps in the firm’s defences against money laundering.

What constitutes a breach?

A breach occurs when a reporting entity fails to comply with its AML/CTF laws and obligations. This can include:

  • Failure to Report Suspicious Matters: Not reporting suspicious transactions or activities to AUSTRAC (Australian Transaction Reports and Analysis Centre) within the required timeframe.
  • Inadequate Customer Due Diligence (CDD): Failing to identify and verify customers, including beneficial owners.
  • Poor Record Keeping: Not maintaining comprehensive records of transactions, customer identification, and due diligence processes.
  • Non-compliance with AML/CTF Programs: Not implementing or maintaining an effective AML/CTF program, including policies, procedures, and internal controls.

What are the consequences and penalties for breaches?

  1. Civil Penalties:
    • AUSTRAC can impose significant fines for non-compliance. For example, penalties can reach up to 100,000 penalty units for corporations (approximately AUD 31.3 million) per breach1.
  2. Enforceable Undertakings:
    • Entities may be required to enter into enforceable undertakings, committing to specific actions to rectify non-compliance. Failure to comply with these undertakings can lead to further legal action2.
  3. Infringement Notices:
    • AUSTRAC can issue infringement notices for specific breaches, such as failures in Know Your Customer (KYC) procedures, reporting, and record-keeping2.
  4. Remedial Directions:
    • AUSTRAC can issue directions requiring entities to take specific actions to rectify non-compliance2.
  5. Suspension or Cancellation of Registration:
    • For remittance service providers and digital currency exchange providers, AUSTRAC can suspend or cancel their registration if they pose an unacceptable risk of money laundering or terrorism financing2.

Examples of Breaching Reporting requirements:

  1. Gregory Francis Hawkins and Harry Theodore (two former executives of The Star Entertainment Group Ltd) Case:
    • February 2025, the case involved contravention of section 180(1) of the Corporations Act 2001 (Cth) by failing to exercise due care and diligence and the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) related to dealings with junkets by approving a new agreement with Suncity knowing about suspicious activities and failing to inform the board. The Star’s former Chief Casino Officer, Gregory Hawkins, was ordered to pay a penalty of $180,000 and disqualified from managing corporations for 18 months, while former Chief Financial Officer, Harry Theodore, was ordered to pay a $60,000 penalty and was disqualified from managing corporations for nine months.
  2. Commonwealth Bank of Australia (CBA) Case:
    • In 2018, CBA was fined $700 million for failing to report over 53,000 transactions that exceeded the $10,000 threshold, as required by AML/CTF laws.
  3. Westpac Banking Corporation Case:
    • In 2020, Westpac was fined $1.3 billion for failing to report over 19.5 million international funds transfer instructions and for inadequate customer due diligence.

Tips to avoid breaches:

  • Implement Robust AML/CTF Programs: Develop and maintain comprehensive policies, procedures, and internal controls.
  • Conduct Regular Training: Ensure all employees are trained on AML/CTF obligations and understand their responsibilities.
  • Perform Regular Audits: Conduct regular audits of AML/CTF programs to identify and rectify gaps.
  • Stay Informed: Keep up-to-date with the latest AML/CTF regulations and update compliance programs accordingly.

Adhering to these practices helps mitigate non-compliance risks and contributes to the financial system’s integrity.

Now is the time to take action! Join our next Brisbane Compliance Community event, or let us help you build a sustainable complaint program to protect your business and enhance your client’s experience.

Subscribe to updates | AUSTRAC

Consequences of not complying | AUSTRAC

Summary of AML/CTF obligations for new regulated entities | AUSTRAC

Summary of changes for current regulated entities | AUSTRAC

Feel Free to Share

You May Also Like