The AML/CTF Act 2024 introduces stricter governance requirements, including a designated responsible officer, enhanced board oversight, and a shift from a prescriptive to a risk-based, outcomes-focused compliance model.
Both existing reporting entities and new entrants under Tranche 2 (lawyers, accountants, real estate agents, etc.) must comply. Deadlines are 31 March 2026 for current entities and 1 July 2026 for new ones.
Boards and senior leaders should start now by reviewing governance structures, appointing a qualified AML/CTF compliance officer, and implementing a documented risk-based framework to ensure readiness before compliance deadlines.
Board and senior management governance and oversight is a key component of an organisation's Anti-Money Laundering and Counter-Terrorist Financing (AML/CTF) compliance framework.
Contents
Their involvement – along with business leaders and the AML/CTF compliance officer – ensures effective ML/TF risk management, ongoing AML/CTF compliance, the successful definition and embedding of an organisation's AML/CTF compliance culture.
What’s changing?
The reformed AML/CTF Act 2024 introduces specific governance requirements for the governing body, the concept of a responsible officer, and sets out the role and responsibilities of the AML/CTF compliance officer. The Act emphasises a more detailed and proactive approach, mandating explicit risk-based assessments, regular reviews, and a stronger focus on resource allocation and training.
In other words, the reforms shift governance from a “tick-the-box” approach to an outcomes-based, risk-responsive model, requiring Boards and senior managers to demonstrate proactive oversight and accountability.
These governance requirements apply to both:
Pre-existing reporting entities including financial institutions, gaming and betting, and financial services entities that will need to consider the changes to the legislation by 31 March 2026.
New entrants including the ‘Tranche 2’ reforms, which expand AML/CTF compliance to apply from 1 July 2026 to additional professions including lawyers, accountants, real estate agents, property developers, and precious stone dealers.
Effective governance is critical
Governance plays a crucial role in relation to AML/CTF, as both the Board and business leaders are responsible for setting the organisational tone and ensuring adequate resources such as personnel, technology, and financial investment are allocated to AML/CTF compliance.
The governing body must ensure the ML/TF risks associated with the organisation’s operations, products, services, and customer base are understood, and that the AML/CTF program aligns with the AML/CTF Act obligations and AML/CTF Rule requirements, addressing the specific ML/TF risks the organisation faces.
We have identified the following key actions for Boards and business leaders on AML/CTF reform readiness:
Active oversight: Boards and governing bodies must take an active role in AML/CTF compliance, moving beyond passive approval to ongoing oversight of program effectiveness.
Tone at the top: Establish a strong compliance culture, with governance committees regularly reviewing AML/CTF risks, breaches, and regulatory changes.
Enterprise-Wide Risk Assessment (EWRA): Maintain a documented ML/TF and proliferation financing risk assessment that is regularly reviewed and updated to reflect changes in business operations, customer profiles, and regulatory expectations.
Dynamic policies: AML/CTF programs must be risk-driven and outcomes-focused, replacing the old prescriptive Part A/Part B structure with integrated governance and control measures.
AML/CTF Compliance Officer: Appoint a fit and proper compliance officer with authority and resources to implement and monitor the program.
Three lines of defence: Ensure governance structures support independent oversight, internal audit, and operational compliance functions.
Regular Board reporting: Provide AML/CTF compliance reports to the governing body at least annually (or more frequently if required), including independent evaluation results and updates to risk assessments.
Regulatory communication: Maintain proactive engagement with AUSTRAC, including timely enrolment updates and reporting obligations (SMRs, TTRs, compliance reports).
Periodic reviews: Conduct independent evaluations of AML/CTF programs and ensure findings are escalated to senior management and boards.
Adaptive governance: Demonstrate that governance frameworks evolve with emerging risks and regulatory changes, focusing on effectiveness rather than mere compliance.
For entities in a reporting group, governance must clarify the role of the lead entity, ensuring it has capacity to set AML/CTF policy outcomes across the group.
We’re here to help
Although AML/CTF requirements for new entrants won't be enforced until 2026, it is vital for both pre-existing entities and new reporting entrants to start planning and preparing for compliance with AML/CTF requirements now. With a short lead time to compliance and limited AML/CTF experts across Australia, demand will only continue to increase as the compliance date approaches. Reach out to our team of leading specialists to help with your requirements.
Five questions boards should ask about new Anti-Money Laundering laws
The AUSTRAC AML/CTF Starter Programs provide a structured pathway to achieving AML/CTF compliance that will significantly reduce the effort and cost of AML/CTF compliance for entities required to meet AML/CTF obligations under Tranche 2.
As Australia prepares for the landmark Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) reforms – set to take effect in the coming months – businesses across sectors face a pivotal moment not just to comply with how to manage financial crime risk, but to transform themselves for the better. The real challenge lies in building a culture that embeds AML obligations into the DNA of an organisation.
Grant Thornton is a leading specialist in AML/CTF risk management and can assist businesses by providing tailored AML/CTF risk management and compliance services
Subscribe now to be kept up-to-date with timely and relevant insights, unique to the nature of your business, your areas of interest and the industry in which you operate.
