Understanding changes to AML/CTF obligations and the Privacy Act for reporting entities
InsightUnderstanding changes to AML/CTF obligations and the Privacy Act: what reporting entities need to know.
Remarkable Journeys with Jess Fox: Conversations with our clients, people and community. Listen now.
By: Neil Jeans, Katherine Shamai, Martin Stone, Richard Storey, Annelies Homersham
08 Dec 2025 6 min read

Their involvement – along with business leaders and the AML/CTF compliance officer – ensures effective ML/TF risk management, ongoing AML/CTF compliance, the successful definition and embedding of an organisation's AML/CTF compliance culture.
The reformed AML/CTF Act 2024 introduces specific governance requirements for the governing body, the concept of a responsible officer, and sets out the role and responsibilities of the AML/CTF compliance officer. The Act emphasises a more detailed and proactive approach, mandating explicit risk-based assessments, regular reviews, and a stronger focus on resource allocation and training.
In other words, the reforms shift governance from a “tick-the-box” approach to an outcomes-based, risk-responsive model, requiring Boards and senior managers to demonstrate proactive oversight and accountability.
These governance requirements apply to both:
Governance plays a crucial role in relation to AML/CTF, as both the Board and business leaders are responsible for setting the organisational tone and ensuring adequate resources such as personnel, technology, and financial investment are allocated to AML/CTF compliance.
The governing body must ensure the ML/TF risks associated with the organisation’s operations, products, services, and customer base are understood, and that the AML/CTF program aligns with the AML/CTF Act obligations and AML/CTF Rule requirements, addressing the specific ML/TF risks the organisation faces.
We have identified the following key actions for Boards and business leaders on AML/CTF reform readiness:
For entities in a reporting group, governance must clarify the role of the lead entity, ensuring it has capacity to set AML/CTF policy outcomes across the group.
Although AML/CTF requirements for new entrants won't be enforced until 2026, it is vital for both pre-existing entities and new reporting entrants to start planning and preparing for compliance with AML/CTF requirements now. With a short lead time to compliance and limited AML/CTF experts across Australia, demand will only continue to increase as the compliance date approaches. Reach out to our team of leading specialists to help with your requirements.
Understanding changes to AML/CTF obligations and the Privacy Act: what reporting entities need to know.
From 1 July, the updated AML/CTF regime takes effect for Tranche 2 organisations including the real estate industry. There is already commentary, interpretation and subsequently confusion in the aged care market.
The AML/CTF Amendment Bill 2026 gives AUSTRAC new powers to restrict or prohibit the use of high‑risk mechanisms such as crypto ATMs by reporting entities.